KR101354887B1 - The system which supports a authentication process of a user who using a non-facing service - Google Patents

Abstract

The present invention relates to a system which supports the authentication process of a user who uses a non-facing service (NFS). According to the embodiment of the present invention, the system which supports the authentication process of a user who uses a non-facing service (NFS) includes a BCS acquisition module acquiring a base clue information for certificating a person (BCI); and an NFS user process module for certificating a person. [Reference numerals] (1) NFS providing system; (10) Wire/wireless online network; (101) Authentication support control module; (102) Interface module; (103) Operation information storage module; (104) Credit information storage module; (105) BCI acquisition module; (106) Authentication required space selection module; (107) Media unique number obtaining module for authentication; (108) NFS user authentication process module; (113) External attribution an authentication key process module; (2) NFS user information process device; (3) FTM issuing operation server

Description

The system which supports a authentication process of a user who using a non-facing service}

The present invention relates to a personal authentication support system that supports a user authentication procedure for a user using a non-facing service (NFS: hereinafter referred to as "NFS"), more specifically for the implementation of NFS Due to its discernment and elasticity, the basic identity authentication procedure exerts tremendous utility for distinguishing / dividing between NFS users and smooth distribution (ie, seamless communication regardless of communication environment / mobile communication subscription, etc.). Among the media unique numbers (e.g. 4685-9766-3991-4441) described on <NFS user-owned financial transaction media, which can maintain optimal security even in the case of theft, authentication necessary places (e.g., 3rd, 5th By providing a unique identification number (e.g. 8,9,3,4)> corresponding to the digit, 9th digit, 13th digit, etc. Problems that the self-identification means are limited only by the web method, various problems caused by unauthorized leakage / theft of private financial information, as well as problems that cannot be distinguished among people of the same name, and the problem that the person who can be authenticated is limited to the mobile phone subscriber. It is about an NFS user authentication support system that can guide you to enjoy a series of NFS more efficiently, while avoiding even the back.

In recent years, as electrical / electronic / communication technologies have been rapidly developed, and mobile communication devices such as mobile phones have been widely spread, NFS (eg, wired / wireless online shopping mall services, wired / wireless online financial services, Various types of ID authentication support systems are being developed and distributed to authenticate / identify the identity of NFS users using wireless online document issuance services. For example, Korean Patent Publication No. 10-2010-9150 (name: payment system and method using a mobile phone) (published on Jan. 27, 2010) discloses an example of the identity authentication support system according to the conventional technology in detail. It is.

On the other hand, under such a conventional system, the NFS providing system (e.g., wired / wireless online shopping mall system, wired / wireless online financial system, wired / wireless online document issuance system, etc.) is authenticated / identified by the identity of the NFS user. When this necessary phase (eg, financial transaction phase, document collection phase, etc.) arrives, for example, the identity verification procedure using an accredited certificate, the identity verification procedure using a credit card, etc. are carried out.

However, in the case of the self-authentication process using the public certificate, there is a fatal disadvantage that the process can be carried out only by the web method, and the personal authentication process using the credit card also includes private financial information of the NFS user (for example, the whole). Since the credit card number, card expiration date, etc.) can be leaked or stolen externally, it is difficult for the NFS provider to utilize them directly for the NFS user's authentication procedure without any action. I have no choice but to follow.

In recent years, as a way to overcome these shortcomings, the adoption of a self-authentication procedure using a combination of <date of birth + full name + gender + mobile phone text message> has emerged widely.

However, the identity verification process using the combination of <date of birth + full name + gender + mobile phone message> has a fatal drawback not only to distinguish between persons of the same name with the same date of birth + name + gender. Based on only the mobile subscriber information held by the mobile phone, the user authenticates the identity of the NFS user. Under the employment environment of the <date of birth + full name + gender + mobile phone text message> hybrid identity authentication procedure, although not a regular subscriber, Is the number of NFS users that are actually occupied and used (e.g. NFS users using mobile phones subscribed to by family names, NFS users using mobile phones subscribed to by others' names, mobile phones subscribed to under corporate names) On the other hand, the NFS user who is using Not only why not get any support for a series of identity authentication procedure it is, after all, is forced to take intact a variety of large and small damages accordingly.

Of course, under such various adverse conditions, despite the convenience of NFS on the NFS user side, it is forced to take a very passive attitude to the use of NFS, and eventually, on the NFS provider side, the overall market size of NFS is greatly reduced. You will have no choice but to accept it.

Korean Patent Publication No. 10-2010-9150 (Name: payment system and method using a mobile phone) (published Jan. 27, 2010)

Accordingly, an object of the present invention is to provide a financial transaction medium (FTM) of <NFS user's date of birth, name, and NFS user in a communication pipeline of an NFS user information processing device or an NFS providing system connected to a wired / wireless online network. A computer module for acquiring the Base Clue Information for certificating a person (BCI), including the issuer of the media (e.g., credit card, check card, bankbook, etc.) and the type of FTM> Computerized module for selecting the authentication required digit for NFS user authentication from among the batch positions of the media unique number (e.g., credit card number, check card number, bank account number, etc.) described in the FTM>, <NFS user information In communication with the processing apparatus or the NFS providing system, among the media unique numbers (e.g., 4685-9766-3991-4441) described in the FTM, authentication necessary positions (e.g., 3rd, 5th, 9th, 13th) Computer module that can obtain the media identification number (for example, 8, 9, 3, 4) corresponding to the personal identification>, <BCI, the authentication required seat, and the identification number of the media identification number. Server operating the FTM issuer that is accessing the network (for example, a server operated by the credit card company that issued the credit card, a server operated by the bank that issued the check card, a server operated by the bank that issued the bank account, etc.) If the user authentication of the NFS user is confirmed to be successful, and the authentication of the NFS user is confirmed to be successful, the NFS providing system (for example, the wired / wireless online shopping mall system, the wired / wireless online financial system, the wired / wireless) Systematic module for transmitting NFS user's self-authentication success message to the online document issuing system, etc.) is systematically arranged, and through this, the basic self-authentication procedure for NFS is implemented. Due to the flexibility of distribution, it provides tremendous utility in distinguishing / dividing between NFS users and smooth distribution (i.e., smoothly regardless of communication environment / mobile subscription), but because of its meaninglessness, it is optimal security even in case of leakage / theft. Among the media unique numbers (e.g., 4685-9766-3991-4441) described in <NFS user-owned FTM that can maintain the last name, authentication required (e.g., 3rd, 5th, 9th, 13th, etc.) By using only a unique identification number (e.g. 8,9,3,4)> corresponding to the ID), the NFS providing system, the problem that the user authentication means is limited only by the web method on the NFS user side, Various problems such as unauthorized leakage / theft of private financial information, as well as problems such as unidentifiable people of the same name, and problems in which the person who can be authenticated are limited to mobile phone subscribers are easily removed. While, the guide to help you enjoy the series of NFS more efficiently.

