KR102637974B1 - Identity verification method and forgery prevention method using electronic identification at mobile device capable of offline operation and system thereof - Google Patents

Abstract

An identity verification method and a forgery prevention method and system using an electronic identification card in a mobile device capable of offline operation are disclosed. An identity verification method using an electronic ID card performed in an ID card system according to an embodiment of the present invention includes the steps of: (a) calling a link API from an organization terminal in response to a user's application for an electronic ID card; (b) generating and returning a deep link in the ID management system; (c) transmitting the deep link from the organization terminal to the user's user terminal; (d) executing an electronic identification application on the user terminal; (e) including the device ID of the user terminal in a deep link page request corresponding to the deep link and transmitting it to the ID management system; (f) issuing an electronic identification card linked to the device ID in the identification management system; (g) delivering the electronic identification card to the user terminal; and (h) storing and managing the electronic identification card in the user terminal.

Description

Identity verification method and forgery prevention method using electronic identification at mobile device capable of offline operation and system thereof}

The present invention relates to an identity verification method and a forgery prevention method and system using an electronic identification card in a portable device capable of offline operation.

Resident registration cards are used to verify identity. And professional qualifications such as lawyer, real estate agent, or information processing engineer are used to prove that the identified person has appropriate qualifications in the relevant field.

Commonly used plastic ID cards are easy to counterfeit, and it is difficult to verify their authenticity. Additionally, it is difficult to manage canceled or suspended qualifications. This is because issued plastic cards must be collected and discarded.

Korea Patent Publication No. 10-2014-0011183 (published on January 28, 2014) - Mobile certification management system and method

The present invention is to provide an identity verification method and a forgery prevention method and system using an electronic identification card in a mobile device that can operate offline, which can confirm qualifications granted by a specific organization through a mobile device that operates online or offline and prevent forgery and falsification. .

The present invention provides an identity verification method and a forgery prevention method and system using an electronic ID card on a mobile device that can operate offline, making it simple to temporarily suspend or cancel a specific qualification and making it impossible to copy and use the ID card on another device. It is for this purpose.

Other objects of the invention will become clearer through the preferred embodiments described below.

According to one aspect of the present invention, an identity verification method using an electronic identification card performed in an identification system includes the steps of: (a) calling a link API from an organization terminal in response to a user's application for an electronic identification card; (b) generating and returning a deep link in the ID management system; (c) transmitting the deep link from the organization terminal to the user's user terminal; (d) executing an electronic identification application on the user terminal; (e) including the device ID of the user terminal in a deep link page request corresponding to the deep link and transmitting it to the ID management system; (f) issuing an electronic identification card linked to the device ID in the identification management system; (g) delivering the electronic identification card to the user terminal; and (h) storing and managing the electronic identification card in the user terminal.

The electronic identification card is given an identity code corresponding to a unique value generated by the sequence function of a relational database, and the electronic identification card can be managed by forming a database in the identification card management system.

(i) when the user terminal selects the electronic identification card for identification, converting the identification code into a time identification code and displaying it on the screen; (j) scanning the time identification code at the institution terminal and transmitting it to the identification management system; (k) decoding the time identification code in the identification management system to restore the identification code, and returning identification information of the electronic identification card corresponding to the identification code; And (l) it may further include the step of performing identity verification by comparing the identity information with the screen display content of the user terminal in the organization terminal.

The step (i) includes (i1) performing scrambling on the identity code; (i2) may include performing time masking on the scrambling result.

The step (i1) includes randomly extracting a method number; scrambling the identity code according to a method corresponding to the method number; It includes the step of adding the method number to the beginning to generate a converted identity code, wherein step (i2) includes the user terminal acquiring a first Unix time from the OS; A step of generating the time identity code by performing a bitwise XOR operation on the first Unix time with respect to the converted identity code, wherein the time identity code may be valid only for a specific time.

The step (k) includes obtaining a second UNIX time from the ID management system and performing time unmasking on the time ID code; It may include extracting the method number and performing descrambling.

The user terminal and the ID management system may share the same trungate value so that the first Unix time and the second Unix time are the same.

Meanwhile, according to another aspect of the present invention, a user terminal on which an electronic ID application included in an ID card system for identification using an electronic ID card is installed, comprising: a communication unit that communicates with an institution terminal and an ID management system; an ID issuance request unit that transmits a deep link page request including the device ID of the user terminal corresponding to the deep link transmitted from the organization terminal; and a user terminal including an ID storage unit that receives the electronic ID issued by the ID management system in response to the deep link page request and stores and manages the electronic ID in a memory.

