KR101171235B1 - Method for Operating Certificate - Google Patents

Method for Operating Certificate Download PDF

Info

Publication number
KR101171235B1
KR101171235B1 KR1020050045327A KR20050045327A KR101171235B1 KR 101171235 B1 KR101171235 B1 KR 101171235B1 KR 1020050045327 A KR1020050045327 A KR 1020050045327A KR 20050045327 A KR20050045327 A KR 20050045327A KR 101171235 B1 KR101171235 B1 KR 101171235B1
Authority
KR
South Korea
Prior art keywords
customer
information
authentication
wireless terminal
server
Prior art date
Application number
KR1020050045327A
Other languages
Korean (ko)
Other versions
KR20060102458A (en
Inventor
김재형
윤종민
홍종철
Original Assignee
주식회사 비즈모델라인
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to KR20050024310 priority Critical
Priority to KR1020050024310 priority
Application filed by 주식회사 비즈모델라인 filed Critical 주식회사 비즈모델라인
Publication of KR20060102458A publication Critical patent/KR20060102458A/en
Application granted granted Critical
Publication of KR101171235B1 publication Critical patent/KR101171235B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation, credit approval, mortgages, home banking or on-line banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

The present invention relates to a customer authentication system in Internet banking that performs authentication of a customer who has accessed the Internet banking as a first terminal by using a second terminal (eg, a wireless terminal) of the customer.
The customer authentication system, when the customer is connected to the Internet banking through a predetermined terminal, receives the customer wireless terminal information from the customer, by using the received customer wireless terminal information, the predetermined customer authentication information to the customer wireless terminal And requesting authentication of the customer based on the request and predetermined authentication information transmitted from the customer wireless terminal.
In addition, the customer authentication system, when the customer is connected to the Internet banking through a predetermined terminal, the customer wireless terminal information associated with the customer information of the customer is read from a predetermined storage medium, and using the read customer wireless terminal information By requesting predetermined customer authentication information to the customer wireless terminal, the customer is authenticated based on the authentication information transmitted from the customer wireless terminal.
Accordingly, when internet banking, there is an advantage that it is possible to more safely and efficiently block the leakage of Internet banking information through phishing, pharming, keyboard hacking, or the like.
Customer, certification, banking

Description

Method for Operating Certificate

1 is a view showing a schematic configuration of a preferred customer authentication system according to the present invention.

2 is a view showing the configuration of a preferred storage medium according to the present invention.

3 is a simplified illustration of customer identifier information according to a preferred embodiment of the present invention.

Figure 4 is a simplified illustration of customer second terminal information according to a preferred embodiment of the present invention.

5 is a simplified illustration of customer authentication information according to a preferred embodiment of the present invention.

6 is a simple conceptual diagram of a customer authentication process according to a preferred embodiment of the present invention.

7 is a simple conceptual diagram of a customer authentication process including a relay server according to a preferred embodiment of the present invention.

8 is a simple conceptual diagram of a customer authentication process according to another preferred embodiment of the present invention.

9 is a simple conceptual diagram of a customer authentication process including a relay server according to another preferred embodiment of the present invention.

10 is a simplified block diagram of a customer authentication system according to a preferred embodiment of the present invention.

11 is a simple configuration diagram of a second customer terminal according to a preferred embodiment of the present invention.

12 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

13 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

14 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

15 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

<Description of main parts of drawing>

100: customer authentication system 105: information receiving means (1)

110: information reading means 115: customer authentication means

120: authentication information request means 125: information receiving means (2)

130: authentication result transmission means 135: information storage means

140: customer first terminal 145: customer second terminal

150: storage medium

The present invention relates to a method and system for authenticating a customer in Internet banking to more efficiently and efficiently perform authentication for a customer accessing Internet banking as a first terminal through customer authentication information stored in the second terminal of the customer. .

Internet banking handles certain banking tasks through the network of the Internet and the interface of a web browser. The Internet banking uses a network of the Internet and a popular interface of a web browser. With the advantage of being able to do banking with just a browser, recent Internet and financial trading infrastructures have steadily grown with the development.

Since certain financial transactions are made in such Internet banking, authentication of the user is, above all, considered very important.

In particular, in recent years, phishing is a phishing method that derives an individual's authentication number, credit card number, and account information through e-mails sent from websites such as financial institutions, and links, or domains of legally owned users. Keying information entered from a user's keyboard, etc., to steal personal information such as personal IDs, passwords, account information, etc. by hijacking or tricking a Domain Name System (DNS) name into a real site. For example, keyboard hacking for hacking personal IDs, passwords, account information, etc. has become a problem, and a more secure and efficient user authentication problem in Internet banking has become an important problem that cannot be overlooked.

An object of the present invention is derived to solve the above problems, when the customer is connected to the Internet banking through a predetermined terminal, receives the customer wireless terminal information from the customer, by using the received customer wireless terminal information The present invention provides a customer authentication method and system for requesting predetermined customer authentication information to the customer wireless terminal and performing authentication processing on the customer based on predetermined authentication information transmitted from the customer wireless terminal.

In addition, another object of the present invention, when the customer is connected to the Internet banking through a predetermined terminal, the customer wireless terminal information associated with the customer information of the customer is read from a predetermined storage medium, the read customer wireless terminal information The present invention provides a customer authentication method and system for requesting predetermined customer authentication information to the customer wireless terminal, and performing authentication processing on the customer based on the authentication information transmitted from the customer wireless terminal.

In order to achieve the above object, a method for authenticating a customer in Internet banking includes receiving customer wireless terminal information from a customer at a predetermined customer interface means when the client terminal accesses the Internet banking; An authentication information requesting step of requesting predetermined customer authentication information from the customer wireless terminal using the received customer wireless terminal information, and an information receiving step of receiving predetermined authentication information from the customer wireless terminal in a predetermined information receiving means; And a customer authentication step of authenticating the customer based on the received authentication information in a predetermined customer authentication means.

Herein, the authentication information provided from the customer wireless terminal may include predetermined authentication certificate information, official certificate password information, the customer ID information, password information, and the customer personal information provided in the customer wireless terminal. And the customer biometric information, the customer communication means information, payment means information included in the IC chip provided in the customer wireless terminal, payment means password information, and an IC chip included in the customer wireless terminal. Account information, password information corresponding to the customer account, account transfer password information corresponding to the customer account, information (or data) included in the IC chip included in the customer wireless terminal, and the customer wireless terminal. Preferably, the IC chip includes at least one IC chip unique information and predetermined authentication key data provided in the customer wireless terminal.

According to the present invention, the authentication information requesting step of requesting predetermined customer authentication information to the customer wireless terminal using the customer wireless terminal information, it is preferable to transmit a predetermined callback UEL for receiving authentication information. .

The information receiving step of receiving predetermined authentication information from the customer wireless terminal may include transmitting the received authentication information to a customer terminal accessing the internet banking, so that the authentication information is temporarily stored in the customer terminal. It may be made to include more.

In addition, the customer authentication method in the Internet banking proposed in the present invention, the step of reading the customer wireless terminal information linked to the customer information of the customer from a predetermined storage medium, when the customer terminal is connected to the Internet banking, An authentication information requesting step of requesting predetermined customer authentication information to the customer wireless terminal by using the read customer wireless terminal information in the authentication information requesting means of the predetermined information receiving means; It can also be achieved through an information receiving step of receiving information and a customer authentication step of authenticating the customer based on the received authentication information in a predetermined customer authentication means.

Here, the customer authentication method may be configured to further include an information storage step of linking and processing the customer wireless terminal information and the customer identifier information in a predetermined storage medium in a predetermined information storage means.

The method may further include receiving predetermined customer identifier information from the customer terminal.

On the other hand, the present invention is characterized in that the Internet banking, comprising a recording medium recording a predetermined program for executing at least one or more customer authentication methods described above.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. In addition, terms to be described below are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or custom. Therefore, the definition should be based on the contents throughout the present title.

