KR20140011415A - Digital system for pair user authentication, authentication system, and providing method thereof - Google Patents

Abstract

A digital system for user authentication, an authentication system, and a method for providing the systems are disclosed. The method for providing the digital system for user authentication comprises the steps of: allowing the digital system to receive a user authentication request received from an authentication system; allowing the digital system to perform local wireless communication with a predetermined pair system in response to reception of the user authentication request; and allowing the digital system to transmit, to the authentication system, authentication information corresponding to the identification information of the pair system received by the local wireless communication, wherein the authentication system can succeed in authenticating the user of the digital system if the transmitted authentication information corresponds to the identification information of a user authentication device pre-registered in the authentication system. [Reference numerals] (312) Payment terminal(POS...); (321) Card company system; (322) VAN system; (AA) Card payment

Description

Technical Field [0001] The present invention relates to a digital system, an authentication system, and a method for providing the same,

The present invention relates to a digital system, a payment system, an authentication system, and a method of providing the same. More particularly, the present invention relates to a digital system, a payment system, The present invention relates to a system and a method for providing a card that can easily perform card settlement without increasing the security and removing the card from a wallet or a pocket.

The present invention also relates to a system and method for preventing loss or theft of a card and a digital system by outputting a predetermined alarm signal so that a user can recognize the card and the digital system when they are separated by a predetermined distance or more.

The present invention also relates to a system and a method for performing authentication of a person using a digital system and a predetermined pair system (e.g., IC card, tag device, etc.).

BACKGROUND OF THE INVENTION [0002] The background of the present invention may be based on various wireless communication technologies such as payment related technology using mobile phones, RFID, NFC, or Bluetooth.

Many digital systems (e.g., PCs, tablets, navigation, music players, cameras, automotive digital systems, etc.) have been widely used due to the development of information and communication technologies. In particular, as IT technology advances, digital systems are becoming smaller and convergent. For example, a mobile communication terminal (e.g., a mobile phone, a tablet PC, etc.) performs various functions such as a camera, an information storage device, a banking (payment, transfer) function as well as an original communication function. At the same time, the devices are miniaturized to a size sufficient for users to carry through such as integration of devices.

With the convergence of various functions, digital systems not only provide convenience to users but also become an important means of influencing users' lives. In addition, due to the miniaturization of digital systems, portability is becoming higher and more expensive, the damage caused by the loss or theft of the digital system is serious, and the burden of lost or stolen is increasing.

In particular, recent digital systems such as smart phones are implemented so as to independently perform financial transactions, and there is a concern that users may suffer enormous damage when such digital systems are lost or stolen.

On the other hand, various techniques have been known for increasing the convenience and efficiency of card payment. For example, a method of allowing payment to be made to a card corresponding to the mobile phone number is known by inputting only a mobile phone number without a card.

Such an example is disclosed in Korean patent application (Application No. 10-2000-0031640, "Payment method using mobile phone number"), Korean patent application (Application No. 10-2008-0133237, "Mobile card payment system and mobile card payment Service method "), Korean patent application (Application No. 10-2008-0112238," Mobile card payment system using telephone number, mobile payment service method using the same ").

Such a conventional method has an advantage that payment can be conveniently performed only if the mobile phone is possessed without having a card. However, there is a problem that security is very low due to such convenience. For example, when a mobile phone is lost or stolen, the mobile phone number can be exposed to any number, and there is a risk that another person can perform a card payment. This risk still exists even when a password for payment is required. This is because the exposure of the password is easily exposed by malicious attack or acquaintance of the user. As a result, in the conventional method, if a fraudulent user who knows the payment password occupies the user's mobile phone even for a while, there is a risk that the fraudulent payment will occur at any time.

Especially in recent years, a new mobile payment fraud crime called smishing (SMS + Phishing) is appearing, and this smashing is an illegal payment method that an attacker finds out the authentication number used for mobile settlement. For example, if illegal SMS (usually a text message containing a specific URL) is distributed to a customer's mobile phone and the customer clicks on it, a malicious code is installed on the mobile phone, and then a text message containing the authentication number is transmitted to the malicious code producer The illegal settlement is carried out in the state where the party user can not recognize any procedure related to the settlement. As such, mobile phone settlement has a high degree of simplicity, but has a fatal weakness in security. The conventional authentication technology using a mobile phone is also a convenience similar to a mobile phone payment method, but has a weak point of being poor in security.

This problem of security always has a trade-off relationship with convenience. Therefore, a technical idea for card settlement that can enhance security and satisfy certain convenience is required. In addition, there is a need for a technical idea that can prevent loss, theft, or theft of a digital system and a card that can cause enormous damage when lost, stolen, or stolen.

In addition, there is a need for a technical idea that can provide a highly secure personal authentication protocol that can be implemented in a form similar to payment through a digital system and a pair system as well as a card payment.

The conventional technology related to the authentication of the user is the mobile phone authentication mentioned briefly above. In addition, there is an authentication of an authorized certificate, an authentication of an Internet Personal Identification Number (i-PIN), or a credit card. Authorized certificate authentication is an authentication protocol with a relatively high security level, but it is not easy to carry the authorized certificate stably and there are disadvantages such as complicated authentication process. In addition, the official certificate is also information that is handled online, and in recent years, a large number of accredited certificates have been leaked, causing safety problems. The i-PIN has a cost limitation in that it is not easy for a user to remember a new number using a virtual resident registration number method, and that separate devices for encrypting and decrypting a virtual number must be installed in each service providing system. Personal authentication using a mobile phone and personal authentication using a credit card are methods of authenticating the occupation of a mobile phone using the above-mentioned authentication number, which is problematic in that it is vulnerable to smsing. In addition, since all of these conventional technologies use a password (certificate password, I-PIN password) or an authentication number, if a password or an authentication number is exposed to another person, the authentication of the user is inevitable.

Accordingly, a technical idea that can provide a highly secure personal authentication protocol while maintaining convenience compared with the conventional technologies is required together with a payment protocol.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a digital system and a payment system capable of enhancing security by allowing a user to carry out card settlement while occupying two independent objects of a digital system and a card, Side system, and a method thereof.

At the same time, it is possible to perform a payment request using identification information (for example, a mobile phone number) of a digital system (e.g., a mobile phone) rather than card information that is difficult for a user to memorize, So that it is possible to provide a system and method which can provide convenience with which it is possible to perform settlement without taking out a card from a wallet or a pocket or the like together with excellent security.

In addition, by not taking out the card, it is possible to reduce the possibility of loss of the card, and when an alarm is given to the user when the digital system and the card are separated by a predetermined distance or more, the digital system as well as the card can be lost, stolen or stolen And to provide a method and a method for preventing such a problem.

It is another object of the present invention to provide a system and method that can be used not only for authentication of a card settlement using a digital system and a pair system but also for authentication of a user to authenticate that the user is an authorized person.

According to another aspect of the present invention, there is provided a digital system providing method for authenticating a user, the method comprising the steps of: a digital system performing near field wireless communication with a predetermined pair system for authenticating the user; And transmitting the authentication information corresponding to identification information of the pair system to a predetermined authentication system, wherein the identification information of the authentication apparatus registered in advance in the authentication system corresponds to each other The authentication of the user of the digital system or the user of the second digital system that has requested the authentication of the user by the authentication system is successful.

It is preferable that the digital system further includes a step of setting the personal authentication apparatus in the authentication system, wherein the step of setting the personal authentication apparatus comprises: Performing a second personal authentication through an authentication system, and if the second personal authentication is successful, the digital system transmits identification information of the personal authentication apparatus to the authentication system.

The step of transmitting, by the digital system, the identification information of the principal authentication apparatus to the authentication system includes the steps of: the digital system performing near field wireless communication with the principal authentication apparatus; And transmitting identification information of the principal authentication apparatus obtained from the authentication apparatus to the authentication system.

It is preferable that the digital system further includes a step of setting the personal authentication apparatus in the authentication system, wherein the step of setting the personal authentication apparatus comprises: Receiving information about at least one pair system corresponding to the user from an authentication system, and based on information about the received at least one pair system, And transmitting information on the authentication device to the authentication system.

Further, the authentication system further stores identification information of the authentication digital system, and the identification information of the digital system confirmed by the authentication system and the identification information of the authentication digital system of the user are corresponding to each other, And authentication of the user is succeeded.

Further, the digital system providing method for performing the authentication of the user further includes the step of the digital system receiving the authentication execution request received from the authentication system, wherein the digital system receives the authentication execution request received from the authentication system Wherein if the digital system corresponding to the second digital system is specified by the authentication system so that authentication of the user that is a user of the second digital system is performed, Authentication request for authentication.

According to another aspect of the present invention, there is provided a method of providing an authentication system for performing authentication of a user, comprising the steps of: determining whether authentication information received from a digital system corresponds to identification information of a principal authentication apparatus registered in advance in the authentication system; And determining that the authentication of the user of the digital system or the user of the second digital system that has made the authentication request with the authentication system succeeds, if the authentication system should correspond to the determination result, Information may be information corresponding to the identification information of the pair system transmitted from the digital system to the authentication system when the digital system and the predetermined pair system perform short-range wireless communication.

It is preferable that the authentication system providing method further includes a step of the authentication system establishing the authentication apparatus by communicating with the digital system, The system performing a second identity authentication of the user of the digital system, and, if the second identity authentication is successful, the authentication system receiving identification information of the identity authentication apparatus received from the digital system .

The identification information of the principal authentication apparatus may be information transmitted from the principal authentication apparatus through the digital system to the authentication system when the digital system and the principal authentication apparatus perform short range wireless communication .

It is preferable that the authentication system providing method further includes a step of the authentication system establishing the authentication apparatus by communicating with the digital system, Wherein the system is operable to transmit information about the at least one pair system corresponding to the user to the digital system, and wherein the authentication system further comprises: And receiving information on the identity authentication apparatus.

Further, the authentication system providing method for performing the authentication of the user may include the steps of: storing the identification information of the authentication digital system of the user; and the authentication system verifying the identification information of the digital system, Wherein the identification information of the digital system further corresponds to the identification information of the digital verifying system of the digital verifying system, Is determined to be successful.

The authentication system providing method for performing the identity authentication may be recorded in a computer-readable recording medium on which the program is recorded.

According to an aspect of the present invention, there is provided a digital system for authenticating a user, the digital system including a transmission module for transmitting predetermined information to an authentication system, a short- And a control module for controlling the authentication system to transmit authentication information corresponding to identification information of the pair system received via the short-range wireless communication to the authentication system, wherein the authentication information and the authentication The authentication of the user of the digital system or the user of the second digital system that made the authentication request to the authentication system by the authentication system should be successful if the identification information of the authentication device registered in advance in the system should correspond to each other . ≪ / RTI >

The digital system further includes a receiving module for receiving a user authentication request received from the authentication system. The communication module performs short-range wireless communication with the pair system in response to receiving the authentication request can do.

In addition, the control module may control the authentication system to transmit the authentication information to the authentication system only when the pair system and the communication module perform short-distance wireless communication.