The electronic identification card is embedded with a unique key corresponding to the device ID and an identification code corresponding to granting qualifications, and when the electronic identification application is executed, the identification code is converted to generate a time identification code that is valid only for a specific time, It further includes a time identity code generator displayed on the terminal screen, wherein the time identity code generator can operate normally even when the user terminal is in an offline operation environment as well as an online operation environment.

The time identification code may be presented in at least one of barcode, QR code, and NFC.

The time identity code generator may perform scrambling on the identity code and perform time masking on the scrambling result to generate the time identity code.

The time identity code generator randomly extracts a method number, scrambles the identity code according to a method corresponding to the method number, adds the method number at the beginning, generates a converted identity code, and generates a converted identity code from the OS. The time can be obtained, and the time identity code can be generated by performing a bitwise XOR operation on the first Unix time with respect to the converted identity code.

Meanwhile, according to another aspect of the present invention, in the ID management system that issues and manages electronic ID cards included in the ID card system for identity verification using electronic ID cards, in response to a request from an institution terminal, the electronic ID card is issued. A deep link creation server that creates and returns a deep link; When a request containing a device ID is received from a user terminal through the deep link, an ID issuing server issues an electronic identification card with an embedded identification code, links it to the device ID, creates a database, and delivers the electronic identification card to the user terminal. ; And when a time identification code is transmitted from the institutional terminal, identity verification is possible by decoding the time identification code, restoring the identity code, searching the database for an electronic identification card corresponding to the identification code, and returning the identity information. An identity card management system including a verification server is provided.

The identity code may be a unique key composed of numbers created using the sequence function of a relational database.

The identity verification server can restore the identity code by obtaining a second Unix time from the OS, performing time unmasking on the time identity code, extracting a method number, and performing descrambling.

In response to a request from the user terminal, it may further include a temporary code generation server that generates and returns a temporary code composed of random numbers, registers the temporary code in the electronic identification table only for a valid time, and then deletes the temporary code.

Other aspects, features and advantages in addition to those described above will become apparent from the following drawings, claims and detailed description of the invention.

According to an embodiment of the present invention, it is possible to confirm qualifications granted by a specific organization through a mobile device that operates online or offline and prevent forgery and falsification.

In addition, it is simple to temporarily suspend or cancel a specific qualification, and it is much safer because it is impossible to copy and use the ID card on another device.

1 is a diagram showing the schematic configuration of an identification card system according to an embodiment of the present invention;
Figure 2 is a block diagram of the configuration of a user terminal included in the identification system according to an embodiment of the present invention;
Figure 3 is a block diagram of the organization terminal included in the identification system according to an embodiment of the present invention;
Figure 4 is a block diagram of the identity card management system included in the identity card system according to an embodiment of the present invention;
Figure 5 is a diagram showing the electronic identification card issuance procedure performed in the identification card system according to an embodiment of the present invention;
Figure 6 is a flowchart of an electronic identification card issuance method performed in the identification card system according to an embodiment of the present invention;
Figure 7 is an example of a qualification information table managed by the ID card management system;
Figure 8 is an example of an issued electronic identification card;
Figure 9 is a flowchart of a time identification code generation and decoding method performed in the identification card system according to an embodiment of the present invention;
Figure 10 is an example of a scrambling table;
Figure 11 is a diagram showing the identity verification process using an electronic identification application;
12 is a flowchart of an identity verification method performed in an identification card system according to an embodiment of the present invention;
Figure 13 is a flowchart of an identification method performed in an identification card system according to another embodiment of the present invention when code scanning is not possible.

Since the present invention can make various changes and have various embodiments, specific embodiments will be illustrated in the drawings and described in detail. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all changes, equivalents, and substitutes included in the spirit and technical scope of the present invention.

When a component is said to be "connected" or "connected" to another component, it is understood that it may be directly connected to or connected to the other component, but that other components may exist in between. It should be. On the other hand, when it is mentioned that a component is “directly connected” or “directly connected” to another component, it should be understood that there are no other components in between.

Terms such as first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

The terms used herein are only used to describe specific embodiments and are not intended to limit the invention. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as “comprise” or “have” are intended to indicate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

In addition, the components of the embodiments described with reference to each drawing are not limited to the corresponding embodiments, and may be implemented to be included in other embodiments within the scope of maintaining the technical spirit of the present invention, and may also be included in separate embodiments. Even if the description is omitted, it is natural that a plurality of embodiments may be re-implemented as a single integrated embodiment.

