KR101447619B1 - Identity module management method and apparatus for user equipment - Google Patents

Abstract

The present invention relates to a method for managing an identification module of a terminal, an apparatus thereof, and a recording medium therefor. According to an embodiment of the present invention, there is provided a method for managing an identification module of a terminal, comprising the steps of: receiving first information for controlling an identification module from an external device based on a first code and storing first information in a control module; Generating second information based on the first information and the second code and storing the generated second information in the identification module, controlling the first information stored in the control module and the second information stored in the identification module Setting a module, performing a first authentication process based on a first input code of the user and second information stored in the identification module with respect to the control module, and performing a first authentication process based on the second input code of the user and the first information stored in the control module Performing a second authentication process for receiving an authentication result from an external device based on the first authentication process and the second authentication process, And a step of allowing data transfer.

Description

≪ Desc / Clms Page number 1 > IDENTITY MODULE MANAGEMENT METHOD AND APPARATUS FOR USER EQUIPMENT &

The present invention relates to a method and apparatus for managing an identification module, and more particularly, to a method and apparatus for managing data transmission / reception with respect to an identification module.

2. Description of the Related Art [0002] Recent mobile communication terminals are implemented in the form of a multimedia device having multiple functions such as photographing and photographing, reproduction of music and video files, and reception of games and broadcasting. For example, using a smart phone, a user can operate an application at any time and place, or create content such as a photograph or a video.

Conventionally, users have performed an authentication procedure for connecting a network (e.g., a wireless network) using a Universal Subscriber Identity Module (USIM) embedded in a device. In general, personal information is managed for connecting a network based on an identification module (USIM), and when the identification module is lost, personal information is exposed to others.

That is, when the identification module is stolen / exploited by another person regardless of whether or not the user is managed by the terminal, not only the leakage of the personal information existing in the user's identification module but also the financial damages using the identification module (for example, Payment fraud, excessive credit, unauthorized cyber money purchase and resale). Therefore, there has been a need to find a way to prevent misuse / abuse of the identification module.

It is an object of the present invention to provide a method for limiting access to an identification module of a terminal in order to prevent unauthorized use of the identification module.

It is another object of the present invention to provide a method for restricting access to an identification module of a communication system to prevent unauthorized use of the identification module.

It is still another object of the present invention to provide an apparatus that supports the above-described methods.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not intended to limit the invention to the precise form disclosed. Lt; / RTI >

According to an aspect of the present invention, there is provided a method for managing an identification module of a terminal, the method comprising: receiving first information for controlling the identification module from an external device based on a first code; Storing in a control module; Generating second information based on the received first information and second code, and storing the generated second information in the identification module; Setting the control module using first information stored in the control module and second information stored in the identification module; The control module performs a first authentication process based on the first input code of the user and the second information stored in the identification module, and based on the second input code of the user and the first information stored in the control module Performing a second authentication process for receiving an authentication result from the external device; And allowing data transfer between the control module and the identification module if both the first authentication process and the second authentication process are successful.

Further, the first information may be information generated by encrypting the first code in the external device, and the first information may be encryption key data.

Further, the second information may be information for generating the received first information through encryption based on the second input code.

Further, the first authentication process receives the first input code from the user and determines based on the matching result of the first input code and the second information stored in the identification module, and the second authentication process The second input code is received from the user, the second input code is transmitted to the external device, the authentication result is received from the external device, and the user authentication is performed.

The step of setting the control module further includes the steps of: setting a data transmission condition between the identification module and the control module to an interface module for inputting the user; Initializing information other than the set data transmission condition for the interface module; And storing information about the initialized interface module in the control module.

Further, the step of allowing the data transmission includes transmitting a response message regarding the first authentication process and the second authentication process to the interface module; Receiving an information processing request from the interface module and receiving request information corresponding to the information processing request from the identification module; And transmitting the request information to the interface.

Preferably, the first information, the second information, the first input code, and the second input code are information composed of at least one combination of letters, numbers and symbols inputted from the user .

