KR101598992B1 - Method for Registering One Time Password Medium by User's Handhold Phone - Google Patents

Abstract

According to the opportuni media registration method of a customer's cellular phone of the present invention, there is provided a method executed by a server communicating with a customer's cellular phone, comprising the steps of: receiving a program from a program of a customer's cellular phone that executes a program implementing OTP (One Time Password) Receiving identification number information for providing the OTP, which is dynamically generated through the following OTP generation program, to the program of the customer's mobile phone, receiving the customer's mobile number information and the customer's unique information of the customer using the program of the customer's mobile phone via the OTP generation program, Wherein the identification number information is mapped with the customer's mobile phone number information or the customer's unique information when the validity of the customer is authenticated using the customer's mobile phone number information and the customer's unique information, And stores the customer's mobile phone number information A customer mobile phone that maps an OTP generation program on a designated server that dynamically generates an OTP to be implemented through a program of the customer's mobile phone with a program of a customer's mobile phone to be provided with the OTP, And registers the generated OTP medium as an OTP medium that is dynamically generated through the OTP generation program.

Description

[0001] The present invention relates to a method for registering a user's mobile phone with an open-

The present invention provides a method executed by a server for communicating with a customer's cellular phone, the method comprising the steps of: receiving from the program of a customer's cellular phone installed with a program implementing OTP (One Time Password) And receives identification number information for providing the OTP, which is dynamically generated through the OTP generation program, to the program of the customer's mobile phone, and transmits the customer's mobile number information and the customer's own information Wherein the identification number information is mapped with the customer's mobile phone number information or the customer's own information and stored, and the mobile phone number information or the customer's mobile phone number information The customer's mobile phone An OTP generation program for dynamically generating an OTP to be implemented through a program of the OTP and a customer mobile phone to which the OTP is to be provided, The present invention relates to a method for registering an OTP media in a customer's mobile phone.

When a user inputs a mobile phone number and subscriber information through a user terminal and then provides the mobile phone number and subscriber information through a user terminal, the mobile phone user authenticates that the subscriber is a valid subscriber of the communication company through the mobile phone number and subscriber information, If the authentication number received through the user terminal is matched with the authentication number transmitted to the user's mobile phone, the approval number is accepted and the payment amount is charged to the next month's communication fee of the user's mobile phone (Application No. 10-2000-0020757).

However, the leakage of personal information occurs in an irregular manner, and the personal information leaked is publicly traded (or disclosed) through the Internet, and the number of lost cell phones is more than 200,000 per month on average In this situation, anyone who acquires or replicates a mobile phone of another person can have his / her mobile phone settlement approved using the leaked personal information.

Particularly, although the mobile phone settlement approval is performed in real time, the settlement of the settlement amount is performed on the average within 45 days after the approval of the payment, in case of damage using the acquired / copied mobile phone and the leaked personal information, The damage is expected to reach astronomical figures.

An object of the present invention is to provide a method executed by a server communicating with a customer's cellular phone, comprising the steps of: receiving from the program of a customer's cellular phone installing a program implementing OTP (One Time Password) A first step of receiving customer specific information of a customer using a program of a customer's cellular phone and receiving identification number information for providing an OTP dynamically generated through the following OTP generation program to the program of the customer's cellular phone, And a second step of, when the validity is authenticated, a step of mapping the identification number information to the customer's mobile phone number information or the customer's unique information and storing the identification number information The customer's mobile phone number information or the customer's unique information An OTP generation program on a designated server for dynamically generating an OTP to be implemented through a program of the customer's cellular phone and a customer's cellular phone program to be provided with the OTP, And registering the generated OTP media as an OTP medium that is dynamically generated through the OTP media.

A method for registering an opportunistic media of a customer's mobile phone according to the present invention is a method executed by a server communicating with a customer's mobile phone, comprising the steps of: receiving a program from a program of a customer's mobile phone in which a program implementing OTP (One Time Password) And receives identification number information for providing the OTP, which is dynamically generated through the following OTP generation program, to the program of the customer's mobile phone, receives the customer's mobile number information and the customer's unique information of the customer using the program of the customer's mobile phone via the OTP generation program, A second step of processing the validity of the customer using the program of the customer's mobile phone to be authenticated using the customer's mobile phone number information and the customer's unique information, Or customer specific information, An OTP generation program on a designated server for dynamically generating an OTP to be implemented through a program of the customer's cellular phone, and a program of a customer's cellular phone to be provided with the OTP, using the mobile phone number information or the customer's unique information, And registering the customer's cellular phone as an OTP medium that is provided with an OTP dynamically generated through the OTP generation program.

delete

In the method for registering an opportunistic medium of a customer's mobile phone according to the present invention, the customer's mobile phone number information is uniquely generated and stored in the memory of the mobile phone having the program, And an identification code stored in a USIM of a customer's mobile phone having the program.

The method may further include the step of processing the customer mobile phone to provide a program to be provided with the OTP dynamically generated through the OTP generation program on the designated server in the customer mobile phone, do.

In the method of registering an opportunistic medium of a customer's cellular phone according to the present invention, the method further includes processing the decoding result to provide a decryption key for decrypting the encrypted OTP by the program of the customer's cellular phone.

The method may further include the step of processing the validity of the program provided to the customer's mobile phone to be authenticated using the customer's mobile phone number information, in the second step of the opportunistic media registration method of the customer's mobile phone according to the present invention .

The method may further include confirming an OTP generation program on a designated server for dynamically generating an OTP that can be displayed through a program of the customer's mobile phone using the customer's mobile phone number information, And the third step is to map the program of the customer's cellular phone and the identified OTP generation program using the customer's mobile phone number information or the customer's unique information.

The method may further include the step of confirming a generated key value for dynamically generating an OTP to be provided as a program of the customer's cellular phone, And storing the generated generated key value as a generated key value to be applied to the OTP generation program on the designated server using the number information or the customer unique information.

The method comprising the steps of: receiving an identification number input via the customer's cellular phone from a program of the customer's cellular phone when outputting an OTP through a program of the customer's cellular phone; And authenticating the identification number received from the program of the customer's cellular phone using the identification number mapped with the information.

In the method for registering an opportunistic media of a customer's mobile phone according to the present invention, the method includes the steps of: confirming a dynamically generated OTP to be provided to a program of the customer's mobile phone through an OTP generation program of a designated server at the time of OTP output through a program of the customer's mobile phone A fourth step of encrypting the OTP so as to be decryptable through the program of the customer's cellular phone, and a sixth step of transmitting the encrypted OTP to the program of the customer's cellular phone.

A method for registering an opportunistic medium of a customer's cellular phone, the method comprising: receiving the customer's cellular phone number information from a program of the customer's cellular phone during OTP output through a program of the customer's cellular phone; And authenticating the customer's cellular phone having the program using the customer's mobile phone number information as an OTP medium that displays the dynamically generated OTP through the OTP generation program of the designated server.

The method may further include the step of generating an encryption key corresponding to a decryption key corresponding to the program of the customer's cellular phone using the customer's mobile phone number information, Wherein the OTP is encrypted through the generated encryption key.

In the opportunistic media registration method of a customer's mobile phone according to the present invention, a server communicating with the customer's cellular phone and a server having the OTP generation program may include a single server or a separate server connected to each other.

The method of registering an auto-generated condition for a mobile payment user according to the present invention is characterized in that an OTP (One Time Password) application information of a mobile payment user using a mobile payment server, a customer's mobile phone number information using a mobile payment, The method comprising the steps of: receiving customer-specific information (information including name and resident registration number information); transmitting the received customer's mobile phone number and customer-specific information (information including name and resident registration number information) A step of confirming whether the mobile phone subscriber is the customer from the mobile communication company server, if the mobile phone subscriber is the customer, setting the customer personal identification number information as the atopy generation condition information in the server, To an OTP generation key (KEY) value or OTP generation program to be provided at the time of using the mobile payment by the customer, Storing and registering personal identification number information transmitted from the customer's mobile phone in the mobile payment service using the customer through each of the steps, An OTP generation key (KEY) value associated with the generation condition information, or an OTP to be generated in the mobile phone through an OTP generation program, and then transmitted to the mobile phone.

Meanwhile, the method for registering the atypia generation condition for the mobile payment user according to the present invention is characterized in that the server uses the OTP (One Time Password) application information of the mobile payment user using the mobile payment number and the customer personal identification number The method includes the steps of: receiving information and customer-specific information (information including name and resident registration number information), setting the customer personal identification number information to the atopy generation condition information at the server, And storing and registering the OTP generation key (KEY) value to be provided by the customer in using the mobile payment or the OTP generation program in the storage medium, wherein, when using the mobile payment by the customer, When the server authenticates the personal identification number information transmitted from the customer's cellular phone, After generating the alternative OTP be generated by the mobile phone via the OTP generated keys (KEY) or OTP value generated program associated with the generation condition information, it characterized in that the processing to be sent to the mobile phone.

In a method for registering an auto-production condition for mobile settlement according to the present invention, a server transmits the received customer's mobile phone number and customer's unique information (information including name and resident number information) to a mobile communication company server, Wherein the step of confirming whether the mobile subscriber is the customer from the server further confirms whether the mobile phone is an OTP capable mobile phone from the mobile communication company server in the server.

The method of registering an atypia generation condition for mobile settlement according to the present invention is characterized in that when the server sets the customer personal identification number information to the atypia generation condition information, The customer unique information and the mobile phone unique identification information are set to one or more more apex creation condition information.

The method of registering an opportunistic generation condition for mobile payment according to the present invention is characterized in that when the personal identification number information transmitted from the customer's cellular phone is encrypted and transmitted, And decrypts and authenticates.

The method for registering an atypia generation condition for mobile payment according to the present invention is characterized in that, when the personal identification number information transmitted from the customer mobile phone is authenticated, the mobile phone number is confirmed by checking the mobile phone number associated with the personal identification number information.

The method of registering an opportunistic condition for mobile settlement according to the present invention is characterized by replacing an OTP generation key (KEY) value associated with the orthopy-generation condition information on the storage medium or an OTP to be generated by the mobile phone through an OTP generation program The generated OTP is encrypted with an encryption key corresponding to the decryption key of the mobile phone, and then the encrypted OTP is transmitted to the mobile phone.

