KR20160053852A - Method for Operating OTP - Google Patents

Abstract

The purpose of the present invention is to provide a method to operate an one time password (OTP) executed by a device including a memory unit to store inherent information of an inherent device, a near field communication means to provide a near field wireless communication, and a function to generate the OTP, which comprises the following steps of: storing a fixed seed value assigned through a server designated to generate an OTP in a designated storage area of the memory unit; confirming a dynamic seed value dynamically determined in the generation of the OTP, and confirming the fixed seed value stored in the predetermined storage area of the memory unit and inherent information pre-stored in the memory unit; generating the OTP with positional numbers wirelessly transmitted through the near field communication means by substituting generation information including the confirmed inherent information, the fixed seed value, and the dynamic seed value to a predetermined OTP generation algorithm; and wirelessly transmitting the generated OTP with the determined positional numbers to a near field by using the near field communication means. The inherent information of the device includes inherent information registered in a predetermined server to identify the device through a terminal used by a user.

Description

{Method for Operating OTP}

The present invention provides a method executed by a device having a memory unit for storing unique device-specific information and a short-range communication means for providing short-range wireless communication and having a function of generating an OTP (One Time Password) And a dynamic seed value that is dynamically determined at the time of OTP generation is confirmed, and the fixed seed value stored in the designated storage area of the memory unit is compared with the fixed seed value stored in the designated storage area of the memory unit And transmits generation information including the identified unique information, the fixed seed value, and the dynamic seed value to the predetermined OTP generation algorithm, and wirelessly transmits the generation information to the OTP generation algorithm through the short distance communication means Generating OTPs with a specified number of digits as possible, and transmitting the generated O And the unique information of the device includes unique information registered in a designated server for uniquely identifying the device through a terminal used by the user.

As non-face-to-face transactions are activated by the development of information and communication technology, non-face traders must certify that the connected user is a valid trader through the communication network and prepare for accidents that may occur.

In the non-face-to-face transaction, the most common method for authenticating a user connected through a communication network is authentication using ID / PW. However, due to the problem that the ID / PW is easily exposed, And is used to identify a trader rather than to be used as a transaction.

As a non-face transaction authentication method more advanced than the method using the ID / PW, an authentication method using a public certificate is used. When a medium (for example, a computer) on which the public certificate is recorded is hacked or a keyboard hacking program When the non-face-to-face transaction is processed through the installed terminal, the authorized certificate also has a problem that it can not provide reliable non-face-to-face transaction authentication.

One-time password (OTP) is used as a method for solving the problem of the above-mentioned public certificate. The OTP is a fixed seed that is exchanged / shared by a trading partner in a non-contact manner when the one or more fixed seed values and a fixed seed value dynamically determined at the time of generating the secret are determined and determined at the time of non- Value and a dynamic seed value to a predetermined code generation algorithm (for example, a hash function) to generate an OTP that can be used once, exchange and authenticate the generated OTP, and reuse the same OTP even if the OTP is exposed It is used as an authentication means which is safer to hacking than other authentication means.

It is an object of the present invention to provide a method implemented by a device having a memory unit for storing unique device-specific information and short-range communication means for providing short-range wireless communication and having a function of generating an OTP (One Time Password) A first step of storing a fixed seed value given through a designated server to generate an OTP in a designated storage area of the memory unit, and a step of checking the dynamic seed value dynamically determined at the time of OTP creation, A second step of confirming the stored fixed seed value and the device specific information already stored in the memory unit, and generating information including the identified unique information, the fixed seed value, and the dynamic seed value into the predetermined OTP generation algorithm, A third step of generating a specified number of OTPs capable of being wirelessly transmitted in a short distance through a communication means; And a fourth step of wirelessly transmitting the generated OTP of the specified number of digits in a short distance, wherein the device specific information includes unique information registered in a designated server for uniquely identifying the device through a terminal used by the user And a method for operating the present invention.

The OTFT operating method according to the present invention comprises a memory unit for storing unique device-specific information and a short-range communication unit for providing short-range wireless communication and is executed through a device having a function of generating an OTP (One Time Password) The method includes a first step of storing a fixed seed value assigned through a designated server to generate an OTP in a designated storage area of the memory unit and a dynamic seed value dynamically determined at the time of OTP generation, A second step of confirming the fixed seed value stored in the designated storage area and the device unique information already stored in the memory unit, and generating information including the confirmed unique information, the fixed seed value, and the dynamic seed value, A third step of generating a specified number of OTPs capable of being wirelessly transmitted in a short distance via the short-range communication means, And a fourth step of wirelessly transmitting the generated OTP of the specified number of digits in a short distance using the distance communication means, wherein the device unique information is registered in a server designated for uniquely identifying the device through a terminal used by the user And unique information.

The OTP management method according to the present invention may further include storing biometric authentication information for authenticating a user's body in a designated storage area, Receiving biometric information, and authenticating the biometric information of the user corresponding to the biometric information through the biometric authentication information.

The biometrics authentication method according to the present invention may further comprise the step of storing a code value obtained by hashing the biometric authentication information, As a value.

The OTP management method according to the present invention may further include a step of storing a password of a user, the method comprising the steps of: receiving a password of a user when generating an OTP; authenticating the validity of the inputted password; The method comprising the steps of:

In the opportunistic operating method according to the present invention, the short range communication means includes a Bluetooth communication means.

In the orthopyxis operation method according to the present invention, the short range communication means includes radio recognition communication means in a frequency band of 13.56 MHz.

In the orthopedic operation method according to the present invention, the wirelessly transmitted OTP may be wirelessly received by a nearby terminal located at a short distance at the time of the wireless transmission, and may be specified through a communication network in accordance with an authentication procedure performed by the near- And transmitted to the server and authenticated.