According to an aspect of the present invention, there is provided a terminal including a control module for receiving first information from an external device based on a first code and storing the first information; And an identification module for generating second information based on the received first information and second code and storing the generated second information, wherein the control module controls the first information and the second information And the control module performs a first authentication process based on the first input code of the user and the second information stored in the identification module, and the second input code of the user and the first input code of the first A second authentication process for receiving the authentication result from the external device based on the information and permitting data transfer between the control module and the identification module when both the first authentication process and the second authentication process are successful .

Further, the first information may be information generated by encrypting the first code in the external device, and the first information may be encryption key data.

Further, the second information may be information for generating the first information through encryption based on the second input code.

Further, the control module receives the first input code from the user, processes the first input code and the second information stored in the identification module based on the matching result, The second authentication process receives a second input code from the user, transmits the input second input code to the external device, receives the authentication result from the external device, and performs user authentication And,

Further, the terminal may further include an interface module for inputting by the user, wherein the control module sets a data transmission condition between the identification module and the control module in the interface module, The control module initializes information of the initialized interface module, and stores information about the initialized interface module in the control module.

Further, the control module transmits a response message relating to the first authentication processing and the second authentication processing to the interface module, receives an information processing request from the interface module, and transmits request information corresponding to the information processing request to the interface module From the identification module, and transmits the request information to the interface.

According to an aspect of the present invention, there is provided a method for managing an identification module of a communication system, the method comprising: transmitting a first code to a server; The server receiving the first code and transmitting first information for controlling the identification module of the terminal based on the first code; The terminal receiving the first information and storing the received first information in a control module of the terminal; Generating second information based on the stored first information and second code, and storing the generated second information in an identification module of the terminal; Performing initialization using the stored first information and second information; Performing a first authentication process on the control module of the terminal based on a first input code of the user and second information stored in the identification module of the terminal; Performing a second authentication process in which the terminal receives an authentication result from the server based on a second input code of the user and first information stored in a control module of the terminal; And allowing data transmission between the control module of the terminal and the identification module of the terminal if the terminal succeeds in both the first authentication processing and the second authentication processing.

Further, the first information may be information generated by encrypting the first code in the server, and the first information may be encryption key data.

Further, the second information may be information for generating the first information through encryption based on the second input code.

The step of performing initialization by the terminal may further include setting a data transmission condition between an identification module of the terminal and a control module of the terminal to an interface module of the terminal for inputting the user; Initializing information other than the set data transmission condition for the interface module of the terminal; And storing information about the initialized interface module of the terminal in the control module of the terminal.

The first authentication process receives the first input code from the user and determines based on the matching result of the first input code and the second information stored in the identification module of the terminal, Wherein the second input code is transmitted from the terminal to the server and the authentication result for the second input code is transmitted from the server to the terminal, And then performing the following steps.

According to an aspect of the present invention, there is provided a computer-readable recording medium having recorded thereon a program for receiving first information for controlling the identification module from an external device based on a first code, To the control module; Means for generating second information based on the received first information and second code and storing the generated second information in the identification module; Means for setting the control module using first information stored in the control module and second information stored in the identification module; The control module performs a first authentication process based on the first input code of the user and the second information stored in the identification module, and based on the second input code of the user and the first information stored in the control module Means for performing a second authentication process for receiving an authentication result from the external device; And means for allowing data transfer between the control module and the identification module when both the first authentication process and the second authentication process are successful.

According to the present invention, on / off-line authentication is performed with respect to the approach of the identification module, thereby making it possible to prevent misuse of the identification module.

In addition, according to the present invention, the data path for accessing the identification module is managed in a medium, and the cause of the problem and information on the solution of information leakage are provided.

The effects obtained in the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description .

