KR20230030606A - Apparatus for generating virtual security code based on card tagging - Google Patents

Abstract

The present invention relates to a virtual security code generation device based on card tagging. According to the present invention, it is possible to generate a virtual security code necessary for user authentication with card data acquired based on an NFC method without a separate OTP device. In addition, according to the present invention, multiple tag information are stored in an NDEF format in a smart card including card data, so as to acquire NFC data, which is card data, without being bound by the type of user terminal, and generate an OTP without being bound by the type of operating system S of the user terminal.

Description

Virtual security code generation device based on card tagging {APPARATUS FOR GENERATING VIRTUAL SECURITY CODE BASED ON CARD TAGGING}

The present invention relates to a device for generating a virtual security code based on card tagging. More specifically, it relates to an apparatus and method for generating a virtual security code based on card data and time data acquired using an NFC tag.

Code type data is used in many fields. Not only card numbers and account numbers used for payment, but also IPIN numbers and resident registration numbers for user identification are code-type data.

However, in the process of using such code data, many leak accidents occur. In the case of a card number, the actual card number is written on the surface of the card as it is, so it is visually leaked to others, and when paying using a magnetic card, the card number is transmitted to the POS device as it is and leaked.

Many attempts have been made to use virtual codes to prevent actual codes from being leaked as they are, but data for identifying users was needed to search for real codes corresponding to virtual codes.

However, in the case of OTP (One Time Password), a separate OTP generating device is required, which is inconvenient. In particular, in the case of a user terminal, there is a security vulnerability due to the leakage of seed data used for OTP generation.

Therefore, based on card data of cards possessed by many users, generate OTP codes, such as generating virtual security codes necessary for user authentication, but do not require a separate OTP generating device and at the same time prevent leakage of seed data. We need a way to increase security. However, an appropriate solution for this has not yet been proposed.

The present invention for solving the above problems can provide a terminal, a card device and a method for generating a virtual security code based on card data using NFC.

The problems to be solved by the present invention are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the description below.

Card tagging-based virtual security code generation device according to the present invention for solving the above problems, obtains seed data from the smart card through a communication unit that performs NFC-based communication when tagging with a smart card and the communication unit, , A control unit for generating a virtual security code based on the seed data and time data, and transmitting the virtual security code to a server to request user authentication, wherein the smart card includes a plurality of tag information, The plurality of tag information may include URL information related to application execution and the seed data for generating the virtual security code.

In addition, when the application corresponding to the URL information is tagged while not being executed, the control unit executes the application in response to a request for driving the application based on the URL information received from the smart card. can block

In addition, when the tagging is performed at a time other than the time at which the virtual security code is generated, the control unit may obtain execution-related data of an application associated with the smart card.

In addition, when there are a plurality of linked applications, the controller may obtain, from the smart card, execution-related data of an application having the highest priority set according to the frequency of use among the plurality of applications.

In addition, the plurality of tag information may be separately stored in a plurality of storage areas allocated to each type of tag information in the smart card.

In addition, the control unit identifies a type of at least one piece of tag information related to the virtual security code, identifies at least one storage area corresponding to the identified type among the plurality of storage areas, and identifies the identified storage area. The tag information stored in may be read and obtained as the seed data.

In addition, the user authentication is performed through verification of the virtual security code, and the verification is performed through comparison of time data at which the server receives the virtual security code and time data included in the virtual security code. can

In addition, the user authentication may be performed using user identification information extracted based on the virtual security code.

In addition, the smart card device according to the present invention for solving the above problems includes an IC chip including a plurality of tag information and a communication unit for performing communication with a user terminal during tagging, and the plurality of tag information includes: URL information related to application execution and seed data for generating a virtual security code may be included, and the seed data may be provided to the user terminal during the tagging.

In addition, when the tagging occurs while the application corresponding to the URL information is not executed, the application is executed by the user terminal even if the user terminal requests driving of the application based on the URL information through the communication unit. this may be blocked.

According to the present invention as described above, the user can generate a virtual security code required for user authentication with card data obtained based on the NFC method without a separate OTP device.

At this time, since a plurality of tag information is stored in the form of NDEF in the smart card including card data, it is possible to acquire NFC data, which is card data, without being bound by the type of user terminal. Through this, it is possible to generate an OTP without being bound by the type of OS of the user terminal of the present invention.

On the other hand, since the plurality of tag information is matched with use order information in the user terminal set according to the type of tag information, the user terminal can read appropriate tag information corresponding to a command or process executed through communication with the server. .

In addition, according to the present invention, since an algorithm for generating a virtual security code and searching for a storage space for user identification information is added, the existing process can be maintained as it is. For example, if an application providing financial transaction service generates and provides a virtual security code that is not duplicated, the POS device and the PG company server remain intact and deliver the virtual security code to the server, and the server transmits the virtual security code to the virtual security code. Payment may be made by searching for a storage area of corresponding user identification information. Through this, it is possible to minimize the parts that need to be changed within the existing process to increase security, and the user does not have to perform a separate step to improve security.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the description below.