A method of operating an orthopedic apparatus according to the present invention is a method implemented in an apparatus having short-range communication means and generating an OTP (One Time Password), the method comprising: storing a fixed seed value for generating an OTP in a designated storage area of a memory unit A second step of confirming the stored fixed seed value and a dynamic seed value dynamically determined for generating the OTP when the OTP is generated in the first step and a step of assigning the confirmed fixed seed value and the dynamic seed value to the predetermined OTP generation algorithm A third step of generating an OTP, and a fourth step of wirelessly transmitting the generated OTP by using the short-range communication means in a short distance.

The OTP management method according to the present invention may further include storing biometric authentication information for authenticating a user's body in a designated storage area, Receiving biometric information, and authenticating the biometric information of the user corresponding to the biometric information through the biometric authentication information.

The biometrics authentication method according to the present invention may further comprise the step of storing a code value obtained by hashing the biometric authentication information, As a value.

The OTP management method according to the present invention may further include a step of storing a password of a user, the method comprising the steps of: receiving a password of a user when generating an OTP; authenticating the validity of the inputted password; The method comprising the steps of:

In the opportunistic operating method according to the present invention, the short range communication means includes a Bluetooth communication means.

In the orthopyxis operation method according to the present invention, the short range communication means includes radio recognition communication means in a frequency band of 13.56 MHz.

In the orthopyxis operation method according to the present invention, the dynamic seed value includes a time value determined dynamically at the time of OTP generation.

According to another aspect of the present invention, there is provided a method for operating a biometrics-based orthopedia using biometrics, the method comprising the steps of: recognizing biometrics information recognized from a user's biometrics A second step of verifying the biometric authentication information for authenticating the user's biometrics, and a third step of authenticating the biometrics of the user corresponding to the biometric authentication information through the biometric authentication information to confirm the validity of OTP generation And a fourth step of dynamically generating an OTP when validity of OTP generation is confirmed.

The method may further include registering and storing the biometric authentication information in the biometric authentication operating method according to the present invention.

According to another aspect of the present invention, there is provided a method for operating an OTIPI using biometrics, the method comprising: constructing at least one seed value among seeds for OTP generation based on the biometric information, And the seed value constructed based on the biometric information is used as one of the seeds for OTP generation to dynamically generate the OTP.

According to an embodiment of the present invention, there is provided a method of operating a biometrics-based orthopedic device, the biometrics of the user including at least one of a fingerprint, an iris, a retina, and a face of a user.

The method of operating an OTOP using biometrics according to the present invention includes the steps of recognizing a user's biometric information from a user's biometric subject when generating an OTP in an OTP (One Time Password) device, And generating and outputting an OTP using at least one fixed seed value included in the OTP generation information and a dynamic seed value dynamically determined. do.

Meanwhile, a method of operating an OTOP using biometrics according to the present invention is a method of operating an OTP using biometrics, in which OTP medium information-OTP device unique information, customer information, biometric information obtained from a user's body, and server- Receiving OTP generated through OTP generation information including biometric information recognized by the user as a seed value; checking OTP medium information that generated the OTP; Checking the biometric information and server-side OTP generation information associated with the OTP medium information from the medium, and constructing OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the biometric information (Or verification operation) between the received OTP and the generated OTP ', and outputs the received OTP' And authenticating the TP validity.

Meanwhile, an opportunistic operating method using biometrics according to the present invention is characterized in that OTP medium information - OTP device specific information, customer information - and OTP generation information including biometric information acquired from a user ' Receiving the OTP generated through the OTP generation information including the biometric information recognized by the user as the seed value, checking the OTP medium information that generated the OTP, The method includes the steps of: checking OTP generation information associated with the OTP medium information from the storage medium; generating OTP 'through the OTP generation information; comparing (or verifying) the received OTP with the generated OTP' And authenticating the received OTP validity.

A method of operating an OTOP using biometrics according to the present invention includes the steps of storing biometric authentication information in a storage area of an OTP device and storing the biometric information and the biometric authentication information stored in the storage area when the biometric information is read And comparing (or verifying) the result of the comparison to verify validity of OTP generation.

The method of operating an OTOP using biometrics according to the present invention may further comprise the step of hashing and processing the biometric information into a seed value data structure of the OTP generation information.

In the biometrics operating method according to the present invention, the biometrics object may include any one of a fingerprint, iris, retina, and face of a user, and the biometrics information may be recognized from the biometrics object The fingerprint recognition information, the iris recognition information, the retina recognition information, and the face recognition information.

The biometrics operating method according to the present invention is characterized in that the biometrics information is included as a fixed seed value of the OTP generation information.

The OTP generation information may be a combination of terminal-side OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value and the biometric information, .

The OTP generation information may be generated by combining server-side OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value and the biometric information, .

On the other hand, a computer-readable recording medium having recorded thereon a program for executing the above-described method of operating an opportunistic biometrics.

Meanwhile, the OTP apparatus according to the present invention includes a biometrics unit for recognizing biometrics information of a user from a biometrics object of a user when generating an OTP in an OTP (One Time Password) apparatus, And an OTP generator for generating an OTP using at least one fixed seed value included in the OTP generation information and a dynamic seed value determined dynamically .

Meanwhile, the OTFT operating system using biometrics according to the present invention stores OTP medium information - unique information of OTPS device, customer information - biometric information obtained from a user's body, and server-side OTP generation information in association with each other And an OTP generation unit configured to receive the OTP generated through the OTP generation information including the biometric information recognized by the user as a seed value, Checking the biometric information and server-side OTP generation information associated with the OTP medium information from the medium, and constructing OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the biometric information (Or verification operation) between the received OTP and the generated OTP 'by generating the OTP' through the information composing means and the OTP generation information And OTP authentication means for authenticating the received OTP validity.