The method of registering an opportunistic creation condition for mobile payment according to the present invention is characterized in that the server requests the replacement-generated OTP from the mobile phone and processes the information for downloading the program for outputting the replacement-generated OTP to be transmitted The method comprising the steps of:

The method for registering an auth creation condition for mobile payment according to the present invention is characterized in that the server is configured to process an OTP generation key or OTP generation key (KEY) And the like.

The method of registering an opportunistic generation condition for mobile settlement according to the present invention is characterized in that a communication interval between the server and the mobile phone is processed as an encryption interval.

According to the present invention, there is provided a method for registering an opportunistic generation condition for mobile settlement, wherein the server comprises a single server or two or more separate servers.

On the other hand, a computer readable recording medium characterized by recording a program for executing the above-mentioned method of registering an atopy creation condition for mobile settlement.

Meanwhile, in the method of registering the atypia generation condition for a mobile payment user using the OTP (One Time Password) application information of the mobile payment user using the mobile payment number, A step of receiving identification number information and customer-specific information (information including name and resident registration number information); and a step of receiving the received customer's mobile phone number and customer-specific information (information including name and resident registration number information) The method comprising the steps of: transmitting, to the mobile communication company server, confirming whether the mobile phone subscriber is the customer from the mobile communication company server; if the mobile phone subscriber is the customer, the information registration means sets the customer personal identification number information as the no- , An OTP generation key (KEY) value to be provided when the customer makes a mobile payment, or an OTP generation key And storing and registering the stored personal identification number information in a storage medium, wherein the personal identification number information transmitted from the customer's mobile phone in the OTP processing means is authenticated (OTP) generation key (KEY) value associated with the atopy generation condition information or an OTP to be generated in the mobile phone through the OTP generation program on the storage medium, and then transmits the created OTP to the mobile phone .

Meanwhile, in the method of registering the atypia generation condition for a mobile payment user using the OTP (One Time Password) application information of the mobile payment user using the mobile payment number, Receiving identification number information and customer-specific information (information including name and resident registration number information), setting the customer personal identification number information as the atopy generation condition information in the information registration means, And storing and registering the condition information in a storage medium in connection with an OTP generation key value or an OTP generation key value to be provided by the customer in using the mobile payment, When using the mobile payment, if the personal identification number information transmitted from the customer's cellular phone is authenticated by the OTP processing means, An OTP generation key (KEY) value associated with the atopy generation condition information on the storage medium, or an OTP to be generated in the mobile phone through the OTP generation program, and then transmitted to the mobile phone.

Meanwhile, in the method of registering the atypia generation condition for a mobile payment user using the OTP (One Time Password) application information of the mobile payment user using the mobile payment number, Receiving identification number information and customer-specific information (information including name and resident registration number information), setting the customer personal identification number information as the atopy generation condition information in the information registration means, Processing the condition information to be stored and registered in the first storage medium and processing the OTP generation key value or OTP generation program to be provided at the time of using the mobile payment by the customer so that the OTP generation program is stored and registered in the second storage medium Wherein the OTP processing means manages the first storage medium when the mobile payment is made by the customer through each of the steps, (KEY) value or OTP generation key value to be provided at the time of using the mobile payment from the server managing the second storage medium after authenticating the personal identification number information transmitted from the customer's mobile phone through the server (OTP) generation key (KEY) value or an OTP to be generated in the mobile phone through an OTP generation program, and then transmitted to the mobile phone.

In the method for registering the atypia generation condition for mobile settlement according to the present invention, the information confirming means transmits the received customer's mobile phone number and customer's unique information (information including name and resident number information) to the mobile communication company server, The step of confirming whether the mobile subscriber is the customer from the mobile communication company server further comprises checking whether the mobile phone is an OTP capable mobile phone from the mobile communication company server in the server.

The method of registering an opportunistic generation condition for mobile payment according to the present invention is characterized in that, when the customer personal identification number information is set as the atopy generation condition information, the atopy generation condition information includes the customer's mobile phone number, And the mobile phone specific identification information is set to one or more more apex creation condition information.

The method of registering an atypia generation condition for mobile payment according to the present invention is characterized in that, when personal identification number information transmitted from the customer's cellular phone is encrypted and transmitted, the encrypted personal identification number information is decrypted And authentication is performed.

The method for registering an atypia generation condition for mobile payment according to the present invention is characterized in that, when the personal identification number information transmitted from the customer mobile phone is authenticated, the mobile phone number is confirmed by checking the mobile phone number associated with the personal identification number information.

The method of registering an opportunistic generation condition for mobile payment according to the present invention is characterized in that when an OTP generation key (KEY) value or an OTP to be generated in the mobile phone is generated through an OTP generation program and then transmitted to the mobile phone, And encrypts the generated OTP with an encryption key corresponding to the decryption key of the cellular phone, and processes the encrypted OTP so as to be transmitted.

The method of registering an opportunistic generation condition for mobile payment according to the present invention is characterized in that the information transmission means requests the OTP which has been generated as a substitute for the mobile phone and transmits information for downloading the program for outputting the OTP The method of claim 1, further comprising:

The method of registering an auto-generated condition for mobile payment according to the present invention is characterized in that an OTP generation program or an OTP generation key (KEY) value for use in a general payment service is transmitted from the information transmission means to the mobile phone And further comprising:

The method of registering an opportunistic generation condition for mobile settlement according to the present invention is characterized in that a communication interval between the OTP processing means and the mobile phone is processed as an encryption section.

On the other hand, a computer readable recording medium characterized by recording a program for executing the above-mentioned method of registering an atopy creation condition for mobile settlement.

Meanwhile, according to the present invention, there is provided a system for registering an atypia generation condition for mobile payment, comprising: an OTP (One Time Password) application information of a mobile payment user using a mobile phone number; After receiving the customer specific information (information including name and resident registration number information), it transmits the received customer's mobile phone number and customer specific information (information including name and resident registration number information) to the mobile communication company server, A first server for confirming whether the mobile phone subscriber is the customer from the server, and a server for registering the customer personal identification number information as the atopy generation condition information if the mobile phone subscriber is the customer, An OTP generation key (KEY) value to be provided at the time of payment, or a second server for storing and registering in association with an OTP generation program Wherein the first server authenticates the personal identification number information transmitted from the customer's mobile phone through the second server at the time of using the mobile payment by the customer, And an OTP generation key (KEY) value associated with the OTP generation key or an OTP generation program. The OTP generation program generates an OTP to be generated in the mobile phone, and transmits the generated OTP to the mobile phone.

Meanwhile, according to the present invention, there is provided a system for registering an atypia generation condition for mobile payment, comprising: an OTP (One Time Password) application information of a mobile payment user using a mobile phone number; A first server that receives customer specific information (information including name and resident registration number information), and a server that registers the customer personal identification number information as the opiate generation condition information, And a second server for storing and registering an OTP generation key value or an OTP generation key to be provided at the time of use in connection with the OTP generation program, wherein the first server comprises: Authenticates the personal identification number information transmitted from the customer's cellular phone through the first server, An OTP generation key (KEY) value or an OTP generation program to replace the OTP to be generated in the mobile phone, and then transmit the generated OTP to the mobile phone.

In the system for registering an atypia generation condition for mobile settlement according to the present invention, when setting the customer personal identification number information as the atypia generation condition information, the second server stores the customer personal identification number information The customer's unique mobile phone number, the customer's unique information, and the mobile phone unique identification information as at least one more apex creation condition information.

In the orthophysical condition registration system for mobile settlement according to the present invention, when the personal identification number information transmitted from the customer's mobile phone is encrypted and the personal identification number information is encrypted and transmitted, The personal identification number information is decrypted and authenticated.

In the system for registering an atypia generation condition for mobile settlement according to the present invention, the second server authenticates the personal identification number information transmitted from the customer mobile phone through the mobile phone number check associated with the personal identification number information .

The opportunistic creation condition registration system for mobile settlement according to the present invention is characterized in that the first server is characterized in that the first server encrypts the substitute generated OTP with an encryption key corresponding to a decryption key of the cellular phone, .

In the system for registering an atypia generation condition for mobile settlement according to the present invention, the first server requests the alternate-generated OTP to the mobile phone, receives information for downloading a program for outputting the alternately generated OTP Is transmitted.

In the opportunistic generation condition registration system for mobile settlement according to the present invention, the first server may be configured to transmit an OTP generation key or an OTP generation key value for use of a general settlement service, .

The system for registering an atypia generation condition for mobile payment according to the present invention is characterized in that a communication interval between the server and the mobile phone is processed as an encryption period.

Meanwhile, according to the present invention, there is provided a system for registering an atypia generation condition for mobile payment, comprising: an OTP (One Time Password) application information of a mobile payment user using a mobile phone number; Information receiving means for receiving customer-specific information (information including name and resident registration number information), and transmitting the received customer's mobile phone number and customer-specific information (information including name and resident registration number information) to the mobile communication company server An information confirmation means for confirming whether the mobile phone subscriber is the customer from the mobile communication company server, and a mobile communication terminal for setting the user personal identification number information as the atopy generation condition information if the mobile phone subscriber is the customer, To an OTP generation key (KEY) value or OTP generation program to be provided at the time of using the mobile payment by the customer, And an OTP generation key (KEY) associated with the atopy generation condition information on the storage medium when the personal identification number information transmitted from the customer's cellular phone is authenticated, Value or an OTP processing means for alternately generating an OTP to be generated in the mobile phone through an OTP generation program and then transmitting the created OTP to the mobile phone.

Meanwhile, according to the present invention, there is provided a system for registering an atypia generation condition for mobile payment, comprising: an OTP (One Time Password) application information of a mobile payment user using a mobile phone number; An information receiving unit configured to receive customer specific information (information including name and resident registration number information); and a setting unit configured to set the customer personal identification number information to the atopy generation condition information, An information registration means for storing and registering an OTP generation key (KEY) value to be provided when using mobile payment or a OTP generation program in a storage medium; and means for registering personal identification number information transmitted from the customer's mobile phone , An OTP generation key (KEY) value or an OTP generation program associated with the atopy generation condition information on the storage medium And an OTP processing unit for generating an OTP to be generated in the mobile phone through the OTP processing unit and transmitting the generated OTP to the mobile phone.