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention.
1 is a diagram for explaining a conventional communication system including a terminal and a network.
2 is a diagram illustrating a method of managing an identification module of a terminal according to an embodiment of the present invention.
3 is a diagram illustrating a method of managing an identification module of a terminal for initializing a data transmission condition according to another embodiment of the present invention.
4 is a diagram illustrating a method of managing an identification module of a communication system according to another embodiment of the present invention.
5 is a diagram illustrating a configuration of a terminal that performs management of an identification module according to another embodiment of the present invention.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The following detailed description, together with the accompanying drawings, is intended to illustrate exemplary embodiments of the invention and is not intended to represent the only embodiments in which the invention may be practiced. The following detailed description includes specific details in order to provide a thorough understanding of the present invention. In the description of the drawings, there is no description of procedures or steps that may obscure the technical gist of the present invention, nor is any description of steps or steps enough to be understood by those skilled in the art.

Throughout the specification, when an element is referred to as "comprising" or " including ", it is meant that the element does not exclude other elements, do. Also, the terms " part, "" module," and " module ", etc. in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software have. Also, the terms " a or ", "one "," the ", and the like are synonyms in the context of describing the invention (particularly in the context of the following claims) May be used in a sense including both singular and plural, unless the context clearly dictates otherwise.

The specific terms used in the embodiments of the present invention are provided to facilitate understanding of the present invention, and the use of such specific terms may be changed into other forms without departing from the technical idea of the present invention.

1 is a diagram illustrating a conventional communication system including a terminal and a network.

In the present invention, a terminal refers to a device that performs an authentication procedure for accessing a network, and may store specific parameters to perform an authentication procedure. Examples of the terminal may include a personal computer (PC), a notebook computer, a mobile phone, a tablet PC, a smart phone, and a PDA (Personal Digital Assistants). Of course, this is merely an example, and it should be construed as a concept including a device that is currently developed, commercialized, or capable of all communication to be developed in the future, in addition to the above-described examples. In addition, the specific parameters should be construed as a concept including user information, terminal information, network information, or any other information that the terminal considers necessary for accessing the network to provide services.

Network means a data communication network for data transmission and information exchange between devices capable of sharing, exchanging, transmitting and receiving data with other terminals, servers or other terminals of the present invention, and the type is not particularly limited . For example, i-bimnet, which provides high-capacity data transmission and reception services through Internet Protocol (IP), and data service without disconnection, is an i-bimetal architecture that integrates different networks based on IP, It can be network. The network 140 may be a mobile communication network including a wired network, a Wibro (Wireless Broadband) network, a WCDMA, a High Speed Downlink Packet Access (HSDPA) network and an LTE network, A network, and a Wi-Fi network.

According to a hardware implementation, the embodiments described herein may be implemented as application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays May be implemented using at least one of a processor, controllers, micro-controllers, microprocessors, and other electronic units for performing other functions. In some cases, The described embodiments may be implemented by the processor itself.

According to a software implementation, embodiments such as the procedures and functions described herein may be implemented with separate software modules. Each of the software modules may perform one or more of the functions and operations described herein. Software code can be implemented in a software application written in a suitable programming language. The software code is stored in a memory and can be executed by a processor.

The conventional technology acquires a parameter (e.g., IMSI, Ki, etc.) for network authentication using an identification module 120 (e.g., a USIM) in which the terminal 110 is embedded, The connection is established to the network 130 when the authentication is successful. Accordingly, the terminal 110 is configured to store not only general communication network related parameters from a memory, an embedded USIM module, and the like, but also parameters required for authentication for network connection.

Hereinafter, a method for limiting or managing access to an identification module of a terminal on a communication system is proposed. Each method described below is only one embodiment of the present invention and does not limit the method of accessing the identification module of the terminal.

2 is a diagram illustrating a configuration of a terminal and an identification device and a short-range wireless communication according to an embodiment of the present invention.

The terminal includes a processor 210, an RF communication unit 220, a memory 230, and a display module 240.

The processor 210 is configured to implement the procedures and / or methods proposed in the present invention described below.