In addition, when describing with reference to the accompanying drawings, identical or related reference numbers will be assigned to identical or related elements regardless of the drawing symbols, and overlapping descriptions thereof will be omitted. In describing the present invention, if it is determined that a detailed description of related known technologies may unnecessarily obscure the gist of the present invention, the detailed description will be omitted.

Figure 1 is a diagram showing the schematic configuration of an identification card system according to an embodiment of the present invention.

The ID system according to an embodiment of the present invention issues an electronic ID that can be used in place of a plastic ID, and allows identification through an identification code that is valid only for a certain time when using the electronic ID regardless of whether the mobile device operates online or offline. This is characterized by preventing theft and forgery.

Referring to FIG. 1, the ID system 100 according to this embodiment may include an ID card management system 130, an organization terminal 120, and a user terminal 110.

The ID management system 130 may include a plurality of servers and databases that manage information on institutions (or organizations) and users using the ID system 100, and information on assigned qualifications.

The institution terminal 120 is a terminal device on which an institution-specific application can be installed and executed. The institutional terminal 120 is a computing device such as a PC, smartphone, tablet PC, etc., and can be operated at the institution. Organizations may include organizations that grant specific qualifications, such as the Bar Association or the Association of Certified Real Estate Agents, or organizations that require identity verification, such as district offices or courts.

The institution-specific application can be used to grant qualifications to specific users who meet certain conditions and to check the authenticity of the electronic identification card presented by the user.

The user terminal 110 is a terminal device on which an electronic identification application can be installed and executed. The user terminal 110 may be a mobile device such as a smartphone or tablet PC.

The electronic ID application utilizes a validly issued electronic ID to generate a time identification code valid for a specific time on a mobile device, and allows you to prove your identity by presenting the time identification code in a predetermined manner (barcode, QR code, NFC, etc.). let it be

The ID system 100 according to this embodiment may include a dedicated application (organization-specific application, electronic identification application) provided to organizations and users, and an application program that manages organizations and users using the service. Dedicated applications and application programs can be linked in complex ways.

Figure 2 is a block diagram of a user terminal included in an identification card system according to an embodiment of the present invention, Figure 3 is a block diagram of an organization terminal included in an identification card system according to an embodiment of the present invention, and Figure 4 is a block diagram of the identity card management system included in the identity card system according to an embodiment of the present invention.

Referring to FIG. 2, the user terminal 110 according to this embodiment may include a communication unit 111, an ID card issuance request unit 112, an ID storage unit 113, and a time identification code generation unit 114. . Additionally, the user terminal 110 may further include a temporary code request unit 115. Here, each component of the user terminal 110 may be implemented as a software module that constitutes an electronic identification application installed and executed on the user terminal 110.

The communication unit 111 communicates with at least one of the organization terminal 120 and the ID management system 130 to transmit and receive various data.

The communication unit 111 may request the issuance of an electronic identification card from the organization terminal 120 in response to the user input.

Additionally, the communication unit 111 may receive a deep link for issuing an electronic identification card transmitted from the organization terminal 120. A deep link is a link that allows you to move directly to a specific screen or function within a mobile application. A general web link only has the URL of the page, but a deep link can have a URL that points to a specific screen or function of the application. Examples of deep links include fb://profile/user ID, a Facebook app profile, and instagram://media?id=Post ID, a specific Instagram app post.

The communication unit 111 can access the ID management system 130 through a deep link page request for electronic ID issuance and receive the electronic ID issued by the ID management system 130.

Additionally, the communication unit 111 may receive a temporary code by communicating with the ID management system 130 in a situation where code scanning is not possible.

The user can apply for issuance of an electronic identification card to the organization terminal 120 through the user terminal 110 or through a separate computing device (eg, PC, etc.). Applications for issuance of electronic ID cards can be made through a designated website operated by the institution. Users can complete their application by verifying their identity and registering their photo on the website.

The ID issuance request unit 112 may perform the above-described identity authentication and photo registration to apply for electronic ID issuance.

When receiving a deep link for issuance of an electronic ID issued by the ID management system 130 in response to an application for issuance of an electronic ID from the institutional terminal 120, the ID issuance request unit 112 manages the ID by clicking on the deep link. The system 130 may request a deep link page containing a device ID for a mobile device to execute the remaining procedures for issuing an electronic identification card.