The authentication request may be transmitted to the digital system corresponding to the second digital system when the second digital system requests authentication of the first digital system by the authentication system.

According to an aspect of the present invention, there is provided an authentication system for performing authentication of a principal, comprising: a receiver for receiving authentication information from a digital system; And determines whether the user authentication of the user of the digital system or the user of the second digital system that has made the authentication request to the authentication system by the authentication system is successful, Wherein the authentication information is information corresponding to the identification information of the pair system transmitted from the digital system to the transmission unit when the digital system and the predetermined pair system perform short range wireless communication have.

The authentication system further includes a transmitter for transmitting the authentication request to the digital system, and the receiver may receive authentication information from the digital system in response to the transmission.

The control unit may store the identification information of the principal authentication apparatus received from the digital system in the DB to set the principal authentication apparatus.

Further, the control unit may set the authentication apparatus to authenticate a user of the digital system through a second authentication method.

The control unit may identify the identification information of the digital system, determine whether the identified identification information of the digital system corresponds to the identification information of the authentication digital system stored in the DB, It is determined that the identity authentication is successful if it corresponds to the identification information of the authentication digital system.

According to the technical idea of the present invention, since payment is performed by occupying both the digital system and the pair system (for example, a card) which the user is always carrying, There is an effect that the security is significantly higher than when the settlement is performed.

In addition, even if the card is not removed from the purse for payment of a card, a payment request can be made by inputting identification information (for example, a mobile phone number) of a digital system that the user knows, and payment confirmation or approval can also be performed through tagging as a contactless communication As a result, it occupies both the digital system and the card, but the card does not need to be touched or removed at all, thereby providing convenience of settlement.

In addition, when the digital system and the card are simply tagged, the payment information is not approved, but the confirmation signal is transmitted when a certain requirement for transmitting the payment confirmation signal is satisfied, or the tag information is transmitted to the payment- So that it is possible to cope with forgery and falsification of any one system (digital system or card).

Further, even when the digital system receives at least a part of the card information from the card to transmit the card information used for card settlement to the payment-side system after tagging, the security procedure The related information is not leaked even when the digital system is attacked after the payment, and card settlement is not performed without performing the tagging.

In addition, when the digital system and the card are separated by a predetermined distance or more, the user can recognize the digital system and the card, thereby preventing loss, theft, or theft by not taking out the card. At the same time, Or the prevention of theft can be prevented.

In addition, the technological idea of the present invention, that is, occupying two separate objects (e.g., cards) capable of short range wireless communication with the digital system and the digital system, There is an effect that it can be used for the authentication of the user.

In particular, the authentication method according to the technical idea of the present invention occupies an independent offline object as compared with the conventional technologies, and has an excellent effect in security. In the case of mobile phone authentication, it is possible to occupy independent offline items as in the present invention. However, not only is there a difference between the occupation of one independent object and the occupation of two independent objects, The pair system in the invention is usually carried in a purse, which has the advantage that the possibility of loss is significantly lower than that of a mobile phone. That is, the authentication method of the present invention according to the technical idea of the present invention is an authentication method combined with on-line and off-line procedures, unlike authentication of the user only through the conventional on-line procedure, And by using the self-authentication device normally carried in the body as the authentication means of the user, the user's trust in security can be significantly higher than that of the conventional authentication method.

Accordingly, the authentication method and settlement according to the technical idea of the present invention have excellent convenience and security compared with the conventional technologies.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 shows schematic systems for implementing a digital system providing method according to an embodiment of the present invention.
FIG. 2 shows a schematic flow chart of a digital system providing method according to an embodiment of the present invention.
3 is a diagram showing a schematic configuration of a digital system according to an embodiment of the present invention.
4 is a diagram for explaining a case where payment related information is displayed according to a digital system providing method according to an embodiment of the present invention.
FIG. 5 is a diagram for explaining a settlement process in the case where a settlement-side system transmits part of card information to settlement-related information according to an embodiment of the present invention.
6 is a diagram for explaining a process of transmitting an acknowledgment signal when the digital system meets the requirement for transmitting an acknowledgment signal according to an embodiment of the present invention.
7 to 9 are views for explaining a process in which a digital system transmits card information to an acknowledgment signal according to an embodiment of the present invention.
10 is a diagram for explaining a process of outputting an alarm signal when the digital system and the card are separated by a predetermined distance or more according to an embodiment of the present invention.
11 is a diagram showing a schematic configuration of a settlement side system according to an embodiment of the present invention.
FIG. 12 is a view for explaining a concept of performing authentication by a digital system and a pair system according to an embodiment of the present invention.
FIG. 13 shows an example of a screen provided by the authentication system to the digital system for authentication of the user according to an embodiment of the present invention.
FIG. 14 is a diagram for explaining a process of setting a personal authentication apparatus according to an embodiment of the present invention.
15 is a diagram for explaining a process of authenticating a user of a second digital system according to an embodiment of the present invention.
16 is a diagram for explaining a schematic configuration of an authentication system according to an embodiment of the present invention.

In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

1 shows schematic systems for implementing a digital system providing method according to an embodiment of the present invention.

1, a digital system (hereinafter, referred to as a 'digital system') 100, a card 200, and a payment system 300 may be provided to implement a digital system providing method according to an embodiment of the present invention .

The digital system 100 can implement the technical idea of the present invention while transmitting and receiving necessary information to the payment-side system 300 through a wire / wireless network. In addition, the digital system 100 may acquire information stored in a card storage device provided in the card 200 by performing tagging with the card 200.

In this specification, tagging refers to the case where the digital system 100 and the card 200 are within a certain distance (for example, in the case of NFC communication) in order to conduct communication in a contactless manner, such as RFID communication or NFC communication, 10 cm, etc.). The user can perform tagging by bringing the digital system 100 or the card 200 close to the card 200 or the digital system 100 within a certain distance.

Although the digital system 100 is shown as a mobile phone in FIG. 1, the digital system 100 can communicate with the payment-side system 300 via a wired / wireless network, and can exchange data with the card 200 through any type of data processing apparatus Can be defined as including meaning. For example, the digital system 100 may be a data processing device, such as a tablet, a music player, or the like, which is easy for the user to carry around.

The card 200 may be a financial transaction means that can be used for card settlement. The card 200 may include a predetermined first communication device (e.g., an RF antenna, an RF tag, etc.) for performing tagging communication with the digital system 100. In addition, the card 200 may further include a storage device in which information necessary for realizing the technical idea of the present invention can be stored. For example, the card 200 may be implemented as an IC card or a smart card with an IC chip embedded therein. The card settlement may be performed only by the technical idea of the present invention, Or a financial transaction means capable of performing card settlement in the form of a credit card.

In any case, according to the technical idea of the present invention, when the digital system 100 is assumed that the user (owner, occupant) of the digital system 100 also has the card 200 (i.e., The settlement can be performed with the card according to the technical idea of the present invention. Therefore, since the card settlement can be performed by occupying both the digital system 100 and / or the card 200, the security can be significantly increased. In addition, since the user does not have to remove the card from the wallet or the pocket, the user can perform the settlement relatively conveniently compared to the high security. For example, after the user inputs identification information (e.g., a mobile phone number) of his or her digital system 100 online, the payment related information is transmitted from the payment system 300 to the digital system 100 When the digital system 100 is received, the card settlement can be completed by simply tagging the digital system 100 in the wallet or pocket in which the card 200 is stored.

The card 200 may further include a second communication device for performing alarm pairing separately from the digital communication system 100 and the first communication device for tagging. Also, the card 200 and the digital system 100 can maintain a pairing state within a certain distance through the second communication device.

The pairing state may be a state in which the digital system 100 and the card 200 are in a communicable state or a state in which communication is possible and a predetermined criterion (for example, the intensity of a communicated signal is equal to or greater than a certain level) is satisfied. The digital system 100 and the card 200 may be in a paired state when the user of the digital system 100 has the card 200. [ Can be implemented.

In this way, if the user has both the digital system 100 and the card 200, the pairing state can be maintained. As will be described later, according to the technical idea of the present invention, when the digital system 100 and the card 200 are separated by a predetermined distance or more, the digital system 100 transmits a notification signal Can be output. Therefore, the risk of losing or stolen any one of the digital system 100 and / or the card 200 can be prevented altogether. In this specification, the function of outputting an alarm signal when the pairing state is maintained at a normal distance and is further apart by a predetermined distance is defined as an 'alarm pairing' function in this specification.

In order for the digital system 100 to perform the alarm pairing function, the card 200 may preferably have its own power source. Since the digital system 100 and the card 200 should be able to communicate with each other when they are held by the same user, communication protocols capable of communicating at least within a predetermined distance (for example, 1 meter to several meters) It is preferable that the digital system 100 and the second communication device provided in the card 200 can maintain a pairing state. The communication protocol for the alarm pairing function may be various. It is desirable that communication be possible within a certain distance (e.g., 1 meter to several meters) of any communication protocol. Further, even if the communication distance of the communication protocol is longer than the predetermined distance (for example, 1 meter to several meters), the distance can be determined through the intensity of the signal. And is further than a predefined distance, the digital system 100 may output an alarm signal.

Of course, the card 200 may be implemented with an IC card (or smart card) 201 that does not have its own power source but can store predetermined information and perform simple calculations. For example, the card 200 has its own computation capability and storage capability, and a system in which a predetermined first communication device for technical idea of the present invention is added to an IC card or a smart card, Lt; / RTI >

The settlement side system 300 is defined as including all systems participating in receiving a settlement request to perform card settlement, communicating with the digital system 100, or determining whether to approve settlement . For example, the payment-side system 300 may include various receiving systems 310 for receiving payment requests and an approval system 320 for approving payment requests requested through the receiving system 310 . In some implementations, a user of the digital system 100 may enter a payment request into the authorization system 320. [ That is, the receiving system 310 may not be included in the payment-side system 300.

The receiving system 310 may be implemented by, for example, a Web server 311 providing a page or UI for online settlement, a card payment terminal 312 installed at an affiliate shop, or an ATM (Automatic Teller's Machine) 313 . The receiving system 310 may be a system capable of receiving a payment request from the digital system 100 or from a user of the digital system 100. In addition, the payment request can be performed by receiving identification information (e.g., mobile phone number) of the digital system 100. [

The approval system 320 is a system in which the card issuer system 321 (the card issuer system 321 in the present invention) which can settle the settlement request with the card 200 performs card settlement as well as an independent card company system (Meaning not including all financial institution systems (not shown)). In addition, according to an embodiment, the approval system 320 may further include a VAN system 322 for interfacing the card issuer system 321 and the reception system 310. 1, a predetermined service system (not shown) for implementing the technical idea of the present invention is connected to the card issuer system 321 and / or the VAN system 322 Or may be further included to be coupled via a wired or wireless network. The VAN system 322 may further perform the functions of the receiving system 310 according to an embodiment.