On the other hand, the OTFT operating system using biometrics according to the present invention links OTP medium information - OTP device specific information, customer information - with OTP generation information including biometric information acquired from the user's body as a seed value Information receiving means for receiving an OTP generated through OTP generation information including biometric information recognized from a user's biometric subject as a seed value and OTP medium information for generating the OTP, An information checking means for checking OTP generation information associated with the OTP medium information from the storage medium, and an OTP generation means for generating OTP 'through the OTP generation information and comparing the received OTP with the generated OTP' And OTP authentication means for authenticating the received OTP validity.

According to the present invention, when generating an OTP in an OTP device having a biometric function for recognizing a user's biometric information from a biometric subject corresponding to any one of a fingerprint, an iris, a retina, and a face of a user, The biometric information of the user registered in advance is used as the seed value of the OTP to generate the OTP, the server authenticating the OTP verifies the biometrics information of the pre-registered user at the OTP authentication, Authenticating the OTP by using the identification information as the same seed value allows the OTP device to be stolen / deceived and not maliciously used by a third party, and a two- Factor Authentication.

1 is a diagram illustrating a functional configuration of an OTP device having a function of generating an OTP using biometric information according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of an OTP system according to an embodiment of the present invention.
3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.
4 is a diagram illustrating an OTP generation process according to an embodiment of the present invention.
5 is a diagram illustrating an OTP generation process according to another embodiment of the present invention.
6 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a functional block diagram of an OTP device 100 having a function of generating an OTP using biometric information according to an embodiment of the present invention.

1 shows an OTP device 100 having a user biometric function for recognizing a user's biometric information from a biometric subject corresponding to one of a user's fingerprint, iris, retina, and face, (N > = 2) digit OTP (One Time Password) using the biometric information in the present invention. If a person skilled in the art is familiar with the present invention, 1, the biometric information may be used to generate an OTP using the biometric information. The present invention includes all of the above-mentioned embodiments, The technical characteristics are not limited only by the method shown in FIG.

1, the OTP apparatus 100 includes a control unit 105 for controlling components in the OTP apparatus 100, a screen output unit 110 corresponding to an LCD (Liquid Crystal Display) A memory unit 130 corresponding to the nonvolatile memory, and a battery 125 for power supply. The memory unit 130 may be a fingerprint, an iris, a retina, or a face of a user. Recognizing biometric information corresponding to one of the user's fingerprint information, iris information, retina information, and facial information from the biometric subject of the user corresponding to the biometric information, and comparing the unique biometric pattern of the user included in the biometric information And a biometric unit (120) for composing biometric information composed of a data structure.

Here, the user medium information includes card information (or code information set as user medium information and recorded in the memory of the IC card) read from the user medium corresponding to the contactless IC card or the contact type IC card, Card information (or digit information recorded in the track of the MS card set by the user medium information) read from the user medium, card information (or user medium information set from the user medium corresponding to the RF card, (Or code information recorded in the memory of the RFID set by the user medium information) read from the user medium corresponding to the RFID, a USB Device information (or code information set in the user medium information and recorded in the memory of the USB device) It comprises me is preferred.

When the user medium information and the user media authentication information are compared and the OTP generation validity is authenticated, the user media authentication information may include the user media information as it is. And the user media authentication information includes a user media information verification value that is calculated with the user media information to derive a predetermined calculation result when verifying the authenticity of the OTP generation.

According to the embodiment of the present invention, the memory unit 130 can encrypt and store the terminal side OTP generation information for generating the N (N> = 2) OTPs in the OTP apparatus 100 , The terminal side OTP generation information may be omitted according to the method. However, when the terminal-side OTP generation information is stored in the memory unit 130, the terminal-side OTP generation information may be encrypted and stored in the memory unit 130.

The terminal side OTP generation information preferably includes one or more parameters for determining a fixed seed value for generating OTPs of N (N > = 2) digits, and the fixed seed value And the dynamic seed value determined by the parameters are substituted into the predetermined OTP generation algorithm and the OTP generation method to generate N-digit OTP.

For example, if the OTP is generated in a time-synchronized manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the time-synchronized OTP generation algorithm, and a parameter for determining a dynamic seed value , And a synchronization time setting value for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP).

Alternatively, if the OTP is generated in a challenge-response manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the challenge-response OTP generation algorithm and a parameter for determining a dynamic seed value A random number generation value for generating a random number of a challenge-response, or random number reception information for receiving a random number).

According to the embodiment of the present invention, the memory unit 130 can encrypt and store biometric authentication information for authenticating biometric information acquired through the user biometric function provided in the OTP device 100 In this case, when the biometric information is obtained through the user biometric function, the OTP device 100 compares (or verifies) the biometric information with the biometric authentication information, It is preferable that the OTP apparatus 100 authenticates the validity of the OTP generation using the information, and the OTP apparatus 100 responds to the validity authentication result.

Here, the biometric information may include fingerprint identification information constituting a comparable data structure of a fingerprint pattern unique to the user included in the fingerprint information recognized from the fingerprint of the user, unique information of the user included in the iris information recognized from the iris of the user, An iris recognition information constituting an iris pattern with a comparable data structure, retina recognition information constituting a user-specific retinal pattern included in retinal information recognized from the user's retina as comparable data structures, And facial recognition information constituting a user-specific facial pattern included in the facial information with a comparable data structure.

When the biometric information and the biometric authentication information are compared with each other and the validity of the OTP generation is verified, it is preferable that the biometric authentication information includes the biometric information as it is, and the biometric information and the biometric authentication information And the biometric authentication information includes a biometric information verification value that is calculated with the biometric information and induces a predetermined calculation result when the validity of the OTP generation is authenticated.

The biometrics unit 120 includes a fingerprint recognition module for recognizing biometric information corresponding to the fingerprint information of the user from the fingerprint of the user, biometric information corresponding to the user's iris image from the user's iris, And a camera module for recognizing the biometric information corresponding to the user's retinal image or recognizing biometric information corresponding to the user's facial image from the user's face. In accordance with the intention of a person skilled in the art, The object to be recognized and the corresponding biometrics unit 120 can be variously expanded, and the present invention is not limited by the biometrics object and the corresponding biometrics method.