1 is a configuration diagram of a system for generating a virtual security code based on card data according to an embodiment of the present invention.
2 is a schematic configuration diagram of a smart card according to an embodiment of the present invention.
3 is an exemplary view of tag information stored in an NDEF format according to an embodiment of the present invention.
4 is a diagram illustrating a type 4 tag NDEF structure.
5 is a diagram showing an example of a type 4 NDEF file for text RTD (Record Type Definition).
6 is a configuration diagram of a user terminal according to an embodiment of the present invention.
7 is a schematic flowchart of a method for generating a virtual security code based on card data using NFC according to an embodiment of the present invention.
8 is a schematic flowchart of a method for obtaining seed data according to an embodiment of the present invention.
9 is a schematic flowchart of a method for verifying a virtual security code according to an embodiment of the present invention.
10 is a schematic flowchart of a method for authenticating a user based on a virtual security code according to an embodiment of the present invention.

Advantages and features of the present invention, and methods of achieving them, will become clear with reference to the detailed description of the following embodiments taken in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms, only these embodiments are intended to complete the disclosure of the present invention, and are common in the art to which the present invention belongs. It is provided to fully inform the person skilled in the art of the scope of the invention, and the invention is only defined by the scope of the claims.

Terminology used herein is for describing the embodiments and is not intended to limit the present invention. In this specification, singular forms also include plural forms unless specifically stated otherwise in a phrase. As used herein, "comprises" and/or "comprising" does not exclude the presence or addition of one or more other elements other than the recited elements. Like reference numerals throughout the specification refer to like elements, and “and/or” includes each and every combination of one or more of the recited elements. Although "first", "second", etc. are used to describe various components, these components are not limited by these terms, of course. These terms are only used to distinguish one component from another. Accordingly, it goes without saying that the first element mentioned below may also be the second element within the technical spirit of the present invention.

Unless otherwise defined, all terms (including technical and scientific terms) used in this specification may be used with meanings commonly understood by those skilled in the art to which the present invention belongs. In addition, terms defined in commonly used dictionaries are not interpreted ideally or excessively unless explicitly specifically defined.

In this specification, a "character" is a component constituting a code, and includes all or part of uppercase alphabets, lowercase alphabets, numbers, and special characters.

In this specification, "code" means a string in which characters are listed.

In this specification, a "virtual security code" is a random code (eg, OTP (One Time Password)) that is temporarily generated for user authentication and changed every unit time, and may include a code of a specific number of digits made of characters. The virtual security code may be used to search for user's identification information stored in the server according to an embodiment of the present invention.

In addition, the "virtual security code" is a virtual code for authentication (OTAC: One Time Authentication Code) temporarily generated for the user authentication and after the primary authentication of the user is performed through the virtual code for authentication, an additional 2 It may also include a random code used for car authentication [eg, One Time Password (OTP)].

In this specification, "smart card" means a card that provides data for generating a virtual security code. In addition, it is an arbitrary card for conducting financial transactions, such as a credit card, check card, cash card, etc., and there are no restrictions on the type and purpose of the card.

In this specification, a "user terminal" is any electronic device equipped with an application processor (application processor, AP) capable of driving an application. The user terminal may be a non-portable desktop computer or a portable mobile device (eg, smart phone, tablet PC, PDA (personal digital assistant), EDA (enterprise digital assistant), PMP (portable multimedia) player), personal navigation device (PND), wearable device, etc., but is not limited thereto.

In this specification, "virtual security code generation function" means a function that generates a virtual security code. For example, one time password (OTP), etc. are included, but are not limited thereto.

In this specification, the "detailed code generating function" means a function that generates each detailed code constituting the virtual security code.

In this specification, "detailed code combining function" means a function that generates a virtual security code by combining or combining a plurality of detailed codes.

In this specification, "user identification (UID)" means a value in the form of a unique code assigned to each user in order to identify the user.

In this specification, a "unit count" is a unit defined as being set at a specific time interval and changed as the time interval elapses. For example, 1 count may be set to a specific time interval (eg, 1.5 seconds) and used.

1 is a configuration diagram of a system for generating a virtual security code based on card data according to an embodiment of the present invention.

Referring to FIG. 1 , the system for generating a virtual security code based on card data includes a smart card 100 , a user terminal 200 and a server 300 .

According to an embodiment of the present invention, the user terminal 200 generates a virtual security code for user authentication based on card data received and obtained from the smart card 100 .

More specifically, a program or application in the user terminal 200 generates a virtual security code based on seed data and time data obtained from the smart card 100 . To this end, the program or application may include an OTP function.