In any case, the payment system 300 is connected to a network path from the receiving system 310 to the card issuer system 321 in which the digital system 100 or a user of the digital system 100 inputs a payment request. May be defined to include all systems that exist in the network. Of course, there may be cases where the card issuer system 321 performs the functions of the receiving system 310 as well.

Hereinafter, a process of performing payment according to the technical concept of the present invention will be described in more detail. Hereinafter, for convenience of description, the digital system 100 is implemented as a mobile phone, and the identification information of the digital system 100 is a mobile phone number of the mobile phone. However, The scope of rights is not limited thereto.

FIG. 2 shows a schematic flow chart of a digital system providing method according to an embodiment of the present invention.

Referring to FIG. 2, a user of the digital system 100 may transmit a payment request to the payment-side system 300 by inputting the identification information of the digital system 100 (S100). For example, a user may access a predetermined web page on-line through a data processing apparatus (e.g., a computer) of a subscriber, and then perform an online settlement. Then, the user can input the identification information (e.g., mobile phone number) of the digital system 100 to the web server 311 that provides the web page or the UI for online settlement. According to the embodiment, identification information (for example, a mobile telephone number) of the digital system 100 may be input to a payment terminal installed at a predetermined merchant on the off-line. In this case, the user may input the identification information, and if the user informs the identification information of the digital system 100, the member of the merchant may input the identification information. Alternatively, the identification information (for example, a mobile telephone number) may be input to the predetermined ATM 313. In this manner, by making a payment request using the identification information (for example, a mobile phone number), the user does not take out a card for a payment request, thereby providing convenience and various security effects. That is, since the card information is generally high in probability that the user can not memorize, there is a high possibility that the card should be taken out in order to request the payment by inputting the card information. In this case, there is a risk of loss as well as inconvenience. If you inform others or input directly online, there is a risk of information leakage. Therefore, technical ideas that use card information but do not remove the card can have a very significant effect on security.

Further, the identification information (e.g., a mobile phone number) may be used when the payment-side system 300 transmits settlement-related information to the digital system 100. [

When the payment request is performed by inputting the identification information (e.g., mobile phone number) to the payment system 300, the digital system 100 transmits the payment related information output from the payment system 300 (S110).

The payment related information may include payment history information corresponding to at least a payment request. In addition, as will be described later, predetermined information for implementing the technical idea of the present invention may be further included in the settlement related information.

When the settlement related information is received and the payment history information included in the payment related information is displayed in the digital system 100, the user confirms the displayed information and then transmits the digital system 100 to the card 200 (S120). Then, the digital system 100 may transmit an acknowledgment signal to the payment-side system 300 (S130). The payment history information may include identification information (e.g., (callback) URL of the payment system 300 for outputting the confirmation signal). Accordingly, the digital system 100 may transmit the confirmation signal to the payment-side system 300 outputting the payment-related information. Upon receiving the confirmation signal, the payment-side system 300 can approve the settlement corresponding to the settlement request (S140). Then, settlement can be performed with the card.

According to one embodiment, the payment related information received in the digital system 100 may be displayed in the digital system 100 only after the tagging S120. When the settlement history information included in the settlement related information is displayed, the digital system 100 can transmit an acknowledgment signal to the settlement system 300 (S130). Of course, the user may select the predetermined UI to transmit the confirmation signal. Then, the payment to the card corresponding to the payment request may be accepted and processed by the payment-side system 300 (S140).

A specific configuration of the digital system 100 according to an embodiment of the present invention for realizing this technical idea is shown in Fig.

3 is a diagram showing a schematic configuration of a digital system according to an embodiment of the present invention.

1 and 3, a digital system 100 according to an exemplary embodiment of the present invention includes a control module 110, a reception module 120, a transmission module 130, and a communication module 140 . The digital system 100 may further include a storage device 150, a security module 160, and / or an alarm module 170.

Herein, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Thus, each of the above configurations refers to a combination of hardware and software that performs the functions defined herein, and does not mean a specific physical configuration.

The control module 110 may control the other components included in the digital system 100 such as the reception module 120, the transmission module 130, the communication module 140, the storage device 150, (E.g., the security module 160, and / or the alarm module 170, etc.).

When the payment request including the identification information (for example, a mobile phone number) of the digital system 100 is input to the payment system 300, the reception module 120 receives payment information from the payment system 300 Information can be received. The identification information (e.g., a mobile telephone number) may be entered by a predetermined data processing device (e.g., a computer, etc.) used by a user of the digital system 100 and transmitted to the receiving system 310, (For example, a predetermined franchise-side employee, etc.) may be manually entered into the receiving system 310. [ Or the identification information (e.g., mobile telephone number) may be transmitted to the receiving system 310 via the digital system 100. [ The authorizing system 320 may then receive the payment history information and the payment request from the receiving system 310. Then, the approval system 320 may transmit the settlement related information to the digital system 100. The settlement related information may be transmitted to the digital system 100 with a message (e.g., SMS, MMS, etc.) or may be transmitted to the digital system 100 with predetermined packet data. In the latter case, when a predetermined application for implementing the technical idea of the present invention is installed in the digital system 100 and the approval system 320 transmits the payment related information through the wired / It is possible.

The transmission module 130 may transmit an acknowledgment signal to the approval system 320 included in the payment system 300. [ The confirmation signal may be a signal indicating that the tagging is performed, a signal that can be transmitted before tagging without transmitting tagging information, or may include at least a part of card information to be used for payment as described later. The transmission of the acknowledgment signal may be controlled by the control module 110. The control module 110 may determine what information to include in the acknowledgment signal. Also, the acknowledgment signal may be a combination of consecutively transmitted signals instead of information transmitted one time.

When the payment related information is received by the receiving system 310, the communication module 140 may perform tagging with the card 200. The communication module 140 may receive the identification information of the card 200 and may receive information stored in the card storage device included in the card 200 when necessary.

The control module 110 may determine whether the communication module 140 has been tagged with the card 200. [ Alternatively, specific information may be received from the card 200 via the tagging. In any case, the control module 110 may control the transmission module 130 to send the acknowledgment signal to the payment-side system 300 after the tagging has been performed. Also, the control module 110 may include information necessary for implementing the technical idea of the present invention in the acknowledgment signal.

When the confirmation signal is received, the payment-side system 300 can perform a payment approval process in which the payment corresponding to the payment request is approved to the card 200. If the settlement corresponding to the settlement request is approved by the card 200, it is possible to check the credit limit of the card 200 or the balance of the account corresponding to the card 200, The payment process can be defined to include a series of data processing processes in which the payment process is performed so that the payment process can be performed. The payment approval process of the card settlement process is well known in the art and will not be described in detail. On the other hand, the payment system 300 may need to know the card information of the card 200 in order to perform settlement with the card 200. To this end, the payment system 300 may store card information corresponding to identification information (for example, a mobile phone number) of the digital system 100 in a predetermined DB in advance. When the payment request is received from the digital system 100 and the confirmation signal is received, payment using the card information can be performed.

In some implementations, the payment system 300 may not store the card information. In this case, the payment-side system 300 may receive the card information of the card 200 from the digital system 100, and approve the settlement using the received card information. At this time, the card information may be included in the confirmation signal. This will be described later.

The storage device 150 may be configured to store information necessary to implement the technical idea of the present invention. According to an exemplary embodiment, a portion of the card information may be stored in the storage device 150 in advance. Also, the information received from the payment-side system 300 or the card 200 may be temporarily stored in the storage device 150.

When the predetermined information received from the card 200 and / or the payment-side system 300 is used, the security module 160 deletes the information and enhances security. As will be described later, the control module 110 may include the card information in the confirmation signal and transmit the card information to the payment-side system 300, and all or a part of the card information may be information Lt; / RTI > In this case, if the card 200 is received by an unauthorized user and is attacked by hacking or the like, if the card 200 is completely or partially still left in the storage device 150, And there is a risk that settlement can be performed using the card information even if the tagging is not performed. Accordingly, when one of the settlements is completed, the security module 160 deletes at least a part of the card information received from the card 200, thereby completing the integrity and security of the settlement solution according to the technical idea of the present invention The height can be important.

Meanwhile, the alarm module 170 may perform an alarm pairing function as described above. That is, it is possible to determine the distance to the card 200, and to output a predetermined alarm signal based on the determination result. For this, the alarm module 170 can perform RF communication with a predetermined communication device included in the card 200. At this time, the communication module 140 and the communication performed by the card 200 Communication may be performed using other types of communication protocols.

According to one embodiment, when the digital system 100 performs tagging with any one of a plurality of cards in the user's name, settlement may be performed with the card information of the tag on which the tagging has been performed. That is, the card to which the technical idea of the present invention is applied may not be predetermined. At this time, the card information on which the tagging has been performed may be included in the confirmation signal and may be transmitted to the payment-side system 300, and the card settlement may be performed by the transmitted card information.

According to another embodiment, a card to be settled in accordance with the technical idea of the present invention may be predetermined. In this case, the payment-side system 300 may include the card identification information (e.g., card information or unique identification information of the card) capable of identifying the card in the settlement related information and transmit the card identification information to the digital system 100 It is possible. Then, the control module 110 may control to transmit the confirmation signal only when tagging with the card corresponding to the card identification information is performed. It is needless to say that the identification information of at least one card corresponding to the identification information (for example, a mobile phone number) may be stored in the payment system 300 in advance.

Meanwhile, as described above, the control module 110 may display the settlement related information received from the payment system 300 without any special condition, and the digital system 100 and the card 200 must be tagged Display. This is because it may be undesirable to display the payment related information in the digital system 100 in such a case that a person is temporarily occupying or viewing the digital system 100 .

According to an embodiment, a user may output an acknowledgment signal through a predetermined UI displayed only when the settlement related information is displayed. In this case, since the payment related information is also personal information to be protected, the payment related information can be confirmed only when the digital system 100 and the card 200 are occupied by the user. In addition, It is possible to output it to the settlement side system 300.

Such an example is shown in Fig.

4 is a diagram for explaining a case where payment related information is displayed according to a digital system providing method according to an embodiment of the present invention.

4A and 4B, the digital system 100 receives settlement-related information from the settlement-side system 300 and then transmits the settlement-related information among the settlement-related information to the digital system 100 And a display unit provided in the display unit. Alternatively, as shown in FIG. 4B, it may be notified that the payment history can be displayed only after tagging with the predetermined card 200, without displaying information on the payment history.

As shown in FIG. 4A, the settlement related information may include information on a payment history (e.g., a payment amount, an affiliate store (or ATM device information, etc.)). The settlement related information may include identification information (e.g., URL, callback URL, IP, etc.) of the settlement side system 300 required for the digital system 100 to transmit an acknowledgment signal. Since the identification information of the settlement side system 300 may include identification information such as unit data such as packets constituting the settlement related information, the settlement related information may be recognized by the digital system 100 when the settlement related information is received. Therefore, the identification information of the payment-side system 300 may be defined as being included in the payment-related information. Of course, the identification information may not be displayed in the digital system 100.