Other objects of the present invention will become more apparent from the following detailed description and the accompanying drawings.

In order to achieve the above object, the present invention communicates with a non-facing service (NFS) user information processing device or an NFS providing system through a wired / wireless online network, and the birth date and name of an NFS user. The BCI acquisition module for acquiring the issuing entity of the financial transaction media (FTM) held by the NFS user, and the base clue information for certificating a person (BCI) including the type of the FTM. and; An authentication required digit selecting module for selecting an authentication necessary digit for NFS user identity authentication from among the batch positions of the media unique number described in the FTM after reading the BCI; A personal identification medium unique number acquisition module for communicating with the NFS user information processing device or the NFS providing system to obtain a personal identification medium unique number corresponding to the authentication required digit among media unique numbers described in the FTM; The BCI, the authentication required digits, and the identification number of the user identification medium are transmitted to the FTM issuer operating server that is connected to the wired / wireless online network to confirm whether the NFS user is successfully authenticated, and the authentication of the NFS user is performed. NFS user identity authentication processing module for transmitting an NFS user identity authentication success message to the NFS providing system, if it is determined to be successful; If it is confirmed by the NFS user identity authentication processing module that the identity authentication of the NFS user is successful, after setting the identity identification medium unique number used in the identity authentication procedure to the authentication success media unique number, the authentication success Disclosed is an NFS user identity authentication support system, comprising: an authentication successful medium unique number processing module for storing a medium unique number and a corresponding authentication required seat corresponding to a medium unique number together with a BCI of an NFS user.

delete

In the present invention, the <NTFS user's date of birth, name, and financial transaction media (FTM) held by NFS users in communication pipelines such as NFS user information processing devices and NFS providing systems connected to wired / wireless online networks. Computer module for acquiring the Base Clue Information for certificating a person (BCI), including the issuer of a credit card, check card, bankbook, etc. Computer module for selecting the authentication required digits for NFS user identity from among the batch positions of the media unique number (e.g., credit card number, check card number, bank account number, etc.) described, <NFS user information processing device or NFS In communication with the providing system, among the media unique numbers (e.g., 4685-9766-3991-4441) described in the FTM, the authentication necessary positions (e.g., 3rd, 5th, 9th, 13th, etc.) A computer module that can obtain a corresponding personal identification media unique number (e.g., 8, 9, 3, 4)>, <BCI, authentication required seat, and a unique identification media unique number are connected to the wired / wireless online network. To the FTM issuer operation server (for example, a server operated by a credit card company that issued a credit card, a server operated by a bank that issued a check card, a server operated by a bank that issued a bank account), If the user authentication of the NFS user is verified successfully, and if the authentication of the NFS user is confirmed to be successful, the NFS providing system (e.g., wired / wireless online shopping mall system, wired / wireless online financial system, wired / wireless online document issuance system) Etc.), since the system provides a systematic arrangement for transmitting NFS user authentication success message, etc., under the implementation environment of the present invention, the basic authentication procedure for NFS is implemented. Because of its identification and distribution elasticity, it shows tremendous utility in distinguishing / dividing between NFS users and smooth distribution (i.e. smooth distribution regardless of communication environment / mobile subscription), but because of its meaninglessness, Among the media unique numbers (e.g., 4685-9766-3991-4441) described in <NFS user-owned FTM, which can maintain optimal security, authentication necessary places (e.g., 3rd, 5th, 9th, 13) Only a unique media identification number (e.g., 8,9,3,4)> corresponding to the first digit) can be easily completed. Problems such as limited problems, various problems caused by unauthorized leakage / theft of private financial information, as well as problems that cannot be distinguished between people of the same name, and problems in which the person who can authenticate himself is greatly limited to the mobile phone subscriber. Also it is possible, you can enjoy a series of NFS in a more efficient and easy to break.

1 is an exemplary diagram conceptually showing the detailed configuration of the NFS user identity authentication support system according to an embodiment of the present invention.
2 and 3 is an exemplary diagram conceptually showing a detailed functional procedure of the NFS user identity authentication support system according to an embodiment of the present invention.
Figure 4 is an exemplary diagram conceptually showing the detailed configuration of the NFS user identity authentication support system according to another embodiment of the present invention.
5 is an exemplary diagram conceptually showing a detailed functional procedure of the NFS user identity authentication support system according to another embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings, the NFS user identity authentication support system according to the present invention in more detail.

As shown in Figure 1, under the NFS enforcement system employing the present invention, NFS service providing system 1 (e.g., wired / wireless online shopping mall system, wired / wireless online financial system, wired / wireless online document issuance system, etc.) ), Through the wired / wireless online network 10, a series of NFS (eg, wired / wireless online shopping mall services, wired / wireless online financial services, wired / wireless) targeting the NFS user information processing device 2. In the case of an online document issuance service, etc., when a phase that requires authentication / identification of the identity of the NFS user (eg, financial transaction phase, document collection phase, etc.) arrives, further series of identity verification procedures In this way, the NFS user side can be stably obtained / enjoyed the desired service use authority.

In this case, the NFS user information processing device 2 described above includes a tablet PC, a notebook PC, a desktop PC, a cellular phone, a PCS phone (Personal Communications Services phone), and a synchronous / asynchronous IMT-2000 ( International Mobile Telecommunication-2000), Palm Personal Computer (PDA), Personal Digital Assistant (PDA), Smart Phone (WAP phone), Wireless Application Protocol Phone (WAP phone), Play-station Etc. can be widely selected depending on the situation of the NFS user.