Seed data of the smart card 100 may include user information of the corresponding smart card 100 . That is, when a program or application of the user terminal 200 is executed, the smart card 100 may be manufactured based on user identification information [UID (User ID)] input and set by the user.

More specifically, when a program or application through the user terminal 200 is executed, when input is received from a user or user identification information is set based on the user's log-in information, based on the user identification information A smart card 100 is manufactured. Consequently, each smart card 100 includes user identification information corresponding to each user.

However, the user identification information of the present invention is not limited thereto, and specific unique information, which is not set by the user, such as the serial number of the smart card 100, is set as default when the smart card 100 is manufactured for a specific user. By matching, it may be set as user information or used. In addition, the user identification information may include not only UID, but also personal information such as resident registration number, bank account number, and credit card number.

Meanwhile, the user terminal 200 generates a virtual security code based on seed data obtained from the smart card 100 . At this time, as described above, the virtual security code may be generated by a One Tim Password (OTP) function. In this case, the virtual security code is generated at the time when seed data and virtual security code generation is requested or when seed data is acquired. It is created based on time data.

Specifically, the virtual security code is generated by a virtual security code generation function provided in the user terminal 200, and in particular, the virtual security code may include at least one or a plurality of detailed codes, which will be described in detail later. do.

Meanwhile, the server 300 performs user authentication based on the virtual security code received from the user terminal 200 . At this time, the server 300 may be a financial company server communicating with the user terminal 200, but is not limited thereto. Also, referring to FIG. 1 , the server 300 is shown as being composed of one server, but may be composed of a system in which a plurality of servers are linked to each other.

Meanwhile, in one embodiment of the present invention, the server 300 may further perform a process of verifying whether the received virtual security code is normally generated or used repeatedly.

Hereinafter, a method and device for generating a virtual security code based on card data using NFC, which is an embodiment of the present invention, will be described with reference to FIGS. 2 to 10.

First, referring to FIG. 2 , the smart card 100 includes a communication unit 110, an IC chip 120, an applet 130, and a process 140.

The communication unit 110 transmits card data to the user terminal. In more detail, although not clearly shown in the drawing, the communication unit 110 includes a Narrow Frequency Communication (NFC) module (not shown).

When the smart card 100 and the user terminal 200 are tagged with each other, the processor 140 of the smart card 100 transfers card data stored in the IC chip 120 to the user terminal through the communication unit 110. Send to (200).

On the other hand, the IC chip 120 is mounted in a PCB board and contacts a terminal of an IC-type card reader to perform data exchange. The IC chip 120 includes an arbitrary form such as a component including an integrated circuit (IC) and a system on chip (SoC). For example, the IC chip may be an ISO 14443 NXP Mifare Classic type according to the present invention, but is not limited thereto.

Also, although not shown in the drawing, a memory (not shown) for storing card data of the smart card 100 is included. As described above, the card data includes user identification information and card identification information of a user who requested issuance of a corresponding smart card.

In addition to user identification information, the IC chip 120 may also store a URL address of a credit card company or financial company that issues and manages the smart card 100 . For example, when the URL address of a specific financial company is stored in the IC chip 120 of the smart card 100, when the corresponding smart card 100 is tagged with the user terminal, the user terminal can obtain the URL address. . In this case, the URL address may be related to installation information or execution information of a program or application of the corresponding financial institution.

That is, various types of information other than user identification information are stored in the IC chip 120 . When the smart card 100 is tagged with the user terminal 200, the user terminal 200 receives the corresponding information from the smart card 100.

Hereinafter, each piece of information stored in the IC chip will be referred to as tag information to help understand the present invention.

The applet 130 stores and manages a plurality of tag information in the smart card 100 .

At this time, as an embodiment of the present invention, the applet 130 of the smart card 100 may separately store a plurality of tag information in a plurality of storage areas in the memory based on NDEF (NFC Data Exchange Format). That is, the plurality of tag information is stored in the smart card 100 in a standardized NDEF format so that the smart card 100 and the user terminal 200 can exchange information through NFC.

At this time, as a method of storing the plurality of tag information in the smart card 100 according to an embodiment of the present invention, an empty storage area (Sector) is searched in a memory (not shown) of the smart card 100, and the A plurality of storage areas are allocated for each type of tag information in the searched empty storage area, and the plurality of tag information is separated into the allocated plurality of storage areas and stored using MAD (Mifare Application Directory) and NDEF Message TLV. can Through this, the plurality of tag information is stored in a message or text format in the respective storage area (Record) in text format.