Meanwhile, according to the present invention, there is provided a system for registering an atypia generation condition for mobile payment, comprising: a mobile phone user using a mobile phone, a mobile phone number, An information receiving means for receiving the information (information including name and resident registration number information) and the customer personal identification number information as the subject production condition information, Storing and registering an OTP generation key (KEY) or an OTP generation key (KEY) value to be provided at the time of using the mobile payment by the customer, and storing the OTP generation program in a second storage medium; The personal identification number information transmitted from the customer's cellular phone through the server managing the first storage medium is authenticated, and then the second storage medium is managed An OTP generation key value or an OTP generation key value to be provided at the time of using the mobile payment by the customer from the server or an OTP generation key value or an OTP to be generated in the mobile phone through the OTP generation program And an OTP processing means for processing the generated data to be transmitted to the cellular phone.

In the system for registering an atypia generation condition for mobile settlement according to the present invention, the information registration means may include at least one of a customer's mobile phone number, customer unique information, and mobile phone unique identification information other than customer personal identification number information And the atopy generation condition information.

The OTP processing means may alternatively generate an OTP to be generated in the mobile phone through the OTP generation key value or the OTP generation program, The encrypted OTP is encrypted with an encryption key corresponding to the decryption key of the cellular phone, and then the encrypted OTP is transmitted.

The system for registering an atypical creation condition for mobile payment according to the present invention includes: an information transmission request processing unit for requesting the replacement-generated OTP in the mobile phone, and transmitting information for downloading a program for outputting the generated replacement OTP; And further comprising means for performing the processing.

The system for registering an opportunistic creation condition for mobile settlement according to the present invention further includes an information transmission means for processing an OTP generation program or an OTP generation key (KEY) value for use in a general settlement service, And the like.

Meanwhile, the opportuni-generation condition registration server for mobile settlement according to the present invention sets the personal identification number information of the mobile payment-using customer as the opportuni-genera- tion condition information, And an OTP generation key (KEY) value to be provided by the customer when using mobile payment, or an OTP generation program to be stored and registered in the second storage medium, The method comprising: authenticating the personal identification number information transmitted from the customer's mobile phone through the server managing the first storage medium and then transmitting the OTP generation key value to be provided at the time of using the mobile payment from the server managing the second storage medium, After receiving the OTP generation program, the OTP generation key (KEY) value or the OTP to be generated in the mobile phone through the OTP generation program is alternatively generated Characterized in that formed by having an OTP processor processing to be sent to the mobile phone.

Meanwhile, the orthopy-generation condition registration server for mobile settlement according to the present invention sets the personal identification number information of the mobile payment-using customer as the opportunistic generation condition information, An OTP generation key (KEY) value to be provided when payment is made or an OTP generation program to be stored and registered in a storage medium; and a personal identification number (KEY) value or an OTP generation program to be provided at the time of using the mobile payment by the customer connected to the personal identification number information through the storage medium, and then transmits the determined OTP generation key value Or an OTP generating an OTP to be generated in the mobile phone through an OTP generation program and then transmitting the created OTP to the mobile phone And a rewinder.

In the orthopy-generation condition registration server for mobile settlement according to the present invention, the information registration unit may include at least one of a customer's mobile phone number, customer unique information, and mobile phone unique identification information other than customer personal identification number information Is set to the atopy generation condition information.

The OTP processing condition registration server for mobile settlement according to the present invention is characterized in that the OTP processor substitutes an OTP generation key (KEY) value or an OTP to be generated in the mobile phone through an OTP generation program, The encrypted OTP is encrypted with an encryption key corresponding to the decryption key of the cellular phone, and then the encrypted OTP is transmitted to the mobile terminal.

According to the present invention, when mobile communication company selection information corresponding to a user's mobile phone, user's mobile phone number and user's resident registration number information are inputted and transmitted from a user's wired terminal, an OTP (One Time Password) agent And provides an interface for inputting an OTP generated through the user's cellular phone and predetermined OTP verification information to the user's wired terminal only when the OTP agent is installed in the user's cell phone, And transmits the OTP and the OTP verification information to the OTP server. When the OTP and the OTP verification information are transmitted, the validity of generating the OTP 'to be compared with the OTP is authenticated through the OTP verification information. OTP 'through the OTP generation information and transmits the generated OTP' (OTP agent) installed in the mobile phone through a password (or a personal identification number) even if the person who has acquired the mobile phone knows the personal information of the mobile phone user It is advantageous in that the mobile phone payment is not provided and the mobile phone payment is illegally approved.

According to the present invention, by further inputting predetermined OTP verification information in the mobile phone settlement process, if the OTP generation validity is not confirmed through the OTP verification information, it is possible to prevent generation of OTP 'to be compared with the received OTP Thereby preventing unauthorized handset payment from being approved.

1 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile settlement according to a first embodiment of the present invention.
2 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to the first embodiment of the present invention.
3 is a diagram illustrating a mobile payment interworking OTP authentication process according to a first embodiment of the present invention.
4 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a second embodiment of the present invention.
5 is a diagram illustrating an OTP generation condition registration process for mobile banking according to a second embodiment of the present invention.
6 is a diagram illustrating a mobile payment interworking OTP authentication process according to a second embodiment of the present invention.
7 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a third embodiment of the present invention.
8 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a third embodiment of the present invention.
9 is a diagram illustrating a mobile payment interworking OTP authentication process according to a third embodiment of the present invention.
10 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile settlement according to a fourth embodiment of the present invention.
11 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a fourth embodiment of the present invention.
12 is a diagram illustrating a mobile payment interworking OTP authentication process according to a fourth embodiment of the present invention.
13 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile settlement according to a fifth embodiment of the present invention.
FIG. 14 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to the fifth embodiment of the present invention.
15 is a diagram illustrating a mobile payment interworking OTP authentication process according to a fifth embodiment of the present invention.
16 is a diagram showing a configuration of an OTP generation condition registration server for mobile settlement according to the first embodiment of the present invention.
17 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a sixth embodiment of the present invention.
18 is a diagram illustrating a mobile payment interworking OTP authentication process according to a sixth embodiment of the present invention.
19 is a diagram illustrating a configuration of an OTP generation condition registration server for mobile settlement according to a second embodiment of the present invention.
20 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a seventh embodiment of the present invention.
21 is a diagram illustrating a mobile payment interworking OTP authentication process according to a seventh embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. The configuration is omitted as much as possible, and a functional configuration that should be additionally provided for the present invention is mainly described. Those skilled in the art will readily understand the functions of components that have been used in the prior art among the functional configurations that are not shown in the following description, The relationship between the elements and the components added for the present invention will also be clearly understood.

In order to efficiently explain the essential technical features of the present invention, the following embodiments properly modify the terms so that those skilled in the art can clearly understand the present invention, It is by no means limited.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a first embodiment of the present invention.

1 illustrates an OTP (OTP) service including at least one of customer's mobile phone number information, customer's personal identification number information, and customer's unique information (for example, information including the name of the customer, ) Usage application information to the first server 100, the first server 100 transmits the customer's mobile number information and the customer's unique information to the mobile communication company server 115, If the mobile phone subscriber is identified as the OTP use application customer, the second server 105 sets the customer personal identification number information as the OTP generation condition information, and then generates the OTP And stores it in the storage medium 110 in association with a key value or an OTP generation program and registers the same in the customer's mobile phone through the second server 105, When the personal identification number information to be transmitted is authenticated, an OTP generation key (KEY) value or an OTP generation key (KEY) value associated with the OTP generation condition information stored in the storage medium 110 is transmitted from the second server 105 to the first server 100, 1 is a block diagram illustrating a configuration of a system according to an exemplary embodiment of the present invention. Referring to FIG. 1, The present invention can refer to and / or modify various embodiments of the OTP generation condition registration system (e.g., some of the components may be omitted or subdivided or combined) And the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 1, the OTP generation condition registration system includes a client terminal for using mobile settlement, a mobile communication company server 115 on a mobile communication network to which a customer's mobile phone is connected, (100) for authenticating the customer through the mobile communication company server (115), and a second server (100) for receiving the customer personal identification number information included in the OTP use application information according to the authentication result as OTP generation condition information And a second server 105 for establishing and storing an OTP generation key or an OTP generation key in a storage medium 110. The first server 100 may be a mobile phone, Upon receipt of the payment, the customer's personal identification number information is received from the customer's cellular phone and authenticated through the second server 105, and the customer's personal identification number information is transmitted from the second server 105 OTP generation condition received service OTP generated keys (KEY) or OTP value generated program associated with the information characterized in that provided to the customer phone generates replaced by OTP generated in the mobile phone clients.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) The customer's personal identification number information and the customer's unique information (for example, the name of the customer, the name of the customer, etc.) , And information including resident registration number information).

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted from a predetermined service server (not shown) N &gt; 1) digit number is automatically assigned to the customer or an N-digit unique identification number that is not duplicated to the customer is input through the PIN pad, (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely allocated to the customer at the first number of the number of (1 <= n <N) Or a unique identification number of N digits or a combination of two or more numbers constituting customer mobile phone number information Or a part (or all) of the number (for example, resident registration number) combination included in the customer's mobile phone number information and the customer's unique information is determined to be an N-digit unique identification number, It is preferably determined by the identification number.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The client terminal transmits the inputted OTP use application information to the first server 100. The first server 100 receives the OTP use application information from the client terminal and transmits the OTP use application information And transmits the included customer's mobile phone number information and customer's unique information to the mobile communication company server 115 to check the validity of the customer and the validity of the customer's mobile phone.

The mobile communication company server 115 inquires the subscriber D / B through the mobile phone number information received from the first server 100 to check the subscriber information, compares the subscriber information with the customer specific information, The customer D / B is inquired through the received customer specific information to check the subscriber information, and the customer mobile phone number information included in the subscriber information is compared with the received customer mobile phone number information, and the use of the mobile phone subscriber and the OTP Confirm customer validity to verify that the applicant is the same.

In addition, the mobile communication company server 115 reads terminal information (or device information) about the customer's mobile phone corresponding to the customer's mobile phone number information and verifies that the customer can use the OTP service requested by the customer via the mobile phone It is possible to further check the validity of the customer's mobile phone.

When the OTP service applied by the customer according to the embodiment of the present invention installs a specific OTP generation program in the customer's mobile phone, the mobile communication company server 115 transmits terminal information (or device information) It is preferable to confirm the validity of the customer's mobile phone that confirms whether an operating platform capable of operating by installing the OTP generation program on the customer's mobile phone is provided.

Alternatively, when the OTP service requested by the customer operates using the USIM provided in the customer's mobile phone, the mobile communication company server 115 reads the terminal information (or device information) about the customer's mobile phone, It is desirable to check the validity of the customer's mobile phone to confirm that the USIM is provided.