It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. The configuration is omitted as much as possible, and a functional configuration that should be additionally provided for the present invention is mainly described. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

1 is a view showing a schematic configuration of a preferred customer authentication system 100 according to the present invention.

The customer authentication system 100 can be connected to the customer terminal 140 via the network 1 and can also communicate with the customer wireless terminal 145 via the network 2. Here, the network 1 and the network 2 may be networks having the same and / or different connection environments.

The network 1 may be selected depending on the customer terminal 140, and the customer terminal 140 includes at least one wired terminal including a computer, an information processor (or KIOSK), an ATM, a cash dispenser, and a payment terminal. A terminal (or device) including at least one, a home appliance equipped with a communication function such as a television, a refrigerator, a microwave oven, an audio, an exercise device equipped with a communication function, a wireless terminal such as a mobile phone, a PDA, a mobile Internet phone, and telematics And a wired telephone and at least one RFID terminal.

In particular, the network 1 may include a banking network when the customer terminal 140 is a terminal requesting a predetermined banking business process.

The network 2 may be selected depending on the customer wireless terminal 145, and the customer wireless terminal 145 may include at least one or more of a mobile phone, a PDA, a mobile Internet phone, and telematics.

In particular, the customer wireless terminal 145, in response to the customer authentication information 210 request that the customer authentication system 100 requests during the Internet banking of the customer, the customer authentication information (transmitted to the customer authentication system 100 ( Preferably 210).

Here, the customer authentication information 210 is preferably stored in the memory 1130 and / or the IC chip 1135 included in the customer wireless terminal 145.

In addition, the customer authentication information 210 includes ID (ID) information, password information, customer personal information, customer biometric information, customer communication means information, authorized certificate information, authorized certificate password information, and payment means. Information, payment means password information, customer account information, password information corresponding to the customer account, account transfer password information corresponding to the customer account, and the IC chip 1135 provided in the customer wireless terminal 145. Included information (or data), authorized certificate information included in the IC chip 1135 included in the customer wireless terminal 145, IC chip unique information provided in the customer wireless terminal 145, and the customer At least one predetermined authentication key data included in the wireless terminal 145 may be included.

The characteristic of the customer authentication system 100 is, when the customer terminal 140 is connected to the Internet banking, receiving the customer wireless terminal information 205 from the customer, using the received customer wireless terminal information 205, The client wireless terminal 145 requests the predetermined customer authentication information 210 and performs authentication processing on the customer based on the predetermined authentication information transmitted from the customer wireless terminal 145.

In addition, the customer authentication system reads the customer wireless terminal information 205 linked to the customer information of the customer from the predetermined storage medium 150 when the customer terminal 140 is connected to the Internet banking, and reads the read customer. Using the wireless terminal information 205, requesting predetermined customer authentication information to the customer wireless terminal 145, and performing the authentication process for the customer based on the authentication information transmitted from the customer wireless terminal 145. It features.

Preferably, the customer authentication system 100 may be provided with at least one or more functional means for performing authentication processing for the customer connected to the above-described Internet banking, wherein the function means, the customer authentication system ( 100 may be provided in a single server, or may be configured to be provided in a plurality of servers (or terminals).

In addition, the customer authentication system 100 is included in the Internet banking system (or banking network), or is characterized in that the interworking with the Internet banking system.

Referring to FIG. 1, in more detail, the customer authentication system 100, in connection with the Internet banking of the customer terminal, in order to perform the authentication process for the customer connected to the Internet banking, the customer information of the customer associated processing A predetermined customer to the customer wireless terminal 145 by using the information reading means 110 for reading the received customer wireless terminal information 205 from the predetermined storage medium 150 and the read customer wireless terminal information. Authentication information requesting means 120 for requesting authentication information, and when the customer wireless terminal 145 transmits the customer authentication information, the information receiving means 105 for receiving it and access to the Internet banking based on the customer authentication information It may be configured with a customer authentication means 115 for authenticating a customer.

In addition, the customer authentication system 100 further includes an information storage means 135 for linking and processing the customer wireless terminal information 205 and the customer identifier information 200 in a predetermined storage medium 150. Can be configured.

Preferably, the information receiving means (2) 125 and the information receiving means 105, the customer first terminal 140 to the customer authentication information 210 transmitted by the customer wireless terminal (second terminal). By transmitting to the Internet banking access terminal, the customer authentication information 210 may be temporarily stored in the customer first terminal 140.

Preferably, the information receiving means 105 may receive predetermined customer identifier information 200 from the customer when the customer is connected to the Internet banking.

Here, the customer identifier information 200 may be stored in the storage medium 150 in association with the wireless terminal information 205 of the customer, and the customer received from the customer when accessing the internet banking of the customer. The identifier information 200 may be required to read the customer wireless terminal information 205 stored in the storage medium 150.

Preferably, the customer authentication means 115, the customer authentication information 210 transmitted from the second customer terminal 145 is transmitted to the first customer terminal 140, the first customer terminal 140 If the customer authentication information 210 is temporarily stored in, using the customer authentication information 210 stored in the customer first terminal 140, it is possible to perform the authentication process for the customer connected to the Internet banking. .

Preferably, the authentication information requesting means 120, when requesting the predetermined customer authentication information 210 to the customer wireless terminal 145, characterized in that the transmission to attach a predetermined callback UEL for receiving authentication information. .

Preferably, the information receiving means (2) (125) to the information receiving means 105 may be located in a communication server or a server or relay server associated with the communication server, and transmitted from the customer wireless terminal 145 Characterized in that the authentication information 210 is transmitted to the customer authentication means 115.

On the other hand, the customer authentication system 100, the information receiving means (1) 105 for receiving customer wireless terminal information 205 from the customer when the Internet banking connection of the customer terminal, and the received customer wireless terminal information ( 205, the authentication information requesting means 120 for requesting predetermined customer authentication information 210 to the customer wireless terminal 145, and the customer wireless terminal 145 when the customer authentication information 210 is transmitted. It may be configured to include a customer authentication means 115 for authenticating the customer connected to the Internet banking based on the information receiving means (2) 125 and the customer authentication information 210 for receiving it.

Referring to FIG. 1, the customer authentication system 100 may be linked with a predetermined storage medium 150 for performing a predetermined authentication process for a customer connected to the Internet banking.

Here, the storage medium 150 may be provided in the form of a database or a database server in the customer authentication system 100, and / or may be connected to the customer authentication system 100 through a predetermined network.

In addition, the storage medium 150 may store a variety of information for the customer authentication system 100 to perform authentication processing for a customer connected to the Internet banking, wherein the storage medium 150 and the storage medium 150 are stored. Information stored in the medium 150 will be described in more detail with reference to FIGS. 2 to 5 below.

2 is a diagram showing the configuration of a preferred storage medium 150 according to the present invention.

Referring to FIG. 2, the storage medium 150 includes at least one customer information (eg, customer information 1, customer information 2,..., Customer information N). The information includes the identifier information 200 and the wireless terminal information 205 for the customer in order for the customer authentication system 100 shown in the above-described figure to smoothly perform the authentication process for the customer connected to the Internet banking. And customer authentication information 210 is preferably stored.

Here, at least one or more customer information stored in the storage medium 150, customer identifier information 200 associated with the customer information, wireless terminal (second terminal) information 205 and customer authentication information 210 Is previously stored before the authentication processing operation for the customer accessing the customer authentication system 100 is performed according to the present invention, and then the Internet banking access point of the customer and / or the customer authentication system 100 At the time of connection, it is preferable to refer to when performing the customer authentication process of the customer authentication system 100.

3 to 5 are exemplary views of customer identifier information 200, wireless terminal information 205, and customer authentication information 210 stored in association with the customer information in the storage medium 150. to be.

3 is a simplified illustration of customer identifier information 200 according to a preferred embodiment of the present invention.