The RF communication unit 220 is electrically connected to the processor 210 and transmits and / or receives various messages, signals, and the like according to an embodiment of the present invention to be described later, under the control of the processor 210. The processor 210 may generate various messages and signals according to an embodiment of the present invention to be described later, and may transmit various messages, signals, and the like by controlling the RF communication unit 220. Specifically, the in-terminal processor 210 generates various messages or signals to be transmitted through the network in the embodiments of the present invention, or transmits the generated messages or signals to the RF communication unit 220 And the memory 230 and the like.

The memory 230 is a means for storing data and programs necessary for the operation of the processor 210 and basically stores an operating program and an application program to be executed by the processor 210. [ For example, it stores an operating system, an application, and various files. In particular, in the present invention, the memory 230 is a storage for storing information for performing data transmission / reception through a network. The memory 230 may be implemented by various storage means. For example, the memory 230 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, an SD or XD memory A random access memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM) Magnetic disk, magnetic disk, magnetic disk, or optical disk. The memory 230 may be internal or external to the processor 210 and may be coupled to the processor 210 in a variety of well known ways. The processor 210 controls the memory 230 to store specific information in the memory 230 or to retrieve specific information from the memory 230. [

The display module 240 may be implemented as display means in the present invention. In particular, the display module 240 may be implemented as a display unit, for example, For example, a liquid crystal display (LCD), a thin-film transistor-liquid crystal display (TFT-LCD), a light emitting diode (LED), an organic light emitting diode (OLED), an active matrix organic light emitting diode (AMOLED) A display (flexible display), and a three-dimensional display.

The identification device is defined as a device provided with an identification module. The identification module is a chip storing various information for authenticating the usage right of the terminal. The identification module includes a user identification module (UIM), a subscriber identity module (SIM) An Identity Module, a Universal Subscriber Identity Module (USIM), and the like. In addition, the identification device can be manufactured in a smart card format. Therefore, since the identification device can provide the financial function to the user by using the USIM or the like, it can perform functions such as the traffic card and the ID authentication. Particularly, in the present invention, the identification device is defined as an identification device configured to receive a password from a user using special characters, numbers, letters, symbols, or the like.

In the present invention, a terminal can perform data communication with an external device (e.g., a server) using an identification device included in the terminal to acquire authentication information for connection to a network, and performs authentication of the identification device . A series of procedures for establishing communication between the terminal and the external apparatus are well known in the art and will not be described in detail.

Referring to FIG. 3, a method for managing an identification module of a terminal according to an embodiment of the present invention will be described.

The terminal receives the first information for controlling the identification module from the external device based on the first code, and stores the received first information in the control module (S301).

In the present invention, the first code means a code set by combining special characters, numbers, letters, symbols, or the like. For example, a user can input a first code into a terminal or a preset first code from a memory or the like in a specific key, setting, or other arbitrarily determined manner by the user during use of the terminal.

According to an embodiment of the present invention, the terminal transmits the first code to the server. For example, the terminal may transmit the first code to the server with a request for specific first information, or may transmit only the first information to the server. Accordingly, when the server receives the first code together with the request for the specific first information, the request for the specific first information performs the code processing corresponding to the first code. For example, if the specific first information is an encryption key and the request for specific first information generates an encryption key, then the first code and other system information (e.g., network address, etc.) To generate a unique encryption key for the first code. The procedure for generating the above-described encryption key is a well-known technique, and thus a detailed description thereof will be omitted.

The terminal receives the first information from the server. The received first information may be stored in the control module. That is, according to an embodiment of the present invention, there is a need for a method of controlling access to a control module to control an identification module by controlling a control module that transmits data to the identification module. Accordingly, data for managing the access of the control module for the implementation of the present invention can be stored in the control module.

In the present invention, when the control module is implemented in software, the user can receive the corresponding module from the application maker through the network or the like to the terminal, install the control module in the terminal, and provide the intended service according to the registered application As shown in FIG. For example, if the control module is a web application, it can be configured in the form of a package, and can be a file format such as " .zip ", " .wgt " Accordingly, the control module can generate and manage an encryption key, and can perform encryption of a specific module and application using the generated encryption key. That is, source files (or source codes) in the form of ".html", ".htm", ".js", ".css" included in the packaged application are encrypted using an encryption algorithm, The application can be packaged in a different file format for each operating system (OS) to be operated. For example, an application that has a packaging file format of ".wgt" may be encrypted and then repackaged in the ".APK" file format to allow the application to run on a terminal running on the Android operating system. .