Alternatively, when the OTP service requested by the customer operates using the financial IC chip provided in the customer's mobile phone, the mobile communication company server 115 reads the terminal information (or the device information) It is desirable to check the validity of the customer's mobile phone to check whether the customer's mobile phone has a financial IC chip.

According to another embodiment of the present invention, the mobile communication company server 115 confirms the customer validity and provides terminal information (or device information) about the customer's cellular phone to the first server 100, 1 server 100 to check the validity of the customer's mobile phone, and thus the present invention is not limited thereto.

If the customer validity is confirmed through the customer personal identification number information and the customer specific information and the validity of the customer's mobile phone is further confirmed, the second server 105 sets the customer personal identification number information as the OTP generation condition information .

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the second server 105 connects the OTP generation condition information with an OTP generation key value or an OTP generation program, and stores and registers the OTP generation condition information in the storage medium 110 do.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a mobile payment virtual OTP medium for receiving and outputting an OTP generated at the server, the second server 105 associates the OTP generation condition information with an OTP generation key (KEY) And the OTP generation program information to be used for generating an OTP according to the OTP generation condition information is further linked to the storage medium 110 ).

If the OTP generation program is provided according to the OTP generation condition information, the second server 105 can store and register the OTP generation condition information and the OTP generation program information in the storage medium 110 Do.

Alternatively, when the mobile phone has a mobile OTP generation program, the second server 105 transmits the OTP generation condition information, the OTP generation key (KEY) value, and the mobile OTP generation program corresponding to the mobile OTP generation program It is preferable that OTP generation program information (for example, version, algorithm, etc.) is stored and registered in the storage medium 110 in association with each other.

When the OTP generation condition information is stored in the storage medium 110 in association with an OTP generation key value or an OTP generation program, the first server 100 transmits the OTP generation key (KEY) And provides OTP program code for a mobile phone for implementing OTP through a generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the first server 100 inputs a personal identification number during mobile settlement through the customer's mobile phone, (For example, through a communication server provided in the mobile communication network) to the server, receives the OTP generation key (KEY) value from the server, and receives and outputs the OTP generated on behalf of the customer's cellular phone through the OTP generation program , An OTP input interface for inputting the output OTP, and transmitting the OTP input interface to a server authenticating the OTP And the bill payment interworking OTP program code is provided to the customer's cellular phone.

According to an embodiment of the present invention, the first server 100 transmits information (for example, a callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through a mobile communication network, And requesting the mobile payment interworking OTP program code through the information, the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the first server 100 transmits the mobile payment interworking It is possible to provide the OTP program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a defined key exchange procedure , A procedure for encrypting and exchanging a binary key by generating a session key).

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the mobile phone has a mobile OTP generation program, the first server 100 transmits information (for example, a callback URL) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code may be provided to the customer's mobile phone through the customer terminal. In this case, the first server 100 transmits the mobile OTP generation program code to the customer terminal, It is possible to provide a code to be provided to the customer's cellular phone or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the first server 100 (For example, a procedure of generating a session key and encrypting and exchanging a binary key) is provided to the customer's cellular phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., a telephone number, a resident registration number, personal identification information, and the like) after processing the pre-established mobile OTP generation program driven password authentication), encrypts it with the encryption code and transmits it to the first server 100 The OTP generation key (KEY) value associated with the mobile OTP generation program after the client authentication of the customer authentication information is downloaded from the first server 100 and encrypted and stored in the customer's mobile phone memory, It is preferable to store the program in the USIM provided in the mobile phone, When the OTP generation key (KEY) value is included, the process of downloading the OTP generation key (KEY) value may be omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's mobile phone through a mobile communication network, and when the customer's mobile phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code with the mobile phone.

According to another embodiment of the present invention, the integrated OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the first server 100 transmits the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or a key exchange procedure defined between the customer mobile phone and the first server 100 (for example, a procedure for encrypting and exchanging a binary key by generating a session key) .

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated , The mobile payment transaction interoperable OTP program code may be used as the OTP authentication medium for mobile payment, or the customer may use the OTP program code as the mobile payment transaction code, Only the part for transmitting the personal identification number information or receiving the OTP generated by the server can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted to the first server 100.

According to an embodiment of the present invention, the customer personal identification number information is encrypted using an end-to-end data encryption scheme (for example, AES 128 encryption scheme) between the customer's mobile phone and the first server 100 through an encryption key provided in the customer's mobile phone And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the first server 100. [

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) provided can further include the customer specific information, in addition to the customer personal identification number information, so that the present invention is not limited thereto.

The first server 100 receiving the customer identification number information encrypted by the customer's mobile phone decrypts the encrypted customer identification number information to identify the original customer identification number information, OTP generation condition information and stores it in the storage medium 110 and provides the customer personal identification number information to the registered second server 105 to validate the customer personal identification number information through the second server 105 .

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer mobile phone according to the embodiment of the present invention, the first server 100 transmits the mobile phone unique identification information or the customer- 2 server 105 so as to authenticate the validity through the second server 105.

According to another embodiment of the present invention, the first server 100 directly transmits the encrypted customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) to the second server 105 In this case, the second server 105 decrypts the encrypted customer personal identification number information (which may further include mobile phone unique identification information or customer specific information), and transmits the decrypted customer personal identification number (Which may further include mobile phone unique identification information or customer specific information) and OTP generation condition information to authenticate the validity of the customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) .

If the validity of the customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) is authenticated through the second server 105, the first server 100 transmits, An OTP generation key (KEY) value associated with the OTP generation condition information or an OTP generation program from the mobile communication terminal (105) in place of the OTP to be generated in the customer mobile phone.

When the first server 100 is provided with an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, And an OTP generation key (KEY) value associated with the OTP generation condition information from the OTP generation key (KEY), and determining / determining one or more fixed seed values and dynamic seed values from the OTP generation key (KEY) Value into the predetermined OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone.

When the first server 100 includes a plurality of OTP generation algorithms for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, Receives an OTP generation key (KEY) value associated with the OTP generation condition information from the second server (105) and OTP generation program information for selecting an OTP generation algorithm to replace the OTP to be generated in the customer's cellular phone, Determining and determining at least one fixed seed value and a dynamic seed value corresponding to the OTP generation program information from a generation key value and outputting the fixed seed value and the dynamic seed value to an OTP generation algorithm To generate an OTP to be generated in the customer's mobile phone.

If the first server 100 does not have an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (105) to receive an OTP generation key (KEY) value associated with the OTP generation condition information and an OTP generation program code to replace the OTP to be generated in the customer mobile phone, It is preferable to confirm / determine the seed value and the dynamic seed value and activate the OTP generation program code to replace the OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

If the OTP to be generated by the customer's mobile phone is alternatively generated, the first server 100 encrypts the OTP generated and processes the OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the substitute-generated OTP is transmitted through an end-to-end data encryption method (for example, AES 128 encryption) between the customer's mobile phone and the first server 100 through an encryption key paired with a decryption key provided to the customer's cellular phone And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the first server 100. [

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 2 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to the first embodiment of the present invention.

In more detail, FIG. 2 illustrates a case where the client terminal shown in FIG. 1 transmits OTP usage application information including at least one of the customer's mobile phone number information, the customer's personal identification number information and the customer's unique information to the first server 100, The first server 100 transmits the customer's mobile phone number information and the customer's unique information to the mobile communication company server 115 to confirm from the mobile communication server server 115 whether the mobile phone user subscribes to the OTP use, The second server 105 sets the customer personal identification number information as the OTP generation condition information and then connects the OTP generation key value or the OTP generation program to the storage medium 110 of the present invention. As a person skilled in the art, referring to and / or modifying FIG. 2, the OTP generation condition It will be appreciated that various implementations of the registration process may be inferred (e.g., some of the steps may be omitted or alternate practice), but the present invention encompasses all such contemplated implementations, The technical features thereof are not limited only by the method of implementation. That is, the process shown in FIG. 2 is a basic process for implementing the OTP generation condition registration system shown in FIG. 1, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 1 .

Referring to FIG. 2, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. OTP use application information including at least one of number information, customer personal identification number information, and customer unique information, and transmits the OTP use application information to the first server 100 (200).

The first server 100 receives the OTP use application information from the customer terminal and transmits the customer's mobile number information and customer's unique information included in the OTP usage application information to the mobile communication company server 115, (205) to verify the validity of one or more of the validity for the customer's cell phone.

The mobile communication company server 115 inquires the subscriber D / B through the mobile phone number information received from the first server 100 to check the subscriber information, compares the subscriber information with the customer specific information, The customer D / B is inquired through the received customer specific information to check the subscriber information, and the customer mobile phone number information included in the subscriber information is compared with the received customer mobile phone number information, and the use of the mobile phone subscriber and the OTP (210), and further reads terminal information (or device information) about the customer's mobile phone corresponding to the customer's mobile phone number information, and transmits the application information to the customer via the customer's mobile phone (210) further verifying the validity of the customer mobile phone that can utilize the OTP service.

If the validity of the customer is confirmed through the customer's personal identification number information and the customer's unique information and the validity of the customer's cellular phone is further confirmed 215 the mobile communication company server 115 transmits the customer validity to the first server 100 (220), the first server (100) provides the personal identification number information included in the OTP use application information to the second server (105) (225 The second server 105 sets the OTP generation condition information as the OTP generation condition information in response to the OTP generation condition information, and connects the OTP generation condition information to the OTP generation key (KEY) And stores it in the storage medium 110 (step 235).

If the OTP generation condition information is linked to the OTP generation key or the OTP generation program in the storage medium 110, the first server 100 transmits the OTP generation key KEY to the customer's cellular phone, Value or an OTP program code for a mobile phone for implementing an OTP through an OTP generation program, and an encryption key and a decryption key (245).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the first server 100 is a program for overcoming the two-factor authentication limit that the mobile payment medium and the authentication medium must be separated when using the mobile payment through the customer's mobile phone Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program, and providing the generated OTP to the customer's cellular phone, And a mobile payment interworking OTP program code having a function of receiving and outputting the OTP and displaying the OTP input interface near the area where the OTP is output and inputting the OTP which is generated in place of the OTP, The mobile OTP generation program &lt; RTI ID = 0.0 &gt; It is possible to include the code, or more, or an integrated OTP generation program code.