When using deep linking, if the electronic identification application is not installed on the user terminal 110, installation of the electronic identification application can be guided and guided. If you install the electronic ID application according to the above guide or if it is already installed, the electronic ID application is executed by deep linking, reads the device ID of the user terminal 110, and transmits the device ID along with the deep link page request to the device. Limited electronic identification cards can be issued.

When the remaining procedures are executed and the electronic ID card is issued, the ID storage unit 113 receives the electronic ID card issued by the ID management system 130 through the communication unit 111 and stores the electronic ID card in the memory (not shown) of the mobile device. You can save and manage your ID card.

An electronic ID is proof of qualifications granted by a specific organization and may include a previously registered photo image.

In addition, the electronic identification card contains an identification code corresponding to the qualification granted. However, the identity code is a unique value corresponding to the above-described device ID, and when leaked to the outside, fraudulent activities such as identity forgery and falsification may occur.

Therefore, in order to prevent such fraudulent activity, the time identification code generator 114 generates a time identification code that is valid only for a specific time (e.g., 10 seconds, 1 minute, etc.), and generates an electronic identification code that proves the validity of the electronic identification. It can be displayed as . The time identification code can be generated by performing scrambling and time masking to prevent forgery and falsification.

The electronic identification code can be displayed in various ways, such as barcode, QR code, NFC, etc. (see Figure 8). Accordingly, the time identification code generation unit 114 may include at least one of a barcode generation module, a QR code generation module, and an NFC generation module that generates an electronic identification code corresponding to the time identification code.

The temporary code request unit 115 provides a temporary code that can prove your identity (qualification) to the ID management system 130 so that you can use the service without difficulty even in situations where scanning of the electronic ID code is impossible while using the electronic ID service. You can make a request and receive a temporary code issued in response to the request. Temporary codes are also codes that are only valid for a certain period of time, making them difficult to steal and forge.

Referring to FIG. 3, the organization terminal 120 may include a deep link request and delivery unit 121, a scanning unit 122, and an identity information output unit 123.

The deep link request and delivery unit 121 may request a deep link from the ID management system 130 by calling the link API when the agency representative approves the request for issuance of an electronic ID card from the user. Additionally, the deep link generated by the ID management system 130 can be received, and the deep link can be delivered to the terminal 110 of the user who has applied for electronic ID issuance.

The scanning unit 122 may scan the electronic identification code displayed on the screen of the electronic identification application executed by the user seeking identification on the user terminal 110 and extract a time identification code consisting of numbers.

The scanning unit 122 may be one of a barcode scanner, QR code scanner, or NFC reader depending on the type of electronic identification code.

The identity information output unit 123 may display the identity information retrieved and delivered from the identity card management system 130 corresponding to the time identity code extracted as a result of scanning in the scan unit 122 on a wired or wirelessly connected display screen. . Identity information may include qualification information such as photo, name, and qualification number.

The person in charge of the organization can perform identity verification by comparing the identity information output by the identity information output unit 123 with the information on the electronic identification application screen of the user terminal 110 held by the user.

Referring to FIG. 4, the ID management system 130 may include a deep link creation server 131, an ID issuing server 132, and an identity verification server 133. Additionally, a temporary code generation server 134 may be additionally included.

The deep link creation server 131 responds to a deep link creation request (link API call) from the institution terminal 120, and finalizes the creation of a deep link for electronic identification (e.g., electronic identification issuance applicant approved by the institution). A deep link to a web page that can be created can be created and the deep link can be returned in response to the organization terminal 120 that requested deep link creation. The returned deep link may be transmitted from the organization terminal 120 to the user terminal 110.

When the user terminal 110 requests a deep link page including a device ID through a deep link, the ID issuing server 132 may execute the remaining procedures for issuing an electronic ID.

The device ID included in the deep link page request is a unique value given to the user terminal 110 on which the electronic identification application is executed, and may be a unique value that distinguishes it from terminals owned by other users and other mobile devices of the same user. By issuing an electronic ID card with an identification code corresponding to a unique device ID, theft and forgery of the electronic ID can be made difficult.

The ID issuing server 132 can generate and match an identification code corresponding to the device ID according to a predetermined algorithm and issue an electronic identification card. The issued electronic ID card is delivered to the user terminal 110 and stored in the ID storage unit 113 of the user terminal 110.

Information (identity information or qualification information) included in the electronic identification card may include information such as identity code, device ID, issuing organization, issuance date, user, and status (normal, canceled) (see FIG. 7).

The ID issuing server 132 can store and manage the information included in the electronic ID card by converting it into a database. In the future, if a user wishes to receive an identity verification service using an electronic ID, the identity information corresponding to the electronic ID can be retrieved from the database and delivered.

