KR20170053893A - Mobile authentication method using near field communication technology - Google Patents
Mobile authentication method using near field communication technology Download PDFInfo
- Publication number
- KR20170053893A KR20170053893A KR1020150156368A KR20150156368A KR20170053893A KR 20170053893 A KR20170053893 A KR 20170053893A KR 1020150156368 A KR1020150156368 A KR 1020150156368A KR 20150156368 A KR20150156368 A KR 20150156368A KR 20170053893 A KR20170053893 A KR 20170053893A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- server
- user
- smartphone
- service
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G06K9/00006—
-
- G06K9/00597—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H04W4/008—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- G06K2009/00932—
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The present invention relates to a method for mobile authentication and / or mobile payment through short-range wireless communication between a computer device and a smartphone.
The method of the present invention is structurally separated between a service process performed between the computer device 100 and the service server 300 and an authentication process performed between the smartphone 200 and the authentication server 400. [ The service process and the authentication process are connected through a short-range wireless communication between the computer device 100 and the smartphone 200. If the authentication result obtained between the smartphone 200 and the authentication server 400 is successful, the authentication server 400 notifies the service server 300, and the service server 300 returns the result to the screen of the computer device Lt; / RTI >
Description
The present invention relates to user authentication techniques. And more particularly to an authentication method using a mobile device.
Today, people use the Internet to conduct various e-commerce and authentication activities. It primarily runs a web browser through a personal computer to access the target website. Then, the target web site performs a series of authentication procedures. The biggest problem here is security issues caused by malicious hacking. Unique personal information such as credit card number as well as unique information about the individual can be hacked. Several attempts have been made to prevent this. One of the most widely used methods is to install software on a personal computer that blocks hacking and enhances security.
However, this causes severe inconvenience to the user. Users are required to update their software because they need to constantly improve their security vulnerabilities because they are accessing various websites and doing authentication activities, and there are a lot of software to install. In addition, malicious codes are used to mimic or exploit security software And that it can be done. This was because personal computers had authentication information.
If so, you can consider not storing your authentication information on your personal computer. And store it on the server of the certification authority. The personal computer can acquire an identifier capable of identifying it at a minimum and use the authentication information stored in the database of the server based on the identifier. Identifiers include ID, password, and cookie. The authentication information will be representative of the card information. For example, Amazon's one-click technology is typical. A server system related to Amazon One-Click Technology is disclosed in U.S. Patents US 5,960,411 and US 8341036.
According to this technique the user is very convenient. This is because it is not necessary to install the security program on the personal computer, and the authentication and settlement can be performed simultaneously by inputting the simple identifier without going through the complicated process. However, the more convenient the user, the greater the burden on the service provider. Security issues have become more sensitive. User authentication must be assertive. The server system should be protected against malicious attacks. Because there is always the risk of a catastrophic security incident, the service provider must make a wonderful effort and constantly improve security technology. Also, since the user must input information such as card information at least once into the server and must remember the identifier information, user convenience is not completely guaranteed.
The inventors of the present invention have long studied and pondered to solve the authentication problem in the above personal computer. Storing authentication information on a personal computer has the problem of installing complicated security software as described above. Storing and authenticating authentication information in a server system should place a tremendous security burden on service providers. In addition, the user must provide his / her personal information to the server system, and it is also inconvenient to have to remember the identifier information. We have come to the conclusion that we have to make a completely new attempt to solve these problems.
The inventors have explored mobile devices and biometric information technologies. While authentication activities in the Internet environment have become commonplace through personal computers (including notebooks), authentication methods in new environments have become widespread. Mobile authentication technology. You can store your credit card information on your mobile device and use it to make payments. You can also store biometric information, such as fingerprints, on your mobile device. The key point of the biometric information technology is that biometric information unique to each person can be acquired and easily recognized by recognizing the biometric information. Biometric information is unique to humans and can not be separated, so it can not be lost. Such biometric information can include face, voice, and signature, but fingerprints, finger veins, and irregularities are mainly studied. In view of the development of technology, the installation and configuration of equipment, and the ease of recognition, it is preferable to use a finger of a user. Biometric technology utilizing fingerprint or finger vein is typical. But how do you use it?