3 is a diagram illustrating a mobile payment interworking OTP authentication process according to a first embodiment of the present invention.

3 illustrates OTP generation condition information including customer personal identification number information on the storage medium 110 of the second server 105 through the OTP generation condition registration process (FIG. 2) KEY) value or an OTP generation program and stores it. When OTP authentication is required in the mobile payment process using the customer's mobile phone after the mobile payment interworking OTP program code, the encryption key and the decryption key are provided on the customer's mobile phone, In order to overcome the two-factor authentication limit for the mobile payment in the mobile phone, the mobile payment interworking OTP program code is activated to transmit the personal identification number information to the first server 100, To the second server 105 that manages the storage medium 110 and authenticates the customer personal identification number information from the first server 100 to the second server 105, (OTP) generating key (KEY) value or an OTP generating program to replace the OTP to be generated in the customer's cellular phone and provide the generated OTP to the customer's cellular phone. It will be possible to refer to and / or modify the FIG. 3 to various implementations of the mobile payment interworking OTP authentication process (e.g., omitting some steps or changing the order) The present invention is not limited to the above-described embodiments. That is, the process shown in FIG. 3 is a basic process for implementing the OTP generation condition registration system shown in FIG. 1, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 1 .

Referring to FIG. 3, OTP generation condition information including customer personal identification number information is stored in the storage medium 110 of the second server 105 through the OTP generation key KEY ) Value or an OTP generation program and stores it, and after the mobile payment interworking OTP program code, the encryption key and the decryption key are provided on the customer's mobile phone, the customer's mobile phone interacts with the mobile payment server (not shown) (300). If the OTP authentication is required during the mobile payment (305), the customer mobile phone activates the mobile payment interworking OTP program code to overcome the two-factor authentication limit for the mobile payment And outputs the personal identification number information input interface. When the personal identification number information is inputted through the personal identification number information input interface, And transmits the inputted customer identification number information to the first server 100 (310).

According to an embodiment of the present invention, the customer's cellular phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 2, The server 100 decrypts the received customer personal identification number information through a decryption key matching the encryption key.

The first server 100 provides the received personal identification number information to the second server 105 that manages the storage medium 110 in step 315. In response, (320) comparing the customer's personal identification number information included in the OTP generation condition information stored in the storage medium (110) with the customer's personal identification number information provided from the first server (100) .

If the customer personal identification number information is authenticated (325), the second server 105 receives an OTP generation key (KEY) value associated with the OTP generation condition information including the customer personal identification number information from the storage medium 110 Or an OTP generation program (330), and provides the identified OTP generation key (KEY) value or an OTP generation program to the first server 100 (335).

The first server 100 may alternatively generate 340 an OTP generation key value provided from the second server 105 or an OTP to be generated in the customer's mobile phone through an OTP generation program, OTP to the customer's cellular phone (345).

According to an embodiment of the present invention, the first server 100 encrypts the substitute-created OTP with an encryption key matched with a decryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 2 And the customer's cellular phone decodes the received OTP with the decryption key.

The customer cellular phone outputs the received OTP (350) and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (355), the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to the server that authenticates the OTP through the mobile communication network (360) And processes the mobile settlement in connection with a mobile payment server (not shown) according to the result (365).

4 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a second embodiment of the present invention.

4 illustrates an example of an OTP (OTP) service including at least one of customer's mobile phone number information, customer's personal identification number information, and customer's unique information (for example, information including the customer's name and resident registration number information) The first server 400 receives the OTP use application information and provides the OTP use application information to the second server 405. When the second server 405 receives the OTP use application information from the first server 400, The server 405 sets the customer personal identification number information as the OTP generation condition information and stores it in the storage medium 410 in connection with the OTP generation key or OTP generation program to register the customer's mobile payment When the personal identification number information transmitted from the customer's mobile phone is authenticated through the second server 405, the first server 400 reads the personal identification number information stored in the storage medium 410 from the second server 405, OTP generation condition information and The OTP generation key (KEY) value generated by the OTP generation key or the OTP generation program, and an OTP to be generated in the customer's cellular phone is generated and processed to be transmitted to the customer's cellular phone. It is possible to refer to and / or modify the FIG. 4 to infer the various implementation methods (e.g., some of the components may be omitted, or fragmented, or combined) for the OTP generation condition registration system However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

4, the OTP generation condition registration system includes a client terminal for using mobile settlement, a first server 400 for receiving OTP usage application information of a customer from the client terminal, And a second server 405 for setting the customer personal identification number information included in the OTP generation condition information as the OTP generation condition information and storing it in the storage medium 410 in connection with the OTP generation key value or the OTP generation program. The first server 400 receives customer's personal identification number information from the customer's mobile phone and authenticates the user's personal identification number through the second server 405, An OTP generation key (KEY) value associated with the OTP generation condition information including the customer personal identification number information, or an OTP generation program, It characterized in that it provides to the mobile phone.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) The customer's personal identification number information and the customer's unique information (for example, the name of the customer, the name of the customer, etc.) , And information including resident registration number information).

Here, the customer's mobile phone number information may be a mobile phone for use in mobile payment, a customer mobile phone to receive a mobile OTP generation program, or a virtual OTP medium for mobile payment for receiving and outputting an OTP generated by a server on behalf of the customer's mobile phone It is preferable to include the telephone number assigned to the customer's cellular phone as information for identifying the customer cellular phone corresponding to one or more of the customer cellular phones to be used.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number that is uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined server (not shown) N &gt; 1) digit number is automatically assigned to the customer or an N-digit unique identification number that is not duplicated to the customer is input through the PIN pad, (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely allocated to the customer at the first number of the number of (1 <= n <N) Or a unique identification number of N digits or a combination of two or more numbers constituting customer mobile phone number information Or a part (or all) of the number (for example, resident registration number) combination included in the customer's mobile phone number information and the customer's unique information is determined to be an N-digit unique identification number, It is preferably determined by the identification number.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The client terminal transmits the inputted OTP use application information to the first server 400. The first server 400 receives the OTP use application information from the customer terminal and transmits the OTP use application information Or customer identification number information, customer's personal identification number information, customer's mobile number information, or customer's personal identification number information and customer's unique information included in the OTP use application information) to the second server 405, And the second server 405 sets the customer personal identification number information as the OTP generation condition information.

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the second server 405 stores the OTP generation condition information in the storage medium 410 by connecting the OTP generation condition information to an OTP generation key or an OTP generation program. do.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a mobile payment virtual OTP medium for receiving and outputting the OTP generated in the server, the second server 405 associates the OTP generation condition information with the OTP generation key (KEY) And stores the OTP generation program information in the storage medium 410. In a case where a plurality of OTP generation programs exist, the OTP generation program information to be used for generating an OTP according to the OTP generation condition information is further linked to the storage medium 410 ).

If the OTP generation program is provided according to the OTP generation condition information, the second server 405 can store and register the OTP generation condition information and the OTP generation program information in the storage medium 410 Do.

Alternatively, when the mobile phone has a mobile OTP generation program, the second server 405 transmits the OTP generation condition information, the OTP generation key value, and the OTP corresponding to the mobile OTP generation program provided to the customer mobile phone, It is preferable that the generated program information (e.g., version, algorithm, etc.) is stored and stored in the storage medium 410 in association with each other.

When the OTP generation condition information is stored in the storage medium 410 in association with the OTP generation key value or the OTP generation program, the first server 400 transmits the OTP generation key value and the OTP generation key value, And provides OTP program code for a mobile phone for implementing OTP through a generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated in the server, the first server 400 inputs a personal identification number during mobile settlement through the customer's mobile phone, (For example, through a communication server provided in the mobile communication network) to the server, receives the OTP generation key (KEY) value from the server, and receives and outputs the OTP generated on behalf of the customer's cellular phone through the OTP generation program , An OTP input interface for inputting the output OTP, and transmitting the OTP input interface to a server authenticating the OTP And the bill payment interworking OTP program code is provided to the customer's cellular phone.

According to an embodiment of the present invention, the first server 400 transmits information (for example, callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through a mobile communication network, And requesting the mobile payment interworking OTP program code through the information, the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the first server 400 transmits the mobile payment interworking It is possible to provide the OTP program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the first server 400 , A procedure for encrypting and exchanging a binary key by generating a session key).

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the mobile phone has a mobile OTP generation program, the first server 400 transmits information (e.g., a callback URL) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code can be provided to the customer's mobile phone through the customer terminal. In this case, the first server 400 transmits the mobile OTP generation program code to the customer terminal, It is possible to provide a code to be provided to the customer's cellular phone or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the first server 400 (For example, a procedure of generating a session key and encrypting and exchanging a binary key) is provided to the customer's cellular phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., a telephone number, a resident registration number, personal identification information, and the like) after processing the pre-established mobile OTP generation program driven password authentication) and encrypts the encrypted data through the encryption code to the first server 400 The OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication of the customer authentication information is downloaded from the first server 400 and encrypted and stored in the customer's mobile phone memory, It is preferable to store the program in the USIM provided in the mobile phone, When the OTP generation key (KEY) value is included, the process of downloading the OTP generation key (KEY) value may be omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's mobile phone through a mobile communication network, and when the customer's mobile phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code with the mobile phone.

According to another embodiment of the present invention, the integrated OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the first server 400 transmits the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or a key exchange procedure defined between the customer mobile phone and the first server 400 (e.g., a procedure for generating a session key to encrypt and exchange a binary key) .

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated , The mobile payment transaction interoperable OTP program code may be used as the OTP authentication medium for mobile payment, or the customer may use the OTP program code as the mobile payment transaction code, Only the part for transmitting the personal identification number information or receiving the OTP generated by the server can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, If the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted to the first server 400.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the first server 400 through an encryption key provided in the customer's cellular phone And is preferably double-encrypted through a TLS encryption method set in a communication interval between the mobile phone and the first server 400. [

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) may further include the entered customer specific information in addition to the customer personal identification number information, and thus the present invention is not limited thereto.

The first server 400 receiving the customer identification number information encrypted by the customer's mobile phone decrypts the encrypted customer identification number information to check the original customer identification number information, OTP generation condition information and stores it in the storage medium 410 and provides the customer's personal identification number information to the registered second server 405 to validate the customer's personal identification number information through the second server 405 .

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer mobile phone according to the embodiment of the present invention, the first server 400 transmits the mobile phone unique identification information or the customer- 2 server 405 to process the second server 405 to authenticate the validity.