Meanwhile, referring to FIG. 3, NDEF is a binary format composed of messages that can include various tag information. The tag information is stored in each record 501. At this time, the tag information includes a header 502 and a payload. (Payload) 503. The header 502 includes indicators for various elements related to tag information. For example, the type of payload, which is the content of the tag information, and the length of the payload correspond to this. The payload 503 is tag information, and includes URL, MIME media, or NFC data described above. Through this, the present invention enables NFC data exchange between a smart card and a user terminal without being bound by the type of operating system (OS) of the user terminal.

Meanwhile, as an embodiment of the present invention, the applet 130 identifies the tag information types of the plurality of tag information, and stores the plurality of tag information for each identified tag information type in the plurality of storage areas. It is stored separately in each storage area.

That is, the type of tag information to be stored is assigned to each of the plurality of storage areas in advance. For example, the tag information includes first URL information related to installation of an application (or program) for generating a virtual security code and virtual security code. Second URL information on execution of an application (or program) for code generation and seed data used for virtual security code generation may be included.

In this case, the smart card 100 may store the first URL information, the second URL information, and the seed data in a corresponding storage area among the plurality of storage areas, respectively. Meanwhile, the plurality of storage areas may match not only the type of tag information but also information about the order in which each tag information is used in the user terminal 200 .

As an embodiment of the present invention, the applet 130 may search for a record in which data is not stored among a plurality of records and then store seed data in the corresponding record. More specifically, the applet 130 includes data capable of executing an application (or program) for generating a virtual security code within the user terminal 100 (eg, URL information for executing an application or program). 1 tag information may be stored in the first record area, and second tag information including seed data may be stored in the second record area.

Meanwhile, according to an embodiment of the present invention, corresponding tag information among the plurality of tag information is stored in the plurality of storage areas, and use order information of the user terminal 200 for the corresponding tag information is stored in combination with corresponding stored tag information. Each can be matched and stored.

In addition, the smart card 100 according to the present invention may be in the form of a combination card including a plurality of first IC chips 121 and second IC chips 122 . In this case, the first IC chip 121 may be an EMV chip of international credit card standards, and the second IC chip 122 may be a Mifare classic type NFC chip.

The first IC chip is used for payment through card insertion, and the second IC chip can be used for non-contact payment or data transmission to the user terminal 200 through an NFC antenna.

For example, the second IC chip may store seed data necessary for generating a virtual security code in the user terminal 200 . Hereinafter, a method in which the smart card 100 stores stored data such as seed data for generating a virtual security code to be transmitted through non-contact communication (NFC communication) will be described in detail.

In addition, as an embodiment of the present invention, storage data such as seed data for generating a virtual security code may be stored in the form of NDEF (NFC Data Exchange Format). The smart card may be configured according to the type of operating system (OS) of the user terminal (e.g., Google's Android, Apple's iOS, Symbian's Symbian platform, BlackBerry's BlackBerry OS, Microsoft's Windows Phone, Qualcomm's BREW, Samsung Electronics' Regardless of Tizen, Kai OS, etc.), it is necessary to utilize the NDEF standard format in order to transfer stored data to the user terminal through NFC.

As an embodiment of a method of storing data transmitted to the user terminal 200 of the present invention in the smart card 100, the applet 130 of the smart card 100 transfers the plurality of tag information to NDEF (NFC Data Exchange) Format), it can be separated and stored in each storage area of the meta applet in the first IC chip 121 of the EMV type. That is, a plurality of tag information may be stored in the first IC chip 121 of the EMV type in a standardized NDEF format so that information can be exchanged through the tags of the smart card 100 and the user terminal 200.

As another embodiment of a method of storing data transmitted to the user terminal 200 in the smart card 100 of the present invention, after checking the empty storage area (Sector) in the second IC chip 122, the identified While each of a plurality of tag information is stored in the empty storage area, the storage format may be set to the NDEF format using the MAD (Mifare Application Directory) storage area (Sector 0) and the NDEF Message TLV.

Through this, the plurality of tag information may be stored in a message or text format in the empty storage area in text format. For example, in Korea, seed data transmitted to a user terminal in NDEF format is stored in sectors where data is not stored other than sectors stored in credit or check cards for postpaid transportation cards, and transmitted to sector 0 It is possible to store explanatory information about the sector in which the data for use is stored.

In addition, as another embodiment of a method of storing data transmitted to the user terminal 200 of the present invention in the smart card 100, when the second IC chip is an NFC Type 4 Tag, the second IC chip is included. The second IC chip required for generating the virtual security code may store seed data and the like in the additional storage space being used.

For example, since the second IC chip, which is an NFC Type 4 Tag, has a memory that can utilize up to 32 Kbytes per service, the second IC chip necessary for generating a virtual security code can store seed data and the like in the corresponding storage space. For example, when the second IC chip 122 storing tag information in the NDEF format according to an embodiment of the present invention is ISO 14443 NXP Mifare "Classic", the Mifare classic type of the second IC chip 122 is It can be type 4, and in the case of type 4, it can have an object-oriented memory format that uses files rather than blocks for data storage.