The identity verification server 133 decodes the time identity code included in the identity verification request received from the organization terminal 120 and calculates the identity code. Temporal unmasking, descrambling, etc. may be performed during the decoding process.

Additionally, identity information corresponding to the identity code calculated by searching the database can be searched in the database and delivered to the organization terminal 120.

When there is a request to generate a temporary code from the user terminal 110, the temporary code generation server 134 may generate a temporary code that is a unique random number rather than an identity code and provide the temporary code to the user terminal 110. Temporary codes are temporarily registered in the electronic ID table, and can be deleted after a predetermined time has elapsed, making them valid only for a certain period of time.

In the ID system 100 according to this embodiment, the time identification code generated by the mobile device (i.e., the user terminal 110) is valid only for a specific time. The effective time can be set in various ways, such as 10 seconds or 1 minute. Even if it is the same mobile device, the time identification code changes depending on when the electronic identification application is executed, preventing theft by preventing previous time identification codes from being recycled.

Even if you install the same application and log in on a mobile device (second mobile device) other than the mobile device on which the electronic ID was issued (the first mobile device), the electronic ID will not be duplicated. This is because the device IDs are different. Re-issuance of the electronic identification card using a second mobile device is possible, so it may be possible to use it after re-issuance. However, in this case, the electronic identification card already issued to the first mobile device is deleted.

One or more electronic identification cards can be stored in one mobile device.

Even if the mobile device is offline, a time identity code can be generated according to a preset algorithm. The time identity code consists only of numbers and can be random, making it very difficult to guess.

When scanning at an institutional terminal, the number of digits in the time identification code can be shortened to simplify and inexpensively use the scanning device. Time identification codes can be presented in various ways, such as barcode, QR, and NFC. If the time identification code cannot be scanned using various methods, there is an alternative using a temporary code.

Hereinafter, the identity verification method performed in the ID card system 100, including the electronic ID issuance procedure, identity verification procedure, and temporary code issuance procedure, will be described with reference to the related drawings.

Figure 5 is a diagram showing the electronic identification card issuance procedure performed in the identification card system according to an embodiment of the present invention, and Figure 6 is a flowchart of the electronic identification card issuance method performed in the identification card system according to an embodiment of the present invention. 7 is an example diagram of a qualification information table managed by the ID card management system, and Figure 8 is an example diagram of an issued electronic ID card.

Referring to Figure 5, it is assumed that Hong Gil-dong, born on January 1, 1990, wants to obtain an electronic identification card to enter the Gangnam-gu Office.

A user (Hong Gil-dong) applies for issuance of an electronic identification card through the website of an organization (Gangnam-gu Office) (S200). In this case, you can complete the application by registering your photo after verifying your identity (S205).

Regarding applications for electronic ID issuance, the person in charge of the organization (Gangnam-gu Office) can perform the approval process after confirming whether the application is legitimate. In this case, a deep link can be requested using the API from the ID management system through the institution's terminal (S210).

The ID management system creates a deep link to a web page that can complete the creation of an ID card for a specific user (Hong Gil-dong (1990.01.01.)) for a specific institution (Gangnam-gu Office) and returns the deep link to the institution's terminal. (S215).

The institutional terminal can send a deep link to the user terminal registered by the user (Hong Gil-dong) (S220).

The user can install and run the electronic identification application by clicking a link (or button) on the user terminal (S225). If the electronic ID application is already installed, the installation process can be skipped and the application can be run.

When you run the electronic ID application for the first time, you can authenticate yourself and set an app password. A simple password, face, or fingerprint can be used as an app password.

When the electronic ID application is executed, a deep link page is requested (S230). In this case, the deep link page request includes the device ID, and the ID management system 130 can issue an electronic ID with the device ID linked by executing the remaining issuance procedures (S235).

The ID management system 130 may transmit the issued electronic ID card to the user terminal 110 (S240). Here, the electronic identification card may include an identification code, which is a unique value generated according to a predetermined algorithm.

During the ID issuance process, the device ID is transmitted to the ID management system 130 after identity verification. The unique ID provided by the OS of the user's mobile device (i.e., user terminal 110) is compared, and does not operate unless the electronic ID is issued by properly executing the above-described procedure.

Referring to FIG. 7, the data format for the identity information of the electronic ID card managed by the ID card management system 130 in a database is displayed in a table.

Identity information may include identity code, device ID, issuing organization, issuing date, user, status, etc. Additionally, additional temporary codes may be included.