According to another embodiment of the present invention, the first server 400 directly transmits the encrypted customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) to the second server 405 In this case, the second server 405 decrypts the encrypted customer personal identification number information (which may further include mobile phone unique identification information or customer specific information), and transmits the decrypted customer personal identification number (Which may further include mobile phone unique identification information or customer specific information) and OTP generation condition information to authenticate the validity of the customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) .

If the validity of the customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) is authenticated through the second server 405, An OTP generation key (KEY) value associated with the OTP generation condition information or an OTP generation program from the OTP generation condition information generation unit 405 to generate an OTP to be generated in the customer's mobile phone.

When the first server 400 is provided with an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, And an OTP generation key (KEY) value associated with the OTP generation condition information from the OTP generation key (KEY), and determining / determining one or more fixed seed values and dynamic seed values from the OTP generation key (KEY) Value into the predetermined OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone.

When the first server 400 includes an OTP generation function for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, Receives from the second server 405 an OTP generation key value associated with the OTP generation condition information and OTP generation program information for selecting an OTP generation algorithm to replace the OTP to be generated in the customer mobile phone, Determining and determining at least one fixed seed value and a dynamic seed value corresponding to the OTP generation program information from a generation key value and outputting the fixed seed value and the dynamic seed value to an OTP generation algorithm To generate an OTP to be generated in the customer's mobile phone.

If the first server 400 does not have an OTP generation function for generating an OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (405) receives an OTP generation key (KEY) value associated with the OTP generation condition information and an OTP generation program code to replace the OTP to be generated in the customer's cellular phone, It is preferable to confirm / determine the seed value and the dynamic seed value and activate the OTP generation program code to replace the OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

When the OTP to be generated by the customer's mobile phone is alternatively generated, the first server 400 encrypts the OTP generated and processes the generated OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the substitute-generated OTP is transmitted through an end-to-end data encryption method (for example, AES 128 encryption) between the customer's mobile phone and the first server 400 through an encryption key paired with a decryption key provided to the customer's cellular phone And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the first server 400. [

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 5 is a diagram illustrating an OTP generation condition registration process for mobile banking according to a second embodiment of the present invention.

5, if the OTP usage application information including at least one of the customer's mobile phone number information, the customer's personal identification number information, and the customer's unique information is transmitted to the first server 400, The first server 400 provides the customer's mobile phone number information to the second server 405 and the second server 405 sets the customer's personal identification number information as the OTP generation condition information, (KEY) value or an OTP generation program to store and register in the storage medium 410. Those skilled in the art will be able to refer to FIG. 5 and / or FIG. (For example, omitting some steps or changing the order) for the OTP generation condition registration process. However, the present invention can be applied to all of the above- And the technical features thereof are not limited only by the method shown in FIG. That is, the process shown in FIG. 5 is a basic process of implementing the OTP generation condition registration system shown in FIG. 4, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 4 .

Referring to FIG. 5, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. OTP use application information including at least one of number information, customer personal identification number information, and customer unique information, and transmits the OTP use application information to the first server 400 (500).

The first server 400 receives the OTP use application information from the customer terminal and provides the personal identification number information included in the OTP use application information 505, (510) the OTP generation condition information, and stores the OTP generation condition information in the storage medium 410 in association with the OTP generation key (KEY) value or the OTP generation program 515).

If the OTP generation condition information is linked to the OTP generation key or OTP generation program in the storage medium 410, the first server 400 transmits the OTP generation key KEY to the customer's cellular phone, Value or an OTP program code for a mobile phone for implementing an OTP through an OTP generation program, and an encryption key and a decryption key (525).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the first server 400 is a code for overcoming the two-factor authentication limitation that the mobile payment medium and the authentication medium must be separated when using the mobile payment through the customer's mobile phone Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program, and providing the generated OTP to the customer's cellular phone, And a mobile payment interworking OTP program code having a function of receiving and outputting the OTP and displaying the OTP input interface near the area where the OTP is output and inputting the OTP which is generated in place of the OTP, The mobile OTP generation program &lt; RTI ID = 0.0 &gt; It is possible to include the code, or more, or an integrated OTP generation program code.

6 is a diagram illustrating a mobile payment interworking OTP authentication process according to a second embodiment of the present invention.

In more detail, FIG. 6 illustrates OTP generation condition information including customer personal identification number information on the storage medium 410 of the second server 405 through the OTP generation condition registration process (FIG. 5) KEY) value or an OTP generation program and stores it. When OTP authentication is required in the mobile payment process using the customer's mobile phone after the mobile payment interworking OTP program code, the encryption key and the decryption key are provided on the customer's mobile phone, In order to overcome the two-factor authentication limit for mobile payment in the mobile phone, the mobile payment interworking OTP program code is activated to transmit the personal identification number information to the first server 400, To the second server 405 managing the storage medium 410 and authenticating the customer personal identification number information from the first server 400 to the second server 405 And generating an OTP generation key (KEY) value or an OTP generation program to replace the OTP to be generated in the customer's cellular phone and providing the generated OTP to the customer's cellular phone. It is possible to refer to and / or modify the FIG. 6 to various implementations of the mobile payment interworking OTP authentication procedure (e.g., omitting some steps or changing the order) The present invention is not limited to the above-described embodiments. In other words, the process shown in FIG. 6 is a basic process for implementing the OTP generation condition registration system shown in FIG. 4, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. .

Referring to FIG. 6, OTP generation condition information including customer personal identification number information is stored in the storage medium 410 of the second server 405 through an OTP generation key KEY ) Value or an OTP generation program and stores it, and after the mobile payment interworking OTP program code, the encryption key and the decryption key are provided on the customer's mobile phone, the customer's mobile phone interacts with the mobile payment server (not shown) (600). If the OTP authentication is required during the mobile payment (605), the mobile phone activates the mobile payment interworking OTP program code to overcome the two-factor authentication limit for the mobile payment And outputs the personal identification number information input interface. When the personal identification number information is inputted through the personal identification number information input interface, And transmits the inputted customer identification number information to the first server 400 (610).

According to an embodiment of the present invention, the customer's mobile phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 5, The server 400 decrypts the received customer personal identification number information through a decryption key matched with the encryption key.

The first server 400 provides the received personal identification number information to the second server 405 managing the storage medium 410 in step 615 and the second server 405 in response thereto The customer personal identification number information included in the OTP generation condition information stored in the storage medium 410 is compared with the customer's personal identification number information provided from the first server 400 to authenticate the customer's personal identification number information 620, .

If the customer personal identification number information is authenticated (625), the second server 405 transmits an OTP generation key (KEY) value associated with the OTP generation condition information including the customer personal identification number information from the storage medium 410 Or an OTP generation program (step 630), and provides the OTP generation key (KEY) value or the OTP generation program to the first server 400 (step 635).

The first server 400 generates an OTP generation key (KEY) value provided from the second server 405 or an OTP to be generated in the customer's mobile phone through an OTP generation program (640) OTP to the customer's cellular phone (645).

According to an embodiment of the present invention, the first server 400 encrypts the substitute-generated OTP with an encryption key matched with a decryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 5 And the customer's cellular phone decodes the received OTP with the decryption key.

After the user's cellular phone outputs the received OTP (650), the OTP input interface is displayed in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (655), the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to a server authenticating the OTP through a mobile communication network (660). The OTP authentication And processes the mobile banking in connection with a mobile payment server (not shown) according to the result (665).

7 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile settlement according to a third embodiment of the present invention.

7 shows an example of a One Time Password (OTP) message including at least one of customer's mobile phone number information, customer's personal identification number information, and customer's unique information (for example, information including the name of the customer, ), The information receiving means 700 receives the OTP use application information, and the information confirming means 705 transmits the customer's mobile number information and the customer's unique information to the mobile communication company server 735 If the cellular phone subscriber is confirmed to be an OTP use application customer, the information registration means 710 generates the personal identification number information from the mobile communication company server 735 to generate OTP And then stores it in the storage medium 730 in association with the OTP generation key (KEY) value or the OTP generation program. Then, An OTP generation key (KEY) value associated with the OTP generation condition information stored in the storage medium 730 or an OTP generation key (KEY) value associated with the OTP generation condition information stored in the storage medium 730 And generates an OTP to be generated in the customer's cellular phone and processes the OTP to be transmitted from the information transmitting means 720 to the customer's cellular phone. As a person skilled in the art, , It is possible to refer to and / or modify this FIG. 7 to infer various implementations (e.g., some configuration portions omitted, or refined or aggregated implementation) for the OTP generation condition registration system, The present invention is not limited to the above-described embodiments. The.

Referring to FIG. 7, the OTP generation condition registration system includes a client terminal for using mobile settlement, a mobile communication company server 735 on a mobile communication network to which a customer's mobile phone is connected, (705) for authenticating the customer through the mobile communication company server (735), and a customer identification number (705) included in the OTP use application information according to the authentication result, An information registration means 710 for setting the information as OTP generation condition information and storing it in the storage medium 730 in connection with an OTP generation key value or an OTP generation program; After the personal identification number information is received and authenticated, an OTP generation key (KEY) value associated with the OTP generation condition information including the customer personal identification number information or an OTP generation program An OTP processing unit 715 for generating an OTP in place of the OTP generated by the customer's mobile phone and an information transmitting unit 720 for providing the OTP to the customer's cellular phone, (725) for providing program codes for providing the OTP service to the mobile phone when the OTP generation condition information is stored in the OTP generation condition key (730) in association with the OTP generation key (KEY) value or the OTP generation program .

According to the present invention, each means constituting the OTP generation condition registration system may be implemented as one independent server, or two or more functions may be combined to form a server, or the means may be implemented as one server And it is evident that the present invention is not limited by the method of constituting the means.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) The customer's personal identification number information and the customer's unique information (for example, the name of the customer, the name of the customer, etc.) , And information including resident registration number information).

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined number server (not shown) or the information receiving means 700 through N N &gt; 1) digit number is automatically assigned to the customer or an N-digit unique identification number that is not duplicated to the customer is input through the PIN pad, (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely allocated to the customer at the first number of the number of (1 <= n <N) Or a unique identification number of N digits or a customer's mobile phone number information uniquely assigned to the customer (or a combination of two or more Or a part (or all) of the number (e.g., resident registration number) combination included in the customer's mobile phone number information and the customer's unique information is determined by an N-digit unique identification number, As shown in FIG.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The customer terminal transmits the inputted OTP use application information, and the information receiving means 700 receives the OTP use application information from the customer terminal, and the information checking means 705 includes the OTP use application information To the mobile communication company server 735, and verifies the validity of at least one of the validity of the customer and the validity of the customer's mobile phone.