In addition, the settlement related information may include card identification information for identifying the card 200. [ The card identification information may be card information, a name of a card, or the like, and may be implemented with various information that can identify the card 200. The card identification information may be information stored in the payment-side system 300 in advance so as to correspond to identification information (for example, a mobile phone number) of the digital system 100 included in the payment request. In some embodiments, the payment side system 300 may not separately store card identification information of the card 200. In this case, the card identification information may not be included in the payment related information.

In the case where the card identification information is included, the digital system 100 may transmit the confirmation signal to the payment-side system 300 after the card corresponding to the card identification information and the digital system 100 have been tagged . The communication module 140 may receive identification information of the card through tagging with the card 200 and the control module 110 may transmit the card identification information included in the payment related information to the card 200 May correspond to the received information.

The payment system 300 can select which information to include in the payment related information. The control module 110 also determines whether or not to display any of the information included in the payment related information on the display device You can also choose.

Meanwhile, as shown in FIG. 4B, information (for example, payment details) included in the settlement related information may be displayed when tagging is performed. In this case, the digital system 100 may simply display information indicating that a payment request has been made and / or information to perform tagging with a specific card. Depending on the implementation, the particular card may be informed (or displayed) to the user, or may not.

Also, although not shown in FIG. 4, the payment related information may include information on a predetermined UI for allowing the user to output the confirmation signal. Accordingly, the user may control the digital system 100 to output the confirmation signal to the payment-side system 300 only when the payment-related information is displayed.

According to another embodiment of the present invention, the settlement related information may include information on a first part, which is a part of card information of a card 200 to be tagged. The payment system 300 may store card information of the card 200 in advance. In this case, the payment system 300 may include a part of the stored card information in the payment related information, To the system 100. Then, the digital system 100 may include information on the second part corresponding to the first part in the confirmation signal. The information on the second part corresponding to the first part may be information excluding the first part of the card information, or may be a combination of various types. In any case, the second part may be information that can be automatically determined when the first part is determined. According to an embodiment, the second part may be the entire card information. The payment system 300 may approve the payment according to whether the information on the second part corresponds to the first part and / or the card information. Through this process, it is possible to prevent the possibility that unauthorized payment occurs, such as when the card 200 is forged or falsified, or when the software installed in the digital system 100 is forged or falsified to implement the technical idea of the present invention.

An example of this is shown in Fig.

FIG. 5 is a diagram for explaining a settlement process in the case where a settlement-side system transmits part of card information to settlement-related information according to an embodiment of the present invention.

Referring to FIG. 5, the payment system 300 according to an exemplary embodiment of the present invention may extract a part or a first part of stored card information (for example, 1234-5678) (S10). The extracted information may be, for example, 12X4-X678, that is, 1, 2, 4, 6, 7, 8 of the card information. Then, the payment-side system 300 may transmit the information on the first part (for example, information on the number of the extracted card numbers) to the settlement related information (S20).

When the digital system 100 receives the information on the first part and then tags the card 200 with the card 200, the communication module 140 transmits the second part 3 ₃ , 5 ₅ ) (S30). Here, the notation A _b may indicate that the b-th information of the card information is A. The acquisition of information on the second part means that after the digital system 100 acquires all of the card information stored in the card storage device of the card 200, information on the second part (information and / or information on the second part) It may be a case of extracting only the information of the second part from the card 200, or may be a case of acquiring information of the second part from the card 200 only.

Then, information on the second part received from the card storage device of the card may be transmitted to the payment-side system 300 (S40). At this time, the information on the second part may be included in the acknowledgment signal or transmitted separately. Then, the payment system 300 may determine whether information on the second part received from the digital system 110 corresponds to the first part (S50). That is, the stored card information and the information about the second part can be compared. In step S60, the payment system 300 determines that the information on the second part corresponds to the first part.

The settlement side system 300 can select whether or not to extract the first part of the card information, and can select different numbers each time the card information is extracted.

Also, depending on the embodiment, the payment system 300 and the digital system 100 may share an algorithm of how many digits are to be extracted as a first part. For example, information on the number of the first part and the number of the first part may be determined according to a time zone, and a rule for selecting the first part may be provided between the payment system 300 and the digital system 100 Can be synchronized. For this purpose, it is a matter of course that certain software codes or applications distributed by the payment system 300 may be installed in the digital system 100. In this case, the payment related information may not include information on the first part.

In addition, the first part and the second part may be various embodiments. In any case, the information about the first part that the digital system 100 receives from the payment-side system 300 may be information for specifying a second part corresponding to the first part. Information about two parts may be stored in the card 200. The payment related information may be displayed or the confirmation signal may be transmitted if information on the second part corresponding to the first part is received from the card 200 through tagging. That is, whether or not the first part and the second part correspond to each other may be determined by the digital system 100, not by the payment system 300. Of course, in this case, information on the second part may not be transmitted to the payment-side system 300. Such an example is also shown in Fig. 6 to be described later.

On the other hand, the payment-side system 300 may receive a confirmation signal from the digital system 100 to approve the requested payment. At this time, the acknowledgment signal may simply be a signal confirming that it is legitimately requested by the user. Alternatively, the confirmation signal may include card information for approval of settlement and settlement processing. In the former case, the card information of the card is stored in the payment-side system 300, and in the latter case, the card information may not be stored in the payment-side system 300.

However, in the former case, when the digital system 100 transmits only an acknowledgment signal, payment is accepted and processed, so that a predetermined technical idea for enhancing security can be further provided. That is, although the confirmation signal is controlled to be output only when the tag is tagged, there may be a case where the digital system 100 can output an acknowledgment signal even if the digital system 100 is forged due to an attack such as hacking and is not tagged. An additional security scheme may be required to prepare for this case, and this security scheme may be implemented by further determining whether the control module 110 has satisfied the confirmation signal transmission requirement.

This confirmation signal transmission requirement can only be met by receiving certain information from the card 200. An example of this is shown in Fig.

6 is a diagram for explaining a process of transmitting an acknowledgment signal when the digital system meets the requirement for transmitting an acknowledgment signal according to an embodiment of the present invention.

Referring to FIG. 6A, the control module 110 of the digital system 100 may determine whether the digital system 100 and the card 200 are tagged (S120). Then, the control module 110 can further determine whether a predetermined confirmation signal transmission requirement is satisfied (S125). If it is determined that the confirmation signal transmission requirement is satisfied (S125), the control module 110 may control the transmission module 130 to transmit the confirmation signal (S130). Otherwise, it is possible to control not to transmit the acknowledgment signal. Accordingly, the control module 110 may perform a double check, i.e., whether tagging has been performed to transmit the confirmation signal and whether the confirmation signal transmission requirement has been satisfied.

The confirmation signal transmission requirement may be satisfied when the second information corresponding to the predetermined first information is received from the card 200 as shown in FIG. 6B or 6C. The first information and the second information may be pairs (or concave / convex) information. For example, as described above with reference to FIG. 5, the first part, which is a part of the card information, and the second part, which is a remaining part, may be the first information and the second information.

In addition, the information held only by the card 200 may be the second information. For example, if specific information is stored in advance in the card 200, the first information may be information corresponding to the specific information. When the first information and the second information are both acquired by the digital system 100, the control module 110 can determine whether the confirmation signal transmission requirement is satisfied.

For example, as shown in FIG. 6B, the payment system 300 may transmit predetermined encrypted information (first information) to the digital system 100 (S126). The decryption key of the encrypted information (first information) may be identification information (second information) of the card 200 or information that can be generated by the identification information. The digital system 100 receives identification information of the card 200 from the card 200 (S126-1), and the received identification information (second information) is converted into the encrypted information (first information). It may be determined whether the correspondence (S126-2). The control module 110 may determine whether the first information and the second information correspond to each other whether or not the encrypted information is decrypted using the identification information or a predetermined key generated using the identification information .

According to an embodiment, the first information may be stored in advance in the digital system 100 as shown in FIG. 6C (S127). Then, the digital system 100 receives the second information from the card 200 (S127-1), and determines whether the received second information and the first information correspond to the information S127-2).

Although the second information is identification information of the card 200, any information stored in the card 200 may be the second information. In addition, the second information may be information previously known to the payment system 300 or the digital system 100. Accordingly, the payment system 300 may transmit the first information corresponding to the second information, or the digital system 100 may generate the first information. According to an example, the first information may be information indicating a number of the card information composed of a series of numbers. The second information may be an actual number corresponding to the first information. Then, when the digital system 100 knows the card information of the card 200, it can determine whether the first information and the second information correspond to each other.

In addition, the first expert and the second information may be various embodiments, and the average expert in the technical field of the present invention will be able to easily deduce it.

As described above, the technical idea of the present invention is that even if the card information of the card 200 is stored in the payment system 300 in advance and the confirmation signal is a signal indicating that the payment request has been confirmed by the user, Can be provided.

According to another embodiment of the present invention, the confirmation signal may include card information of the card 200, and the payment system 300 may receive the confirmation information and the card information included in the confirmation signal It is possible to perform payment to the card 200 by using the card information. At this time, the payment system 300 may or may not store the card information. According to an embodiment, the confirmation signal may include only a part of the card information of the card 200. [ In this case, the settlement side system 300 may store the remaining part of the card information, or may store the entire card information. In any case, the card information can be specified by the payment-side system 300 only if all or part of the card information is included in the confirmation signal. For example, when all of the card information is included in the confirmation signal, the card information to be used for payment may be specified by the card information included in the confirmation signal. When only a part of the card information is included in the confirmation signal, the card information to be used for payment may be specified by being combined with the remaining part of the card information stored in the payment-side system 300. [ Alternatively, when only a part of the card information is included in the confirmation signal, a part of the card information may be simply used to specify the entire card information stored in the payment-side system 300. [ As a result, in any case, at least a part of the card information should be included in the confirmation signal, the payment system 300 may use at least a part of the card information included in the received confirmation signal to transmit the card information And can perform settlement processing using the specified card information. Hereinafter, for convenience of explanation, the card information included in the confirmation signal is mainly described as the card information as a whole, but the payment process can be performed in a similar manner even when only a part of the card information is included in the confirmation signal. The average expert in the field will be able to easily reason.

These examples are shown in Figs.

7 to 9 are views for explaining a process in which a digital system transmits card information to an acknowledgment signal according to an embodiment of the present invention.

Referring to FIG. 7, the storage device 150 included in the digital system 100 may store card information of the card 200 in advance (S131). For example, when the communication module 140 included in the digital system 100 is implemented as an NFC chip, card information of the card 200 may be stored in advance in an application that drives the NFC chip.

In a state where the card information is stored in the storage device 150, the digital system 100 may be tagged with the card 200 (S131-1). The control module 110 may then determine whether the tagging has been performed. In addition, when the card information is stored in the storage device 150, it may further be determined whether the tagged card 200 corresponds to the card information stored in the storage device 150. And may transmit an acknowledgment signal only in the corresponding case.

In any case, after the tagging is performed (S131-1), the control module 110 controls the transmission module 130 to transmit the card information stored in the storage device 150, (S131-2).