Of course, in this situation, if no action is taken (i.e. without any action, each method according to the prior art, e.g. accredited certificate method, credit card method, <date of birth + name + gender + mobile phone text message>) System, etc.), the NFS providing system (1), the NFS user side, for example, the problem that the self-authentication means is limited only to the web method, and various problems caused by unauthorized leakage / theft of private financial information. Of course, even the problem of indistinguishable from the same name, the problem that the person who can be authenticated is greatly limited to the mobile phone subscribers will be forced to bear the same.

In such a sensitive situation, the present invention takes measures to install an NFS user identity authentication support system 100 unique to the present invention in a communication pipeline such as the NFS user information processing device 2, the NFS providing system 1, and the like. (In this case, the identity authentication support system 100 of the present invention may take the structure of being subordinately installed in the program block of the NFS providing system 1, depending on the situation).

In this case, the NFS user identity authentication support system 100 according to an embodiment of the present invention is provided via the interface module 102, the wired / wireless online network 10, etc., and the NFS user information processing device 2 and NFS. Providing system (1), FTM issuer operating server (3) (e.g., a server operated by a credit card company that issued a credit card, a server operated by a bank that issued a check card, or a bank that issued a bank account) Overall management of the authentication process for the NFS user according to the input information of the NFS user transmitted from the NFS user information processing device 2, the NFS providing system 1, etc. while communicating with an operating server, etc.). The authentication information control module 101, the operation information storage module 103, the credit information storage module 104, the BCI acquisition module 105, which are under the control system of the identity authentication support control module 101, and require authentication. Seat selection module 106, identity authentication medium The unique number acquisition module 107, the NFS user identity authentication module 108, and the like take a close combination.

At this time, the operation information storage module 103 controlled by the identity authentication support control module 101, the various operational information required for the identity authentication support service of the present invention, for example, registration information of the NFS providing system 1, the subject of FTM issuing. Registration information of the operation server 3, registration information of the FTM issuer (for example, the credit card company that issued the credit card, the bank that issued the check card, the bank that issued the bank account, etc.), and the resource status information of the system 100 In this regard, the system 100 reliably stores and manages component information necessary for the computation process of each computer module in the system 100, various text information / graphic information / setting information for generating a message in its information storage area. (Of course, each operation information listed above, depending on the situation of the system 100 side, the item or range may be added / deleted or changed flexibly).

In addition, the credit information storage module 104 side of the present invention controlled by the identity authentication support control module 101, various credit information required for the identity authentication support service of the present invention, for example, basic information of each individual (eg, name information). , Address information, gender information, social security number information, mobile communication device number information, nationality information, e-mail address information, etc., each person's credit transaction information (e.g. credit rating information, loan information, warranty information, credit card cash services) Information, collateral provision information, credit card reorganization report, checking account information, facility rental information, installment financing transaction information, etc.) will be reliably stored and managed in their own information storage area.

Here, the credit information is collected and collected according to each individual side including the NFS user (e.g. credit card issuance process, installment financing process, insurance purchase process, securities transaction process, etc.) As accumulated information, this individual credit is generally managed very strictly through face-to-face procedures, accredited certificate verification procedures, etc., when each individual initiates or ends a series of credit transactions. The information will naturally have a very good reliability compared to other source information.

With this infrastructure in place, the information processing device (2) of the NFS user who is in the phase of identity authentication is equipped with a series of self-authentication guide frames to assist the NFS user's authentication process. 200)> may be additionally posted, and in this situation, the NFS user side proceeds to the computer 100 to select / enter various menus included in the identity authentication guide frame 200, without any difficulty, to the system 100 side. BCI, identity identification media unique number (detailed later) can be transmitted (hereinafter, the same).

In this case, the identity authentication guide frame 200 may be generated / published by <NFS providing system 1 for providing a series of NFS to NFS users, and depending on the situation, each of the present invention It may be generated / published by a computer module, for example, the BCI acquisition module 105, the personal identification medium identification number acquisition module 107, or the like (hereinafter, the same).

Of course, according to this, the BCI, ID number, and the like unique ID for the user input / transmitted via the identity authentication guide frame 200 via the NFS providing system (1), the system 100 of the present invention It may be delivered / transmitted to the side, and depending on the situation, it may be directly transferred / transmitted from the NFS user information processing device 2 to the system 100 side of the present invention.

 In this situation, as shown in Figs. 1 and 2, the BCI acquisition module 105 side controlled by the identity authentication support control module 101 uses the interface module 102, the wired / wireless online network 10, and the like. From the NFS user information processing device 2, the NFS providing system 1, and the like, while communicating with the NFS user information processing device 2, the NFS providing system 1, and the like, the date of birth, the name, and the NFS of the NFS user. Issuer of FTM (e.g. credit card, check card, bank account, etc.) held by the user (e.g., △△ credit card company, × × bank, etc.), type of FTM (△△ credit card, × × check card, etc.) It is checked if this included BCI> has been transmitted.

At this time, the NFS user in the face of the authentication phase, the issuer of his BCI (eg, date of birth, name, self-owned FTM (eg, △△ credit card)) in the input menu included in the identity authentication guide frame 200 (eg Credit card company), type of FTM (e.g., △△ credit card, etc.), and the <NFS user's date of birth, name, Confirm that the BCI> containing the gender, the issuer of the FTM (e.g. △△ credit card) possessed by the NFS user (e.g. △△ credit card company), the type of FTM (e.g. △△ credit card), etc. is transmitted. When the BCI acquisition module 105 acquires / receives it, the BCI of the acquired / received NFS user is stably stored and managed in its own information storage area. To help progress 2). In this case, the BCI may additionally describe / include the gender of the NFS user according to the situation (hereinafter, it is assumed that the gender is added to the BCI).

In this way, the BCI (e.g., birth date, name, gender, NFS user's FTM (e.g. △△ credit card) of the NFS user who is in the authentication phase (e.g. △△ credit card company)) In the situation where the FTM type (e.g., △△ credit card) is stably acquired / received, the BCI acquisition module 105 is selected on the side of the authentication required seat selection module 106 controlled by the personal authentication support control module 101. Communication with the BCI, for example, the issuer of the FTM (e.g., △△ credit card) held by the NFS user (e.g., △△ credit card company) and the type of FTM (e.g., △△). Credit card), etc., to proceed with the process of reading / identifying (see Figure 2).