It is an object of the present invention to propose an authentication technique using biometric information, and to propose a new method that can be achieved through short-distance communication between heterogeneous devices.
Another object of the present invention is to provide a new biometric information authentication method which can completely prevent the risk of security incidents such as malicious access to a server or a device or hacking.
It is still another object of the present invention to provide a methodology for effectively authenticating biometric information even if the server does not have biometric information.
On the other hand, other unspecified purposes of the present invention will be further considered within the scope of the following detailed description and easily deduced from the effects thereof.
According to an aspect of the present invention, there is provided a mobile authentication method using near field wireless communication between disparate devices,
(a) generating an authentication event requesting execution of an authentication process in a service process provided by a service server to a host computer device;
(b) transmitting the authentication event information of the service process to the smartphone through short-range wireless communication through the short-range wireless communication device in which the host computer device is installed to execute the authentication process;
(c) performing a security authentication of a predetermined procedure by the smartphone receiving the authentication event information and transmitting the result to the host computer device through short-range wireless communication; And
(d) verifying the security authentication result of the smartphone received by the authentication server via the host computer device, and ending the authentication process.
In a mobile authentication method according to a preferred embodiment of the present invention, the step (d) comprises:
(1) the host computer device transmitting the security authentication result of the smartphone to the service server;
(2) transmitting the security authentication result of the smartphone to the authentication server by the service server;
(3) the authentication server verifies the security authentication result of the smartphone and transmits the verification result data to the service server; And
(4) If the verification result data corresponds to authentication success, the service server may include a step of continuing the service process according to a predetermined procedure.
Also, in the mobile authentication method according to another preferred embodiment of the present invention, the step (d) includes:
(1) the host computer device directly transmitting the security authentication result of the smartphone to the authentication server;
(2) the authentication server verifies the security authentication result of the smartphone and transmits verification result data to the host computer device;
(3) the host computer device transmitting the verification result data to the service server; And
(4) If the verification result data corresponds to authentication success, the service server may include a step of continuing the service process according to a predetermined procedure.
Further, in the mobile authentication method according to any one of the preferred embodiments of the present invention, the authentication event may include authentication for performing a predetermined subsequent process, authentication for authenticating an already performed process, Or may be an event requesting mobile authentication regarding one or more personal authentication.
Further, in the mobile authentication method according to the preferred embodiment of the present invention, the step (c) may further include biometric authentication using the biometric image data of the bio object.
Further, in the mobile authentication method according to any of the preferred embodiments of the present invention, the biometric object used in the biometric authentication may be any one of a fingerprint, finger vein, and iris.
In addition, in the mobile authentication method according to a preferred embodiment of the present invention, the short-range wireless communication device may be an NFC device.
According to a preferred embodiment of the present invention, there is an advantage that the service process and the authentication process are completely separated systematically. This has the great advantage that the service provider can configure the system and manage resources from the viewpoint of service provisioning. Since the service providing system does not have the information necessary for authentication or settlement, there is no object of security accident caused by malicious attack. This brings great benefits to users. It is not necessary to install various security programs on the user's device when accessing the system of the service provider, and there is no need for the user to provide personal information such as credit card information to the service provider.
According to the present invention, all the processes can be automatically terminated by pressing a button for requesting mobile authentication or mobile payment. In short, it has the advantage of providing users with the most convenient payment methods.
Further, according to the present invention, there is an advantage that authentication can be performed more securely from the attack of a malicious third party. Although the authentication process uses the smartphone biometric authentication method in the authentication process, since the biometric information is not stored in the device or the server, even if the user loses the device, the authentication server loses or hacks the DB information even if the third party maliciously hacks it. The biometrics information inherent to the user can be intrinsically blocked.
The present invention provides a complete and secure authentication method for all commercial or administrative procedures requiring authentication.