The mobile communication company server 735 verifies the subscriber information by inquiring the subscriber D / B through the mobile phone number information received from the information checking means 705, compares the subscriber information with the customer specific information, The customer D / B is inquired through the received customer specific information to check the subscriber information, and the customer mobile phone number information included in the subscriber information is compared with the received customer mobile phone number information, and the use of the mobile phone subscriber and the OTP Confirm customer validity to verify that the applicant is the same.

Also, the mobile communication company server 735 reads terminal information (or device information) about the customer's mobile phone corresponding to the customer's mobile phone number information and verifies that the customer can use the OTP service requested by the customer through the mobile phone It is possible to further check the validity of the customer's mobile phone.

When the OTP service applied by the customer according to the embodiment of the present invention installs a specific OTP generation program in the customer's cellular phone, the mobile communication company server 735 transmits terminal information (or device information) It is preferable to confirm the validity of the customer's mobile phone that confirms whether an operating platform capable of operating by installing the OTP generation program on the customer's mobile phone is provided.

Alternatively, when the OTP service requested by the customer operates using the USIM provided in the customer's mobile phone, the mobile communication company server 735 reads the terminal information (or the device information) It is desirable to check the validity of the customer's mobile phone to confirm that the USIM is provided.

Alternatively, when the OTP service requested by the customer operates using the financial IC chip provided in the customer's mobile phone, the mobile communication company server 735 reads the terminal information (or device information) It is desirable to check the validity of the customer's mobile phone to check whether the customer's mobile phone has a financial IC chip.

According to another embodiment of the present invention, the mobile communication company server 735 confirms the customer validity and provides terminal information (or device information) to the customer's cellular phone to the information checking means 705, It is possible to check the validity of the customer's mobile phone by the checking means 705, and thus the present invention is not limited thereto.

When the customer validity is confirmed through the customer personal identification number information and the customer specific information and the validity of the customer's mobile phone is further confirmed, the information registration means 710 sets the customer personal identification number information as the OTP generation condition information .

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the information registration unit 710 stores the OTP generation condition information in the storage medium 730 in association with an OTP generation key value or an OTP generation program. do.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated in the server, the information registering means 710 associates the OTP generation condition information with the OTP generation key (KEY) And stores the OTP generation program information in the storage medium 730. In the case where a plurality of OTP generation programs exist, the OTP generation program information to be used for generating an OTP is further linked to the storage medium 730 ).

If the OTP generation program is provided according to the OTP generation condition information, the information registration unit 710 can store and register the OTP generation condition information and the OTP generation program information in the storage medium 730 .

Alternatively, when the mobile phone has a mobile OTP generation program, the information registering unit 710 registers the OTP generation condition information and the OTP generation key value together with the OTP generation program corresponding to the mobile OTP generation program provided to the customer mobile phone, It is preferable that the generated program information (e.g., version, algorithm, etc.) is stored and registered in the storage medium 730 in association with each other.

When the OTP generation condition information is stored in the storage medium 730 in association with the OTP generation key value or the OTP generation program, the mobile phone processing unit 725 transmits the OTP generation key (KEY) And provides OTP program code for a mobile phone for implementing OTP through a generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the mobile phone processing unit 725 inputs a personal identification number during mobile settlement through the customer's mobile phone, (For example, through a communication server provided in the mobile communication network) to the server, receives the OTP generation key (KEY) value from the server, and receives and outputs the OTP generated on behalf of the customer's cellular phone through the OTP generation program , An OTP input interface for inputting the output OTP, and a server for authenticating the OTP A mobile payment interworking OTP program code characterized in that it provided to the customers mobile phone.

According to the method of the present invention, the mobile phone processing unit 725 transmits information (for example, callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through the mobile communication network, And requesting the mobile payment interworking OTP program code through the information, the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 725 transmits the mobile payment interworking It is possible to provide the OTP program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary type key) is preferably provided to the customer's cellular phone.

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the customer mobile phone includes a mobile OTP generation program, the mobile phone processing unit 725 transmits information (for example, a callback URL) for providing the mobile OTP generation program code to the customer mobile phone via the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 725 transmits the mobile OTP generation program code It is possible to provide a code to be provided to the customer's cellular phone or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary key is provided to the customer's mobile phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., a telephone number, a resident registration number, personal identification information, and the like) after processing the predetermined mobile OTP generation program driven password authentication), encrypts and transmits the authentication information An OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication for the customer authentication information is downloaded from the memory 725 and encrypted and stored in the customer's mobile phone memory or stored in the USIM provided in the customer's mobile phone The mobile OTP generation program code may be configured to generate the OTP If the KEY value is included, the process of downloading the OTP generation key value may be omitted.

According to another embodiment of the present invention, it is possible to include an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's mobile phone through a mobile communication network, and when the customer's mobile phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code with the mobile phone.

According to another embodiment of the present invention, the integrated OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 725 transmits the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or is provided to the customer's mobile phone according to a key exchange procedure defined between the customer's mobile phone and the system (for example, a procedure for generating a session key and encrypting and exchanging a binary key) Do.

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated The mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, or the mobile payment interworking OTP program code may be used. Alternatively, the mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, Only the part for transmitting the customer's personal identification number information from the program code to the server or receiving the OTP generated by the server alternatively can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the system through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between systems.

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) provided can further include the customer specific information, in addition to the customer personal identification number information, so that the present invention is not limited thereto.

The OTP processing unit 715 receives the customer identification number information encrypted by the customer's mobile phone, decrypts the encrypted customer identification number information to identify the original customer identification number information, In order to authenticate the validity of the customer personal identification number information.

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer's mobile phone according to an embodiment of the present invention, the OTP processing means 715 further transmits the mobile phone unique identification information or customer- It is preferable to perform processing so as to authenticate the validity.

If the validity of the customer personal identification number information (which may further include the mobile phone unique identification information or the customer specific information) is authenticated, the OTP processing unit 715 transmits the OTP generation condition information and the OTP generation condition information to the storage medium 730 (OTP) generation key (KEY) value or an OTP generation program to generate an OTP to be generated in the customer's cellular phone.

When the OTP processing unit 715 is provided with an OTP generation function for replacing an OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 715 is connected to the OTP generation condition information OTP generation key (KEY) value, confirms / determines at least one fixed seed value and dynamic seed value from the OTP generation key (KEY) value, and outputs the fixed seed value and the dynamic seed value to a predetermined OTP generation algorithm It is preferable to substitute the OTP to be generated in the customer's mobile phone.

In a case where the OTP processing unit 715 includes an OTP generation function for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (OTP) generation key (KEY) value associated with the OTP generation condition information and OTP generation program information for selecting an OTP generation algorithm to replace the OTP to be generated in the customer mobile phone, OTP generation program information, and assigns the fixed seed value and the dynamic seed value to the OTP generation algorithm corresponding to the OTP generation program information to generate in the customer mobile phone It is preferable to replace the OTP.

If the OTP processing unit 715 does not have an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (KEY) value associated with the OTP generation key (KEY) and the OTP generation program code to replace the OTP to be generated in the customer's mobile phone, and confirms one or more fixed seed values and dynamic seed values from the OTP generation key / OTP generation program code and activates the OTP generation program code to replace the OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

When the OTP to be generated by the customer's mobile phone is alternatively generated, the information transmitting means 720 encrypts the OTP generated and processes the generated OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the replacement-generated OTP is encrypted with an end-to-end data encryption scheme (e.g., AES 128 encryption scheme) between the customer's mobile phone and the system through an encryption key paired with a decryption key provided to the customer's mobile phone , And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the system.

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 8 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a third embodiment of the present invention.

In more detail, FIG. 8 shows OTP usage information including at least one of customer's mobile phone number information, customer's personal identification number information and customer's unique information at the customer terminal shown in FIG. 7, Receives the OTP utilization information, transmits the customer's mobile phone number information and customer specific information to the mobile communication company server 735 from the information confirmation means 705, and transmits the OTP usage information to the mobile communication company server 735 And if the mobile phone subscriber is identified as the OTP use application customer, the information registration means 710 sets the customer personal identification number information as the OTP generation condition information, and generates an OTP generation key (KEY) value or OTP generation key And stores the program in the storage medium 730 in association with the program. If a person skilled in the art is familiar with the present invention, Referring to FIG. 8, it will be appreciated that the various embodiments of the OTP generation condition registration process (e.g., omitting some steps or changing the order) may be deduced from the OTP generation condition registration process, And the technical features thereof are not limited only by the method shown in FIG. That is, the process shown in FIG. 8 is a basic process for implementing the OTP generation condition registration system shown in FIG. 7, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 7 .

Referring to FIG. 8, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. The information receiving means 700 receives the OTP use application information by inputting the OTP use application information including the number information, the customer personal identification number information, and the customer specific information.

The information checking means 705 transmits the customer's mobile phone number information and the customer's unique information contained in the OTP use application information to the mobile communication company server 735 to check the validity of the customer and the validity of the customer's mobile phone (805).

The mobile communication company server 735 inquires the subscriber D / B through the received customer's mobile phone number information to confirm the subscriber information, compares the subscriber information with the customer's unique information, The subscriber information is checked by inquiring the subscriber D / B, and the mobile phone number information included in the subscriber information is compared with the received mobile phone number information to verify whether the mobile phone subscriber and the customer requesting the use of the OTP are the same (Or device information) of the customer's mobile phone corresponding to the customer's mobile phone number information, and verifies that the customer can use the OTP service requested by the customer via the mobile phone (810). &Lt; / RTI &gt;

If the customer validity is confirmed through the customer personal identification number information and the customer unique information and the customer's mobile phone validity is further confirmed 815, the mobile communication company server 735 transmits the customer validity (820), the information registration means 710 sets the customer personal identification number information as OTP generation condition information (830), and generates the OTP generation condition information as OTP generation condition information And stores it in the storage medium 730 in association with a key value or an OTP generation program, and registers it in the storage medium 730 (835).