Identity codes can be created, for example, using the sequence function of a relational database (RDB). The identity code may be a unique key composed of numbers. For example, if the basic number of digits of the unique key is set to 10, the initial value of the RDB Sequence can be set to 1,000,000,000 and increased by 1, so that each user is assigned a unique, non-duplicate identity code.

The identification code can be delivered to the device at the time the ID card is created on the server (ID issuing server).

Referring to Figure 8, this is an example screen when the electronic identification application is executed on the user terminal. A time identification code for identification along with a photo that can identify the user can be implemented and presented in various forms (barcode, QR code, NFC, etc.).

Figure 9 is a flowchart of a time identification code generation and decoding method performed in the ID card system according to an embodiment of the present invention, and Figure 10 is an example diagram of a scrambling table.

Referring to Figure 9, a time identification code generation and decoding method is shown.

When the electronic identification application is executed, the user terminal 110 extracts the identification code of the selected electronic identification (S300). The identity code may be a unique key composed of numbers as described above.

Scrumbling can be performed on the identity code (S305). Scrumbling is a technique that disrupts the order and makes guessing difficult. Scrumbling can be restored to its original state if you know how to mix it.

In this embodiment, as shown in FIG. 10, various scrambling methods can be defined in advance, and a number (method number) can be assigned to each scrumbling method. For example, method number 253 may be to shift an N-digit number to the left by 7 places, and method number 254 may be to add 137 to an N-digit number and multiply it by 57.

When scrambling, a method number is randomly extracted, the numbers of the identity code are scrambled according to the method corresponding to the method number, and the converted identity code can be created by adding the method number at the beginning.

And time masking can be performed on the converted identity code (S310). To this end, the user terminal 110 may obtain Unix time from the OS and perform a pre-designated operation (eg, bit XOR operation) on the previously scrambled converted identity code.

Unix time can be used by using the truncate method so that the creator (user terminal 110) and the decryptor (identity verification server 133) can obtain the same value.

Unix time is a number expressing the time elapsed in seconds from midnight on January 1, 1970 to the present. Therefore, if you obtain the current unix time and express it in a readable format, it appears as 2023.05.16 14:23:54. At this time, if you say Truncate (1 minute), the unit of seconds becomes 0, such as 2023.05.16 14:23:00. The meaning of truncate (5 minutes) is to express the minute unit as a multiple of 5, such as 05, 10, 15, 20, 25, and the second unit is truncated to 0. Therefore, even if the time of the device (user terminal) and the server (identity verification server) are slightly out of synchronization, if the effective time is set to about 1 minute or more, both sides can obtain the same time mask.

The resulting number with time masking completed may be a time identification code that is valid only for a specific time (S315).

When a user presents a time identification code through the user terminal 110 and obtains it from the organization terminal 120 through scanning, the ID management system 130 can decode the time identification code and restore the original identification code. there is.

To this end, time unmasking is first performed on the time identity code (S320). Obtain Unix time from the OS using the same Truncate value as the constructor. A predetermined operation (e.g., bitwise XOR operation) is performed on the identity code passed on the value.

Then, de-scrambling is performed (S325). The original unique key (identity code) can be restored by extracting the method number attached to the beginning and applying the scrambling method corresponding to the method number in reverse order. In the case of method number 254, the original unique key can be restored by dividing the time-unmasked number by 57 and subtracting 137.

The time identity code generated using the above-described method cannot be decrypted even if stolen during the delivery process, so it can be said to be very safe in terms of security.

And since the time information is masked, it cannot be used after a certain time, preventing theft through capture or filming. In other words, a time identification code may be a code that is only valid for a specific time, such as a bank OTP. If the validity time is set short, it is almost impossible to copy and use the time identification code displayed on the screen.

The time identity code can only consist of numbers from 0 to 9. This is to support even barcode scanners that cannot recognize the alphabet. If the number of codes generated exceeds 16, the recognition rate of barcodes generated on mobile devices with small screens deteriorates. Therefore, the shorter the length of the time identity code, the better.

Figure 11 is a diagram showing an identity verification process using an electronic identification application, and Figure 12 is a flowchart of an identity verification method performed in an identification system according to an embodiment of the present invention.

Referring to Figure 11, an identification process using an electronic identification application is shown.

The user executes the electronic identification application installed on the user terminal 110 (S400). When the electronic identification application is executed, the identification code for the selected electronic identification is processed according to a predetermined algorithm to generate a time identification code, and can be presented in a predetermined type on the terminal screen.