On the other hand, even if the effects are not explicitly mentioned here, the effect described in the following specification, which is expected by the technical features of the present invention, and its potential effects are treated as described in the specification of the present invention.
1 is a diagram showing a system configuration according to a preferred embodiment of the present invention.
FIG. 2 is a diagram schematically showing a concept according to a preferred embodiment of the present invention.
FIG. 3 is a view schematically showing a concept according to another preferred embodiment of the present invention.
4 is a schematic view illustrating a concept according to another preferred embodiment of the present invention.
5 is a diagram conceptually showing the relationship and configuration between heterogeneous devices performing near field wireless communication according to the present invention.
6 is a diagram showing various forms of examples of the
7 is a view showing an example of various bio-objects performed in the
8 to 11 are diagrams illustrating various scenarios to which the technical idea of the present invention is applied.
* The accompanying drawings illustrate examples of the present invention in order to facilitate understanding of the technical idea of the present invention, and thus the scope of the present invention is not limited thereto.
In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may obscure the subject matter of the present invention.
1 shows a system configuration according to a preferred embodiment of the present invention. A preferred system of the present invention comprises four elements. A
In this case, in the prior art, it was common to authenticate through the security program and the authentication software installed in the
In the context of the present invention, the security and / or authentication software installed in the
[Separation of service process and authentication process 1]
The present invention systematically separates the service process and the authentication process. Figure 2 schematically depicts the process of a system according to some preferred embodiments of the present invention.
The service process is performed through communication between the
The connection between the service process and the authentication process is as follows. First, on the user side, a near field communication (NFC)
The
Then, real-time authentication is performed between the
On the other hand, since the service process and the authentication process are separated, as described above, the
The
Although the
[Separation of service process and authentication process 2]
Figure 3 schematically illustrates the process of a system according to another preferred embodiment of the present invention. In the above-described embodiment, all procedures related to authentication between the
First, the service process is performed through communication between the
The configuration related to the connection of the service process and the authentication process is slightly different from the embodiment of Fig. First, on the user side, a near field communication (NFC)
The
Then, the
The encrypted authentication result data in the
If the verification result data corresponds to authentication success, the
On the other hand, since the service process and the authentication process are separated, as described above, the
The
[Separation of service process and authentication process 3]
Figure 4 schematically depicts the process of a system according to another preferred embodiment of the present invention. In the above-described embodiment, the
First, the service process is performed through communication between the
In this embodiment as well, the
This is the configuration related to the connection between the service process and the authentication process. First, on the user side, a near field communication (NFC)
The
Then, the
The encrypted authentication result data in the
If the verification result data corresponds to authentication success, the
On the other hand, since the service process and the authentication process are separated, as described above, the
The
Now, the configuration and relationship of the user side device, which is the starting point at which the service process and the authentication process are connected, will be described. Figure 5 shows the heterogeneous devices used by the user.
The
The
Although the
In some preferred embodiments of the present invention, the
In another preferred embodiment of the present invention, the
The
FIG. 6 illustrates various types of
In some preferred embodiments of the present invention, the
Referring back to FIG. 5, the
In some preferred embodiments of the present invention, after the smartphone executes the mobile application software 250, the
In another preferred embodiment of the present invention, when the smartphone initiates an authentication event at the
The mobile application software 250 of the present invention may include a configuration tool of a mobile application, a user interface, a database module, and the like. In particular, the mobile application software 250 includes a function for supporting NFC communication and a function for executing a procedure for authentication . In addition, in a preferred embodiment of the present invention, it may include a function of receiving an identifier of a service process from a host computer device through NFC communication, and may also include a function of performing wireless communication with an authentication server.
In addition, since the configuration of an application processor, an input / output device, a memory, a wireless communication modem, a battery, and a power supply device of a smart phone supports the technical features of the present invention and ensures the implementation of the present invention, detailed description thereof is omitted here . Such components may employ conventional techniques, and future improved techniques may be freely applied to the technical idea of the present invention.