If the issuer of the FTM (e.g. △△ credit card) possessed by the NFS user (e.g. △△ credit card) and the type of FTM (e.g. On the side of the authentication required seat selection module 106, among the prestored FTM samples, the issuer of the FTM (for example, △△ credit card) held by the NFS user (for example, △△ credit card company) and the type of FTM (for example, After extracting the FTM samples having the same details as △△ credit cards, etc. (e.g. △△ credit card samples issued by the credit card company), the extracted FTM samples are read, and the batch number of all of the media unique numbers described therein is read out. By determining the number of seats, it is inferred from how many batches of media unique numbers (e.g., credit card numbers) described in the FTM possessed by the NFS user (see FIG. 2).

In this way, it is inferred / determined whether the media unique number (e.g., credit card number) described in the FTM held by the NFS user (e.g., △△ credit card issued by Credit Card Company) consists of, for example, 16 batches. Upon completion, the authentication required seat selection module 106 proceeds with a random number selection routine such as, for example, random number generation / selection routine, and the FTM held by the NFS user (e.g., a △△ credit card issued by a credit card company). The procedure for selecting an authentication required position for NFS user authentication is performed from among each arrangement place (eg, 16 arrangement places) of the media unique number (eg, credit card number) described in FIG.

Under the proceeding of this procedure, the authentication required seat selection module 106 side stores each of the media unique number (e.g., credit card number) described in the FTM held by the NFS user (e.g., △△ credit card issued by the credit card company). Among the arrangement seats (e.g., sixteen placement seats), for example, the third, fifth, ninth, and thirteenth seats are selected as authentication necessary seats for NFS user authentication (see Fig. 2).

Through the above procedure, each batch number (e.g., 16 batch positions) of the media unique number (e.g., credit card number) described in the FTM held by the NFS user (e.g., △△ credit card issued by the credit card company) ), For example, when the third, fifth, ninth, and thirteenth digits are selected as the authentication-needed digits necessary for NFS user identity authentication, the identity authentication controlled by the identity authentication support control module 101 is completed. The media unique number acquisition module 107 communicates with the authentication required seat selection module 106 to obtain specific details of the authentication required seat (for example, the third, fifth, ninth, thirteenth, and the like). After the identification, a series of message generation routines are carried out, for example, <the third, fifth, ninth, and thirteenth of the sixteen digits of the credit card number of your credit card. input Create a unique media identification number input request message for the authentication information, such as, and through the interface module 102, wired / wireless online network 10, etc. The transmission to the NFS providing system 1, the NFS user information processing device 2, and the like is performed.

At this time, according to the situation, the personal identification medium identification number acquisition module 107, in the personal identification medium identification number input request message <Please enter the first two digits of the password of your credit card>, < Please enter the expiration date of your credit card>, etc., and, when the media identification number for personal identification is obtained through the procedure described below, an FTM (for example, issued by a credit card company) A part of the password set in the credit card) or the expiration date can also be obtained.

In this way, <Please enter your 3rd, 5th, 9th, 13th digit credit card number among 16 digits of your credit card number> When the request for inputting the media unique number is completed, the NFS user proceeds with a series of computations, and the 16 digits of the FTM (for example, △△ credit card issued by the credit card company) are held. Among the unique number of the media (e.g., 4685-9766-3991-4441), the media unique number (e.g., eighth, third, fifth, ninth, thirteenth, etc.) (9,3,4) is inputted / transmitted (see FIG. 2) (in some cases, a part or validity period of the password set in the FTM is also inputted / transmitted).

On the other hand, through the above-described procedure, in the situation that the identification number of the unique media identification number input request message has been transmitted / delivered, the identification module media unique number acquisition module 107 side on the interface module 102, wired / wireless online network (10) Communication with the NFS providing system 1, the NFS user information processing device 2, and the like, and the authentication necessary seat (e.g., 3) from the NFS providing system 1, the NFS user information processing device 2, etc. Media identification number (for example, 8, 9, 3, 4) corresponding to the 1st, 5th, 9th, 13th digits, etc. It is checked whether or not is transmitted.

At this time, the above-described computing operation is completed on the NFS user side, and authentication required positions (for example, 3rd, 5th, 9th, 13th, etc.) are provided from the NFS providing system 1, the NFS user information processing apparatus 2, and the like. If the identification number of the unique media identification number (e.g., 8,9,3,4) (part of the password or expiration date, depending on the situation) is confirmed that the transmission is completed, the identification number of the media identification number identification module for identification The 107 side stably receives / stores this, thereby assisting a series of subsequent procedures according to the present invention to be normally performed without any difficulty (see FIG. 2).

In this way, a unique identification medium number (e.g., 8, 9, 3, 4) corresponding to the authentication necessary place (e.g., third, fifth, ninth, thirteenth, etc.) is stored and secured. In the completed situation, on the NFS user identity authentication processing module 108 controlled by the identity authentication support control module 101, the BCI acquisition module 105, the authentication required seat selection module 106, and the identification number acquisition medium unique number module (107) the user issuing the BCI of the NFS user (e.g., the date of birth, name, gender, and FTM (e.g., △△ credit card) held by the NFS user) obtained / selected by them (e.g., , △△ credit card company), type of FTM (e.g. △△ credit card, etc.)>, <Digits required for authentication (e.g. 3rd, 5th, 9th, 13th, etc.)>, < Identification number of the media for identification (e.g. 8,9,3,4) After reading / confirming), etc., a series of message generation routines are executed based on the read / confirmed contents, and the BCI, the authentication necessary place, and the identification number of the media for identification (part of the FTM password or expiration date, depending on the situation). NFS user authentication request message including the user, and the generated NFS user authentication request message through the interface module 102, wired / wireless online network (10), etc. FTM issuer operating server (3) ( For example, a procedure for transferring to a server operated by a credit card company that issued a credit card, a server operated by a bank that issued a check card, a server operated by a bank which issued a bank account, etc. is performed. 2).