 Referring to FIG. 3, the customer identifier information 200 may be input or selected by a customer who accesses internet banking through a predetermined terminal (for example, the customer terminal 140) through the customer terminal 140. As the predetermined customer identification information that can be transmitted to (100), it can be referred to the first authentication for the customer connected to the customer authentication system 100, and also from the storage medium 150 to the customer wireless terminal information ( Wireless terminal information 205 for extracting the information may be extracted.

Preferably, the customer identifier information 200 includes ID and / or authorized ID information, password information, and customer personal information (eg, social security number and insurance number). , Driver's license number, homepage information, etc., customer biometric information (eg fingerprint, iris, back of hand, vein, face, voice, etc.), customer communication means information (eg, customer phone number, mobile phone number, e-mail information, etc.) ), And may include at least one official certificate information.

4 is a simplified illustration of customer wireless terminal information 205 according to a preferred embodiment of the present invention.

Customer wireless terminal information 205 stored in the storage medium 150, the authentication process for the customer connected to the Internet banking in accordance with the present invention, the customer authentication system 100 is the customer wireless terminal ( Information referred to for requesting predetermined customer authentication information 210 stored in 145 may include a customer phone number, a mobile phone number, a mobile access terminal number, an e-mail, a subscriber identification number, a mobile IP, a unique IP, and the like. Can be.

For example, when the customer accesses the Internet banking, the customer authentication system 100 included in the Internet banking system or interworking with the Internet banking system may include a mobile phone number corresponding to the customer identifier information 200 provided from the customer. Extract a message, and transmit a message requesting the customer authentication information 210 to the mobile phone 145 with reference to the mobile phone number.

According to another preferred embodiment, when the customer wireless terminal information 205 is used as the customer identifier information 200 from the customer connected to the Internet banking, as shown in FIG. It does not need to exist in the storage medium 150.

5 is a simplified illustration of customer authentication information 210 in accordance with a preferred embodiment of the present invention.

Referring to FIG. 5, the illustrated customer authentication information 210 is information required for a customer accessing the internet banking, for example, in the process of performing secondary authentication, and in addition to the storage medium 150, It is preferably stored in the memory 1130 and / or the IC chip 1135 of the radio terminal 145.

According to a preferred embodiment, customer authentication information 210, ID (ID) information, password information, customer personal information, customer biometric information, customer communication means information, public certificate information, public certificate password information And payment means information, payment means password information, customer account information, password information corresponding to the customer account, account transfer password information corresponding to the customer account, and an IC chip provided in the customer wireless terminal 145. Information (or data) included in 1135, authorized certificate information included in the IC chip included in the customer wireless terminal 145, IC chip unique information provided in the customer wireless terminal 145, and At least one predetermined authentication key data included in the customer wireless terminal 145 may be included.

In addition, the customer authentication information 210 stored in the customer wireless terminal 145 is transmitted to the customer authentication system 100 according to the request of the customer authentication system 100, and stored in the customer authentication system 100. Authentication processing for the customer accessing the Internet banking may be performed by comparing the customer authentication information 210 previously stored in the medium 150 with the customer authentication information 210 transmitted from the wireless terminal 145. Make sure

6 is a simple conceptual diagram of a customer authentication process according to a preferred embodiment of the present invention.

Referring to FIG. 6, a customer authentication process for a customer accessing internet banking according to a preferred embodiment may include a customer authentication system 100 (or included in the internet banking system) (or included in the internet banking system). Server), the storage medium 150, the customer terminal 140 and the customer wireless terminal 145, and the customer through the customer terminal 140, the customer authentication system 100 (or server ), And provides customer identifier information 200 for authentication processing.

First, in order to perform the customer authentication process according to the present invention, the customer needs the customer identifier information 200 and the customer wireless terminal information 205 required for the customer authentication process to the customer authentication system 100 (or server). And, the customer authentication information 210 is registered (1), the customer authentication system 100 (or server) is the customer identifier information 200 provided by the customer to the storage medium 150, and customer wireless terminal information 205 and the customer authentication information 210 and the customer information are preferably stored in association with each other (2).

Thereafter, the customer provides the customer identifier information 200 to the customer authentication system 100 (or server) in the process of accessing the Internet banking system through a predetermined terminal (eg, the customer terminal 140). (3) The customer authentication system 100 extracts customer wireless terminal information 205 corresponding to customer identifier information 200 provided from the customer terminal 140 from the storage medium 150 (4).

In addition, the customer authentication system 100 (or the server) refers to the extracted customer wireless terminal information 205 and sends the customer authentication information 210 required for the customer authentication to the customer wireless terminal 145. Request (5). At this time, the customer inputs and / or extracts the customer authentication information 210 corresponding to the customer authentication request information received from the customer wireless terminal 145 from the customer wireless terminal 145 (6), and the input is performed. And / or transmit the extracted customer authentication information 210 to the customer authentication system 100 (or server) through the customer wireless terminal 145 (7).

Then, the customer authentication system 100 (or server) by comparing the customer authentication information 210 transmitted from the customer wireless terminal 145 and the customer authentication information 210 previously stored in the storage medium 150 by By performing the final authentication process for the customer (8), by transmitting a description of the final authentication process to the customer terminal 140, a predetermined for the customer connected through the customer terminal 140 Post-authentication operations (eg, login, content usage, payment, etc.) are initiated (9).

7 is a simple conceptual diagram of a customer authentication process including a relay server according to a preferred embodiment of the present invention.

Referring to FIG. 7, the illustrated customer authentication process includes a customer authentication system 100 (or a relay server or a carrier server), a storage medium 150, a server, a customer terminal 140, and a customer wireless terminal 145. For example, when the server is a banking server, the customer accesses the server using the customer terminal 140 for internet banking, and the customer authentication system 100 (or relay). Server or communication company server) is characterized in that for performing the authentication process for the customer connecting to the server.

Here, the server may be a banking server, a web server, a content providing server, etc. on the Internet to which the customer wants to connect, and the customer authentication system 100 acts as an authentication process for the customer accessing the server. Alternatively, the relay server may be a relay server (or a communication company server).

As shown in FIG. 6, in order to perform the illustrated customer authentication process, the customer needs the customer identifier information 200 required for the customer authentication process to the customer authentication system 100 (or a relay server or a communication company server), Registering customer wireless terminal information 205 and customer authentication information 210 (1), the customer authentication system 100 (or server or carrier server) is stored in the storage medium 150, the customer identifier provided by the customer It is preferable to store the information 200, the customer wireless terminal information 205, the customer authentication information 210, and the customer information in association with each other (2).

Thereafter, the customer provides the customer identifier information 200 to the server in the process of accessing the server (eg, a banking server, web server, content providing server, etc. on the Internet) for Internet banking (3), The server provides the customer identifier information 200 provided from the customer terminal 140 to the customer authentication system 100 (or a relay server or a communication company server) and requests authentication processing for the connected customer (4). ).

The customer authentication system 100 (or a relay server or a communication company server), in response to the authentication processing request of the server, stores the customer wireless terminal information 205 corresponding to the customer identifier information 200 provided from the server in the storage medium ( 150, the customer wireless terminal information 205 is referred to, and the customer wireless terminal 145 requests the customer authentication information 210 required for the customer authentication (6). .

When the customer authentication information 210 request message is transmitted from the customer authentication system 100 (or the relay server or the carrier server) to the customer wireless terminal 145, the customer is received by the customer wireless terminal 145. The customer authentication information 210 corresponding to the request information is input and / or extracted from the customer wireless terminal 145 (7), and the input and / or extracted customer authentication information 210 is transmitted to the customer wireless terminal 145. And transmits to the customer authentication system 100 (or relay server or carrier server) (8).

Then, the customer authentication system 100 (or relay server or carrier server) is the customer authentication information 210 transmitted from the customer wireless terminal 145, and the customer authentication information 210 previously stored in the storage medium 150 ) By performing a final authentication process for the customer (9), and transmits the details of the final authentication process to the server connected to the customer through the terminal 140 (10).