Then, the payment-side system 300 can approve the settlement using the card information included in the acknowledgment signal, and perform settlement processing.

Referring to FIG. 8, the card information is stored in the card 200 (S132), and the digital system 100 may not store the card information. Then, the control module 110 may control the communication module 140 to receive the card information from the card 200 through tagging (S132-1). Then, the control module 110 may control to transmit the received card information by including it in the confirmation signal (S132-2).

If the card information is stored intact by the digital system 100 after the tagging, the digital system 100 has the card information without performing tagging, and the digital system 100 In the case of receiving an attack from a hacker or the like, the card information may be leaked, and there is a risk of transmitting the card information stored in the confirmation signal to the payment system 300 without performing tagging.

To this end, the technical idea of the present invention includes a technical idea of performing a security procedure of deleting card information received from the card 200 (S150) after the confirmation signal is transmitted to the payment-side system 300 . This security procedure may be performed by the security module 160. [

For example, the card information received from the card 200 may be controlled to be stored only in a specific area of the storage device 150. Then, when the confirmation signal is transmitted, the security module 160 can perform the security procedure by deleting the information stored in the specific area.

9, part (the first part) of the card information is stored in advance in the storage device 150 of the digital system 100, and the remaining part (the second part) As shown in FIG. Only the remaining part (second part) may be stored in the card 200 or all of the card information may be stored in the card 200 according to the embodiment.

In this case, the digital system 100 may store the first part in advance in the storage device 150 (S133). The digital system 100 may receive the second part from the card 200 through tagging (S133-1). The receiving of the second part through the tagging may be performed not only in the case of receiving the second part from the card 200 but also in the case where the second part is received by the control module 110 after receiving all of the card information. But may include a case where only a portion is extracted.

Then, the control module 110 may generate the card information by combining the first part and the second part previously stored in the digital system 100 (S133-2). Then, the generated card information may be included in the confirmation signal and transmitted to the payment-side system 300 (S133-3).

Of course, the security module 160 may perform a security procedure to delete information received from the card 200 after transmitting the confirmation signal (S150) as described in FIG.

In the case where the card information is included in the confirmation signal and the payment system 300 accepts payment and performs payment processing using the card information included in the confirmation signal, There is an effect that card information corresponding to the identification information (for example, mobile telephone number) of the digital system 100 is not required to be determined. That is, the user may enter a payment request and then perform a payment by arbitrarily selecting a desired card among the cards held by the user. This has the effect of presenting the same settlement environment as that in which a user can arbitrarily select a desired card in offline and perform settlement.

8 and 9, when all or a part of the card information is to be received from the card 200, even if the digital system 100 transmits an acknowledgment signal forbidden by an attack, The card information can not be included in the payment information. As a result, payment can not be approved.

As described above, according to the technical idea of the present invention, the digital system 100 and / or the card 200 can be set up so that the user can occupy both the digital system 100 and the card 200, It is possible to prevent illegal settlement of the card 200 from being performed.

In addition, the technical idea of the present invention is to prevent the digital system 100 and / or the card 200 from being used by the digital system 100 and / or the card 200 by totally blocking the risk of being stolen or lost. It provides a technical idea that can block the possibility of fraudulent payments.

This technical idea is shown in Fig.

10 is a diagram for explaining a process of outputting an alarm signal when the digital system and the card are separated by a predetermined distance or more according to an embodiment of the present invention.

Referring to FIG. 10, the alarm module 170 included in the digital system 100 can communicate with the card 200 (S160). According to the result of the communication, the alarm module 170 can determine the distance between the digital system 100 and the card 200 (S161). Then, the alarm module 170 can output an alarm signal when the determined distance is equal to or greater than a predetermined distance (S162).

At this time, the communication between the alarm module 170 and the card 200 may be a communication performed by a communication protocol different from the communication for tagging as described above. In addition, in order for the alarm module 170 to output an alarm signal, the alarm module 170 and the card 200 may be in a state of performing communication at all times or at very short intervals. This state can be defined as an alarm pairing state. The alarm pairing function can be defined as a function of outputting an alarm signal when the alarm pairing state is released, that is, when the digital system 100 and the card 200 are separated from each other by a predetermined distance or more.

Unlike the above-mentioned alarm pairing state, pairing may be performed during NFC communication, i.e., tagging.

Whether or not the digital system 100 is in the paired state can be determined depending on whether the communication state between the digital system 100 and the card 200 meets a predetermined criterion. The communication state may depend on the distance between the digital system 100 and the card 200. [

The digital system 100 and the card 200 may perform wireless communication (e.g., RF communication). Therefore, the communication environment between the digital system 100 and the card 200 may be more affected. In this specification, since the digital system 100 and the card 200 assume a daily living environment of a person, the communication state is affected by the distance between the digital system 100 and the card 200 . Of course, when there is an object that may interfere with wireless communication between the card 200 or the digital system 100, even if the distance is sufficiently close, the pairing may not be performed, but such a situation is not considered.

When the digital system 100 and the card 200 are paired, for example, the digital system 100 and the card 200 can communicate with each other. Alternatively, it may mean that a signal of a predetermined size or larger can be transmitted to the digital system 100 and / or the card 200 even if communication is performed. That is, in a general communication environment, the digital system 100 and the card 200 may be present within a communication distance capable of communicating with each other, or within a predetermined distance shorter than the communication distance have.

Meanwhile, communication for alarm pairing between the digital system 100 and the card 200 can be performed in various ways. It is well known that, in accordance with this approach, the distance and / or environment in which pairing is possible may vary.

The communication between the alarm module 170 and the card 200 provided in the digital system 100 may be various embodiments such as Bluetooth, NFC, infrared communication, and optical communication. A communication device for communication may also be provided in the card 200. [

According to one embodiment, the digital system 100 and the card 200 may perform RF communication. For example, the digital system 100 and the card 200 can perform communication using a wireless standard protocol such as Bluetooth, Zigbee, or the like. Of course, when the Bluetooth communication is performed, the card 200 may have its own power source or may be a system capable of receiving power from the outside. On the other hand, in the case of Zigbee communication, it may be advantageous that communication can be performed with low power as compared with Bluetooth. In addition, the digital system 100 and the card 200 may perform various short-range wireless communications (e.g., IrDA, UWB, etc.) according to an embodiment, The card 200 may be provided with predetermined configurations for an environment necessary for the wireless communication.

Generally, the card 200 can be implemented to be carried in a purse of a user. Then, when the digital system 100 is owned by the user, a communication protocol capable of performing non-contact communication with the card 200 located in the purse can be selected to implement the technical idea of the present invention. It is preferable that a configuration to which such a communication protocol can be applied is provided in the digital system 100 and the card 200. [

According to one embodiment, the digital system 100 and / or the card 200 may perform communication using a plurality of different communication protocols. That is, the protocol used for communication through the tagging may differ from the protocol used for communication for alarm pairing between the alarm module 170 and the card 200.

The alarm module 170 may be a communication unit having a longer communication distance than the communication module 140. The alarm module 170 and the predetermined first communication device provided in the card 200, for example, keep the alarm pairing state, and when the alarm module 170 is in the non-paired state, the alarm module 170 outputs a predetermined alarm signal . The distance between the digital system 100 and the card 200 can be determined according to the communication state of the alarm module 170 and the first communication device, If the distance is more than a certain distance, an alarm signal can be output. Of course, the two systems 100 and 200 may be judged to be in a pairing state only if they are within the predetermined distance even within the communicable distance.

In the present specification, to emphasize the technical characteristics of the present invention, it is not considered to consider a conflict between the two systems 100 and 200 at the same time or a technical idea for avoiding the communication.

That is, the first communication protocol, that is, the communication protocol performed by the alarm module 170 and the first communication device is a protocol capable of performing communication with a relatively long distance as compared with the second communication protocol, that is, . According to an embodiment, the first communication protocol may be a protocol for relatively long communication such as Bluetooth, Zigbee, etc., and the second communication protocol may be a communication protocol for NFC (including RFID communication) communication.

This is because the first communication protocol is for alarm pairing and is a protocol for determining that the digital system 100 and the card 200 coexist within a certain distance so that the radius can reach several meters On the other hand, the second communication protocol is for exchanging information, and it may be desirable for the two systems 100, 200 to be closer to each other for information exchange.

The alarm signal may be a predetermined voice signal, a visual signal using a lamp or predetermined display information, or may be a tactile signal such as a vibration.

Thereby, there is an effect that a legitimate user blinks and the risk of the digital system 100 or the card 200 being moved, lost or lost can be reduced. Of course, there is also an effect that can reduce the probability of being stolen by others.

Meanwhile, when a legitimate user intended to carry only one of the digital system 100 or the card 200, the pairing digital system 100 may turn off the function of outputting the alarm signal, Or the card 200 may be implemented.

11 is a diagram showing a schematic configuration of a settlement side system according to an embodiment of the present invention.

The payment-side system 300 shown in FIG. 11 may be an approval system 320 included in the payment-side system 300 shown in FIG. 11 may be implemented by a card issuer system 321, a VAN system 322, or the card issuer system 321 and / or the VAN system 322 implemented for technical purposes of the present invention. (Not shown) that can be organically combined with the service system (e. G., ≪ / RTI > 322).

The settlement side system 300 may include a control unit 331, a receiving unit 332, a transmitting unit 333, and a DB 334.

The configuration of the control unit 331, the reception unit 332, and the transmission unit 333 included in the payment system 300 is not limited to the hardware for carrying out the technical idea of the present invention and the software for operating the hardware, Can mean a structural combination. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Thus, each of the above configurations refers to a combination of hardware and software that performs the functions defined herein, and does not mean a specific physical configuration.

Also, the settlement side system 300 does not mean any physical device. That is, the average expert in the technical field of the present invention can easily deduce that the payment system 300 can be implemented by organically combining different physical devices through a network.

The control unit 331 controls the functions and / or resources of other components included in the payment system 300 (for example, the reception unit 332, the transmission unit 333, and / or the DB 334) .

The receiving unit 332 may receive a payment request including identification information (e.g., a mobile telephone number) of the digital system 100. [ The receiving unit 332 may receive the payment request through the receiving system 310. Or may directly receive the settlement request through the digital system 100 or a predetermined data processing apparatus used by the user.

The transmission unit 333 can transmit settlement related information to the digital system 100. [ The control unit 331 can control whether the transmission unit 333 transmits the settlement related information or which information is included in the settlement related information.

When the digital system 100 having received the settlement related information performs tagging with a predetermined card 200, the receiving unit 332 can receive an acknowledgment signal from the digital system 100. [

When receiving the confirmation signal by the reception unit 332, the control unit 331 can approve the settlement corresponding to the settlement request to the card and perform settlement processing.

The control unit 331 may perform settlement processing using the card information of the card 200 stored in advance in the DB 334 so as to correspond to the identification information (e.g., mobile phone number) The payment processing may be performed using the card information included in the confirmation signal received from the mobile terminal. At this time, the card information included in the confirmation signal is stored in advance in the digital system 100, or information received from the card 200 or information stored in the digital system 100 and information It is also as described above that information may be generated by combining information.