Hereinafter, with reference to FIGS. 4 and 5, a process of storing NDEF format tag information in the Mifare classic type 4 second IC chip 122 will be described in detail.

4 is a diagram illustrating a type 4 tag NDEF structure.

5 is a diagram showing an example of a type 4 NDEF file for text RTD (Record Type Definition).

Referring to FIGS. 4 and 5 , in order to read tag information in NDEF format from type 4, a series of selection and reading must be performed to properly access tag information. First, you need to select the NDEF application, represented by an application ID of 0xD2760000850101. Second, the NDEF application must have a function container file with a file ID of 0xE103.

Here, to read the content of CC, first two bytes should be read first to determine the length of CC, then the rest of CC should be read, CC contains file ID information for NDEF data, all NDEF data from tag should be used to read the correct file id to read. The CC may also contain a TLV field for each stored NDEF message. At this time, since there may be several NDEF files in a single tag, information on each individual NDEF file must be stored in the CC.

Referring to FIG. 6 , the user terminal 200 includes a communication unit 210, a virtual security code generator 220, a detailed code generator 230, and a control unit 230.

Referring to FIG. 7 , first, the user terminal 200 receives and obtains seed data for generating a virtual security code from the smart card 100 through the communication unit 210 (S410).

Specifically, the communication unit 210 of the user terminal 200 receives seed data from the smart card 100, and as a wireless communication method, NFC (Near Field Communication), Bluetooth (Bluetooth), BLE (Bluetooth Low Energy), Beacon, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, and the like may be used.

Preferably, the communication unit 210 may receive seed data through NFC communication when the smart card 100 is tagged with the user terminal 200 .

Meanwhile, referring to FIG. 8 , as an embodiment of the present invention, step S410 includes identifying types of tag information stored in the plurality of storage areas (S411), and seed data for generating a virtual security code among the plurality of tag information. It includes a step (S412) of reading out.

In detail, the user terminal 200 identifies at least one tag information type related to the virtual security code from among the tag information types, and at least one tag information type corresponding to the identified tag information type among the plurality of storage areas. A storage area may be identified, and tag information stored in the identified storage area among the plurality of tag information may be read and obtained as the seed data.

More specifically, the control unit 240 of the user terminal 200 identifies the type of each tag information among the plurality of tag information received from the smart card 100 . As described above, the plurality of tag information in the NDEF format includes not only seed data but also various information related to installation and execution of programs for generating virtual security codes.

Accordingly, the control unit 240 reads the tag information of the seed data type necessary for generating the virtual security code after identifying the types of the plurality of tag information. To this end, payload type information stored in the header of tag information may be used.

Meanwhile, according to an embodiment of the present invention, the type of tag information may be set according to the type of financial transaction requested by the user terminal. At this time, in step S410, a financial transaction type requested by the user terminal may be identified, and tag information of a tag information type corresponding to the financial transaction type may be read.

That is, the type of tag information may be set according to the type of financial transaction performed by the user terminal 200 or requested to the server 300 . For example, if it is assumed that a transaction type requiring user authentication among financial transactions is a first type, seed data used for user authentication among a plurality of tag information is set to a tag information type corresponding to the first type.

The control unit 240 identifies the user's financial transaction type being performed in the virtual security code generation program, and then reads only tag information matched to the corresponding financial transaction type, thereby extracting appropriate tag information corresponding to each process. .

On the other hand, the control unit 240 can read seed data from the smart card 100 and use it to generate a virtual security code when the smart card 100 and the NFC tag are tagged for generation of the virtual security code according to the present invention. .

On the other hand, if the control unit 240 is tagged with the smart card 100 and the NFC communication method at a time other than the time of generating the virtual security code described above, the user's intention of NFC tagging with the smart card 100 Since it is the intention to use the application (or program) associated with the smart card 100 rather than the generation of the virtual security code, data related to the execution of the application (or program) associated with the smart card 100 is retrieved from the smart card 100. can be obtained

At this time, when a plurality of applications (or programs) associated with the smart card 100 are installed in the user terminal 200, the control unit 240 has the highest preset priority among the plurality of applications (or programs) ( or program) execution related data may be obtained from the smart card 100 . For example, the priority may include at least one of an application (or program) set as a default in the smart card 100 and a user's frequency of use.

In addition, the controller 240 may block the corresponding application (or program) from being automatically executed based on the obtained execution-related data even when execution-related data of the corresponding application (or program) is acquired from the smart card 100. Alternatively, in this case, the corresponding application (or program) may be executed and displayed on the screen only when authentication through the user's password is successful. At this time, the password is based on at least one of text information set by the user (a combination of at least one of Korean, English, numbers, special characters, and symbols) and biometric information (at least one of fingerprint, iris, and face) of the user. can be set by the user.