The server transmits the final authentication processing details provided by the customer authentication system 100 (or a relay server or a communication company server) to the customer terminal 140, so that a predetermined post-authentication work for the customer (eg, a financial transaction) is performed. , Login, content usage, payment, etc.) (11).

8 is a simple conceptual diagram of a customer authentication process according to another preferred embodiment of the present invention.

The customer authentication process for the customer accessing the Internet banking shown in FIG. 8 includes a customer authentication system 100 (or server) interworking with a predetermined internet banking system (or included in the internet banking system), and a storage medium. 150, and may be implemented through the customer terminal 140 and the customer wireless terminal 145, and the customer connects to the customer authentication system 100 (or the server) through the customer terminal 140 and authenticates the user. It is characterized by providing the customer wireless terminal information 205 for processing.

Preferably, in order to perform the authentication process for the customer accessing the Internet banking shown in FIG. 8, the customer needs the customer authentication information 210 required for the customer authentication process to the customer authentication system 100 (or server). (1), the customer authentication system 100 (or server) is preferably stored in the storage medium 150 in association with the customer information customer authentication information 210 provided by the customer (2) ).

Thereafter, the customer stores the customer authentication information 210 (eg, an accredited certificate) required for the customer authentication process in the process of accessing the Internet banking through a predetermined terminal (eg, the customer terminal 140). Provide the wireless terminal information 205 to the customer authentication system 100 (or server) (3), and the customer authentication system 100 (or server) provides the customer wireless terminal information (provided from the customer terminal 140); Referring to 205, the customer wireless terminal 145 requests the customer authentication information 210 required for the customer authentication (4).

At this time, the customer inputs and / or extracts customer authentication information 210 corresponding to customer authentication request information received from the customer wireless terminal 145 from the customer wireless terminal 145 (5), and inputs the data. And / or transmit the extracted customer authentication information 210 to the customer authentication system 100 (or server) through the customer wireless terminal 145 (6).

Then, the customer authentication system 100 (or server) by comparing the customer authentication information 210 transmitted from the customer wireless terminal 145 and the customer authentication information 210 previously stored in the storage medium 150 by By performing a final authentication process for the customer (7), by transmitting a description of the final authentication process to the customer terminal 140, a predetermined for the customer connected through the customer terminal 140 Post-authentication work (eg, financial transactions, login, content use, payment, etc.) is initiated (8).

9 is a simple conceptual diagram of a customer authentication process including a relay server according to another preferred embodiment of the present invention.

Referring to FIG. 9, the authentication process for a customer accessing the illustrated internet banking may include a customer authentication system 100 (or a relay server or a communication company) interworking with a predetermined internet banking system (or included in the internet banking system). Server), the storage medium 150, the server, the customer terminal 140 and the customer wireless terminal 145, the customer is connected to the server through the customer terminal 140, Customer authentication system 100 is characterized in that for performing the authentication process for the customer to access the server.

As shown in FIG. 7, the server may be a banking server, a web server, a content providing server, etc. on the Internet to which the customer wants to connect, and the customer authentication system 100 authenticates a customer who accesses the server. It may be a relay server (or a carrier server) that substitutes for and / or relays the processing.

For example, when the server is a banking server, the customer accesses the server using the customer terminal 140 for internet banking, and the customer authentication system 100 (or a relay server or a communication company server) is connected to the server. Characterized in that the authentication process for the customer to access the.

In order to perform the customer authentication process shown in FIG. 9, the customer registers customer authentication information 210 required for the customer authentication process in the customer authentication system 100 (or a relay server or a carrier server) (1). The customer authentication system 100 (or the server or the carrier server) preferably stores the customer authentication information 210 provided by the customer in association with the customer information in the storage medium 150 (2).

Thereafter, in the process of the customer accessing a predetermined server (for example, a web server on the Internet, a content providing server, etc.) using a predetermined terminal (for example, the customer terminal 140), the customer requests an authentication process. The customer wireless terminal information 205 stored in the customer authentication information 210 is stored (3), and the server provides the customer wireless terminal information 205 provided from the customer terminal 140 to the customer authentication system ( 100) (or a relay server or a communication company server) to request authentication processing for the connected customer (4).

The customer authentication system 100 (or a relay server or a communication company server) refers to the customer wireless terminal information 205 provided from the server according to the authentication processing request of the server, and sends the customer to the customer wireless terminal 145. Request customer authentication information 210 required for authentication (5).

Preferably, when the customer authentication information 210 request message from the customer authentication system 100 (or relay server or carrier server) is sent to the customer wireless terminal 145, the customer is sent to the customer wireless terminal 145. The customer authentication information 210 corresponding to the received customer authentication request information is input and / or extracted from the customer wireless terminal 145 (6), and the input and / or extracted customer authentication information 210 is received from the customer. The wireless terminal 145 transmits to the customer authentication system 100 (or a relay server or a communication company server) (7).

Then, the customer authentication system 100 (or relay server or carrier server) is the customer authentication information 210 transmitted from the customer wireless terminal 145, and the customer authentication information 210 previously stored in the storage medium 150 ) By performing a final authentication process for the customer (8), and transmits the details of the final authentication process to the server connected to the customer through the terminal 140 (9).

The server transmits the final authentication processing details provided by the customer authentication system 100 (or a relay server or a communication company server) to the customer terminal 140, so that a predetermined post-authentication work for the customer (eg, a financial transaction) is performed. , Login, use of content, payment, etc.) (10).

10 is a block diagram of a customer authentication system 100 according to a preferred embodiment of the present invention.

FIG. 10 includes at least one functional means provided in the customer authentication system 100 shown in FIG. 1 and includes a customer authentication server 1000 for requesting predetermined authentication information from the wireless terminal of the customer, and the Internet. Stores customer terminal 140 (eg, personal computer, etc.) accessing a banking server and customer authentication information 210 provided to the server 1000 in response to a request for customer authentication information 210 of the server 1000. It is an exemplary embodiment showing a customer wireless terminal 145 (for example, a wireless terminal).

Here, the server 1000, after receiving the authentication information transmitted by the customer wireless terminal directly or through the relay server, characterized in that for authenticating the customer based on the authentication information, in particular The server 1000 may include at least one of an internet banking server, a website server, a communication company server, a financial company server, a VAN company server, a PG company server, and a server on a network associated with the servers. It may be made of, or a combination of a plurality of servers (or terminals).

Here, when the customer authentication information 210 is encrypted and transmitted according to a predetermined encryption processing process, the server 1000 transmits the encrypted customer authentication information 210 to the customer wireless terminal 145. Decoding can be performed.

Preferably, when the server 1000 transmits predetermined customer authentication information request information to the customer wireless terminal 145, the server 1000 transmits predetermined access information for receiving customer authentication information 210 to the customer wireless terminal 145. ) Can be sent further.

For example, when the server 1000 transmits predetermined customer authentication information request information to the customer wireless terminal 145, the server 1000 attaches a predetermined callback URL for receiving customer authentication information 210 and transmits it. Can be.

According to another preferred embodiment, the illustrated customer authentication system 100 reads the customer terminal 140 connected to the Internet banking server and the customer wireless terminal information linked to the customer information of the customer from a predetermined storage medium. And receiving the server requesting predetermined authentication information from the customer wireless terminal information and the authentication information request information transmitted from the server using the read customer wireless terminal information, and corresponding to the authentication information request information. It may include a customer wireless terminal for transmitting information to the server or the relay server, the server, directly receiving the authentication information transmitted by the customer wireless terminal, or after receiving through the relay server, the authentication information The customer may be authenticated on the basis of.

In addition, according to another preferred embodiment, the customer authentication system 100 shown in the drawing, a customer terminal connected to the Internet banking server, a server for requesting predetermined authentication information to the wireless terminal of the customer and the authentication transmitted from the server And a customer wireless terminal for receiving the information request information and transmitting predetermined authentication information to the server or the relay server in response to the authentication information request information. The server or the relay server may include the customer wireless terminal. The authentication information transmitted by the terminal is transmitted to a customer terminal accessing the Internet banking server, so that the authentication information is temporarily stored in the customer terminal.