The DB 334 may store card information of the card 200 if necessary.

Meanwhile, the controller 331 may extract the first part of the card information of the card 200 as described above, and may include the extracted information in the settlement related information.

Also, the controller 331 may transmit predetermined first information to the digital system 100 as described above, and the first information may be transmitted to the digital system 100 to determine whether the digital system 100 meets the confirmation signal transmission requirement May be used to determine.

On the other hand, the technical idea that requires to occupy the digital system 100 and the card capable of tagging with the digital system 100 to approve the card settlement as described above is not limited to the silk card settlement, May be used for authentication of the user to authenticate whether the user of the terminal 100 is an authorized (legitimate) user.

In order to authenticate the user according to the technical idea of the present invention, a pair system corresponding to the above-described card needs to be provided. In other words, it is not necessarily required to provide a card as a payment means for authenticating the user, and any system capable of performing short-range wireless communication with the digital system 100, that is, a predetermined pair system, may be provided. In addition, the digital system 100 and the pair system do not necessarily need to communicate through tagging, and it is sufficient to perform communication through short-range wireless communication (e.g., Bluetooth, NFC communication, etc.).

In addition, the authentication system 400 corresponding to the settlement-side system 300, particularly the approval system 320, may be provided for authentication. The authentication system 400 may be a system that performs authentication of a user who authenticates that the user of the digital system 100 is a legitimate user. The authentication system 400 may be included in a service system (e.g., a web service system, a financial institution system, etc.) that provides a predetermined service (e.g., login, financial transaction, etc.) to the digital system 100 May be installed. Alternatively, the authentication system 400 may be implemented as a physical system separate from the service system, and may be a system that is organically combined with the service system through a wired or wireless network roll and provides the authentication service to the service system.

The authentication system 400 can determine that the authentication of the user is successful when the digital system 100 and the predetermined pair system 200 perform short-range wireless communication (e.g., Bluetooth, NFC, etc.). At this time, the pair system 200 may be a legitimate user's system registered in advance in the authentication system 400.

As described above, the conventional authentication of the user is generally performed by the user through the mobile phone, the authentication through the authentication certificate, the authentication using the i-PIN, the authentication using the credit card, Widely used.

However, there is a disadvantage in that the authentication of the user through the authorized certificate is not easy to carry the storage device, and the authentication of the authorized certificate is taken by the attacker and succeeded by the attacker.

In the case of i-PIN, etc., it is not widely used due to troubles in the procedure for creating, memorizing a new number and inputting it, and additional costs due to introduction of a system for implementation.

In addition, since the conventional authentication method needs to be performed through a predetermined certification authority, there is a problem that a considerable cost is incurred at the time of authentication.

In addition, these conventional authentication methods have a problem that passwords (or authentication numbers) are leaked out by a password (or an authentication number) input method and are easily stolen. For example, children often use their parents' personal certificate passwords to replace their personal identification. This is caused not only by the leakage of the password but also by the fact that the authorized certificate is digitized information, so that not only the person but also other persons can possess it.

In addition, the identity authentication through a mobile phone widely used is a method of determining whether the registered name of the mobile phone is the same as the person who requests the current service and occupies the mobile phone through a text message (authentication information) As described above, there is a case where the authentication of the user is stolen through recent smsing and the like. Also, if the attacker temporarily steals the personal information of the user of the party and the mobile phone temporarily, the authentication can be succeeded by the attacker at any time . In addition, in the case of mobile phone authentication, since the user authentication is normally performed using the information of the owner of the mobile phone, there is a problem that the mobile phone user in the name of a corporation or someone other than his / her name is difficult to be authenticated.

Therefore, the authentication method according to the technical idea of the present invention solves the disadvantages of the conventional authentication methods of the related art, but the security is high and the operation to be performed by the user for authentication is very simple. High security can be obtained by using the pair system 200 which is an offline device for authentication. That is, according to the technical idea of the present invention, a user must possess a pair system 200 as a physical device to perform short-range wireless communication with the digital system 100, so that it is possible to provide higher security than the conventional method . In addition, if authentication is successful only when the predetermined digital system 100 and the pair system 200 perform short-range wireless communication, it is necessary to occupy all the two independent devices, have.

Meanwhile, the authentication method according to the technical idea of the present invention is that the pair system 200 is a system or device (for example, in the case of an IC card) having a high probability of being carried by a user and that the near field wireless communication is NFC tagging The user can easily and easily access the pair system 200 without having to remove the pair system 200 from the wallet or the like without removing the information system 200 by simply making the pair system 200 approach a certain distance or more (or by setting the pairing with the pair system 200 in the case of Bluetooth communication) It is convenient that the authentication can be completed.

The configuration and functions of the digital system 100 and the authentication system 400 for such a technical idea will be described in detail with reference to FIGS. 12 to 15. FIG.

FIG. 12 is a view for explaining a concept of performing authentication by a digital system and a pair system according to an embodiment of the present invention.

Referring to FIG. 12, the digital system 100 according to an exemplary embodiment of the present invention can perform authentication with the authentication system 400 through communication. The digital system 100 may be connected to a predetermined service system (not shown) to request a predetermined service. The service requested by the digital system 100 may be a service requiring authentication. Services that require authentication may vary depending on implementation. For example, the service may be varied, such as a login, a financial transaction request (e.g., payment, account transfer, loan application, etc.), and may vary according to the embodiment of the service system (not shown). The service system (not shown) may connect the digital system 100 to the authentication system 400 when a service request requiring authentication is received from the digital system 100. The authentication system 400 is described above as a system included in the service system (not shown), that is, the service system (not shown) may directly perform the functions of the authentication system 400.

When the digital system 100 is connected to the authentication system 400, the transmission module 130 of the digital system 100 may send an authentication request according to the technical idea of the present invention to the authentication system 400 (S200). Then, the receiving module 120 of the digital system 100 may receive the authentication request from the authentication system 400 (S210). According to an embodiment of the present invention, even if the digital system 100 does not make an authentication request to the authentication system 400, the authentication system 400 automatically performs the authentication process, A request may be sent to the digital system 100.

The identity authentication request may include information about an action that the user must perform to authenticate the user. For example, in the case of the public authentication through the public certificate, the process of selecting the public certificate and requesting the input of the certificate password may be the authentication request. Therefore, in the case of authentication (hereinafter, referred to as 'pair authentication') according to the technical idea of the present invention, information for performing short-range wireless communication with a predetermined pair system 200 is transmitted have. The type of the short-range wireless communication may vary according to the embodiment of the pair system 200. Hereinafter, for convenience of description, the short-range wireless communication is tagging for NFC communication.

FIG. 13 shows an example of a screen provided by the authentication system to the digital system for authentication of the user according to an embodiment of the present invention.

Referring to FIG. 13, the authentication system 400 may provide the digital system 100 with a page as shown in FIG. According to one embodiment, the authentication system 400 can provide various conventional authentication methods such as authentication using the mobile phone, authentication using the authentication certificate, and authentication using the i-PIN. In addition, a pair authentication method according to the technical idea of the present invention can be provided. Of course, some implementations may provide only a pair authentication scheme.

When the user selects the pair authentication in the personal authentication method through the digital system 100 and transmits an authentication request to the authentication system 400, the authentication system 400, as shown in FIG. 13, To the digital system 100, a request for performing authentication, including information for performing short-range wireless communication (e.g., tagging) with the mobile terminal 200. Of course, depending on the implementation, there may be a case where the authentication system 400 does not transmit a request for performing the authentication to the digital system 100. In this case, the user of the digital system 100 may voluntarily perform the pair authentication according to the embodiment of the present invention, and then transmit the predetermined authentication information to the authentication system 400.

According to an exemplary embodiment, the authentication system 400 may further transmit information on the authentication apparatus registered in advance in the authentication system 400 to the digital system 100. Information about the identity authentication device (e.g., credit card, tag, etc.) may then be displayed on the digital system 100 as shown in FIG. Of course, depending on the implementation, the authentication system 400 may not transmit information about the principal authentication device to the digital system 100. [ In this case, it is necessary for the user to remember what his / her registered authentication device is.

The identity authentication apparatus may refer to a pair system 200 previously registered in the authentication system 400 by a legitimate user for pair authentication according to the technical idea of the present invention. The authentication apparatus may be one or more than one.

The authentication execution request transmitted from the authentication system 400 to the digital system 100 must be transmitted to the digital system 100 while the digital system 100 is connected to the authentication system 400 Maybe not.

For example, as will be described later, when a predetermined second digital system 500 is connected to a service system (not shown) and uses a predetermined service, it is necessary to perform authentication of the user of the second digital system 500 It is possible. In this case, the authentication system 400 may transmit the authentication request to the digital system 100.

Alternatively, the user may perform a predetermined service request through the ARS associated with the service system (not shown) or through the agent. At this time, the second digital system 500 may be a telephone for making the ARS call. If authentication is required, the authentication system 400 may transmit the authentication request to the digital system 100.

If the digital system 100 is not connected to the authentication system 400, the authentication request may be transmitted to the digital system 100 with a predetermined message. The message may be, for example, an SMS containing a callback URL, or a push message sent to an application corresponding to the authentication system 400 installed in the digital system 100. [ The digital system 100 may access the authentication system 400 via the message to perform the pair authentication defined herein or execute the application through the message and perform the pair authentication . When the application is executed, the application may be connected to the authentication system 400 to perform pair authentication, and in some implementations may simply send authentication information to the authentication system 400. [

Even when the pair authentication performed by the digital system 100 is a procedure for authenticating a user of the second digital system 500 connected to the authentication system 400, It may not be necessary to receive the authentication request from the authentication server 400. For example, a user of the second digital system 500 and the digital system 100 may connect to the authentication system 400 via the second digital system 500. Also, after the authentication request, the digital system 100 may voluntarily perform the pair authentication defined in this specification even if no authentication authentication request is received from the authentication system 400. Of course, at this time, the digital system 100 may have previously stored information on the authentication system 400 required to transmit authentication information to the authentication system 400, and the authentication system 400 ) May be input. A user authentication request to perform pair authentication on the second digital system 500 may be received and provided to the user.

12, when the authentication module 130 receives the authentication authentication request through the reception module 120, the communication module 140 can perform short-range wireless communication (e.g., tagging) with the pair system 200 (S220). Identification information of the pair system 200 may then be received via the short range wireless communication (e.g., tagging) performed by the communication module 140.

Then, the control module 110 may transmit the authentication information corresponding to the identification information of the pair system 200 to the authentication system 400 through the transmission module 130 (S230). The authentication information may be the identification information of the pair system 200 itself or the identification information of the pair system 200 may be encrypted information or information encoded through a predetermined algorithm. The authentication information may be generated by the control module 110 in various manners, and in any case, the authentication information is information that can identify the pair system 200 by the authentication system 400 It suffices.