When the terminal successfully receives the first information from the server, the terminal may be configured to encrypt the data transmission path for accessing the identification module using the first information.

The terminal generates second information based on the received first information and second code, and stores the generated second information in the identification module (S302). The second code in the present invention means a code set by combining special characters, numbers, letters, symbols, or the like as in the first code. According to an embodiment of the present invention, by generating second information based on first information received from a server and second code newly input from a user, the identification device is authenticated to an external device such as a server, It can be set to operate only when it is matched with the identification information unique to the terminal. Therefore, the identification module operates not only in the case of user authentication through the network but also in the case of successful authentication of the terminal, so that the present invention has an effect of preventing user damage due to duplication of the identification module or the like. For example, when the first information is an encryption key received from the server, the terminal can receive the second code from the user and perform the encryption, and the result of performing the encryption can be defined as the second information have. Therefore, according to the present invention, it is possible to additionally encrypt the data or the data storage area which can confirm the encryption of the first information stored in the identification module by the first information.

The terminal stores the generated second information in the identification module. According to an embodiment of the present invention, the identification module can be stored as a specific parameter or a specific variable, and thus the generated second information can be stored in the identification module. Further, the second information may be information including a specific encryption key, and the identification module may be configured to include encrypted information corresponding to the second information.

The terminal sets up the control module using the first information stored in the control module and the second information stored in the identification module (s303). According to an embodiment of the present invention, the step of setting the control module sets the data transmission condition between the identification module and the control module in the interface module, and all of the information other than the data transmission condition set in the interface module, The interface module can be initialized. Initialize the interface module, and then store information about the initialized interface module in the control module. Therefore, when the first information and the second information are set for the identification module, the user fails to read the information contained in the identification module of the terminal if the data transfer condition is not satisfied. At this time, And to read the data through the identification module. The control module may additionally call the interface module to receive a specific input to the user and may perform the authentication function described above with respect to a specific input.

In the present invention, an interface module refers to a module implemented to receive input from a user or process commands of a predetermined system. That is, the interface module generates input data for the user to control the operation of the terminal. Such an interface module can be implemented by various types of input means. For example, the interface module may include at least one of a key pad, a dome switch, a touch pad (static / static), a jog wheel, a jog switch, and a voice input device.

According to an embodiment of the present invention, the control module can set a data transmission condition to the interface module by software such as a USIM Reading API Listen. When the data transfer condition called by the control module is set by the interface module, the control module can initialize the interface module by rebooting the interface module. At the time of rebooting, the information excluding the data transfer condition is pre- . The sequence of procedures for initializing the terminal is well known in the art, and thus a detailed description thereof will be omitted. The interface module initializes the conditions except for the data transfer condition, and stores the information on the control module.

The interface module determines whether or not the data transmission condition is satisfied when a request for reading the information of the identification module is received from a user or the like. For example, USIM Reading API listening information can be inquired to determine whether the data transmission condition is satisfied. If the interface module does not satisfy the data transfer condition, the control module can be called.

The terminal performs a first authentication process based on the first input code of the user and the second information stored in the identification module with respect to the control module, and based on the second input code of the user and the first information stored in the control module, (S305). ≪ / RTI > In an embodiment of the present invention, the first input code is a code for comparing with the second information with a code input to a user or the like through the interface module. The terminal receives the first input code from the user and compares the input first input code with the first information stored in the identification module. For example, when the terminal enciphers the first information stored in the control module using the first input code, it determines whether the same information as the second information is generated. If the same information is generated, the terminal authenticates the terminal . Accordingly, the terminal performs authentication based on the second information stored in the identification module, without performing separate communication in the case of the first authentication process. That is, the first input code inputted by the user performs the authentication function with the second code of the encrypted area included in the second information using the control module.