Through the above procedure, when the NFS user ID authentication request message including BCI, authentication required place, identity identification media unique number (sometimes, part of FTM password or expiration date) is sent / received, FTM issuance is issued. The subject operation server 3 extracts the FTM information of the NFS user from its own database based on the corresponding message and the information included therein, and then identifies the identity number of the media for the user authentication that corresponds to the authentication required entry entered by the NFS user. Procedure to determine whether it matches previously saved contents (depends on additional circumstances to determine whether part of password or expiration date matches previously saved contents)>, <Authorization required by NFS user When the identification number of the identification medium corresponding to the ID matches the previously stored contents (depending on the situation, part of the password or the expiration date are additionally ), <Procedures for extracting the ID number of successful NFS users in the database,> <Personal ID message and the social security number of successful NFS users. Procedure> to transmit to the system 100 side.

At this time, if the FTM issuer operating server 3 side does not match the contents stored in the ID number corresponding to the authentication required by the NFS user, the user authentication medium (for example, the user ID entered by the NFS user). The media unique number is 8934, and the corresponding number according to the previously stored information is 2717, etc.). It is determined that the authentication of the NFS user has failed, and <The authentication of the NFS user failed due to the information mismatch>. After generating an authentication failure message for the purpose, the generated authentication authentication failure message is transmitted to the system 100 side.

In addition, the FTM issuer operating server (3) side, even if the user authentication medium unique number corresponding to the authentication required digits entered by the NFS user matches the previously stored content, that is, if there are multiple users (that is, BCI Of course, if there are a plurality of users that match the identification number of the user identification medium), it is determined that the authentication of the NFS user has failed, and the authentication of the NFS user has failed because there are a plurality of users whose information matches. > Generates an authentication failure message for the purpose, and transmits the generated authentication failure message to the system 100 side.

On the other hand, through the above-described procedure, in the situation where the authentication authentication message, authentication authentication failure message, etc. is generated, the NFS user authentication process module 108 side, the interface module 102, wired / wireless online network 10, etc. By communicating with the FTM issuer operating server 3, it receives and reads the user authentication success message and the user authentication failure message transmitted from the FTM issuer, and through this, checks the success of the user authentication of the NFS user. You will proceed.

At this time, if the user authentication success message and the resident registration number of the NFS user who succeeded in authenticating the identity are transmitted from the FTM issuer operating server 3 side, and it is confirmed that the identity authentication of the NFS user succeeded, the NFS user identity authentication processing module 108 The side proceeds with a series of message generation routines to generate an NFS user identity authentication message stating that <NFS user authentication is successful>, and based on the social security number of the NFS user who successfully authenticated the credit information storage module. In communication with 104, a procedure of extracting the credit information of the NFS user is performed (see FIG. 2).

In this way, when the NFS user identity authentication success message, NFS user credit information, and the like are generated / extracted, the NFS user identity authentication module 108 uses the interface module 102, the wired / wireless online network 10, and the like. By communicating with the NFS providing system 1, the procedure of transmitting the NFS user authentication success message, the NFS user's credit information, etc. to the NFS providing system 1 is carried out. (For example, the wired / wireless online shopping mall system, the wired / wireless online financial system, the wired / wireless online document issuance system, etc.), each NFS user who uses his or her own system based on the successful NFS user authentication message and the credit information of the NFS user. You can easily identify and authenticate your identity, and you will be able to perform a series of NFS procedures normally, without any difficulties.

As described above, in the present invention, the <NFS user's date of birth, name, gender, and NFS user in the communication pipeline of the NFS user information processing device 2 and the NFS providing system 1 connected to the wired / wireless online network 10 are described. Computer module for acquiring BCI including the issuer of FTM (e.g., credit card, check card, bank account, etc.), type of FTM, etc., <media unique number (for example, credit card number, Check module number, bankbook number, etc.), and a communication module for selecting an authentication required digit for NFS user authentication>, <NFS user information processing device (2) or NFS providing system (1) , A medium for personal authentication corresponding to the required number of authentication (e.g., 3rd, 5th, 9th, 13th, etc.) among the media unique numbers (e.g., 4685-9766-3991-4441) described in the FTM. Computer mothers who can obtain a unique number (e.g., 8, 9, 3, 4) >, <FCI issuing entity operating server 3 (e.g., operated by a credit card issuing credit card company) accessing the BCI, the authentication required digit, and the identification number of the identification medium to the wired / wireless online network (10). Server, server operated by the bank that issued the check card, server operated by the bank that issued the bank account, etc.) to check whether the NFS user's authentication succeeded and confirmed that the NFS user's authentication succeeded. Computer module capable of transmitting an NFS user identity authentication message to the NFS providing system 1 (e.g., wired / wireless online shopping mall system, wired / wireless online financial system, wired / wireless online document issuing system, etc.)> In order to provide a systematic arrangement, the basic authentication procedure for the implementation of NFS is distinguished / separated and smoothed between NFS users because of its identification and distribution elasticity. It is very useful for distribution (i.e., smooth distribution regardless of communication environment / mobile subscription), but because of its meaninglessness, it is possible to use <NFS user-owned FTM which can maintain optimal security even in case of leakage / theft. Among the listed media unique numbers (e.g., 4685-9766-3991-4441), a unique identification medium unique number (e.g., the third, fifth, ninth, thirteenth, etc.) For example, 8,9,3,4)> can be easily completed only, after all, in the NFS providing system (1), the NFS user side, the problem that the authentication means is limited only by the web method, unauthorized leakage of private financial information / You can enjoy a series of NFS more efficiently, not only various problems caused by theft, but also problems caused by the inability to distinguish between people of the same name, and problems that allow a person to be authenticated significantly. .

On the other hand, in the situation where the above-described NFS user authentication request message is transmitted to the FTM issuing subject operation server 3 side, <Failed to authenticate the NFS user's identity due to information mismatch> from the FTM issuing subject operation server 3 side. If the user authentication failure message is sent to the purpose of confirming that the NFS user identity authentication processing module 108 is to communicate with the authentication medium acquisition number acquisition module 107 for self-authentication, re-acquisition of the medium identification number for identity authentication You will be asked.