Further, according to another preferred method, the customer authentication system 100 shown in the drawing, reads the customer terminal connected to the Internet banking server, and the customer wireless terminal information associated with the customer information of the customer from a predetermined storage medium Receiving the server requesting predetermined authentication information to the customer wireless terminal and the authentication information request information transmitted from the server by using the read customer wireless terminal information, and corresponding to the authentication information request information. It characterized in that it comprises a customer wireless terminal for transmitting to the server or relay server, the server or relay server, by transmitting the authentication information transmitted by the customer wireless terminal to the customer terminal connected to the Internet banking server Characterized in that the authentication information is temporarily stored in the customer terminal.

In more detail, referring to FIG. 10, the server 1000 may include an interface unit 1005 for receiving customer wireless terminal information 205 from a customer when connecting to the Internet banking of the customer terminal, and the customer wireless terminal information ( 205, directly receiving or relaying the authentication information request unit 1015 requesting predetermined customer authentication information to the customer wireless terminal and the authentication information 210 transmitted from the customer wireless terminal 145. The receiver 1025 receiving through the server and the customer authentication unit 1015 for authenticating the customer based on the authentication information 210 received by the receiving unit 1025 may be provided.

In addition, according to another embodiment of the present invention, the server 1000, when the customer terminal 140 is connected to the Internet banking, the customer wireless terminal information 205 that is processed in connection with the customer information of the customer predetermined storage medium By using the reading unit 1010 to read from the 150 and the customer wireless terminal information 205 read by the reading unit 1010, predetermined customer authentication information 210 to the customer wireless terminal 145. Authentication information request unit (1015) requesting the, and the receiving unit 1025 and the receiving unit 1025 directly receiving the authentication information 210 transmitted from the customer wireless terminal 145, or through a relay server The customer authentication unit 1015 may be configured to authenticate the customer based on the received authentication information.

In addition, according to another exemplary embodiment of the present invention, the server 1000 may include an interface unit 1005 for receiving customer wireless terminal information 205 from a customer when the customer terminal 140 is connected to the Internet banking, and the customer. Using the wireless terminal information 205, the authentication information request unit 1015 for requesting predetermined customer authentication information 210 to the customer wireless terminal 145 and the authentication information transmitted by the customer wireless terminal 145 ( 210 directly or through a relay server, and transmits the received authentication information 210 to the customer terminal 140 to access the Internet banking, the authentication information 210 is the customer terminal ( And a receiving unit 1025 to be temporarily stored in the 140.

In addition, according to another embodiment of the present invention, the server 1000, when the customer terminal 140 is connected to the Internet banking, the customer wireless terminal information 205 processed in connection with the customer information of the customer predetermined storage medium By using the reading unit 1010 to read from the 150 and the customer wireless terminal information 205 read by the reading unit 1010, predetermined customer authentication information 210 to the customer wireless terminal 145. The authentication information request unit 1015 requesting and receiving the authentication information 210 transmitted by the customer wireless terminal 145 directly or through a relay server, and receives the received authentication information to the Internet banking. The receiver 1025 may be configured to be transmitted to the client terminal 140 to be connected, and the authentication information 210 may be temporarily stored in the client terminal.

Here, the authentication information, predetermined authentication certificate information provided in the customer wireless terminal, the official certificate password information, the customer ID (ID) information, password information, the customer personal information, the customer biometric information And the customer communication means information, payment means information included in the IC chip provided in the customer wireless terminal, payment means password information, account information contained in the IC chip provided in the customer wireless terminal, and the customer. Password information corresponding to the account, account transfer password information corresponding to the customer account, information (or data) included in the IC chip included in the customer wireless terminal, and IC chip specific information provided in the customer wireless terminal. And, it characterized in that it comprises a predetermined authentication key data provided in the customer wireless terminal.

In addition, the server 1000 shown in FIG. 10 is characterized in that it comprises a recording medium recording a computer-readable program for executing at least one or more functions included in the server 1000 described above.

11 is a simplified block diagram of a customer wireless terminal 145 according to a preferred embodiment of the present invention.

FIG. 11 is a simplified illustration of the functional configuration of the customer wireless terminal 145 having the customer authentication information 210 required for performing the authentication process for the customer when connecting to the Internet shown in FIG. The customer wireless terminal 145 shown in the figure includes a wireless terminal such as a mobile phone, a PDA, a portable Internet phone, telematics, a wired telephone, a wired terminal including a computer, an information processor (or KIOSK), an ATM, At least one terminal (or device) including at least one ATM, a payment terminal, a home appliance equipped with a communication function such as a television, a refrigerator, a microwave oven, an audio, an exercise device equipped with a communication function, and an RFID terminal. It is characterized by including the above.

In addition, the customer wireless terminal 145 may store predetermined customer authentication information 210 corresponding to the customer authentication information 210 request information transmitted from the server 1000.

Here, the customer authentication information 210 stored in the customer wireless terminal 145 includes ID information, password information, customer personal information, customer biometric information, customer communication means information, and certificate information. And, the authentication certificate password information, payment means information, payment means password information, customer account information, password information corresponding to the customer account, account transfer password information corresponding to the customer account, the customer wireless terminal (145) Information (or data) included in the IC chip included in the), authorized certificate information included in the IC chip included in the customer wireless terminal 145, and IC chip unique information provided in the customer wireless terminal 145. And at least one predetermined authentication key data provided in the customer wireless terminal 145.

In more detail, the customer wireless terminal 145 includes authentication information request information receiving means 1105, authentication information input means 1110, and / or authentication information extracting means 1115, and / or authentication information generating means ( 1120, the authentication information transmission means 1125, the memory 1130, and / or the IC chip 1135, and the controller 1100.

The authentication information request information receiving unit 1105 is an information transmitting unit 1020 of the server 1000 for authentication processing for a customer connected to the server through a predetermined terminal (eg, the customer terminal 140). Receive the customer authentication information request information sent through.

Here, the network between the customer wireless terminal 145 (authentication information request information receiving means) and the server 1000 (information transmitting unit) preferably corresponds to the customer wireless terminal 145. For example, when the customer wireless terminal 145 is a wireless terminal, the network between the customer wireless terminal 145 and the server is preferably a wireless network.

In addition, according to another embodiment, the message including the customer authentication information request information received from the server 1000 to the authentication information request information receiving means 1105 of the customer wireless terminal 145 is the customer wireless terminal 145 It is preferable to include a data communication standard that can be received in the data communication application provided in the WIPI (Wireless Internet Platform for Interoperability) platform that can be provided, and the customer wireless terminal that receives the message containing the customer authentication information request information ( 145 may transmit a message including customer authentication information corresponding to the customer authentication information request information to the server 1000 through the authentication information transmission means 1125 described below.

When the customer authentication information request information is received through the authentication information request information receiving unit, the authentication information input unit 1110 receives the customer authentication information 210 corresponding to the customer authentication information request information.

In this case, the authentication information input unit 1110 provided in the customer wireless terminal 145 includes a plurality of number keys, character keys, and / or at least one function key. Characterized in that it comprises at least one keyboard, keypad, mouse, RF reader, biometric information input device and the like.

For example, when the customer authentication information 210 is an ID and / or password including numbers, letters, symbols, etc., and / or a social security number, and / or a driver's license number, and / or an insurance number, etc. The customer authentication information 210 may be input through the authentication information input unit 1110.

The authentication information extracting means 1115 may include, for example, the customer authentication information 210 corresponding to the customer authentication information request information received through the authentication information request information receiving means 1105 in the customer wireless terminal 145. When the memory 1130 and / or the IC chip 1135 are stored, the customer authentication information 210 stored in the memory 1130 and / or the IC chip 1135 may be extracted.