Here, the biometric information corresponding to any one of the fingerprint information, iris information, retina information, and face information of the user recognized from the biometric subject of the user corresponding to any one of the fingerprint, iris, retina, It is preferable to include image data or vector data corresponding to the biometric method.

For example, the fingerprint information recognized by the electronic fingerprint recognition method preferably includes vector data. The fingerprint information recognized by the optical fingerprint recognition method, the iris information recognized by the camera portion, the retina information, Data is preferably included.

According to an embodiment of the present invention, the biometrics unit 120 may include fingerprint information of a user recognized from a biometrics object of a user corresponding to a user's fingerprint, iris, retina, or face, iris information, It is preferable to construct biometric information including a data structure capable of comparing (or verifying) the unique biometric pattern of the user included in the biometric information corresponding to any one of the face information.

Here, the biometric information may include at least one of image data, vector data, and image / vector data corresponding to pattern data uniquely specifying a biometric pattern of a user included in the biometric information, It is preferable that the fingerprint code value including the fingerprint code value hash is set by the set hash function.

According to an embodiment of the present invention, when fingerprint information of the user is recognized from the fingerprint of the user, the fingerprint recognition information includes fingerprint pattern image data corresponding to fingerprint pattern data uniquely specifying the fingerprint pattern of the user, Vector data, fingerprint pattern image / vector data, or a fingerprint code value obtained by hashing the fingerprint pattern data into a predetermined hash function.

Alternatively, when the iris information of the user is recognized from the iris of the user, the iris recognition information may include iris pattern image data corresponding to iris pattern data uniquely specifying the iris pattern of the user, iris pattern vector data, And a fingerprint code value including at least one of image / vector data or hash of the iris pattern data as a predetermined hash function.

Alternatively, when the user's retina information is recognized from the retina of the user, the retina recognition information includes retinal pattern image data corresponding to retinal pattern data uniquely specifying the retinal pattern of the user, retinal pattern vector data, And a fingerprint code value including at least one of image / vector data or hash of the retina pattern data as a predetermined hash function.

Alternatively, when recognizing the face information of the user from the face of the user, the face recognition information may include face pattern image data corresponding to face pattern data uniquely specifying the face pattern of the user, face pattern vector data, The image data includes one or more image / vector data, or a fingerprint code value obtained by hashing the face pattern data into a predetermined hash function.

Referring to FIG. 1, the OTP apparatus 100 compares the biometric information with the biometric authentication information stored in the memory unit 130 when the biometric information is acquired through the biometric unit 120 And an authentication unit 135 for authenticating the validity of generating the OTP through the biometric information.

When the biometric information is acquired through the biometric unit 120, the authentication unit 135 may generate the biometric information by comparing the biometric information with the biometric information stored in the memory unit 130, (If the data structure of the biometric information includes a data structure capable of being compared (or verified) with the biometric authentication information), the data structure can be omitted.

According to another embodiment of the present invention, the memory unit 130 stores a password (or a personal identification number) registered by a user and, when a user's password (or a personal identification number) is inputted through key input, The authentication unit 135 authenticates the input password (or the personal identification number) and verifies the validity of generating the OTP through the biometric information, or adds the password (or the personal identification number) to the authentication using the biometric information And the present invention is not limited thereto.

Referring to FIG. 1, the OTP apparatus 100 includes an information configuration unit 145 that configures OTP generation information including the biometric information as a seed value for generating N (N> = 2) Determining one or more fixed seed values and a dynamic seed value for generating the N-digit OTP from the constructed OTP generation information, and transmitting the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation OTP generation unit 150 for generating an OTP by substituting the generated OTP information into an algorithm. When OTP generation information is stored in the memory unit 130, the OTP generation unit 150 generates a terminal-side OTP from the memory unit 130 And the information constructing unit 145 may combine the terminal-side OTP generation information and the biometric information to generate N (N > = 2) Generate OTP And the OTP generation information for generating the OTP.

If the validity of generating the OTP by the authentication unit 135 is authenticated through the biometric information, the information organization unit 145 confirms the biometric information acquired through the biometric unit 120, When the biometric information is not matched with the data structure for generating the N-digit OTP, converts the obtained biometric information into a data structure for generating the N-digit OTP. If the biometric information obtained through the biometric unit 120 has a data structure for generating the N-digit OTP, or if the data structure of the biometric information obtained through the biometric unit 120 is It is not necessary to convert the data structure of the biometric information, and thus the present invention is not limited thereto.

According to an embodiment of the present invention, the biometric information is hashed through a hash function of hashing a series of text / binary data into a seed value data structure constituting the OTP generation information, It is preferable that the data structure is converted into a data structure for generation.

The information constructing unit 145 constructs OTP generation information for generating N-digit OTP by including the biometric information as a fixed seed value for generating the N-digit OTP.

According to the embodiment of the present invention, the information constructing unit 145 includes the OTP apparatus 100 unique information stored in the memory unit 130 as the fixed seed value of the OTP generation information, and generates the N-digit OTP It is preferable to configure the OTP generation information.

If the N-digit OTP is a time-synchronized OTP, the information constructing unit 145 determines a time value (or a time value for a specific time interval) determined from a timer included in the OTP apparatus 100 And construct OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is an OTP of the challenge-synchronization type, the information configuration unit 145 generates a predetermined random number value and transmits / exchanges the random number value with the server, or receives / It is preferable that OTP generation information for generating the OTP of N digits is formed by including the random number value as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the memory unit 130, the information verification unit 140 checks the terminal side OTP generation information from the memory unit 130, Processing the biometric information into a fixed seed value for generating the N-digit OTP, combining the verified terminal-side OTP generation information with the biometric information, and constructing OTP generation information for generating an N-digit OTP .