If the authentication process is successful based on the first input code and the second information, the terminal receives the second input code from the user and transmits the input second input code to the external device. The second input code refers to a code set using special characters, numbers, letters, symbols, or the like. Preferably, the second input code is transmitted to the server via a separate channel for security, and the control module performs a second authentication process on the user using the received second input code.

If both the first authentication process and the second authentication process are successful, the terminal permits data transmission between the control module and the identification module (S306). That is, the data path between the control module and the identification module is processed in the processing module of the terminal, so that the data path can be managed in the middle.

FIG. 4 illustrates a configuration of a terminal capable of managing an identification module according to another embodiment of the present invention. In the case of a terminal according to an embodiment of the present invention, a processor 410, an RF communication unit 420, a memory 430, a display module 440, a control module 450, an identification module 460 and an interface module 470, . In the case of the processor 410, the RF communication unit 420, the memory 430, and the display module 440, the configuration is the same as that described with reference to FIG.

In addition, the same contents as those described in the identification module management method of the terminal are replaced with the contents described above.

The control module 450 receives the first information from the external device based on the first code, and stores the first information. According to the present invention, the control module is set using the first information and the second information. Preferably, the first information is information generated by encrypting the first code in the external apparatus, and is preferably information generated by encrypting the first code.

The identification module 460 generates second information based on the received first information and second code, and stores the generated second information. And the second information is information generated through encryption based on the second input code.

 The terminal causes the control module to perform the first authentication process based on the first input code of the user and the second information stored in the identification module, and transmits the second authentication code to the control module based on the user's second input code and the first information stored in the control module Receives the authentication result, and performs the second authentication process. It is preferable that the data transfer is allowed between the control module and the identification module only when both the first authentication process and the second authentication process are successful. For example, the first authentication process may receive the first input code from the user, process it based on the matching result of the first input code and the second information stored in the identification module, May receive the second input code from the user, transmit the input second input code to the server, and receive the authentication result from the server to perform the second authentication process regarding the user authentication.

According to an embodiment of the present invention, the terminal may further include an interface module 470 for a user's input. In a case where the interface module 470 is included, the control module sets the transmission condition between the identification module and the control module in the interface module, initializes information other than the set data transmission condition stored in the interface module, May be stored in the control module. The control module transmits a response message relating to the first authentication process and the second authentication process to the interface module, receives the information processing request from the interface module, identifies the request information corresponding to the information processing request, Module, and to transmit the request information to the interface.

5 is a diagram illustrating a data flow for a method of managing an identification module of a terminal in a communication system according to an embodiment of the present invention. The same contents as those of the identification module management method of the terminal are replaced with the contents described above.

The control module of the terminal receives the first code from the user to manage the identification module, and transmits the first code to the server (S501). The server generates information having a unique value for the first code, and transmits the generated first information to the control module of the terminal (S502). Preferably, the first information is implemented as an encryption key. The terminal generates second information based on the first information, and the generated second information is transmitted to the identification module (S503). The control module of the terminal sets up a data transmission condition based on the first information and the second information with the interface module (S504). Preferably, the terminal preferably reboots the interface module or the like to initialize conditions other than the data transmission condition (S505). If the terminal receives a request to read the information of the identification module, the terminal performs a first authentication process to use the data stored in the identification module (S506). That is, the control module performs authentication processing with information stored in an accessible area. If the first authentication process is successful, the terminal transmits the first information and the second input code (received from the user) to the server (S507). The server transmits the authentication result to the control module of the terminal based on the first information and the second input code (S508). The terminal processes data transmission between the control module and the identification module when the first authentication process and the second authentication process are successful.

The embodiments described above are those in which the elements and features of the present invention are combined in a predetermined form. Each component or feature shall be considered optional unless otherwise expressly stated. Each component or feature may be implemented in a form that is not combined with other components or features. It is also possible to construct embodiments of the present invention by combining some of the elements and / or features. The order of the operations described in the embodiments of the present invention may be changed. Some configurations or features of certain embodiments may be included in other embodiments, or may be replaced with corresponding configurations or features of other embodiments. It is clear that the claims that are not expressly cited in the claims may be combined to form an embodiment or be included in a new claim by an amendment after the application.