That is, there is no purpose of using the application (or program), but the smart card 100 is accidentally tagged with NFC, or the application (or program) from the smart card 100 receives execution-related data due to external factors such as hacking. Even if acquired, the actual user's intention to use is confirmed through an additional user authentication process, and the corresponding application (or program) is executed only when authentication is successful.

Meanwhile, referring to FIG. 7 , the user terminal 200 generates a virtual security code based on seed data and time data acquired from a smart card (S420).

Hereinafter, a specific method of generating a virtual security code, which is an embodiment of the present invention, will be described.

The detail code generator 230 serves to generate one or a plurality of detail codes. The detailed code refers to some codes constituting the virtual security code. The virtual security code may consist of only the detailed code, or by combining one or more detailed codes with the first virtual security code generated by the OTP function to obtain a final It can also be formed in the form of a virtual security code (OTAC).

The user terminal 200 includes a virtual security code generation function that generates a virtual security code, and the virtual security code generation function generates a virtual security code by combining a detailed code generation function that generates one or more detailed codes and the detailed codes. It includes a function for combining detailed codes to be generated (that is, a rule for combining a plurality of detailed codes).

That is, when the virtual security code includes a plurality of detailed codes, the virtual security code generating function generates a plurality of detailed codes using the plurality of detailed code generating functions, and uses the detailed code combining function to generate the plurality of detailed codes. are combined in a preset combination to generate a virtual security code.

As an embodiment, the detailed code generating unit 230 may generate the virtual security code by a detailed code generating function based on seed data obtained as the smart card 100 is tagged.

A plurality of detailed codes have a correlation used by the server 300 to search the storage space of user identification information.

That is, the server 300 has a search algorithm (storage space search algorithm), and the search algorithm extracts a plurality of detailed codes included in the virtual security code received from the user terminal 200, and the plurality of detailed codes. Based on the correlation of , the user identification information [UID (User identification)] assigned to the user is searched for storage space.

As an example of the correlation between the plurality of detailed codes, the search algorithm included in the server 300 determines the correlation between the plurality of detailed codes from a waypoint corresponding to one or more detailed codes among the plurality of detailed codes. It is possible to search the storage location of the user identification information by calculating based on the user identification information. At this time, the number of waypoints may be one or plural, and the number and order are not limited.

In addition, as an example of the plurality of detailed codes, the plurality of detailed codes may include first codes and second codes, and the detailed code generating unit 210 may generate the first and second functions as detailed code generating functions. Including, to generate the first code and the second code.

The first code and the second code have a correlation for searching the storage space of the user identification information (UID) in the server 300, but the user terminal 200 generates the first code to increase security. The second function for generating the first function and the second code may be included as the detailed code generating function, but data on correlation between the first code and the second code may not be included.

As a specific example of the correlation between the first code and the second code, the first code and the second code may play respective roles for searching for a user identification information (UID) storage space. That is, the first code may include information about the waypoint, and the second code may include information necessary for an operation capable of reaching a storage space of user identification information from the waypoint.

Meanwhile, according to an embodiment of the present invention, the first code may be generated based on the first count, and the second code may be generated based on the second count.

At this time, the first count is the number of unit counts that have elapsed from the first time the virtual security code generation function was driven in the server 300 to the time the virtual security code was generated, and the second count is the user's user identification information (UID) may include the number of unit counts elapsed from the time when is registered in the server 300 or the time when the user's smart card 100 is registered in the server 300 through the user terminal 200 after issuance.

That is, the first function generating the first code is a function providing a specific code value corresponding to the first count, and the second function generating the second code is a function providing a specific code value corresponding to the second count. am.

Through this, it is possible to prevent duplicate generation of the same virtual security code regardless of the generation time and user of the virtual security code.

For example, the first code is any one code value among codes matched for each count from the initial point in time at which the first function is driven in the server 300 [eg, the time point at which generation of a virtual security code is requested ( or count)], and the user terminal 200 generates a first code having a different code value each time a virtual security code is generated by the same user.

Also, even at the same time point, each user terminal 200 always has a different second count value, so the user terminal 200 always generates a different second code at the same time point for each user.

That is, the first code becomes a different code value for each count, and the second code has a different code value for each app card application installed in the user terminal 200 of each user at the same time, resulting in the first code and the second code. The virtual security code (OTAC) in which the two codes are combined is always output as a code value that is not the same or does not overlap regardless of the user and the timing of the virtual security code generation request.

In addition, as another embodiment, the virtual security code generating function may generate the first code or the second code of N digits with M characters, in which case the virtual security code generating function is different M ^N and a first function and a second function respectively providing a first code or a second code in which the number of codes are sequentially changed for each unit count.