In this situation, the identity identification medium identification number acquisition module 107 proceeds with a series of message generation routines, for example, <16th, 5th digit of 16 digits of the credit card number of your credit card. , Please enter the 9th, 13th digit credit card number>, etc. again to generate the identification number of the unique media identification number request message, and generates the generated unique identification number of the media identification request message interface module ( 102), through the wired / wireless online network (10), and the like again to the NFS providing system (1), NFS user information processing device (2), further proceeds with the procedure, and corresponding identity authentication medium The procedure of acquiring the unique number again, and further, the procedure of transferring the re-acquisition completed media identification number to the NFS user identity authentication processing module 108, is further proceeded.

Of course, under the performance of the identity authentication medium identification number acquisition module 107, even if the NFS user, for example, accidentally entered the identification number of the media identification number by mistake, it is easy to overcome the failure situation due to identity authentication. It becomes possible.

On the other hand, as described above, in a situation where a personal authentication failure message indicating that &quot; Failed to authenticate the NFS user due to the information mismatch &quot; is transmitted / received, the BCI acquisition module 105 has the NFS user authentication processing module. In communication with 108, a procedure for checking whether the user authentication of the NFS user has failed repeatedly for a predetermined number of times (for example, three times, five times, etc.) is performed (see FIG. 2).

At this time, when the user authentication of the NFS user is confirmed / checked as having failed repeatedly for a predetermined number of times (for example, 3 times, 5 times, etc.), the BCI acquisition module 105 proceeds with a series of data generation routines to set the preset value. It will proceed with adding the BCI of the NFS user who failed the authentication to the list of invalid authentication requesters.

Of course, in this situation, on the BCI acquisition module 105, a series of identity authentication procedures are performed by an unfair NFS user who has repeatedly failed to authenticate himself a limited number of times through the NFS user information processing device 2 or the NFS providing system 1. Even if you try to do so, you can block / reject BCI in advance for the NFS user without any difficulty.

On the other hand, in the situation where the above-described NFS user authentication request message has been transmitted to the FTM issuing subject operating server 3 side, there are multiple users whose information matches the <TM user from the FTM issuing subject operating server 3 side. If the authentication of the user failed to verify that the authentication message of >>, the user of the NFS user authentication process module 108, as shown in Figure 3, the authentication required seat selection module 106, the person Communication with the authentication medium unique number acquisition module 107 or the like is requested to further select / set a new authentication required seat and to further acquire a new unique authentication medium unique number corresponding to the new authentication required seat.

In this situation, the authentication necessary seat selection module 106 further proceeds with a random number selection routine such as, for example, random number automatic generation / selection routine, so as to select a previously selected authentication necessary seat (for example, 3rd, 5th, 9th). The procedure for additionally selecting a new authentication required place (eg, 1st place, 5th place, 11th place, 12th place) having a pattern different from that of the digits (13th place) is performed (see FIG. 3).

In addition, the identity identification medium unique number acquisition module 107 proceeds with a series of message generation routines, for example, <1st, 5th, 11th of 16 digits of the credit card number of your credit card. Please enter the first and 12th digits of the credit card number>, etc. again to generate a new identity verification medium unique number request message, and generates a new identity verification medium unique number request message to the interface module ( 102), through the wired / wireless online network 10, and the like again to the NFS providing system (1), NFS user information processing device (2), and the like further proceeds with the procedure, new authentication required seat (for example, Procedure for additionally acquiring a new unique media identification number (e.g. 4,9,9,1) corresponding to 1st, 5th, 11th and 12th digits Jeungyong to proceed medium unique number (e.g. 4,9,9,1) the additional steps such as passing toward the NFS user identity authentication processing module 108 (see Fig. 3).

Of course, under such a function as the authentication necessary seat selection module 106 and the identification number acquisition module 107 for identity authentication, on the NFS user side, even if there are additional users whose information matches the user, authentication is caused by the authentication. Failing to easily overcome the situation.

On the other hand, as shown in FIG. 1, under the control system of the identity authentication support control module 101, in addition to each of the foregoing computerized modules, an externally owned identity authentication key processing module 113 is further disposed.

At this time, the external belonging identity authentication key processing module 113 controlled by the identity authentication support control module 101 communicates with the NFS user identity authentication processing module 108, and the NFS user identity authentication processing module 108 is performed. If it is confirmed that the authentication of the NFS user is successful by reading the resident registration number of the NFS user who has successfully authenticated the identity, a series of data generation routines are performed based on the read resident registration number. 1) proceeds with the procedure of generating an externally-owned self-authentication key> to help distinguish the NFS user that has successfully authenticated itself (see Figure 3).

In this case, the externally owned authentication key has the same key value for all NFS providing systems 1 (eg, △△ NFS providing system, ×× NFS providing system, ○○ NFS providing system, etc.) Accordingly, each NFS providing system 1 (eg, ΔΔ NFS providing system, ×× NFS providing system, ○○ NFS providing system, etc.) may have different key values.

In this way, when the generation of the external attribution authentication key is completed, the external attribution authentication key processing module 113 side is the NFS providing system 1 side via the interface module 102, the wired / wireless online network 10, and the like. Communication with the client, and then proceeds to transfer the generated private identification key to the NFS providing system (1), and eventually, the NFS providing system (1) that receives / receives the external identification key is subsequently used. By using the externally-owned identity key, it is possible to easily distinguish NFS users who have successfully authenticated themselves.

On the other hand, as shown in Figure 4, under another embodiment of the present invention, in the system of the NFS user identity authentication support system 100a, in addition to each of the preceding computerized module, authentication successful media unique number processing module 109, Authentication attribute processing support information storage module 110, identity authentication attribute processing module 111, FTM deletion / discard handling module 112, and the like are further arranged.

At this time, as shown in FIG. 5, the authentication success media unique number processing module 109 side controlled by the identity authentication support control module 101 communicates with the NFS user identity authentication processing module 108, and the NFS When the user authentication process module 108 confirms that the user authentication of the NFS user is successful, a series of data setting routines are performed, and a media identification number (for example, 8 and 9) used in the corresponding authentication process is performed. , 3, 4) (see FIG. 2) as the authentication successful media unique number, and then the set authentication successful media unique number (e.g., 8,9,3,4) and the authentication successful media unique number (e.g., 8). BCI, which is required for authentication (e.g. 3rd, 5th, 9th, 13th, etc.) corresponding to 9,3,4) Within the identity authentication attribute processing support information storage module 110 with a social security number, etc. It will proceed to the Chapter procedures.