If OTP generation information including the biometric information as a fixed seed value for generating the N-digit OTP is configured by the information configuration unit 145, the OTP generation unit 150 generates OTP generation information Determining one or more fixed seed values included in the OTP generation information, determining one or more dynamic seed values based on the parameters included in the OTP generation information, and determining the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation algorithm And generates N (N > = 2) OTPs. Here, the number of digits of N for the OTP may be fixed or dynamically changed every time OTP is generated, so that the present invention is not limited thereto.

Referring to FIG. 1, the OTP device 100 generates an OTP output signal through the screen output unit 110 when the N-digit OTP is generated through the OTP generation unit 150, When the OTP device 100 is provided with the short-range communication means (not shown), the OTP output unit 155 transmits the generated OTP To the terminal (or device) located in the vicinity of the OTP device 100.

When the OTP is generated, the OTP output unit 155 outputs the generated OTP to a predetermined area on the screen of the OTP device 100 in association with the screen output unit 110. [

According to an embodiment of the present invention, the OTP output unit 155 outputs an OTP output screen on the screen of the OTP apparatus 100 in association with the screen output unit 110, OTP < / RTI >

According to another embodiment of the present invention, the OTP output unit 155 outputs (or assigns) an OTP output area to a screen area currently displayed on the screen of the OTP device 100 in cooperation with the screen output unit 110 ), And outputs the generated OTP to the OTP output area.

If the OTP device 100 is equipped with a local communication means (for example, Bluetooth, infrared communication, RFID communication, RF communication, etc.), the OTP output unit 155 generates It is possible to output the generated OTP to the terminal (or device) located close to the OTP device 100.

2 is a diagram illustrating the configuration of an OTP system according to an embodiment of the present invention.

2 shows an OTP system configuration for authenticating N-digit OTPs generated using the biometric information in the OTP device 200 having the user biometric function. Those skilled in the art will be able to refer to and / or modify this Figure 2 to infer various implementations of the OTP system configuration (e.g., omissions, subdivided, or aggregated implementations) However, the present invention is not limited to the technical features of the present invention.

Referring to FIG. 2, the OTP system includes an OTP apparatus 200 having the functional configuration shown in FIG. 1, an OTP authentication request server (hereinafter, referred to as an OTP server) 200 for requesting OTP authentication to a user having the OTP apparatus 200 210 and OTP medium information corresponding to the OTP apparatus 200 having the functional configuration shown in FIG. 1 and registered as an OTP medium, and the server-side OTP generation information are stored in the storage medium 240, And an OTP operating system for receiving and authenticating N-digit OTPs generated by the OTP device 200 using the biometric information when the OTP device 200 is used as an OTP medium. A user terminal 205 used by the user having the OTP device 200 according to the intention and a separate OTP server 215 authenticating the N-digit OTP generated by the OTP device 200 .

According to the present invention, in the OTP operating system, each means constituting the OTP operating system is implemented in the form of a single integrated server, or each means (or a combination of two or more means) constituting the OTP operating system, Some of the means constituting the OTP operating system are implemented in the form of a server and the rest are implemented in the form of a server system implemented in the form of a server such as the OTP server 215 and the OTP authentication request server 210 Or each of the means constituting the OTP operating system is distributed and implemented in the form of components of at least one of the OTP server 215 and the OTP authentication request server 210 It is clear that the present invention is not limited by the manner in which the OTP operating system is implemented, the type of server, the location and number of implementation Bayida leave.

The OTP device 200 is a wireless communication terminal device registered as an OTP medium for generating an OTP of N digits using the biometric information among the OTP devices 200 having the user biometric function, The OTP generation information including the biometric information is generated to generate and output an OTP of N digits after the OTP generation validation authentication requested by the OTP generation request through the menu selection .

The OTP authentication request server 210 is a general term for servers requesting authentication of a user, payment settlement, and financial transaction through an OTP generated by the OTP apparatus 200. The OTP authentication request server 210 includes an OTP A shopping mall server or a content providing server or a home shopping server for processing authentication of payment through OTP generated by the OTP device 200, an OTP generated by the OTP device 200 The present invention is not limited to the type of OTP authentication request server 210 and the OTP authentication request method.

The user terminal 205 is a collective term of a communication terminal to which the user having the OTP device 200 accesses the OTP authentication request server 210 through a communication network. The user terminal 205 includes key input means, screen output means, (E.g., OTP device 200, portable Internet terminal, etc.) connected to a wireless communication network, a bi-directional communication device A digital TV having functions, an IP-TV, a household terminal connected to a home network, and the like.

The OTP server 215 receives the N-digit OTP generated by the OTP apparatus 200 through the communication network, generates an OTP 'that matches the OTP, compares the OTP with OTP' The OTP server 215 may also be provided with a function of authenticating the OTP by the OTP server 215, so that the present invention is not limited thereto.

Referring to FIG. 2, the OTP operating system registers an OTP device 200 having the user biometric function as an OTP medium that generates N-digit OTP using the biometric information, And OTP media registration means 220 for composing server-side OTP generation information for generating OTP 'for authenticating N-digit OTPs generated in the server 200 and storing the OTP generation information in the storage medium 240, The OTP apparatus 200 registered as the OTP medium has terminal OTP generation information matching with the server OTP generation information.

The OTP media registration means 220 provides the OTP device 200 with the unique information of the OTP device 200 to be registered as the OTP media and the customer information of the customer using the OTP device 200 at the predetermined OTP registration terminal, And stores the generated OTP medium information in the storage medium 240. If the OTP registration terminal (or the customer terminal used by the customer) provides the biometric information, The OTP media registration means 220 further stores the biometric information in the OTP medium information in the storage medium 240.