That is, the first function or the second function is a function that generates M ^N codes so that they do not overlap as the count increases, and a specific one of the M ^N codes is used as the first code or the second code at the count corresponding to a specific point in time. generate Through this, the user terminal 200 does not repeatedly generate the same first code or second code within M ^N counts (ie, the time length corresponding to the MN counts), and generates a new detailed code (ie, first code) for each unit count. code or second code) to generate a new virtual security code (OTAC) for each unit count.

Specifically, the virtual security code generation function generates the first code or the second code of N digits with M characters, and when M ^N codes are used as the first code or the second code, the first code Alternatively, the second code is matched for each count from the initial point in time when the detailed code generation function is driven.

For example, when the unit count is set to 1 second, different M ^N codes are matched every second from the time when the detailed code generation function is first driven. In addition, the period of using a specific detailed code generation function or the period of use of a program or application for generating a virtual security code within the user terminal 200 is a length of time corresponding to M ^N counts (for example, when 1 count is 1 second , M ^N seconds), the first code or the second code is not repeatedly generated as the same code during the use period.

That is, when the count increases over time and the user generates a virtual security code at a specific point in time, the user terminal 200 converts the code value matched to the count corresponding to the specific point in time into the first code or the second code value. It can be created with code.

In addition, various methods may be applied as a method of generating one virtual security code (OTAC) by combining a plurality of detailed codes. As an example of the detailed code combining function, the detailed code combining function may generate a virtual security code by alternately arranging an N-digit first code and an N-digit second code. Also, as another example, the detailed code combining function may generate a virtual security code by combining the second code after the first code. As the number of detailed codes included in the virtual security code increases, the corresponding virtual security code can also be generated in various ways so as not to overlap.

The virtual security code generator 220 plays a role of generating a virtual security code by combining one or more detailed codes generated by the detailed code generator 230 .

Hereinafter, a method of verifying a virtual security code in the server 300 and authenticating a user based on the verified virtual security code will be described. 9 is a schematic flowchart of a method for verifying a virtual security code according to an embodiment of the present invention, and FIG. 10 is a schematic flowchart of a method for authenticating a user based on a virtual security code according to an embodiment of the present invention. am.

Referring to FIG. 9, as an embodiment of the present invention, the server 300 receives the virtual security code from the user terminal 200 (S440), and the time data at which the virtual security code is received and the virtual security code. and verifying the virtual security code by comparing time data of the security code (S450).

Specifically, it is verified whether the virtual security code transmitted from the server 300 through the user terminal 200 was normally generated. That is, after receiving the virtual security code, the server 300 normally generates the received virtual security code at the time of requesting a financial transaction based on the information stored in the server 300 (ie, the virtual security code generating function and seed data). It is checked whether the virtual security code is normal or not.

For example, the server 300 (for example, the financial company server) inputs a count within a specific range from the count of receiving the virtual security code to the virtual security code generation function (ie, OTP function), Checks whether there is a value that matches the security code. The server 300 applies an inverse function of the virtual security code generation function to the virtual security code to find a count corresponding to the time point when the virtual security code is generated. Due to the transmission time or delay of the virtual security code, there is a difference between the time when the virtual security code is generated in the user terminal 200 and the time when the server 300 receives the virtual security code. Since the count of receiving and the count of generating the OTP number corresponding to the virtual security code may not match, the server 300 allows an error range from the count of receiving the virtual security code.

On the other hand, as an embodiment of the present invention, the above-described card data-based virtual security code generation method includes the steps of the server 300 searching for a storage location of user identification information based on the virtual security code and extracting the user identification information ( S460) and performing user authentication based on the extracted user identification information (S470).

At this time, as described above, the virtual security code includes a plurality of detailed codes, and the plurality of detailed codes, according to the first code for setting the starting point of the search for the storage location of the user identification information and a specific search method, It may be composed of a second code for setting a search path from to the storage location of the user identification information.

On the other hand, as a specific example of the first code and the second code, the code value (first code value) corresponding to the first code is the first OTP code in the count corresponding to the current time point based on the virtual security code generation function driving time point. It may be a value obtained by adding a virtual security code value. The first code value serves as a waypoint in the actual code search process. A code value (second code value) corresponding to the second code may be a value obtained by subtracting a storage location value of user identification information (eg, UID) from the first code value. The second code value is a count from the waypoint (first code value) to the storage location value of the user identification information.

That is, an embodiment of the first code and the second code generated by the user terminal 200 is as follows.

1st code = current time count + OTP code (first virtual security code)

2nd code = 1st code - storage location value of actual code

As described above, the final virtual security code may be composed of the first virtual security code, the first code, and the second code generated by the OTP function. At this time, the first virtual security code is a code generated by the OTP function, and is a code generated differently every time. Therefore, since the detailed code is generated differently according to the generation time of the virtual security code, it is possible to prevent duplicative generation and has an effect of enhancing security.