In this way, the authentication success media unique number (e.g. 8,9,3,4) and the authentication successful media unique number (e.g. 8,9,3,4) of the NFS user who successfully authenticated the authentication are required. In the situation where the seat (for example, the third seat, the fifth seat, the ninth seat, the thirteenth seat, etc.), the NFS user's BCI, social security number, etc. are stored and managed in the identity authentication attribute processing support information storage module 110, The identity authentication attribute processing module 111 side controlled by the authentication support control module 101 communicates with the BCI acquisition module 105, so that the BCI side of the NFS user (i.e., an NFS user previously successful in identity authentication) is acquired. It is checked whether or not (see FIG. 5).

At this time, when it is confirmed that the BCI of the NFS user (that is, the NFS user who has previously succeeded in authenticating authentication) has been acquired, the authentication authentication medium unique number processing module 109 may authenticate the identity authentication attribute. Communication with the processing support information storage module 110 or the like is made to determine whether a BCI matching the acquired BCI is already stored (see FIG. 5).

In this situation, when it is confirmed that the BCI corresponding to the acquired BCI is stored in advance, the authentication authentication processing module 111 side requires the authentication required digit stored in the BCI (for example, the third digit and the fifth digit). , Ninth digit, thirteenth digit, etc. (of course, this authentication required digit is associated with a proven successful medium identification number), and then proceeds with a series of message generation routines. Please enter the 3rd, 5th, 9th, and 13th digits of the 16-digit credit card number of your credit card.> Generate and complete the authentication successful media unique number input request message via the interface module 102, wired / wireless online network 10, NFS providing system (1), NFS user information processing device (2) To proceed to the process of transferring.

In this way, in the situation where the authentication successful media unique number input request message is transmitted to the NFS providing system 1, the NFS user information processing apparatus 2, or the like, the identity authentication attribute processing module 111 side has the NFS providing system 1 Communication with the NFS user information processing device (2) and the like, and have the authentication successful media unique number corresponding to the authentication necessary digits (for example, the third digit, the fifth digit, the ninth digit, the thirteenth digit, etc.) transmitted from them? Will be checked.

At this time, the authentication successful medium unique number corresponding to the authentication required digits (for example, 3rd digit, 5th digit, 9th digit, 13th digit, etc.) from the NFS providing system 1, the NFS user information processing apparatus 2, and the like. If it is confirmed that the transmitted, the authentication attribute processing module 111, after reading the authentication successful media unique number, authentication successful media unique number processing module 109, identity authentication attribute processing support information storage module 110 And communication with each other to determine whether the read-read authentication successful media unique number matches the previously stored authentication successful media unique number (eg, 8, 9, 3, 4).

At this time, if it is determined that the read-read authentication successful media unique number matches the pre-stored authentication successful media unique number (for example, 8, 9, 3, 4), the current authentication user on the identity authentication module 111 side Finally determines that the user is an NFS user who has already successfully authenticated, and immediately communicates with the NFS user identity processing module 108, thereby sending a series of NFS user identity authentication messages to the NFS providing system 1. This will cause the attribute to be sent.

Of course, in this situation, the NFS user identity authentication processing module 108 side communicates with the NFS providing system 1 without an intermediate communication process with the FTM issuer operating server 3 and NFS to the NFS providing system 1 side. User identity authentication success message, NFS user's credit information, etc. can be transmitted very quickly, eventually, the NFS providing system (1) (e.g., wired / wireless online shopping mall system, wired / wireless online financial system, wired / wireless online) The document issuing system, etc.) will be able to identify / authenticate more or less the identity of each NFS user using their own system.

On the other hand, the FTM deletion / disposal coping module 112 controlled by the personal authentication support control module 101 together with each of the preceding computerized modules, the authentication success medium by the authentication success medium unique number processing module 109 described above. In the situation where the BCI of the unique number and the NFS user (that is, the NFS user who has successfully authenticated the user) is stored / managed in the self-authentication attribute processing support information storage module 110, the interface module 102 and the wired / wireless online network ( 10) or the like, and communicates with the FTM issuing server operating server 3, and transmits the BCI to the NFS user (i.e., NFS user who has successfully authenticated himself) to the FTM issuing server operating server 3, Through this, the procedure of checking whether the FTM is retained or discarded by the NFS user is performed (see FIG. 5).

At this time, when a series of FTM revocation / disposal confirmation messages are transmitted from the FTM issuer operation server 3, and the FTM held by the NFS user (that is, the NFS user who has successfully authenticated himself) is confirmed to be terminated or discarded, the FTM The deletion / disposal coping module 112 communicates with the authentication success media unique number processing module 109, and the BCI and authentication success media unique to the NFS user side previously stored in the identity authentication attribute processing support information storage module 110. A procedure of deriving the number to be deleted may be performed (see FIG. 5).

Of course, under the functioning situation of the FTM deletion / disposal module 112, the system 100a side has a <severe problem that the non-compliant NFS user whose self-owned FTM is revoked / deprecated can be classified as a subject for authentication of personal authentication>. It can be easily avoided.

This invention can be variously modified depending on the situation.

For example, in the present invention, a message used in each of the above-described authentication procedures may be distributed, for example, on a voice-based (or ARS-based) basis. Match can be verified).

In addition, the present invention may take a modified embodiment in which the date of birth included in the BCI is replaced / received with a part or all of the social security number (in this case, the system 100, 100a side separates the social security number from the FTM issuer operating server side. You do not have to receive it).

Of course, even under the various changed environments of the present invention, the basic self-authentication procedure for the implementation of NFS is distinguished / divided and smoothly distributed (ie, communication environment / mobile communication subscription, etc.) between NFS users because of its identification and distribution elasticity. Media unique number (e.g. 4685-9766-3991-) described in <NFS User Owned FTM, which can provide enormous utility for undisclosed distribution, while maintaining its optimal security even in the event of leakage / theft due to its meaninglessness. 4441), the identification number (e.g., 3rd, 5th, 9th, 13th, etc.) corresponding to the identification number of the unique media identification number (e.g. 8,9,3,4)> In the end, the NFS providing system (1), the problem that the user authentication means is limited only by the web method, various problems caused by unauthorized leakage / theft of private financial information, etc. While the problems, you can be certified according to the subjects of escape can not easily cross nine minutes until such problems are greatly limited by mobile phone subscribers are able to enjoy a series of NFS more efficiently.