The identification information of the pair system 200 received through the communication module 140 may be unique information for identifying the pair system 200. If the pair system 200 is, for example, a credit card including an IC chip, it may be the identification information of the IC chip of the credit card. Or the card number of the credit card. If the pair system 200 is a tag capable of performing NFC communication with the communication module 140, it may be the identification information of the tag. In any case, the identification information of the pair system 200 may refer to the unique information of the pair system 200 that can be obtained through short-range wireless communication (e.g., tagging).

The authentication information can be controlled to be transmitted to the authentication system 400 when the communication module 140 and the pair system 200 perform short range wireless communication (e.g., tagging). Therefore, even if the user knows the authentication information or the identification information of the pair system 200, the digital system 100 can be implemented so that the user can not directly input the authentication information or the identification information . To this end, the digital system 100 may be provided with a predetermined application (or software) for implementing the technical idea of the present invention, and the application may be implemented by the digital system 100 100 may be performed.

The digital system 100 may use the information received via the short-range wireless communication (e.g., tagging), that is, the identification information of the pair system 200, Can be specified.

When the authentication information is the received information itself, the control module 110 can specify the received information as the authentication information and transmit it to the authentication system 400. Based on the received information, In the case of generating the authentication information after performing the data processing, the control module 110 may transmit the authentication information generated after generating the authentication information to the authentication system 400.

The identification information received from the pair system 200 through the communication module 140 may be temporarily stored in a predetermined storage device 150 included in the digital system 100. Then, the security module 160 performs a security process of deleting the information stored in the storage device 150 after the authentication information is transmitted to the authentication system 400 or after a predetermined period of time has elapsed . Accordingly, it is possible to prevent the identification information of the pair system 200 from being reused by the attacker, and it is ensured that the pair authentication is performed in order to perform short range wireless communication (e.g., tagging).

In step S240, the authentication system 400 determines whether the received authentication information corresponds to the identification information of the principal authentication apparatus registered in advance in the authentication system 400, and performs authentication. If it is determined that the authentication is successful, the authentication system 400 and / or the service system (not shown) connected to the authentication system 400 may provide a predetermined service.

The authentication system 400 needs to have previously registered information on the authentication apparatus as described above. This process can be defined as a setting process of the authentication apparatus of the present invention.

The setting process of the authentication apparatus will be described with reference to FIG.

FIG. 14 is a diagram for explaining a process of setting a personal authentication apparatus according to an embodiment of the present invention.

Referring to FIG. 14, the digital system 100 and the authentication system 400 may perform a personal authentication device setting process.

It is preferable that the authentication apparatus setting process is performed by a legitimate user. Thus, the digital system 100 may perform the second identity authentication through the authentication system 400. [ The second personal authentication may be a method capable of performing personal authentication such as a conventional personal authentication method (for example, personal authentication through a mobile phone, personal authentication through a public certificate, personal authentication through an i-PIN, etc.) . If the second authentication is successful, the authentication system 400 may register information on the authentication device.

For the second authentication, the digital system 100 may transmit the second authentication information to the authentication system 400 (S300). And the second authentication information may be information used for the second authentication. For example, it may mean a mobile phone number, a name, etc. in the case of authenticating the user through a mobile phone, or a private key in the authorized certificate in the case of authenticating the user through the authorized certificate.

Then, the authentication system 400 can perform the second identity authentication based on the second authentication information (S310). If the second authentication is successful, the digital system 100 transmits information about the authentication device to the authentication system 400 (S340), and the authentication system 400 transmits the information about the authentication device The user authentication device setting process can be performed by registering (storing) information.

According to an embodiment of the present invention, the authentication system 400 may request the digital system 100 to provide identification information of the authentication apparatus 400 when the second authentication is successful (S320). Then, the digital system 100 performs short-range wireless communication (e.g., tagging) with the authentication apparatus to be registered (S330), identifies the authentication apparatus that has been received via the short- Information to the authentication system 400 (S340). That is, the digital system 100 may be controlled so as to perform the local wireless communication (e.g., tagging) with the identification information of the authentication apparatus to be registered. In this case, it is possible to prevent the information on the false pair system 200 from being registered in the authentication apparatus of the user, and the information that the user can not recognize with the naked eye is the identification information of the authentication apparatus (e.g., Identification information or identification information of the IC chip, etc.).

Of course, according to an embodiment, the user may directly input identification information of the principal authentication apparatus through a predetermined UI provided by the authentication system 400. [ In this case, since the identification information of the principal authentication apparatus is likely to be information that can be recognized by the user (for example, a card number of a credit card, etc.), the security may be somewhat lowered.

When the user authentication device is directly registered by the user, the user can access any pair system 200 owned by the user, that is, any system capable of performing short-range wireless communication (e.g., tagging) with the digital system 100 Can also be used as an authentication device.

Depending on the implementation, the identity authentication device may be constrained by the authentication system 400 or the service system (not shown).

For example, when the service system (not shown) is a predetermined financial institution system, the service system (not shown) stores information on a corresponding pair system for each user (for example, a credit card issued for each user) Can be. Further, the identity authentication apparatus may be limited to a pair system (e.g., a credit card, etc.) issued under the name of the user. Depending on the type of the service system (not shown), the pair system 200 may be, for example, not only a credit card issued in the name of a user but also an employee ID, an ID card,

Then, the authentication system 400 may transmit at least one information on the pair system 200 corresponding to the user to the digital system 100. Then, the digital system 100 can select a pair system 200 to be used as a personal authentication device among at least one pair system 200 transmitted. And information about the selected pair system 200 may be transmitted to the authentication system 400. [ Then, the authentication system 400 may register the selected pair system 200 as a personal authentication apparatus.

According to another embodiment, when the pair system 200 corresponding to a user is registered in advance in the authentication system 400 without setting up the authentication apparatus, the registered pair systems 200 are all registered in the authentication system 400 And may be used as an authentication device. For example, when the service system (not shown) is a financial institution system, the service system (not shown) may store at least one information on the pair system 200 issued for each user. Then, all of the at least one pair system 200 can be used as a personal authentication apparatus. Accordingly, when performing the pair authentication through the financial institution system, the user may perform the identity authentication by performing short-range wireless communication (e.g., tagging) with any one of the pair systems 200 issued from the financial institution system .

Meanwhile, in the authentication system 400, the identification information of the authentication digital system that can be used for the authentication of the user may be further registered. The authentication digital system may refer to information about the digital system 100 that can perform pair authentication according to the technical idea of the present invention. The identification information of the authentication digital system may be information that can identify the digital system 100, such as a user's mobile phone number or an International Mobile Subscriber Identity (IMSI).

Then, the pair authentication is performed through the digital system 100 corresponding to the mobile phone number registered in advance, so that it can be determined that the authentication is successful. To this end, the digital system 100 may transmit the authentication information to the authentication system 400 including the identification information of the digital system 100. [ Then, the authentication system 400 can confirm the identification information of the pair system 200 based on the authentication information, and confirm the identification information of the digital system 100. If the identification information of the pair system 200 corresponds to the identification information of the principal authentication apparatus and the identification information of the digital system 100 corresponds to the identification information of the principal authentication digital system 100 registered in advance It can be determined that the authentication of the user is successful.

In the case where the pair system 200 is registered as a self-authentication device through the second self-authentication process, the description method of the present invention may be utilized as the self-authentication method using or supplementing the applied second self-authentication method. For example, if the second authentication procedure is i-PIN, it may not be easy for the user to memorize the new authentication identification number of the i-PIN. If the pair authentication of the present invention is performed, It is possible to recognize the identity authentication number by the i-PIN method which has been applied to the second identity authentication process corresponding to the pair authentication. Therefore, the authentication method according to the technical idea of the present invention can be authenticated as a unique type of pair authentication or can be applied as a simple authentication method of the conventional authentication method in cooperation with the conventional authentication method. That is, if the pair authentication of the present invention is performed instead of the conventional authentication, the authentication system 400 may be handled that the conventional authentication has been performed.

For example, the pair authentication according to the technical idea of the present invention may be regarded as an authentication operation that replaces the authentication of the second person, that is, the authentication performed to set the pair system 200 as the person authentication device. For example, the user may have performed the personal authentication using the i-PIN with the second personal authentication. Then, when the user requests authentication using the i-PIN to the authentication system 400 using the digital system 100 or the second digital system 500, the user inputs i-PIN ID and password PIN authentication can be performed by inputting i-PIN, but it is also possible to perform pair authentication as in the technical idea of the present invention. Then, the authentication system 400 may authenticate that the i-PIN authentication is successful if the pair authentication is successful. Therefore, although the pair authentication according to the technical idea of the present invention can be used as a new authentication method independent of the conventional authentication method, it is possible to easily perform the second authentication performed when the pair system 200 is set as the authentication device And may be used as a procedure for carrying out the present invention. For example, in the case where the user authentication using the public certificate is performed by the second personal authentication, the user simply selects the public certificate and inputs the password of the public certificate in the future, Can be used for short-range wireless communication. Then, the authentication system 400 may determine that the authentication by the authorized certificate is successful. Similarly, in the case where the second identity authentication using the identity authentication of the mobile phone or the authentication of the credit card is performed, the user may, instead of performing an action conventionally performed to perform the second identity authentication in the future, And may perform the second authentication by performing the authentication. Of course, at this time, if the authentication system 400 performs the pair authentication, it may be necessary to recognize that the second authentication has been performed.

Since the pair authentication according to the technical idea of the present invention is a method of determining whether a user occupies a pair system which is a physical device in an offline state (or occupies the specified digital system and the pair system), information on the authentication apparatus When the service system itself is registered in the service system, the service system can perform the identity authentication without going through an external certification authority.

As described above, the pair authentication through the digital system 100 and the pair system 200 according to the technical idea of the present invention is performed by the digital system 100 in the authentication system 400 or the authentication system 400 (Not shown) connected to the service system (not shown).

For example, a user may need to access the service system (not shown) through a predetermined second digital system 500 to use the service, and perform authentication of the user. Even in this case, the authentication system 400 can perform the identity authentication through the digital system 100 and the pair system 200.

Such an example is shown in Fig.

15 is a diagram for explaining a process of authenticating a user of a second digital system according to an embodiment of the present invention.

Referring to FIG. 15, a user may access a service system (not shown) through a predetermined second digital system 500 and use a predetermined service. The second digital system 500 may output an authentication request to the authentication system 400 for pair authentication according to the technical idea of the present invention while being connected to the service system (not shown) (S400 ). Then, the authentication system 400 may transmit the authentication request to the reception module 120 of the digital system 100 corresponding to the second digital system 500 (S430).

The digital system 100 corresponding to the second digital system 500 receives information about the digital system 100 (e.g., mobile phone number) by the user of the second digital system 500, May be specified by being transmitted to the system 400 (S420). The authentication system 400 sends a request to the second digital system 500 to input information about the digital system 100 to the second digital system 500 (S410).