Embodiments in accordance with the present invention may be implemented by various means, for example, hardware, firmware, software, or a combination thereof. In the case of hardware implementation, an embodiment of the present invention may include one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs) field programmable gate arrays, processors, controllers, microcontrollers, microprocessors, and the like.

In the case of an implementation by firmware or software, an embodiment of the present invention may be implemented in the form of a module, a procedure, a function, or the like which performs the functions or operations described above. The software code can be stored in a memory unit and driven by the processor. The memory unit is located inside or outside the processor, and can exchange data with the processor by various means already known.

It will be apparent to those skilled in the art that the present invention may be embodied in other specific forms without departing from the spirit of the invention. Accordingly, the above description should not be construed in a limiting sense in all respects and should be considered illustrative. The scope of the present invention should be determined by rational interpretation of the appended claims, and all changes within the scope of equivalents of the present invention are included in the scope of the present invention.

In the wireless communication system of the present invention, a method of performing authentication processing using a terminal for performing a network connection using an identification device can be applied to various wireless communication systems such as a 3GPP LTE system.

Claims (24)

A method for managing an identification module of a terminal,
Receiving first information for controlling the identification module from an external device based on a first code for authentication of the identification module, and storing the first information in a control module;
Generating second information based on the received first information and a second code received from a user, and storing the generated second information in the identification module;
Setting the control module using first information stored in the control module and second information stored in the identification module;
The control module performs a first authentication process based on the first input code of the user and the second information stored in the identification module, and based on the second input code of the user and the first information stored in the control module Performing a second authentication process for receiving an authentication result from the external device; And
And allowing data transmission between the control module and the identification module when both the first authentication process and the second authentication process are successful,
Wherein the setting of the control module comprises:
And storing information of an interface module set to store a data transmission condition between the identification module and the control module according to the first information and the second information.
A method for managing an identification module of a terminal. The method according to claim 1,
Wherein the first information comprises:
And the first code is information generated by encrypting the first code in the external device. 3. The method of claim 2,
Wherein the first information is key data. ≪ RTI ID = 0.0 > 11. < / RTI > The method according to claim 1,
Wherein the second information comprises:
And generating the received first information through encryption based on the second input code. The method according to claim 1,
Wherein the first authentication process receives the first input code from the user and determines based on a matching result of the input first input code and second information stored in the identification module,
Wherein the second authentication process receives a second input code from the user, transmits the second input code to the external device, receives the authentication result from the external device, and performs user authentication , A method for managing an identification module of a terminal. The method according to claim 1,
Wherein the setting of the control module comprises:
Setting a data transmission condition between the identification module and the control module in an interface module for inputting the user;
Initializing information other than the set data transmission condition for the interface module; And
And storing the information on the initialized interface module in the control module. The method according to claim 6,
The method of claim 1,
Transmitting a response message relating to the first authentication process and the second authentication process to the interface module;
Receiving an information processing request from the interface module and receiving request information corresponding to the information processing request from the identification module; And
And transmitting the request information to the interface. ≪ Desc / Clms Page number 19 > The method according to claim 1,
Wherein the first information, the second information, the first input code, and the second input code are information composed of at least one combination of letters, numbers, and symbols input from the user, How to manage. A control module for receiving first information from an external device based on a first code for authentication of the identification module and storing the first information; And
And an identification module for generating second information based on the received first information and a second code received from a user and storing the generated second information,
Wherein the control module is set using the first information and the second information,
Wherein the control module performs a first authentication process based on a first input code of the user and second information stored in the identification module, and performs a first authentication process based on the second input code of the user and the first information stored in the control module A second authentication process for receiving an authentication result from an external device and permitting data transfer between the control module and the identification module when both the first authentication process and the second authentication process are successful,
The setting of the control module,
And stores information of an interface module set to store a data transmission condition between the identification module and the control module according to the first information and the second information. 10. The method of claim 9,