As described above, in the preferred embodiment of the present invention, enhanced mobile authentication can be ensured by using biometric information of a bio-object (i.e., human body). In this embodiment, the mobile application software 250 supports biometric authentication using biometric image data. As shown in Fig. 7, the bio-object may be a fingerprint, an iris, or a finger. The biometric image data in the preferred embodiment of the present invention may be the
Hereinafter, how biometric image data of the bio-object is processed in the mobile authentication in the
This is the first biometric authentication method. The authentication server may have a database of the user's biometric information. Preferably, the authentication server does not have the user's biometric image data, but has a hash value corresponding to the biometric image data. It can also hold a reference value that modifies the biometric source data to a specific rule. If the authentication server has the biometric image data or the biometric original data, there are legal problems related to personal information protection and malicious attacks such as hacking.
The authentication server can construct a database of vector sets as hash values related to the user ID and the user biometric characteristic. The smart phone can scan the biometric image data to transmit the feature vector set, and compare it with the vector set of the authentication server to authenticate. Communication between the authentication server and the smartphone can be performed through a dynamic communication encryption key. Hereinafter, the first biometric authentication method will be described.
The biometric information database of the authentication server previously stores a user ID and a biometric feature vector set decrypted by the user. The user ID can be used to specify the user. The feature vector set of the biometric image decrypted using the cryptographic hash function is referred to as a first feature vector set for convenience. This first feature vector set can be used to determine whether biometric authentication is successful or unsuccessful. Thus, in order to attempt authentication using the authentication server, the user must register his ID and his or her hashed biometric feature vector set in the authentication server in advance.
This feature vector can be set in the form of a direct password, for example, by the user himself who hides it. Also, it is a secret that only the user knows is unknown to the authentication server to be secreted. The user scans his or her biometric information with a smartphone, and extracts feature vectors from the biometric image data. These feature vectors are hashed using secret secrets. The hashized feature vector set at this time is expressed as a second feature vector set. And transmit the second set of feature vectors to the authentication server.
The authentication server compares the first feature vector set and the second feature vector set, and determines that authentication is successful when a predetermined number or more of hash values are matched with the feature vector values. This is because biometric information causes a slight error in each measurement.
The smartphone application software can control to delete the second set of feature vectors used once, the biometric image data, and the secret key. By deleting both the biometric image, the hashed second feature vector, and the secret key in the smartphone, it is possible to prevent the biometric information from being stolen by using the smart phone.
The basic framework of the authentication process is to compare the biometric information scanned by the smartphone and the biometric information held by the authentication server with the encrypted feature vectors. In addition to this, it is possible to add mobile payment by using information related to the credit card built in the smart phone, adding a protocol for authentication between the authentication server and the smart phone, or employing various biometric authentication algorithms.
This is the second biometric authentication method. Unlike the first biometric authentication method, a hash value related to biometric information or a user's unique secret information required for mobile authentication or mobile settlement is encrypted using a biometric value as an encryption key without storing the modified reference value of the biometric information in the server, It can be stored on the phone (re-encryption of the password value). When the heterogeneous device moves from the service process to the authentication process through short-range wireless communication between the heterogeneous devices, the user can communicate with the authentication server by decrypting the unique information necessary for the authentication using the biometric information of the user as a key.
Let us explain the second biometric authentication method in more detail. Stores various secret data of the user such as a password and credit card information (expressed as " user-specific information for authentication ") in the data store of the smartphone. However, this means that biometric data such as biometric data such as fingerprint, finger vein, iris, and the like is used as a cryptographic key to be stored in an encrypted state. In short, in this embodiment, the encryption key of the user-specific information for authentication can be generated by the user's biometric data. For example, a fuzzy extraction algorithm may be used. The fuzzy extraction algorithm is based on a symmetric key having the same encryption key and decryption key for each data. For example, the user's secret data d is encrypted using the user's biometric data value k as an encryption key, . When decoding the corresponding data e, e is decoded using the biometric data value k 'obtained by scanning the biometric data of the user who has requested decryption. When k' is similar to k within a predefined approximation range, decoding k ' Key to decode e to d exactly. To measure the success or failure of the decryption, e and h (d) are stored in the smartphone's storage, where h (d) is a value obtained by encrypting the user data source. Therefore, when d is obtained by attempting to decode e by k ', decryption succeeds when the value of h (d') is equal to h (d), and decryption failure is determined when it is not. Therefore, only the value of each user secret data d (e, h (d)) is stored in the user database. Therefore, even if the database is attacked or the smartphone is stolen, the user's biometric information and original secret data are safely protected .