Here, the user terminal 110 does not have to be connected online. In other words, if the electronic identification application can be executed even when operating offline, a time identification code can be generated and presented according to a predetermined algorithm within the electronic identification application.

The agency representative scans the contents of the electronic identification card presented by the user, that is, the time identification code, using the agency terminal 120 (S405).

Then, the scan result is transmitted to the ID management system 130 to request confirmation (S410).

When the ID management system 130 receives the time identification code, it decodes it according to a predetermined algorithm to restore the original identification code, and searches the database to find and return the identity information on the electronic identification card corresponding to the identification code (S415). . Identity information may include qualification information such as photo, name, etc.

The agency representative can confirm the identity by viewing the identity information transmitted from the ID management system 130 and displayed on the screen of the agency terminal 120 and comparing it with the contents of the electronic identification card of the user terminal 110 presented by the user (S420) ).

Figure 13 is a flowchart of an identification method performed in an identification card system according to another embodiment of the present invention when code scanning is not possible.

While using the above-mentioned electronic identification service, a situation may inevitably arise in which scanning of a time identification code implemented as a barcode, QR, NFC, etc. is impossible. Even in this case, the following solutions can be provided to ensure that you can use the service without difficulty.

You can authenticate your identity by directly entering the K-digit temporary code (K is a natural number, for example, it could be 6) provided with the barcode, QR, and NFC functions in the electronic ID application through the authentication screen. In this case, a dedicated keypad can be provided.

Temporary codes used when entering directly are also only valid for a certain period of time and are difficult to steal or forge.

Of course, numbers are displayed under the barcode displayed on the user terminal 110, so you can look at them and type them all in, but it is very cumbersome and time-consuming for the person in charge. Therefore, temporary code can be used to solve this problem.

If the user presents an electronic identification card using the user terminal 110, but the organization representative's terminal cannot automatically recognize it, the user can request temporary code generation by pressing the temporary code generation button in the electronic identification application. There is (S500). In this case, the user terminal 110 needs to be connected to the Internet.

The ID management system 130, especially the temporary code generation server 134, which has received a temporary code generation request, may generate a unique random number in the last column of the table shown in FIG. 7 and register it as a temporary code (S505) ). Temporary codes are deleted after a predetermined period of time has elapsed.

The temporary code registered in the electronic identification table may be transmitted to the user terminal 110 (S510). The organization representative can check the temporary code displayed on the user terminal 110 and enter the temporary code into the organization terminal 120 (S515). Then, confirmation can be requested by sending a temporary code to the ID management system 130 (S520).

When a confirmation request is received from the organization terminal 120 within a predetermined time, the ID management system 130 authenticates the temporary code that has not yet been deleted (S525), and reads the identity information corresponding to the temporary code from the database. Identity verification can be performed by providing information to the institutional terminal 120 (S530).

The above-mentioned electronic identification method issuance method, identity verification method, time identification code generation and decoding method, and identity verification method may be in the form of a recording medium containing instructions executable by a computer, such as an application or program module executed by a computer. It can be implemented. Computer-readable media can be any available media that can be accessed by a computer and includes both volatile and non-volatile media, removable and non-removable media. Additionally, computer-readable media may include computer storage media. Computer storage media includes both volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.

The above-mentioned method of issuing electronic identification cards, time identification code generation and decoding method, and identity verification method can be executed by applications installed by default on the terminal (this may include programs included in the platform or operating system, etc., which are installed by default on the terminal). It may be executed by an application (i.e., a program) that the user installs directly on the master terminal through an application providing server such as an application store server, an application, or a web server related to the service. In this sense, the above-mentioned electronic identification method issuance method, time identification code generation and decoding method, and identity verification method are implemented as applications (i.e., programs) installed by default on the terminal or directly installed by the user and can be read by a computer such as the terminal. It can be recorded on any recording medium.

Although the present invention has been described above with reference to preferred embodiments, those skilled in the art can vary the present invention without departing from the spirit and scope of the present invention as set forth in the claims below. You will understand that it can be modified and changed.