As another specific example of the first code and the second code, the code value (first code value) corresponding to the first code is a value obtained by adding the user identification information (UID) to the OTP code value, and the code value corresponding to the second code (Second code value) may be an OTP code value. At this time, the value of the user identification information (UID) is given to the user or user terminal 200 at a specific time point (eg, product manufacturing time, user registration time, payment method registration time, etc.), and each user or user terminal It is a code value that can identify .

That is, another embodiment of the first code generated by the user terminal 200 is as follows. At this time, the virtual security code is generated based on the first virtual security code and the first code.

1st code = OTP code (first virtual security code) + UID

The method according to the present invention described above may be implemented as a program (or application) to be executed in combination with a hardware device and stored in a medium.

The aforementioned program is C, C++, JAVA, machine language, etc. It may include a code coded in a computer language of. These codes may include functional codes related to functions defining necessary functions for executing the methods, and include control codes related to execution procedures necessary for the processor of the computer to execute the functions according to a predetermined procedure. can do. In addition, these codes may further include memory reference related codes for which location (address address) of the computer's internal or external memory should be referenced for additional information or media required for the computer's processor to execute the functions. there is. In addition, when the processor of the computer needs to communicate with any other remote computer or server in order to execute the functions, the code uses the computer's communication module to determine how to communicate with any other remote computer or server. It may further include communication-related codes for whether to communicate, what kind of information or media to transmit/receive during communication, and the like.

The storage medium is not a medium that stores data for a short moment, such as a register, cache, or memory, but a medium that stores data semi-permanently and is readable by a device. Specifically, examples of the storage medium include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc., but are not limited thereto. That is, the program may be stored in various recording media on various servers accessible by the computer or various recording media on the user's computer. In addition, the medium may be distributed to computer systems connected through a network, and computer readable codes may be stored in a distributed manner.

Steps of a method or algorithm described in connection with an embodiment of the present invention may be implemented directly in hardware, implemented in a software module executed by hardware, or implemented by a combination thereof. A software module may include random access memory (RAM), read only memory (ROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, hard disk, removable disk, CD-ROM, or It may reside in any form of computer readable recording medium well known in the art to which the present invention pertains.

Although the embodiments of the present invention have been described with reference to the accompanying drawings, those skilled in the art to which the present invention pertains can be implemented in other specific forms without changing the technical spirit or essential features of the present invention. you will be able to understand Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive.

Claims (10)

A communication unit for performing NFC-based communication when tagging with a smart card; and
A controller that obtains seed data from the smart card through the communication unit, generates a virtual security code based on the seed data and time data, and transmits the virtual security code to a server to request user authentication,
The smart card includes a plurality of tag information,
The plurality of tag information includes URL information related to application execution and the seed data for generating the virtual security code.
Virtual security code generator based on card tagging. According to claim 1,
When the application corresponding to the URL information is tagged while not being executed, the control unit blocks execution of the application in response to a driving request of the application based on the URL information received from the smart card. ,
Virtual security code generator based on card tagging. According to claim 1,
When the tagging occurs at a time other than the time of generating the virtual security code, the control unit obtains execution-related data of an application associated with the smart card,
Virtual security code generator based on card tagging. According to claim 3,
When the linked applications are plural, the control unit obtains, from the smart card, execution-related data of an application having the highest priority set according to the frequency of use among the plurality of applications.
Virtual security code generator based on card tagging. According to claim 1,
The plurality of tag information is stored separately in a plurality of storage areas allocated to each type of tag information in the smart card.
Virtual security code generator based on card tagging. According to claim 5,
The control unit identifies a type of at least one piece of tag information related to the virtual security code, identifies at least one storage area corresponding to the identified type among the plurality of storage areas, and stores information stored in the identified storage area. Reading tag information and obtaining it as the seed data;
Virtual security code generator based on card tagging. According to claim 1,
The user authentication is performed through verification of the virtual security code,
The verification is performed by comparing the time data at which the server receives the virtual security code and the time data included in the virtual security code.
Virtual security code generator based on card tagging. According to claim 7,
The user authentication is performed using user identification information extracted based on the virtual security code.
Virtual security code generator based on card tagging. an IC chip containing a plurality of tag information; and
Including; a communication unit for performing communication with a user terminal during tagging;
The plurality of tag information includes URL information related to application execution and seed data for generating a virtual security code,
The seed data is provided to the user terminal during the tagging.
smart card device. According to claim 9,
If the application corresponding to the URL information is tagged while not being executed, execution of the application is blocked by the user terminal even if the user terminal requests to run the application based on the URL information through the communication unit. felled,
smart card device.

Images