If you use this method, you can encrypt the authentication secret value for authenticating the server to the server as above. Thus, when a smartphone user logs in to the service server or purchases an article by authenticating himself or herself, he or she inputs his or her biometric value to his / her smartphone, decrypts the encrypted identity authentication secret value, Or may perform short-range wireless communication with the host computer device and transmit the authentication information to the authentication server via the host computer device to authenticate. In this case, authentication can be performed without storing the hash value (or template) of the user's biometric information on the authentication server.
As described above, the basic framework of the authentication process of the present embodiment is such that the user extracts the encrypted user-specific information stored in the smart phone using his / her biometric information as a key key, and then authenticates between the authentication server and the smartphone . The biometric image data scanned on the smart phone is deleted after being used as a key key for authentication user information. If a virus is already hidden in your smartphone to steal biometric information, your smartphone may scan your biometrics and delete it from memory before it is used to intercept or steal biometric data There is a possibility. To prevent this, a security program can be installed that restricts programs that scan the user's biometric information from being controlled by other programs, including viruses, in the smartphone.
This is the third biometric authentication method. Information such as the user's biometric data and credit card information and the server authentication value (the value at which the server authenticates the user) are transmitted to the server via a module secure from software and / or hardware attacks, such as a crypto-processor or a hardware security module It is stored in a special hardware security module. In this case, the user's smartphone assumes that the module is mounted. In the smart phone, only one or a plurality of specific programs whose security has been verified can communicate with the module.
When the third biometric authentication method is used, the user scans his or her biometric information with a program that scans the biometric information provided in the smartphone. This program transmits the biometric information of the user to the program communicable with the security module or directly transmits the biometric information of the user to the security module when the program itself is the program. The security module determines the similarity between the scanned biometric information of the user and the stored biometric information, and then determines authentication success and failure. Alternatively, if the program communicating with the security module is a secure trusted program, the program requests the biometric information stored in the security module to be transmitted, and the program can compare the biometric information with the scanned biometric information. When the two pieces of biometric information match, the program receives the secret information of the user stored in the security module from the program, the program transmits the information directly to the authentication server, or the smart phone Lt; / RTI > The secret information of the user of the programs is then deleted in the smartphone. However, the user biometric data and secret information stored in the security module are not deleted.
Both the first biometric authentication method and the second biometric authentication method do not store the biometric information by the device. Therefore, even if you lose your smartphone or have a malicious hacking attack, you can rest assured. Even in the case of the third biometric authentication method, a special hardware security module is used, so that it can be relieved from an external attack.
8 to 11 illustrate various types and scenarios of the contents using the authentication method of the present invention. First, FIG. 8 shows an example of a procedural configuration of a scenario relating to authentication of authentication between an authentication event between the
First, the
In this embodiment, the
Preferably, there will be a < mobile authentication > button on the user screen, and an authentication event is generated by selecting it. Then, the NFC device installed in the
The authentication process is executed between the
3 and 4, the above-described authentication process is not a direct communication between the
This is true if the second biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
Mobile authentication including verification of server is performed by various procedures like this. The
The scenario of FIG. 9 relates to a scenario in which the
First, a series of services is performed through communication between the
An approval procedure to approve the work is required (S110). Preferably, there will be a < Mobile Authentication > button on the user screen, and an authentication event can be generated by selecting it. Then, the NFC device installed in the
The authentication process is executed between the
This is true if the second biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
Mobile authentication including verification of server is performed by various procedures like this. The
FIG. 10 is an application example of FIG. When a user purchases a commodity (meaning 'commodity' in the Internet shopping mall includes the object of a sales act that is performed in various online including services, it should be interpreted as the best), the mobile payment is made using the method of the present invention . That is, it is an example of a scenario of the present invention for online settlement. Unlike the scenario of Fig. 9, there are few cases where it is implemented together with Fig.