According to an embodiment, information on the digital system 100 corresponding to the second digital system 500 may be registered in the authentication system 400 in advance. For example, the user of the second digital system 500 may log in the service system (not shown) and then transmit the authentication request using the service provided by the service system (not shown). The authentication system 400 then transmits the digital system 100 corresponding to the registered mobile phone number of the logged in user of the second digital system 100 to the digital system 100 corresponding to the second digital system 100, (100).

Then, the authentication system 400 may transmit the authentication request to the digital system 100 (S430). Then, the communication module 140 of the digital system 100 may perform short-range wireless communication (e.g., tagging) with the pair system 200 (S440). The control module 110 may transmit the authentication information corresponding to the identification information of the pair system 200 received via the short-range wireless communication (e.g., tagging) to the authentication system 400 (S450). Then, the authentication system 400 determines whether the identification information of the pair system 200 specified based on the received authentication information corresponds to identification information of the self-authentication device registered in advance, (S460). The authentication system 400 may transmit the authentication result to the second digital system 500 (S470).

Of course, at this time, the authentication system 400 may also determine that the authentication of the user is successful by performing short-distance wireless communication (e.g., tagging) with the pair system 200 through the previously registered authenticated digital system.

The second digital system 500 may be, for example, a system not equipped with a function of performing short-range wireless communication (e.g., tagging) with the pair system 200. If the second digital system 500 can perform short-range wireless communication (e.g., tagging) with the pair system 200, the second digital system 500 and the pair system 200 may directly communicate with each other And may perform pair authentication by performing short-range wireless communication (e.g., tagging). However, even in the case where the second digital system 500 has a short-range wireless communication (e.g., tagging) function, the second digital system 500 can also be connected to the second digital system 500 via the digital system 100, Authentication may be performed.

As a result, according to the embodiment of the present invention, not only the user authentication of the user of the digital system 100 through the digital system 100 having the local wireless communication (e.g., tagging) function, but also the local wireless communication ) Function of the second digital system 100 can be performed.

The technical idea of the present invention can be used not only for the authentication of the user of the second digital system 500 but also for the authentication of a user who requests a predetermined service through a wire telephone.

For example, a user may request a predetermined service through a predetermined ARS system connected with the authentication system 400 or through a telephone conversation with an agent. The service may be a service requiring authentication. Then, the ARS system or the agent can input information (for example, a mobile phone number) about the digital system 100 corresponding to the user to the authentication system 400. Then, the authentication system 400 can transmit the authentication request to the digital system 100 based on the input information. According to an embodiment, the ARS system or the agent inputs information about the digital system 100 corresponding to the user, but information about the digital system is registered in the service system (not shown) or the authentication system 400 in advance In this case, the digital system 100 may be specified by the authentication system 400 to transmit the authentication request to the digital system 100 without receiving the information about the digital system 100 from the user. Then, the digital system 100 can perform pair authentication in the manner as described above.

16 is a diagram for explaining a schematic configuration of an authentication system according to an embodiment of the present invention.

16, the authentication system 400 may include a control unit 410, a receiving unit 420, a transmitting unit 430, and a DB 440.

The receiving unit 420 of the authentication system 400 may receive a pair authentication request from the digital system 100 or the second digital system 500 according to the technical idea of the present invention.

The transmitting unit 430 may transmit a request for performing an authentication process to the digital system 100.

Then, the control unit 410 can determine whether the authentication information output from the digital system 100 and input through the receiver 420 corresponds to the identification information of the registered authentication apparatus. Then, the authentication information may correspond to the identification information of the principal authentication apparatus, so that it can be determined that the principal authentication is successful. If the authentication information is encrypted, the control unit 410 may perform decryption. The identification information of the pair system 200 can be confirmed based on the authentication information in any manner.

In the DB 440, identification information of the principal authentication apparatus may be registered. Depending on the implementation, the identification information of the authentication digital system may be registered in the DB 440 in advance.

The controller 410 may perform the authentication process of the authentication device through communication with the digital system 100. [

According to another embodiment, the receiving unit 420 included in the authentication system 400 may be requested to authenticate itself from the second digital system 500. Then, the transmitting unit 430 may transmit a request for performing an authentication process to the digital system 100 corresponding to the second digital system 100. Then, the receiving unit 420 receives the authentication information from the digital system 100, and the control unit 410 determines whether the received authentication information and the identification information of the authentication apparatus stored in the DB 440 correspond to each other The user authentication can be performed.

In the authentication method according to the technical idea of the present invention, that is, the pair authentication is performed by receiving information (for example, date of birth or resident registration number) And may be used as an adult authentication means when it is determined that the information on age corresponds. Alternatively, if the age of the user is registered in the service system, and the authentication of the person is successful as a result of the pair authentication according to the technical idea of the present invention, it can be judged that the adult is authenticated. Therefore, And can also be used as authentication means.

The digital system, the payment system, the authentication system, and the providing method according to the embodiments of the present invention can be embodied as computer readable codes on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

Claims (21)

The digital system performing near field wireless communication with a predetermined pair system for self-authentication; And
And transmitting the authentication information corresponding to the identification information of the pair system received by the digital system via the short distance wireless communication to a predetermined authentication system,
When the transmitted information for authentication and identification information of a personal authentication device registered in advance in the authentication system correspond to each other, the personal authentication of the digital system or the second digital system that has requested the personal authentication to the authentication system by the authentication system. Digital system providing method for performing self-identification, characterized in that the success.
2. The digital system providing method according to claim 1,
Further comprising the step of the digital system setting the authentication apparatus to the authentication system,
Wherein the step of setting the authentication apparatus comprises:
The digital system performing a second identity authentication through the authentication system; And
And if the second identity authentication is successful, the digital system transmits identity information of the identity authentication apparatus to the authentication system.
3. The method according to claim 2, wherein the digital system transmits identification information of the principal authentication apparatus to the authentication system,
The digital system performing near field wireless communication with the authentication apparatus; And
And transmitting the identification information of the principal authentication apparatus acquired from the principal authentication apparatus through the performed short-range wireless communication to the authentication system.
2. The digital system providing method according to claim 1,
Further comprising the step of the digital system setting the authentication apparatus to the authentication system,
Wherein the step of setting the authentication apparatus comprises:
The digital system receiving information about at least one pair system corresponding to the user from the authentication system; And
Wherein the digital system transmits information on the authentication apparatus selected from among the at least one pair system to the authentication system based on information on the received at least one pair system, System providing method.
The method of claim 1,
The authentication system further stores identification information of the personal authentication digital system,
The identification system of the digital system identified by the authentication system and the identification information of the personal authentication digital system corresponding to each other, the digital system providing method characterized in that the identity authentication is successful by the authentication system. .
The digital system providing method according to claim 1,
Further comprising the digital system receiving a request for performing an authentication from the authentication system,
Wherein the step of the digital system receiving the authentication execution request from the authentication system comprises:
If the digital system corresponding to the second digital system is specified by the authentication system so that the authentication of the second digital system is performed, the digital system receives the authentication execution request from the authentication system Wherein the digital certificate is a digital certificate.
Determining, by the authentication system, whether the authentication information received from the digital system corresponds to the identification information of the personal authentication device previously registered in the authentication system; And
And determining that the authentication system succeeds in authenticating the digital system or the second digital system that has requested the personal authentication to the authentication system only when the determination results correspond to each other.
Wherein the authentication information includes:
And digital communication between the digital system and the predetermined pair system corresponds to identification information of the pair system transmitted from the digital system to the authentication system when short-range wireless communication is performed.
8. The authentication system providing method according to claim 7,
Further comprising the step of the authentication system establishing the identity authentication apparatus through communication with the digital system,
Wherein the step of setting the authentication apparatus comprises:
The authentication system performing a second identity authentication of the user of the digital system; And
And if the second authentication is successful, the authentication system receives the identification information of the authentication apparatus that is received from the digital system.
9. The authentication apparatus according to claim 8,
Wherein the digital system and the authentication apparatus are information transmitted from the authentication apparatus to the authentication system via the digital system before short-range wireless communication is performed.
8. The authentication system providing method according to claim 7,
Further comprising the step of the authentication system establishing the identity authentication apparatus through communication with the digital system,
Wherein the step of setting the authentication apparatus comprises:
The authentication system transmitting information about at least one pair system corresponding to the user to the digital system; And
And receiving the information about the identity authentication device selected by the digital system based on the information about the at least one pair system to which the authentication system is transmitted.
8. The authentication system providing method according to claim 7,
Storing, by the authentication system, identification information of the personal authentication digital system; And
Checking, by the authentication system, identification information of the digital system, and determining whether the identified identification information of the digital system corresponds to identification information of the personal authentication digital system;
And the identification information of the digital system must correspond to the identification information of the digital authentication system. The authentication system determines that the authentication is successful.
A computer-readable recording medium having recorded thereon a program for performing the method according to any one of claims 1 to 11.
In a digital system that performs identity verification,
A transmission module for transmitting predetermined information to the authentication system;
A communication module for performing short-range wireless communication with a predetermined pair system; And
And a control module for controlling the authentication system to transmit authentication information corresponding to identification information of the pair system received via the short-range wireless communication to the authentication system,
The identification information of the digital system or the second digital system that has made a request for identity authentication to the authentication system by the authentication system only when the transmitted authentication information and the identification information of the user authentication device previously registered in the authentication system correspond to each other. A digital system for performing self-identification, characterized in that the authentication is successful.
14. The digital system according to claim 13,
Further comprising: a receiving module for receiving a request for authentication execution received from the authentication system,
Wherein the communication module performs self-authentication to perform short-range wireless communication with the pair system in response to receiving.
The method of claim 13, wherein the control module,
Wherein the pair system and the communication module perform short-range wireless communication to transmit the authentication information to the authentication system.
15. The method according to claim 14,
And when the second digital system requests authentication by the authentication system, the second digital system is transmitted to the digital system corresponding to the second digital system.
In the authentication system that performs identity authentication,
A receiving unit for receiving authentication information from the digital system; And
It is determined whether the authentication information corresponds to the identification information of the personal authentication device registered in advance in the authentication system, and when the result of the determination corresponds to each other, the personal authentication of the digital system or the second digital system that has requested the personal authentication to the authentication system. And a control unit for determining that this is successful,
Wherein the authentication information includes:
And the digital system and the predetermined pair system are information corresponding to the identification information of the pair system transmitted from the digital system to the transmitter when near field communication is performed.
18. The authentication system according to claim 17,
Further comprising a transmitter for transmitting a request for performing authentication of the user to the digital system,
Wherein the receiving unit performs self-certification in response to the transmission, the information being for receiving authentication information from the digital system.
18. The apparatus of claim 17,
Wherein the identification information of the principal authentication apparatus received from the digital system is stored in the DB to set the principal authentication apparatus.
20. The apparatus of claim 19,
And authenticating the user of the digital system through the second authentication method, thereby setting the authentication device.
18. The apparatus of claim 17,
Identifying the identification information of the digital system, and determining whether the identification information of the digital system identified corresponds to the identification information of the personal authentication digital system stored in the DB,
And the identification information of the digital system further corresponds to the identification information of the digital identification system.

Images