Here, the customer authentication information 210 stored in the memory 1130 and / or the IC chip 1135 may include authorized certificate information, authorized certificate password information, payment method information, payment method password information, and a customer account. Information, password information corresponding to the customer account, account transfer password information corresponding to the customer account, information (or data) included in the IC chip 1135 included in the customer wireless terminal 145, and predetermined Authentication key data may be included.

The authentication information generating unit 1120 may include the memory 1130 of the wireless terminal 145 through the customer authentication information 210 and / or the authentication information extracting unit 1115 input through the authentication information input unit 1110. And / or the customer authentication information 210 extracted from the IC chip 1135, for example, when an encryption process for the customer authentication information 210 is required, the input and / or extracted customer authentication information 210 is performed. ) May be encrypted by a predetermined encryption process to generate predetermined customer authentication information 210 to be transmitted to the server 1000.

Authentication information transmission means 1125, the customer authentication information input / extracted / generated through the authentication information input means 1110, and / or authentication information extraction means 1115, and / or authentication information generating means 1120 Characterized in that (210) is transmitted to the server 1000.

In this case, the authentication information transmitting means 1125 includes predetermined access means information (eg, a callback URL) for connecting to the server 1000 in the authentication information request information transmitted from the server 1000. If there is, the customer authentication information 210 may be transmitted with reference to the access means information included in the authentication information request information.

According to a preferred embodiment of the present invention, a mobile communication network is connected between the server 1000 and the customer wireless terminal 145, whereby the authentication information transmitting means 1125 transmits to the server 1000. The message including the customer authentication information may be transmitted to the server 1000 through a mobile communication network according to at least one standard among wireless messages including SMS and / or EMS and / or MMS.

The memory 1130 is input / output when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the customer wireless terminal 145 is performed. Information or data) and at least one storage means including hardware electrically Erasable and Programmable Read Only Memory (EEPROM) and / or Flash Memory (FM) and / or Hard Disk Drive (HDD). Characterized in that.

In particular, the memory 1130 may store at least one or more pieces of customer authentication information 210 for authenticating a customer connected to a predetermined server 1000 according to the present invention, and from the server 1000, a customer wireless terminal. When the customer authentication information request information is received at 145, the client authentication information 210 corresponding to the customer authentication information request information is provided according to a command of the controller 1100 provided in the customer wireless terminal 145. It is characterized by.

The IC chip 1135 may be mounted or detached from the customer wireless terminal 145. Preferably, the IC chip 1135 may refer to an IC chip standard and an EMV standard including ISO / IEC 7816 and / or ISO / IEC 14443. It is an IC chip.

Although the IC chip 1135 is not shown in detail in FIG. 11, the IC chip 1135 may include a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), I / O interfaces that communicate with card terminal devices through contact points such as programming power supplies (VPP), and / or input / output (I / O), central processing units (CPUs), micro process units (MPUs), and / or coprocessors. A processor unit including at least one computing element including a coprocessor, a read only memory (ROM), a random access memory (RAM), an electrically erasable and programmable read only memory (EEPROM), a flash memory (FM), and the like. It is preferable that the memory unit comprises at least one or more memory elements.

In addition, at least one of the memory devices of the IC chip 1135 is provided with a Chip Operating System (COS) for managing and operating internal resources of the chip, and at least one of the remaining memory devices includes an IC chip. At least one IC chip storage information for providing a used service is preferably provided.

The IC chip storage information stored in the memory unit of the IC chip 1135 may include a data storage unit for storing a data set corresponding to data or information read and used by the control unit 1100, and / or the control unit. A data processing unit for storing and driving a program module (eg, JAVA Applet) or the like that can be used by 1100 may be provided. In particular, the IC chip storage information may be provided according to the present invention. At least one customer authentication information 210 corresponding to the customer authentication information request information transmitted from the server may be stored.

In order to control and manage the overall operation of the customer wireless terminal 145, the control unit 1100, the customer wireless terminal 145 is an operating system routine, system management routine from the memory unit in the process of the predetermined power input and booting , And / or system variables are loaded into the execution memory and processed by the processor to operate each functional means in the customer wireless terminal 145.

Preferably, the control unit 1100, the authentication information request information receiving means 1105, authentication information input means 1110, and / or authentication information extraction means 1115 provided in the customer wireless terminal 145, And / or control and manage the authentication information generating means 1120, the authentication information transmitting means 1125, the memory 1130, and / or the IC chip 1135.

In addition, the controller 1100 may include a processor including a CPU / MPU and an execution memory to control at least one or more functional means included in the customer wireless terminal 145, and may also include a predetermined memory. A predetermined program routine for providing functions specific to the customer wireless terminal 145 from the device and / or a bus for inputting / outputting program data, and a predetermined electronic circuit (or integrated circuit) provided therefor. It can be done by.

According to a preferred embodiment of the present invention, when the customer wireless terminal 145 is the wireless terminal connected to a mobile communication network, the customer wireless terminal 145 is equipped with a WIPI (Wireless Internet Platform for Interoperability) platform. Preferably, depending on the implementation method, the BREW platform of Qualcomm of the United States or the Wireless Internet Terminal Open Platform (WITOP) may be installed, and in some cases, a wireless platform before WIPI (eg, GVM / SK-VM, etc.) Reveal that you can.

Here, when the wireless Internet platform for interoperability (WIPI) platform is mounted on the customer wireless terminal, the authentication information request information receiving means 1105, authentication information input means 1110, and And / or the authentication information extracting means 1115, and / or the authentication information generating means 1120, the authentication information transmitting means 1125, the memory 1130, and / or the IC chip 1135, for example, on a WIPI platform. It is desirable to operate.

12 to 14 described below are customer authentication information 210 required for authentication processing for a customer connected to a server through a terminal 140 (a personal computer, etc.) according to the present invention. An embodiment of performing authentication processing on a customer connected to the server 1000 by using chip information stored in the IC chip 1135 included in the terminal 145 (wireless terminal).

12 is a simplified flowchart of a customer authentication process according to a preferred embodiment of the present invention.

12 shows that a customer accesses the Internet banking server 1000 using a personal computer (PC, etc.) as the customer terminal 140, and transmits the ID / PW of the customer as the customer identifier information 200 to the server 1000. When the server 1000 extracts the customer wireless terminal 145 (in this embodiment, the wireless terminal) information associated with the ID / PW of the customer, the customer authentication information ( 210 is a simple embodiment of the process for requesting.

In addition, the embodiment described with reference to FIG. 12 reveals that the server 1000 performing the customer authentication process and the server 1000 processing the Internet banking of the customer are the same according to the present invention.

Referring to Fig. 12, the illustrated embodiment shows customer information and / or customer identifier information 200 (ID / PW) and / or wireless terminal 145 (wireless terminal) information and / or in a server according to the present invention. In operation 1200, customer authentication information (chip information) may be stored in a predetermined storage medium 150.

When a customer connects to the server 1000 on the Internet via a personal computer (1205), the server 1000 initiates an authentication process for the connected customer in accordance with the present invention (1210). When the authentication process for the connected customer is started, the server 1000 requests input of customer identifier information 200 from the connected customer (1215), and the customer uses a keyboard or the like provided in the personal computer. The registered ID / PW is input as the identifier information 200 and transmitted to the server in operation 1220.

When the ID / PW is received from the customer computer, the server 1000 interworks with the storage medium 150 to correspond to the customer identifier information 200 (ID / PW) received from the customer computer. (145) (Wireless terminal) information is extracted from the storage medium 150 (1225).

At this time, if the customer wireless terminal 145 (wireless terminal) information corresponding to the customer identifier information 200 (ID / PW) received from the customer computer does not exist in the storage medium 150 (1230), The server 1000 determines that the customer authentication process according to the present invention cannot be continuously performed, and transmits a customer authentication processing impossible message to the customer computer (1235).

Here, if the customer has not registered customer identifier information 200, customer wireless terminal information 205 and customer authentication information 210 required to perform the customer authentication process according to the present invention, the server ( 1000 may request the customer to perform a predetermined information registration process of registering the information for performing the customer authentication process according to the present invention (1240).