First, a series of shopping services are performed through communication between the
The payment user screen provided by the
The mobile payment process is executed between the
This is true if the second biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. The smart phone receives the authentication event information of the service process by the NFC, and then scans the user's bio-object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
If the mobile payment is successful in this procedure, the
If the mobile payment method of the present invention is used, payment by the computer can be ended simply by clicking the < mobile payment > button. It is also possible to perform a simple settlement in a state in which perfect security is ensured. There is no need to input a card number in a conventional method, that is, to enter a card number on a computer screen, to make a payment by calling a certificate having weak security, or to use an OTP device. Users only need to biometrics on their favorite smartphone. The rest of the communication is done only by a predetermined procedure.
All FinTech technologies require infrastructure changes. This is the biggest barrier to implementing the new PinTech technology. FIG. 11 shows a scenario in which the existing infrastructure is used as it is but the characteristics of the present invention can be exhibited.
Online shopping (S300, S310) performed through communication between the
The payment user screen provided by the
The
The
The
For reference, the mobile authentication method according to various preferred embodiments of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, magneto-optical media such as floptical disks, A hard disk drive, a flash memory, and the like. Examples of program instructions include high-level language code that can be executed by a computer using an interpreter, as well as machine accords such as those produced by a compiler. A hardware device may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
The authentication event using the technical idea of the present invention may have various modifications. There is a personal authentication for executing a predetermined subsequent process. This also includes identity verification for logging in to the service server. In addition, there is a personal authentication for approving a process that has already been done. Such is the service provided by financial institutions and administrative agencies. There is also a self-certification to approve payment. The outstanding advantages of the present invention are, for example, such. I shopped on the desktop, but the payment method does not use the desktop, it can just be done by pressing a button on the screen. This is because the service (e.g., shopping) process and the authentication (including billing) process are completely separate. There is a much less systematic effort to 'prevent' malicious attacks.
In addition, the above embodiments of the present invention have proposed a method using an NFC module embedded in a heterogeneous device. However, it goes without saying that other types of devices and communication technologies can be employed as long as the module supports short-range wireless communication.
In implementing the method of the present invention, it is most likely if a user is a member of both a service server and an authentication server. Because the user's unique identifier is available, the authentication process is easy to identify the service process (and vice versa). However, if the authentication session generated on the user screen of the service server can be specified through the NFC communication between the same user's computer and the smartphone, the user does not always have to be subscribed to the service server.
In the specification of the present invention, the
The scope of protection of the present invention is not limited to the description and the expression of the embodiments explicitly described in the foregoing. It is again to be understood that the present invention is not limited by the modifications or substitutions that are obvious to those skilled in the art.
Claims (7)
(b) transmitting the authentication event information of the service process to the smartphone through short-range wireless communication through the short-range wireless communication device in which the host computer device is installed to execute the authentication process;
(c) performing a security authentication of a predetermined procedure by the smartphone receiving the authentication event information and transmitting the result to the host computer device through short-range wireless communication; And
(d) verifying the security authentication result of the smartphone received by the authentication server via the host computer device, and ending the authentication process.
Wherein step (d) comprises:
(1) the host computer device transmitting the security authentication result of the smartphone to the service server;
(2) transmitting the security authentication result of the smartphone to the authentication server by the service server;
(3) the authentication server verifies the security authentication result of the smartphone and transmits the verification result data to the service server; And
(4) If the verification result data corresponds to authentication success, the service server continues the service process according to a predetermined procedure, and the mobile authentication method using the near field wireless communication between the dissimilar devices.