Wherein the first information comprises:
And the second code is information generated by encrypting the first code in the external device. 11. The method of claim 10,
Wherein the first information is encryption key data. 10. The method of claim 9,
Wherein the second information comprises:
Wherein the first information is information for generating the first information through encryption based on the second input code. 10. The method of claim 9,
The control module
Wherein the first authentication process receives the first input code from the user and processes the first input code based on the matching result of the first input code and the second information stored in the identification module,
Wherein the second authentication process receives a second input code from the user, transmits the input second input code to the external device, and receives the authentication result from the external device to perform user authentication , Terminal. 10. The method of claim 9,
Further comprising an interface module for user input,
The control module includes:
Setting a data transmission condition between the identification module and the control module in the interface module, initializing information other than the set data transmission condition stored in the interface module, and storing information about the initialized interface module in the control module And the terminal. 15. The method of claim 14,
The control module
A response message relating to the first authentication processing and the second authentication processing is transmitted to the interface module, an information processing request is received from the interface module, and request information corresponding to the information processing request is received from the identification module , And transmits the request information to the interface. 10. The method of claim 9,
Wherein the first information, the second information, the first input code, and the second input code are information composed of at least one combination of letters, numbers, and symbols inputted from the user. A method for managing an identification module of a communication system,
The terminal transmitting a first code for authentication of the identification module to the server;
The server receiving the first code and transmitting first information for controlling the identification module of the terminal based on the first code;
The terminal receiving the first information and storing the received first information in a control module of the terminal;
Generating second information based on the stored first information and a second code received from a user and storing the generated second information in an identification module of the terminal;
Performing initialization of an interface module using the stored first information and second information, and storing information of the initialized unphase module in the control module;
Performing a first authentication process on the control module of the terminal based on a first input code of the user and second information stored in the identification module of the terminal;
Performing a second authentication process in which the terminal receives an authentication result from the server based on the second code and first information stored in a control module of the terminal; And
And allowing the terminal to transfer data between the control module of the terminal and the identification module of the terminal when both the first authentication processing and the second authentication processing are successful. 18. The method of claim 17,
Wherein the first information comprises:
Wherein the first code is information generated by encrypting the first code in the server. 18. The method of claim 17,
Wherein the first information is encryption key data. ≪ RTI ID = 0.0 > 11. < / RTI > 18. The method of claim 17,
Wherein the second information comprises:
And generating the first information through encryption based on the second input code. 18. The method of claim 17,
The step of the terminal performing initialization includes:
Setting a data transmission condition between an identification module of the terminal and a control module of the terminal to an interface module of the terminal for inputting the user;
Initializing information other than the set data transmission condition for the interface module of the terminal; And
And storing information about the initialized interface module of the terminal in the control module of the terminal. 18. The method of claim 17,
Wherein the first authentication process receives the first input code from the user and determines based on the matching result of the first input code and the second information stored in the identification module of the terminal,
The second authentication process receives a second input code from the user, transmits the input second input code from the terminal to the server, and transmits the authentication result for the second input code from the server to the terminal And performing user authentication by transmitting the identification information. 18. The method of claim 17,
Wherein the first information, the second information, the first input code, and the second input code are information composed of at least one combination of letters, numbers, and symbols input from the user. How to manage modules. Means for receiving first information for controlling an identification module from an external device based on a first code and for storing the first information in a control module;
Means for generating second information based on the received first information and second code and storing the generated second information in the identification module;
Means for setting the control module using first information stored in the control module and second information stored in the identification module;
The control module performs a first authentication process based on the first input code of the user and the second information stored in the identification module, and based on the second input code of the user and the first information stored in the control module Means for performing a second authentication process for receiving an authentication result from the external device; And
And means for allowing data transfer between the control module and the identification module when both the first authentication process and the second authentication process are successful.
A computer-readable recording medium storing a program.

Images