However, if the customer refuses to perform the information registration process, the customer authentication process shown is terminated (1245).

Meanwhile, when the customer wireless terminal 145 (wireless terminal) information corresponding to the customer identifier information 200 (ID / PW) received from the customer computer is present in the storage medium 150 and extracted (1250), The server 1000 transmits the customer authentication information 210 request message to the customer wireless terminal with reference to the extracted wireless terminal information 205 (wireless terminal number) (1255). At this time, the customer authentication information The request message may include a callback URL for more easily performing the process of accessing the server to the wireless terminal.

According to another exemplary embodiment, a message including customer authentication information request information transmitted from the server 1000 to the customer wireless terminal 145 may be provided in the customer wireless terminal 145. Interoperability) may include a data communication standard that can be received in a data communication application provided in the platform.

In addition, according to another preferred method, when the customer wireless terminal information is used as the customer identifier information 200 received from the customer computer, the above-described wireless terminal information extraction process (1220 ~ 1250) may be omitted. have.

13 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

FIG. 13 shows a customer wireless terminal 145 corresponding to the customer identifier information 200 (ID / PW) input from the customer terminal 140 (a personal computer (PC, etc.)) through the embodiment shown in FIG. (In this embodiment, the wireless terminal) information extracted from the storage medium 150, the customer authentication information request message requesting the predetermined customer authentication information 210 to the customer wireless terminal 145 (wireless terminal) After the transmission, it is a simple embodiment for the process of extracting the customer authentication information 210 corresponding to the customer authentication information request message from the customer wireless terminal to transmit to the server 1000.

In particular, FIG. 13 is customer authentication information 210 corresponding to a customer authentication request message transmitted from the server 1000 to the customer wireless terminal 145, and stored in the IC chip 1135 provided in the wireless terminal 145. It is characterized by using the chip information.

Referring to FIG. 13, it may be started from the process of receiving the customer authentication information 210 request message from the server 1000 in the customer wireless terminal 145 (wireless terminal) (1300).

When the customer wireless terminal 145 receives the customer authentication information 210 request message from the server 1000, the customer accesses the IC chip 1135 in which the customer authentication information 210 corresponding to the customer authentication request message is stored. PIN information is input through a keypad or the like provided in the wireless terminal 145 (1305).

Here, the customer authentication information request message transmitted from the server 1000 includes a data communication standard that can be received by an application for data communication included in a wireless internet platform for interoperability (WIPI) platform provided to the customer wireless terminal 145. In this case, in response to the received customer authentication information request message, the authentication information request information receiving means 1105 and authentication information input means 1110 on the Wireless Internet Platform for Interoperability (WIPI) platform. And / or authentication information extracting means 1115, and / or authentication information generating means 1120, authentication information transmitting means 1125, memory 1130, and / or IC chip 1135, etc. Can be performed.

When the PIN information is input, the IC chip 1135 included in the wireless terminal 145 compares the PIN information input through the keypad and the like with the PIN information previously stored in the IC chip 1135, and inputs the PIN information. Validation of the PIN information is performed. Here, when the input PIN information and the PIN information stored in the IC chip do not match (1310), output means (for example, screen output) provided in the wireless terminal 145. Means, a voice output means, etc.) may output a PIN input failure message or output a warning sound (1315).

Preferably, the PIN information input may be repeatedly performed within a limited number of times. When the PIN information is re-entered (1320), the above-described PIN authentication procedure is performed again, and when there is no re-entry of the PIN information, The customer authentication process shown in 13 is terminated (1325).

Meanwhile, as a result of comparing the PIN information input through the keypad and the PIN information previously stored in the IC chip 1135, if the authentication of the input PIN information is successfully performed (1330), the wireless terminal The electronic device 145 may output at least one or more pieces of customer authentication information 210 stored in the IC chip 1135 (1335).

Here, the customer authentication information 210 stored in the IC chip 1135 corresponds to the authentication certificate information, the authentication certificate password information, the payment method information, the payment method password information, the customer account information, and the customer account. Password information, account transfer password information corresponding to the customer account, information (or data) included in the IC chip 1135 included in the customer wireless terminal 145, and predetermined authentication key data. have.

When a plurality of customer authentication information 210 is stored in the IC chip 1135, a customer may request a customer authentication information request message received from the server 1000 among the at least one customer authentication information 210 output. Correspondingly, the customer authentication information 210 to be transmitted may be selected (1340).

As described above, when the customer authentication information 210 corresponding to the customer authentication information request message is selected, the wireless terminal 145 is connected to the server included in the customer authentication information request message received from the server 1000. Information (eg, a callback URL, etc.) is checked (1345), and the selected customer authentication information 210 is transmitted with reference to the checked server access information (1350). In operation 1355, the wireless terminal 145 outputs the customer authentication information 210 through the screen output means and the like.

14 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

FIG. 14 shows, through the embodiment shown in FIG. 13, the customer authentication information 210 stored in the customer wireless terminal 145 from the customer wireless terminal 145 (in this embodiment, the wireless terminal). After transmitting to the server 1000, a simple embodiment of the process of performing the authentication process for the customer using the customer authentication information 210 transmitted from the customer wireless terminal 145.

14 may be initiated by receiving a customer authentication request response message including customer authentication information 210 (eg, chip information, etc.) from a customer wireless terminal 145 (wireless terminal) at a server (1400).

According to the embodiment of FIG. 13, when a customer authentication request response message including customer authentication information 210 (eg, chip information) is received from the customer wireless terminal 145 (wireless terminal), the server 1000 ) Confirms customer authentication information 210 (eg, chip information, etc.) included in the received customer authentication request response message (1405).

In addition, the server 1000 reads the customer authentication information 210 stored in association with the customer information from the storage medium 150 (1410), and the customer authentication information 210 read from the storage medium 150; In operation 1415, the client authentication information 210 may be compared to determine whether the client authentication information 210 matches.

If the customer authentication information 210 read from the storage medium 150 and the customer authentication information 210 identified from the customer authentication request response message do not coincide (1420), the server 1000 is connected to the customer terminal. 140 and / or the wireless terminal 145 may transmit a customer authentication information 210 mismatch message (1425).

On the other hand, if the customer authentication information 210 read from the storage medium 150 and the customer authentication information 210 identified from the customer authentication request response message match (1430), the server 1000 is connected to the terminal ( After confirming that the authentication process for the customer connected to the server 140 has been successfully performed, the customer authentication process details are transmitted to the customer terminal 140 and / or the wireless terminal 145 (1435).

Preferably, if the customer authentication process is successfully performed through the server 1000, the server 1000 may grant the customer permission to access and / or use the content (1440).

15 is a simple flowchart of a customer authentication process according to a preferred embodiment of the present invention.

15 illustrates a series of transactions requested through the customer terminal 140 when the customer uses the customer terminal 140 as an ATM, a cash machine or a payment terminal with reference to the customer authentication system 100 of FIG. 10 described above. (E.g., a financial transaction), the server 1000 receives customer authentication information 210 for the transaction requesting customer in cooperation with the customer's wireless terminal 145 (e.g., wireless terminal), This is a simple embodiment of a process of allowing a predetermined transaction requested through the client terminal 140 by performing an authentication process.

According to FIG. 15, the server 1000 may be a financial server or a VAN company server interworking with the ATM, ATM or payment terminal.

In addition, before describing the embodiment shown in this figure, as described above in Figure 12, the customer information and / or customer identifier information 200 (e.g. card / account number) in the server 1000 according to the present invention; , Card / account password, etc.) and / or wireless terminal 145 (wireless terminal) information and / or customer authentication information stored in the predetermined storage medium 150 has been preceded.

Referring to FIG. 15, the embodiment may start from a process in which a customer makes a predetermined financial transaction request through an ATM or a cash dispenser (CAD) or a payment terminal (1500). A customer may enter customer identifier information 200 through the ATM or CD or payment terminal (1505), where the customer identifier information 200 is a customer card or account number, and / or a card or account password. And the like will be preferred.