The OTP registration terminal is a generic name of a terminal device requesting to register the OTP device 200 as an OTP medium. The OTP registration terminal includes a user terminal 205, an OTP registration authority (For example, a national institution terminal, an OTP authentication request server 210, an operator terminal, a credit card terminal, a financial institution terminal, a securities company terminal, and the like) provided in the server 210 operating company, card company, financial company, .

The OTP device 200 unique information included in the OTP medium information includes device identification information (or unique information) given to the OTP device 200 provided to the customer (user) among the plurality of OTP devices 200 .

The customer information preferably includes a resident registration number corresponding to the name (or user) of the OTP device 200 to be used as the OTP medium. It is preferable that the customer information includes the name, address, contact information And the like.

If the financial transaction is included in the authentication target using the OTP device 200 as the OTP medium, the customer information may further include financial information (e.g., account number, bank, etc.) of the customer corresponding to the customer information .

Or the card transaction is included in an object authenticated by using the OTP device 200 as an OTP medium, the customer information further includes card information (e.g., card number, card company, etc.) of the customer corresponding to the customer information .

According to the user's intention of practicing the present invention and the field in which the OTP device 200 is used as the OTP medium, the customer information may include various information (e.g., an object to be authenticated using the OTP device 200 as an OTP medium) And authentication information, the client account information for the game, and the like), and thus the present invention is not limited thereto.

The biometric object of the user includes any one of a fingerprint, an iris, a retina, and a face of a user, and the biometric information may be any one of a user's fingerprint information, iris information, retina information, Fingerprint identification information in which a fingerprint pattern unique to the user included in the fingerprint information recognized from the user's fingerprint is configured to be comparable to the fingerprint information, iris information recognized from the iris of the user, Iris recognition information constituted by a comparable data structure of an iris pattern, retinal recognition information constituted by a data structure in which the user's unique retinal pattern included in the retinal information recognized from the user's retina is comparable, facial information recognized from the user's face The unique facial patterns of the included users can be compared And a facial recognition unit configured to acquire facial recognition information.

When the OTP medium information is received, the OTP medium registration means 220 registers the OTP medium information in the server side 200 for authenticating the N-digit OTP that is generated using the biometric information in the OTP apparatus 200 based on the OTP medium information OTP generation information is generated (or allocated).

Herein, the server-side OTP generation information is stored in the OTP management system, and one (1) for generating N-digit OTP 'to be compared (or verified) with the N-digit OTP generated by the OTP apparatus 200 The above-mentioned fixed seed value and the parameter for determining the dynamic seed value.

When the biometric information is used as a fixed seed value for generating the N-digit OTP in the OTP device 200, the server-side OTP generation information may include the biometric information as the N-digit OTP ' As seed values.

According to the embodiment of the present invention, the server-side OTP generation information preferably includes a fixed seed value generated based on the OTP device 200 unique information and / or customer information included in the OTP medium information, The generated fixed seed value may be included in the OTP generation information to be provided to the OTP device 200.

If the N-digit OTP is generated in a time-synchronized manner, the server-side OTP generation information includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP .

Alternatively, when the N-digit OTP is generated by a challenge-response scheme, the server-side OTP generation information may be generated by generating a random number corresponding to the dynamic seed value of the challenge-response OTP or by generating a random number Value. ≪ / RTI >

The OTP media registration unit 220 stores the OTP medium information and the server-side OTP generation information in the storage medium 240 in association with each other, thereby storing the OTP apparatus 200 in the N-digit OTP As an OTP medium.

If the biometric information is received from the OTP registration terminal, the OTP medium registration unit 220 may further include the biometric information in the OTP medium information and store the biometric information in the storage medium 240.

It is preferable that the OTP medium registration unit 220 provides the biometric authentication information corresponding to the biometric information of the OTP device 200 and processes the biometric authentication information to be recorded in the memory unit of the OTP device 200.

In the case where the OTP device 200 compares the biometric information with the biometric authentication information and authenticates the validity of the OTP generation, the biometric authentication information preferably includes the biometric information as it is, In the case where the authentication information is verified and verified to validate the OTP generation, the biometric authentication information preferably includes a biometric information verification value that is calculated with the biometric information to induce a predetermined calculation result.

Referring to FIG. 2, the OTP operating system receives N-digit OTPs generated by using the biometric information in the OTP device 200 through a communication network, and transmits OTP data to the OTP device 200 An information receiving means (225) for confirming corresponding OTP medium information, and an information checking means for checking OTP generation information for generating N-digit OTP 'to be compared (or verified) with the received N-digit OTP OTP authentication means 230 for generating an OTP 'of N digits through the OTP generation information and comparing (or verifying) the OTP' of N digits to authenticate whether the received OTP is valid, The information receiving means 225, the information confirming means 235 and the OTP authenticating means 230 may be implemented in a separate OTP server 215, Include all possible practices I will make clear what is going on.

When the OTP is input through the OTP input interface displayed on the user terminal 205, the information receiving means 225 transmits the OTP to the user terminal 205 via the communication network, The user terminal 205 may receive the OTP from the user terminal 205. In this case, the user terminal 205 may further transmit OTP medium information including at least one of the unique information or the customer information of the OTP device 200, Preferably, the information receiving means 225 receives the OTP medium information from the user terminal 205.

According to the embodiment of the present invention, when the OTP is encrypted and transmitted, the information receiving means 225 decodes the OTP according to a predetermined decoding method.

When the OTP is received, the information checking unit 235 confirms the server side OTP generation information associated with the OTP medium information from the storage medium 240.

According to an embodiment of the present invention, the identified server-side OTP generation information may include the same fixed seed value as the OTP generation information including the biometric information to generate N-digit OTP in the OTP device 200, If the OTP generation information includes the parameter for determining the seed value, the information confirmation means 235 confirms the confirmed server-side OTP generation information with the OTP generation information for generating the N-digit OTP '.