The present invention is not limited to a specific field, and in various fields requiring user authentication management of the user, has an overall useful effect.

Although specific embodiments of the present invention have been described and illustrated above, it is to be understood that the present invention may be embodied in many other specific forms without departing from the spirit or essential characteristics thereof.

Such modified embodiments should not be understood individually from the technical idea and viewpoint of the present invention, and such modified embodiments should be included in the appended claims of the present invention.

1: NFS provisioning system 2: NFS user information processing device
3: FTM issuer operating server 10: wired / wireless online network
100,100a: NFS user authentication support system
101: identity authentication control module 102: interface module
103: operation information storage module 104: credit information storage module
105: BCI acquisition module 106: Authentication required seat selection module
107: Media identification number acquisition module for identity authentication
108: NFS user identity processing module
109: authentication success media unique number processing module
110: identity authentication attribute processing support information storage module
111: identity authentication attribute processing module 112: FTM delete / discard response module
113: externally attached identity authentication key processing module 200: identity authentication guide frame

Claims (12)

delete Non-Facing Service (NFS) through a wired / wireless online network, communicates with a user information processing device or an NFS provisioning system, the date of birth of the NFS user, the name, and the financial transaction medium held by the NFS user (FTM). A BCI acquisition module for acquiring the Base Clue Information for certificating a person (BCI) including an issuer of a Financial Transaction Media (CMI) and a type of the FTM;
An authentication required digit selecting module for selecting an authentication necessary digit for NFS user identity authentication from among the batch positions of the media unique number described in the FTM after reading the BCI;
A personal identification medium unique number acquisition module for communicating with the NFS user information processing device or the NFS providing system to obtain a personal identification medium unique number corresponding to the authentication required digit among media unique numbers described in the FTM;
The BCI, the authentication required digits, and the identification number of the user identification medium are transmitted to the FTM issuer operating server that is connected to the wired / wireless online network to confirm whether the NFS user is successfully authenticated, and the authentication of the NFS user is performed. NFS user identity authentication processing module for transmitting an NFS user identity authentication success message to the NFS providing system, if it is determined to be successful;
If it is confirmed by the NFS user identity authentication processing module that the identity authentication of the NFS user is successful, after setting the identity identification medium unique number used in the identity authentication procedure to the authentication success media unique number, the authentication success NFS user identity authentication support system, characterized in that it comprises a authentication medium identification number processing module for storing the identification number corresponding to the identification number and the identification number of the media identification number with the NFS user side BCI. The NFS user identity support system of claim 2, wherein the BCI further includes a gender of the NFS user. According to claim 2, When the user authentication of the NFS user is confirmed by the NFS user authentication process module, the externally attached person to assist the NFS providing system to distinguish between the NFS users that have successfully authenticated the identity NFS user identity authentication support system, characterized in that it further comprises an external identity authentication key processing module for generating an authentication key, and transmits the generated external identification user authentication key to the NFS providing system. 5. The NFS user identity authentication support system of claim 4, wherein the externally-owned identity authentication key has the same key value for all NFS provisioning systems or has a different key value for each NFS provisioning system. The NFS user identity authentication support system according to claim 2, wherein the NFS user identity authentication success message transmitted from the NFS user identity authentication processing module to the NFS providing system further includes credit information of the NFS user. The method according to claim 2, wherein when the identification of the NFS user has failed by the NFS user ID authentication module, the media identification number acquisition module for the personal authentication communicates with the NFS user information processing device or the NFS providing system. NFS re-authentication support system, characterized in that to re-acquire the identification number of the identification medium corresponding to the authentication necessary seat. According to claim 2, If the NFS user identity authentication module confirms that the user authentication of the NFS user has failed a predetermined number of times, the BCI acquisition module side of the identity mismatch authentication requester list of the identity authentication failure of the NFS user NFS user identity authentication support system, characterized in that the description of the BCI. 3. The method of claim 2, wherein when it is confirmed by the NFS user identity authentication processing module that the user authentication of the NFS user is unsuccessful, the authentication necessity position selection module side selects a new authentication necessity position having a pattern different from the previously selected authentication necessity position. And further selecting, and communicating with the NFS user information processing apparatus or the NFS providing system, acquiring a new unique ID number corresponding to the new authentication required position by the ID authentication module acquiring module side. NFS user authentication support system. The user ID authentication of claim 2, wherein the user identification medium identification number acquiring module acquires a part or an expiration date of the password set in the FTM when acquiring the identification number of the identification medium. Support system. 3. The communication method according to claim 2, wherein the BCI is communicated with the BCI acquisition module, and when the BCI is acquired by the BCI acquisition module, the BCI corresponding to the obtained BCI is stored in advance by communicating with the authentication successful media unique number processing module. If it is determined that the BCI corresponding to the obtained BCI is stored in advance, it is communicated with the NFS user information processing device or the NFS providing system, and the authentication-needed seat is included in the media unique number described in the FTM. After acquiring the corresponding authentication success media unique number, determine whether the acquired authentication success media unique number is identical to the previously stored authentication success media unique number, and the obtained authentication success media unique number is stored previously. If it is confirmed that it matches the media unique number, it communicates with the NFS user identity processing module, the NFS providing system NFS user identity authentication support system further comprises a user identity authentication NFS attributes processing module that allows the user person the NFS authentication success message may be transmitted. According to claim 2, In communication with the FTM issuing server management server, the authentication successful medium unique number processing module stored in the situation where the authentication medium identification number and NFS user side BCI, the FTM issuing server operating server The BCI is transmitted to the NFS user to check whether the FTM is terminated or discarded by the NFS user, and when the FTM is confirmed to be terminated or discarded, it communicates with the authentication successful media unique number processing module, NFS user identity authentication support system further comprises a FTM deletion / retirement response module to allow the stored BCI and authentication success media unique number stored on the NFS user side.

Images