In addition, the process of inputting or transferring the customer identifier information 200 to the ATM or a cash dispenser (CAD) or a payment terminal may include using a contact and / or a contactless interface. At least one of an internet interface, an infrared ray interface, an RF (radio frequency) interface, a bluetooth (bluetooth) interface, a wireless LAN interface, a wifi interface, a zigbee interface, a UWB interface, and the like A short range communication interface may be possible.

When the customer identifier information 200 is input from an ATM or a CD or a payment terminal, the ATM or CD or payment terminal generates a full text of a financial transaction request including the customer identifier information 200 through a network (VAN, etc.). The server 1000 transmits to the server 1000 (eg, a financial server or a VAN server) (1510).

Then, the server 1000 checks the customer identifier information 200 included in the financial transaction request message received from the ATM or CD or payment terminal (1515), and corresponds to the confirmed customer identifier information 200. The customer wireless terminal (wireless terminal) information 205 is extracted from the storage medium 150 (1520), and the customer wireless terminal information 205 extracted from the storage medium 150, the customer wireless terminal 145 The customer authentication information 210 request message is transmitted (1525).

The customer wireless terminal 145 (wireless terminal) receives the customer authentication information 210 request message from the server 1000, and the memory 1130 provided in the customer wireless terminal 145 (wireless terminal) or The customer authentication information 210 mounted on the IC chip 1135 is extracted (1530), and a customer authentication information response message including the extracted customer authentication information 210 is generated and transmitted to the server (1535).

Here, the process of extracting the customer authentication information 210 may be referred to FIG. 13, which will be omitted.

The server 1000 checks the customer authentication information 210 from the customer authentication request response message received from the customer wireless terminal 145 (wireless terminal), and stores the corresponding customer authentication information 210 in the storage medium 150. Extract from 1540. The server 1000 compares the customer authentication information 210 extracted from the storage medium 150 with the customer authentication information 210 identified from the customer authentication request response message to match the customer authentication information 210. It is determined whether or not (1545).

Here, if the customer authentication information 210 extracted from the storage medium 150 and the customer authentication information 210 identified from the customer authentication request response message do not match (1550), the server 1000 may contact the customer. Determining that the authentication process has failed, the financial transaction request response including the customer authentication information 210 mismatch message and / or customer authentication information 210 mismatch history to the customer terminal 140 and / or the wireless terminal 145. The full text may be transmitted (1555).

On the other hand, if the customer authentication information 210 extracted from the storage medium 150 and the customer authentication information 210 identified from the customer authentication request response message match (1560), the server 1000 is connected to the customer. Recognizing that the authentication for the authentication has been successfully performed, and by sending a full financial transaction request response message containing the customer authentication processing details to the customer terminal 140 (1565), successful customer financial transactions through the ATM or CD or payment terminal (1570).

According to the present invention, by authenticating the customer connected to the Internet banking through the customer authentication information stored in the wireless terminal of the customer, through existing phishing, pharming, keyboard hacking, etc. There is an advantage that it can prevent the leakage of personal information more securely and efficiently.

In addition, when the customer wireless terminal in which the customer authentication information is stored according to the present invention is a wireless terminal, the communication operator has an advantage of generating additional revenue according to the operation of the communication network.

In addition, when the present invention attracts the telecommunications carrier, there is an advantage that new revenue can be generated by performing authentication processing for a plurality of sites (or institutions).

In addition, when the present invention is applied to financial transactions, financial institutions can attract more financial transaction customers and enhance the corporate image by allowing customers to perform secure financial transactions.

Claims (43)

  1. In the certificate management method executed by the server communicating with the terminal of the customer,
    Mapping the information about the customer and the certificate of the customer to a storage medium;
    Requesting an encryption process through a certificate of the customer stored in the storage medium from a terminal used by the customer;
    Performing the requested encryption process through a certificate of a customer stored in the storage medium; And
    And providing the performed result of the encryption processing to the terminal.
  2. In the certificate management method executed by the server communicating with the terminal of the customer,
    Mapping the information about the customer and the certificate of the customer to a storage medium;
    Requesting an encryption process through a certificate of the customer stored in the storage medium from a terminal used by the customer; And
    Verifying a certificate to perform the requested encryption process through the storage medium and providing the certificate to the terminal.
  3. delete
  4. The method according to claim 1 or 2,
    And receiving information about the customer and the certificate of the customer from the customer terminal provided with the certificate of the customer.
  5. delete
  6. The method according to claim 1 or 2,
    Receiving information about the customer from the terminal; And
    And confirming the certificate as a result of authenticating the information about the received customer through the information on the stored customer.
  7. delete
  8. delete
  9. delete
  10. delete
  11. delete
  12. delete
  13. delete
  14. delete
  15. delete
  16. delete
  17. delete
  18. delete
  19. delete
  20. delete
  21. delete
  22. delete
  23. delete
  24. delete
  25. delete
  26. delete
  27. delete
  28. delete
  29. delete
  30. delete
  31. delete
  32. delete
  33. delete
  34. delete
  35. delete
  36. delete
  37. delete
  38. delete
  39. delete
  40. delete
  41. delete
  42. delete
  43. delete
KR1020050045327A 2005-03-23 2005-05-28 Method for Operating Certificate KR101171235B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR20050024310 2005-03-23
KR1020050024310 2005-03-23

Publications (2)

Publication Number Publication Date
KR20060102458A KR20060102458A (en) 2006-09-27
KR101171235B1 true KR101171235B1 (en) 2012-08-07

Family

ID=37633291

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020050045327A KR101171235B1 (en) 2005-03-23 2005-05-28 Method for Operating Certificate

Country Status (1)

Country Link
KR (1) KR101171235B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100785894B1 (en) * 2006-09-28 2007-12-17 사단법인 금융결제원 Electronic signature processing system using mobile telecommunication terminal and the method thereof
KR100824743B1 (en) * 2007-12-12 2008-04-23 조인숙 Method for user authentication using mobile phone and system therefor
KR100900812B1 (en) * 2008-02-19 2009-06-04 (주)애니아이디 System and method for user authentication to prevent phishing

Also Published As

Publication number Publication date
KR20060102458A (en) 2006-09-27

Similar Documents

Publication Publication Date Title
US10049360B2 (en) Secure communication of payment information to merchants using a verification token
US20200294026A1 (en) Trusted remote attestation agent (traa)
US10120993B2 (en) Secure identity binding (SIB)
US10142324B2 (en) Method for reading attributes from an ID token
US10142114B2 (en) ID system and program, and ID method
EP2885904B1 (en) User-convenient authentication method and apparatus using a mobile authentication application
US9813236B2 (en) Multi-factor authentication using a smartcard
US8739266B2 (en) Universal authentication token
EP2541978B1 (en) NFC enabled devices to store and retrieve portable application-specific personal information for use with computational platforms
US8827154B2 (en) Verification of portable consumer devices
US9300665B2 (en) Credential authentication methods and systems
JP5529775B2 (en) Network authentication method and network authentication device for executing the network authentication method
US8683562B2 (en) Secure authentication using one-time passwords
US8650614B2 (en) Interactive phishing detection (IPD)
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
KR101111381B1 (en) User identification system, apparatus, smart card and method for ubiquitous identity management
US7690029B2 (en) Remote administration of smart cards for secure access systems
TW405105B (en) Terminal and system for performing secure electronic transactions
US6732278B2 (en) Apparatus and method for authenticating access to a network resource
CN100362786C (en) Method and apparatus for executing secure data transfer in wireless network
RU2523304C2 (en) Trusted integrity manager (tim)
US7780080B2 (en) Portable device and methods for performing secure transactions
TW518489B (en) Data processing system for application to access by accreditation
US8751801B2 (en) System and method for authenticating users using two or more factors
CN102483779B (en) Method for reading attributes from an id token and the computer system

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20160802

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20180801

Year of fee payment: 7