Wherein step (d) comprises:
(1) the host computer device directly transmitting the security authentication result of the smartphone to the authentication server;
(2) the authentication server verifies the security authentication result of the smartphone and transmits verification result data to the host computer device;
(3) the host computer device transmitting the verification result data to the service server;
(4) If the verification result data corresponds to authentication success, the service server continues the service process according to a predetermined procedure, and the mobile authentication method using the near field wireless communication between the dissimilar devices.
Wherein the authentication event is an event for requesting a mobile authentication regarding at least one of authentication of a user to perform a predetermined subsequent process, a user authentication for approving a process already performed, and a user authentication for approving a payment, A method for mobile authentication using short range wireless communication between mobile devices.
Wherein the step (c) further comprises biometric authentication using the biometric image data of the body object by the smartphone.
Wherein the bio-object used in the biometric authentication is any one of a fingerprint, a finger vein, and an iris entity.
Wherein the short-range wireless communication device is an NFC device, using a short-range wireless communication between different types of devices.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150156368A KR101835718B1 (en) | 2015-11-09 | 2015-11-09 | Mobile authentication method using near field communication technology |
US15/006,280 US20170055146A1 (en) | 2015-08-19 | 2016-01-26 | User authentication and/or online payment using near wireless communication with a host computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150156368A KR101835718B1 (en) | 2015-11-09 | 2015-11-09 | Mobile authentication method using near field communication technology |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170053893A true KR20170053893A (en) | 2017-05-17 |
KR101835718B1 KR101835718B1 (en) | 2018-03-07 |
Family
ID=59048854
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150156368A KR101835718B1 (en) | 2015-08-19 | 2015-11-09 | Mobile authentication method using near field communication technology |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101835718B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10727285B2 (en) | 2017-07-04 | 2020-07-28 | Samsung Electronics Co., Ltd. | Near-infrared light organic sensors, embedded organic light emitting diode panels, and display devices including the same |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102585875B1 (en) | 2018-11-16 | 2023-10-11 | 삼성전자주식회사 | Image display device and operating method for the same |
-
2015
- 2015-11-09 KR KR1020150156368A patent/KR101835718B1/en active IP Right Grant
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10727285B2 (en) | 2017-07-04 | 2020-07-28 | Samsung Electronics Co., Ltd. | Near-infrared light organic sensors, embedded organic light emitting diode panels, and display devices including the same |
US11469277B2 (en) | 2017-07-04 | 2022-10-11 | Samsung Electronics Co., Ltd. | Near-infrared light organic sensors, embedded organic light emitting diode panels, and display devices including the same |
Also Published As
Publication number | Publication date |
---|---|
KR101835718B1 (en) | 2018-03-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11663578B2 (en) | Login using QR code | |
CN106575326B (en) | System and method for implementing one-time passwords using asymmetric encryption | |
JP6701364B2 (en) | System and method for service-assisted mobile pairing for passwordless computer login | |
US10057763B2 (en) | Soft token system | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
US20220122088A1 (en) | Unified login biometric authentication support | |
CN113474774A (en) | System and method for approving a new validator | |
US20170055146A1 (en) | User authentication and/or online payment using near wireless communication with a host computer | |
CN106575281B (en) | System and method for implementing hosted authentication services | |
US20160189136A1 (en) | Authentication of mobile device for secure transaction | |
US20130185210A1 (en) | Method and System for Making Digital Payments | |
EP3662430B1 (en) | System and method for authenticating a transaction | |
WO2019226115A1 (en) | Method and apparatus for user authentication | |
KR20220167366A (en) | Cross authentication method and system between online service server and client | |
KR101659847B1 (en) | Method for two channel authentication using smart phone | |
KR101835718B1 (en) | Mobile authentication method using near field communication technology | |
KR101875257B1 (en) | Mobile authentication and/or moile payment method using near wireless communication with host computer | |
Kreshan | THREE-FACTOR AUTHENTICATION USING SMART PHONE | |
GB2607282A (en) | Custody service for authorising transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E701 | Decision to grant or registration of patent right |