According to another embodiment of the present invention, when the verified server side OTP generation information does not include the biometric information, the information verification means 235 may include (in the OTP medium information) OTP generation information for generating OTP 'of N digits by combining the server-side OTP generation information and the biometric information, and the biometric information is composed of the N digits OTP ', the information verifying unit 235 converts the biometric information into a data structure for generating the N-digit OTP'.

When the OTP generation information for generating the N-digit OTP 'is confirmed / configured, the OTP authentication unit 230 identifies one or more fixed seed values for generating the OTP' from the OTP generation information, Determines one or more dynamic seed values through the parameters included in the generation information, and substitutes the determined one or more fixed seed values and dynamic seed values into the predetermined OTP generation algorithm to generate OTP 'of N digits.

When the N-digit OTP 'is generated, the OTP authentication unit 230 compares (or verifies) the received N-digit OTP' with the generated OTP 'to authenticate the OTP validity.

If the OTP and the OTP 'match (or match) as a result of the comparison, or if the predicted result is obtained through the verification operation, the OTP authentication unit 230 processes the OTP validity as being authenticated, And provides the validity authentication result to at least one of the OTP authentication request receiving server 210, the user terminal 205, and the OTP apparatus 200 that requires the OTP authentication result.

On the other hand, if the OTP and OTP 'do not match (or match) as a result of the comparison, or if the predicted result is not obtained through the verification operation, the OTP authentication unit 230 processes the OTP validity as unauthenticated And provides the OTP validity authentication result to at least one OTP authentication result receiving means of the OTP authentication request server 210, the user terminal 205, and the OTP apparatus 200 requiring the OTP authentication result.

3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.

More specifically, FIG. 3 illustrates a process of registering a user's OTP device 200 as an OTP medium on the OTP system shown in FIG. 2, and it will be understood by those skilled in the art that, It is possible to refer to and / or modify the FIG. 3 to derive various implementations of the OTP media registration process (e.g., omitting some steps or changing the order) And the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 3, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 3, the OTP registration terminal accesses a server through a communication network to request an OTP device 200 corresponding to the OTP medium (300). The server registers the user information of the user, The OTP registration terminal provides an OTP media registration interface 300 for inputting / registering OTP media information including OTP device specific information corresponding to the OTP device 200 of the OTP device 200, OTP medium information including the unique information of the OTP apparatus 200, the customer information, and the biometric information through the interface, and transmits the OTP medium information to the server (310).

The server receives OTP medium information including the unique information of the OTP apparatus 200, the customer information and the biometric information from the OTP registration terminal, and transmits the biometric information from the OTP apparatus 200 based on the OTP medium information Side OTP generation information for authenticating the N-digit OTP generated by using the OTP medium information, the OTP medium information, the biometric information, and the server-side OTP generation information, (320).

Thereafter, the server includes terminal side OTP generation information matching with the server side OTP generation information, and processes the OTP device 200 that generates N-digit OTPs using the biometric information to be provided to the user 325).

4 is a diagram illustrating an OTP generation process according to an embodiment of the present invention.

More specifically, FIG. 4 illustrates a process of generating an OTP of N digits using the biometric information in the OTP device 200 shown in FIG. 1. Specifically, the OTP device 200 of the OTP device 200 And verifying the validity of the OTP generation using the biometric information using the biometric authentication information when the biometric authentication information to be compared (or verified) with the biometric information is included.

Those skilled in the art will appreciate that various embodiments of the OTP generation process (e.g., omitting some steps or changing the order) may be implemented by referring to and / or modifying FIG. 4, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

For example, in FIG. 4, the process of authenticating the user through the password (or the personal identification number) of the user is omitted for the sake of convenience by including the process of confirming the validity of the OTP generation through the biometric information and the biometric authentication information. The invention is not limited thereto, and the user authentication process may be further provided.

Hereinafter, in FIG. 4, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 4, the OTP device 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection Corresponding to one of the fingerprint recognition information, iris recognition information, retina recognition information, and facial recognition information of the user through the biometric module corresponding to any one of the fingerprint recognition module or the camera module provided in the OTP device 200 (400). ≪ / RTI >

If the biometric information is acquired through the user biometric function (405), the OTP device 200 compares (or verifies) the obtained biometric information with the biometric authentication information provided in the memory In operation 410, the validity of the OTP for generating N-digit OTP is confirmed through the OTP generation information including the biometric information.

If the OTP validity is not confirmed (415), the OTP device 200 outputs OTP generation validity error information (420) and ends the OTP generation process.

On the other hand, if the OTP validity is confirmed (415), the OTP device 200 includes the biometric information as a fixed seed value for generating the N-digit OTP to generate OTP generation information for generating an N-digit OTP (425).

According to an embodiment of the present invention, the OTP apparatus 200 confirms the terminal side OTP generation information from the memory unit, and the OTP apparatus 200 stores the biometric information in a fixed form for generating the N-digit OTP It is preferable to configure the OTP generation information for generating N-digit OTP by combining the verified terminal-side OTP generation information with the biometric information.

If the N-digit OTP is a time-synchronized OTP, the OTP device 200 determines a time value (or a time value for a specific time interval) identified from a timer included in the OTP device 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is an OTP of the challenge-synchronization type, the OTP device 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the OTP generation information including the biometric information as the fixed seed value is configured 430, the OTP device 200 checks one or more fixed seed values included in the configured OTP generation information, And generates and outputs an OTP of N digits by using the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm (step 435).

5 is a diagram illustrating an OTP generation process according to another embodiment of the present invention.

More specifically, FIG. 5 illustrates a process of generating an OTP of N digits using the biometric information in the OTP device 200 shown in FIG. 1. Referring to FIG. 5, It is possible to refer to and / or modify the FIG. 5 to derive various implementations of the OTP generation process (e.g., omitting some steps or changing the order). However, And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 5, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 5, the OTP apparatus 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection (500), and processes the user authentication using the password (or the personal identification number) (505).