100: ID system 110: User terminal
120: Institutional terminal 130: ID management system
111: Communication Department 112: Identification Card Issuance Request Department
113: ID storage unit 114: Time identification code generation unit
115: Temporary code request unit 121: Deep link request and delivery unit
122: Scan unit 123: Identity information output unit
131: Deep link creation server 132: ID issuing server
133: Identity verification server 134: Temporary code generation server

Claims (16)

In the identity verification method using an electronic identification card performed in the identification system,
(a) calling the link API from the institution's terminal in response to the user's application for electronic identification;
(b) generating and returning a deep link in the ID management system;
(c) transmitting the deep link from the organization terminal to the user's user terminal;
(d) executing an electronic identification application on the user terminal;
(e) including the device ID of the user terminal in a deep link page request corresponding to the deep link and transmitting it to the ID management system;
(f) issuing an electronic identification card linked to the device ID in the identification management system;
(g) delivering the electronic identification card to the user terminal; and
(h) including the step of storing and managing the electronic identification card in the user terminal,
The electronic identification card is given an identification code corresponding to a unique value generated by the sequence function of a relational database,
Managing the electronic ID in a database in the ID management system,
(i) when the user terminal selects the electronic identification card for identification, converting the identification code into a time identification code and displaying it on the screen;
(j) scanning the time identification code at the institution terminal and transmitting it to the identification management system;
(k) decoding the time identification code in the identification management system to restore the identification code, and returning identification information of the electronic identification card corresponding to the identification code; and
(l) further comprising the step of performing identity verification by comparing the identity information with the screen display contents of the user terminal at the institution terminal,
The step (i) includes (i1) performing scrambling on the identity code; (i2) An identification method comprising performing time masking on the scrambling result.
delete delete delete According to paragraph 1,
The step (i1) includes randomly extracting a method number; scrambling the identity code according to a method corresponding to the method number; It includes the step of generating a conversion identity code by adding the method number at the beginning,
The step (i2) includes the user terminal acquiring a first UNIX time from the OS; Comprising the step of generating the time identity code by performing a bitwise XOR operation on the first Unix time with respect to the converted identity code,
An identification method characterized in that the time identification code is valid only for a specific time.
According to clause 5,
The step (k) includes obtaining a second UNIX time from the ID management system and performing time unmasking on the time ID code; An identity verification method comprising the step of extracting the method number and performing descrambling.
According to clause 6,
The user terminal and the ID management system share the same trungate value so that the first Unix time and the second Unix time are the same.
In the user terminal on which the electronic identification application included in the identification system for identification using electronic identification is installed,
a communications department that communicates with institutional terminals and ID management systems;
an ID issuance request unit that transmits a deep link page request including the device ID of the user terminal corresponding to the deep link transmitted from the organization terminal; and
An ID card storage unit that receives the electronic ID card issued by the ID card management system in response to the deep link page request and stores and manages the electronic ID card in memory,
The electronic identification card contains a unique key corresponding to the device ID and an identification code corresponding to the granted qualification,
When the electronic identification application is executed, it further includes a time identification code generator that converts the identification code to generate a time identification code that is valid only for a specific time and presents it on the terminal screen,
The time identification code generator operates normally even when the user terminal is in an offline operation environment as well as an online operation environment,
The time identity code generator performs scrambling on the identity code and performs time masking on the scrambling result to generate the time identity code.
delete According to clause 8,
A user terminal, wherein the time identification code is presented in at least one of a barcode, QR code, and NFC.
delete According to clause 8,
The time identity code generator randomly extracts a method number, scrambles the identity code according to a method corresponding to the method number, adds the method number at the beginning, generates a converted identity code, and generates a converted identity code from the OS. A user terminal characterized in that it acquires time and generates the time identity code by performing a bitwise XOR operation on the first Unix time with respect to the converted identity code.
In the ID management system that issues and manages electronic ID cards included in the ID system for identity verification using electronic ID cards,
A deep link creation server that generates and returns a deep link for issuing an electronic identification card in response to a request from an organization terminal;
When a request containing a device ID is received from a user terminal through the deep link, an ID issuing server issues an electronic identification card with an embedded identification code, links it to the device ID, creates a database, and delivers the electronic identification card to the user terminal. ; and
When a time identification code is transmitted from the institution's terminal, identity verification is made possible by decoding the time identification code, restoring the identification code, searching the database for an electronic identification card corresponding to the identification code, and returning the identity information. Including servers,
The identity verification server obtains a second Unix time from the OS, performs time unmasking on the time identity code, extracts a method number, and performs descrambling to restore the identity code. Management system.
According to clause 13,
An identity card management system, characterized in that the identity code is a unique key composed of numbers created by the sequence function of a relational database.
delete According to clause 13,
In response to a request from the user terminal, an ID management system further includes a temporary code generation server that generates and returns a temporary code composed of random numbers, registers the temporary code in the electronic identification table only for the validity period, and then deletes the temporary code. .