If the user authentication is not processed (510), the OTP device 200 outputs the user authentication error information (515) and ends the OTP generation process.

On the other hand, if the user authentication process is performed 510, the OTP device 200 transmits the fingerprint identification information of the user through the biometric module corresponding to one of the fingerprint recognition module or the camera module provided in the OTP device 200, Recognizes and acquires biometric information corresponding to any one of the iris recognition information, the retina recognition information, and the facial recognition information (520).

If the biometric information is acquired through the user biometric function (525), the OTP device 200 includes the biometric information as a fixed seed value for generating the N-digit OTP, OTP generation information for generating OTP (530).

According to an embodiment of the present invention, the OTP apparatus 200 confirms the terminal side OTP generation information from the memory unit, and the OTP apparatus 200 stores the biometric information in a fixed form for generating the N-digit OTP It is preferable to configure the OTP generation information for generating N-digit OTP by combining the verified terminal-side OTP generation information with the biometric information.

If the N-digit OTP is a time-synchronized OTP, the OTP device 200 determines a time value (or a time value for a specific time interval) identified from a timer included in the OTP device 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is an OTP of the challenge-synchronization type, the OTP device 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If OTP generation information including the biometric information as a fixed seed value is configured (535), the OTP device 200 checks one or more fixed seed values included in the configured OTP generation information, (Step 540). In step 540, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

6 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

FIG. 6 is a block diagram illustrating an OTP operation system according to an embodiment of the present invention. Referring to FIG. 6, N (N (N)) generated by the OTP apparatus 200 shown in FIG. > = 2) number of digits of the OTP to match with the OTP, and compares (or verifies) the received OTP of the N digits with the OTP 'to verify the validity of the OTP Those skilled in the art will be able to refer and / or modify FIG. 6 to illustrate various implementations of the OTP authentication process (e.g., some steps may be omitted, However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Hereinafter, in FIG. 6, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 6, after an OTP of N digits is generated / output by the OTP device 200 shown in FIG. 1 through the process shown in FIGS. 4 to 5, Receives the N-digit OTP inputted through the OTP input interface outputted to the user terminal 205 and confirms the OTP medium information (600), verifies the biometric information for the OTP device 200, After confirming the server side OTP generation information associated with the OTP medium information from the storage medium 240 (605), the biometric information is combined with (or linked with) the server side OTP generation information to convert the biometric information into a fixed seed value (Step 610).

If the server side OTP generation information includes the biometric information as a fixed seed value according to the embodiment of the present invention, the server generates OTP generation information for generating the N-digit OTP ' It is desirable to check with information.

Thereafter, the server checks one or more fixed seed values for generating the N-digit OTP 'from the OTP generation information, determines one or more dynamic seed values based on the parameters included in the OTP generation information, / OTP 'of N digits is generated by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm (615).

If the N-digit OTP 'is generated (620), the server compares (or verifies) the received N-digit OTP with OTP' to check the OTP validity (625).

According to the embodiment of the present invention, when the OTP and the OTP 'are matched (or matched) as a result of the comparison between the OTP and the OTP', or when the predicted result is obtained through the verification operation, .

If the OTP validity is not confirmed 630, the server transmits an OTP authentication result corresponding to the OTP validity error to the OTP authentication result receiving means (e.g., OTP authentication request server 210, user terminal 205, OTP (Including one or more of device 200).

On the other hand, if the validity of the OTP is confirmed (630), the server transmits OTP authentication result corresponding to the OTP validation confirmation to the OTP authentication result receiving means (e.g., the OTP authentication request server 210, the user terminal 205, (E. G., One or more of < / RTI >

100: OTP device 105:
110: screen output unit 115: key input unit
120: biometrics unit 125: battery
130: memory unit 135: authentication unit
140: Information verification unit 145: Information configuration unit
150: OTP generation unit 155: OTP output unit

Claims (7)

1. A method executed by a device having a memory unit for storing unique device-specific information and a short-range communication means for providing short-range wireless communication and having a function of generating an OTP (One Time Password)
Storing a fixed seed value assigned through a designated server to generate an OTP in a designated storage area of the memory unit;
A second step of confirming a dynamic seed value dynamically determined at the time of OTP generation and confirming a fixed seed value stored in a designated storage area of the memory unit and device unique information already stored in the memory unit;
A third step of substituting the identified unique information, generation information including a fixed seed value and a dynamic seed value into a predetermined OTP generation algorithm, and generating OTP of a predetermined number of digits capable of wirelessly transmitting in a short distance through the short distance communication means; And
And a fourth step of wirelessly transmitting the generated OTP of the specified number of digits at a short distance using the short-range communication means,
Wherein the device unique information includes unique information registered in a server designated to uniquely identify the device through a terminal used by the user.
The method according to claim 1,
The first step may further include storing biometric authentication information for authenticating a user's biometric body in a designated storage area,
Receiving biometric identification information that identifies the user's body when generating the OTP; And
And performing a procedure for authenticating the user's body corresponding to the biometric information through the biometric authentication information.
3. The method of claim 2,
The first step may further include storing a code value obtained by hashing the biometric authentication information,
And using the code value as a seed value for generating the OTP at the time of biometric authentication.
3. The method according to claim 1 or 2,
The first step may further include storing a password of a user,
Receiving a password of a user when generating an OTP; And
And performing a procedure for authenticating the validity of the input password.
The communication system according to claim 1,
And a Bluetooth communication means.
The communication system according to claim 1,
And a wireless recognition communication means in a frequency band of 13.56 MHz.
The method as claimed in claim 1,
Wherein the mobile terminal is wirelessly received by a near terminal located at a short distance at the time of the wireless transmission and is transmitted to a designated server through a communication network in accordance with an authentication procedure performed by the near terminal, and is authenticated.

Images