If the OTP generation condition information is connected to the OTP generation key or OTP generation program in the storage medium 730 in step 840, the mobile phone processing unit 725 transmits the OTP generation key KEY to the customer's cellular phone, Value or an OTP program code for a mobile phone for implementing an OTP through an OTP generation program, and an encryption key and a decryption key (845).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the mobile phone processing means 725 is a function of overcoming the two-factor authentication limitation that the mobile payment medium and the authentication medium must be separated when using the mobile payment through the customer mobile phone Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program, and providing the generated OTP to the customer's cellular phone, And a mobile payment interworking OTP program code having a function of receiving and outputting the OTP and displaying the OTP input interface near the area where the OTP is output and inputting the OTP which is generated in place of the OTP, Mobile OTP is created in the mobile payment interworking OTP program code according to the intention of It is possible to further include the program code or to include the integrated OTP generation program code.

9 is a diagram illustrating a mobile payment interworking OTP authentication process according to a third embodiment of the present invention.

In more detail, FIG. 9 illustrates OTP generation condition information including customer personal identification number information in a storage medium 730 through an OTP generation condition registration process shown in FIG. 8, or an OTP generation key (KEY) And a mobile payment interworking OTP program code, an encryption key, and a decryption key are provided in a customer's mobile phone. If OTP authentication is required in the mobile payment process using the customer's mobile phone, In order to overcome the two-factor authentication limit, when the mobile payment interworking OTP program code is activated and the customer's personal identification number information is inputted and transmitted, the OTP processing unit 715 authenticates the customer's personal identification number information, 730) or an OTP generation key (KEY) value, and generates an OTP to be generated by the customer's mobile phone The present invention is not limited to the above-described embodiments, and various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains, by referring to and / For example, some of the steps may be omitted or the order may be changed. However, the present invention includes all of the above-described embodiments, and the technical features of the method of FIG. It is not limited. 9 is a basic process of implementing the OTP generation condition registration system shown in FIG. 7, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 7 .

Referring to FIG. 9, OTP generation condition information including customer's personal identification number information is stored in an OTP generation key (KEY) value or an OTP generation program in the storage medium 730 through the OTP generation condition registration process shown in FIG. After the OTP program code, the encryption key, and the decryption key are provided to the customer's mobile phone, the customer's mobile phone interacts with the mobile payment server (not shown) (900), and if the OTP authentication is required during the mobile payment (905), the customer's mobile phone is notified to the mobile And outputs the personal identification number information input interface by activating the payment interworking OTP program code, and through the personal identification number information input interface When a customer inputs a personal identification number information, and transmits the OTP process unit 715, the input of the customer's personal identification number information (910).

According to an embodiment of the present invention, the customer's cellular phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 8, The means 715 decrypts the received customer personal identification number information through the decryption key matched with the encryption key.

The OTP processing unit 715 compares the customer's personal identification number information included in the OTP generation condition information stored in the storage medium 730 with the customer's personal identification number information to authenticate the customer's personal identification number information 915. [ .

If the customer personal identification number information is authenticated (920), the OTP processing unit 715 receives an OTP generation key (KEY) value associated with the OTP generation condition information including the customer personal identification number information from the storage medium 730 (920), and the OTP generation key (KEY) value or an OTP to be generated in the customer's cellular phone through the OTP generation program (930), and the information transmission means (720) The substitute generated OTP is provided to the customer's mobile phone (935).

According to the embodiment of the present invention, the information transmission means 720 encrypts the substitute generated OTP with an encryption key matched with the decryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 8 And the customer's cellular phone decodes the received OTP with the decryption key.

The customer's cellular phone outputs the received OTP (940), and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (945), the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to a server authenticating the OTP through the mobile communication network (950) And processes the mobile settlement in connection with a mobile payment server (not shown) according to the result (955).

FIG. 10 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a fourth embodiment of the present invention.

In more detail, FIG. 10 illustrates an OTP (OTP) message including at least one of the customer's mobile phone number information, customer's personal identification number information, and customer's unique information (for example, information including the customer's name and resident registration number information) After receiving the OTP use application information from the information receiving means 1000 and setting the customer personal identification number information as the OTP generation condition information in the information registering means 1005, KEY value or an OTP generation program to store and register in the storage medium 1025. When the personal identification number information transmitted from the customer's cellular phone is authenticated in the OTP processing unit 1015 at the time of using the mobile payment by the customer, An OTP generation key (KEY) value associated with the OTP generation condition information stored in the storage medium 1025 or an OTP generation key And the information transmission means 1020 processes the substitute generated OTP so as to be transmitted to the customer's mobile phone. If the person skilled in the art is familiar with the present invention, refer to FIG. 10 (E.g., some of the components may be omitted, or broken down or combined) to the OTP generation condition registration system, but the invention is not limited to all of the above envisioned implementation methods And the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 10, the OTP generation condition registration system includes a client terminal for using mobile settlement, an information receiving means 1000 for receiving OTP use application information of a customer from the client terminal, An information registration means 1005 for setting the customer personal identification number information included in the OTP generation condition information and storing it in the storage medium 1025 in connection with an OTP generation key value or an OTP generation program, Upon receipt of the user's personal identification number information, the user's personal identification number information is received and authenticated from the customer's cellular phone, and an OTP generation key (KEY) value or an OTP generation key associated with the OTP generation condition information including the personal identification number information, An OTP processing unit 1015 for generating an OTP in place of the generated OTP, and an information transmitting unit 1020 for providing the OTP to the customer's mobile phone When the OTP generation condition information is stored in the storage medium 1025 in association with an OTP generation key value or an OTP generation program, a program code for providing an OTP service to the mobile phone is provided And a mobile phone processing means (1010)

According to the present invention, each means constituting the OTP generation condition registration system may be implemented as one independent server, or two or more functions may be combined to form a server, or the means may be implemented as one server And it is evident that the present invention is not limited by the method of constituting the means.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) (For example, the name of the customer, the resident registration number, and the like) through the customer terminal when the customer requests the OTP registration for mobile payment, Information including information) is input.

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined number server (not shown) N &gt; 1) digit number is automatically assigned to the customer or an N-digit unique identification number that is not duplicated to the customer is input through the PIN pad, (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely allocated to the customer at the first number of the number of (1 <= n <N) Or a unique identification number of N digits or a customer's mobile phone number information uniquely assigned to the customer (or a combination of two or more Or a part (or all) of the number (e.g., resident registration number) combination included in the customer's mobile phone number information and the customer's unique information is determined by an N-digit unique identification number, As shown in FIG.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The customer terminal transmits the input OTP use application information, the information receiving means 1000 receives the OTP use application information from the customer terminal, and the information registering means 1005 registers the customer personal identification number information Is set as the OTP generation condition information.

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the information registration unit 1005 connects the OTP generation condition information with an OTP generation key value or an OTP generation program, and stores the registered OTP generation condition information in the storage medium 1025 do.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated in the server, the information registering unit 1005 associates the OTP generation condition information with the OTP generation key (KEY) (1025). If there are a plurality of OTP generation programs, OTP generation program information to be used for generating an OTP according to the OTP generation condition information is further linked to the storage medium 1025 ).

If the OTP generation program is provided according to the OTP generation condition information, the information registration unit 1005 can store and register the OTP generation condition information and the OTP generation program information in the storage medium 1025 .

Alternatively, when the mobile phone has a mobile OTP generation program, the information registration unit 1005 registers the OTP generation condition information and the OTP generation key value, and the OTP generation program corresponding to the mobile OTP generation program provided to the customer mobile phone, It is preferable that the generated program information (e.g., version, algorithm, etc.) is stored and registered in the storage medium 1025 in association with each other.

When the OTP generation condition information is stored in the storage medium 1025 in association with the OTP generation key value or the OTP generation program, the mobile phone processing unit 1010 transmits the OTP generation key (KEY) And provides OTP program code for a mobile phone for implementing OTP through a generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the cellular phone processing means 1010 inputs a personal identification number during mobile payment through the customer's cellular phone, (For example, through a communication server provided in the mobile communication network) to the server, receives the OTP generation key (KEY) value from the server, and receives and outputs the OTP generated on behalf of the customer's cellular phone through the OTP generation program , An OTP input interface for inputting the output OTP, and a server for authenticating the OTP And provides the mobile payment interworking OTP program code to the customer's mobile phone.

According to the method of the present invention, the mobile phone processing unit 1010 transmits information (for example, a callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone via the mobile communication network, And requesting the mobile payment interworking OTP program code through the information, the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1010 can transfer the mobile payment interworking It is possible to provide the OTP program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary type key) is preferably provided to the customer's cellular phone.

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the customer mobile phone includes a mobile OTP generation program, the mobile phone processing unit 1010 transmits information (for example, callback URL) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code may be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1010 may transmit the mobile OTP generation program code It is possible to provide a code to be provided to the customer's cellular phone or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary key is provided to the customer's mobile phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., a telephone number, a resident registration number, personal identification information, and the like) after processing the predetermined mobile OTP generation program driven password authentication), encrypts and transmits the authentication information An OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication for the customer authentication information is downloaded from the mobile terminal 1010 and encrypted and stored in the customer mobile phone memory or stored in the USIM provided in the customer mobile phone And the OTP generation program code Key (KEY) when the value is included, but may be a process of downloading the OTP generation key (KEY) values omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's mobile phone through a mobile communication network, and when the customer's mobile phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code with the mobile phone.

According to another embodiment of the present invention, the integrated OTP program code may be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1010 may transmit the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or is provided to the customer's mobile phone according to a key exchange procedure defined between the customer's mobile phone and the system (for example, a procedure for generating a session key and encrypting and exchanging a binary key) Do.

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated The mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, or the mobile payment interworking OTP program code may be used. Alternatively, the mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, Only the part for transmitting the customer's personal identification number information from the program code to the server or receiving the OTP generated by the server alternatively can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the system through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between systems.

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) may further include the entered customer specific information in addition to the customer personal identification number information, and thus the present invention is not limited thereto.

The OTP processing unit 1015 receives customer personal identification number information encrypted by the customer's cellular phone, decrypts the encrypted customer personal identification number information to identify the original customer personal identification number information, In order to authenticate the validity of the customer personal identification number information.

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1015 transmits the mobile phone unique identification information or the customer- It is preferable to perform processing so as to authenticate the validity.

If the validity of the customer personal identification number information (which may further include mobile phone unique identification information or customer specific information) is authenticated, the OTP processing unit 1015 transmits the OTP generation condition information and the OTP generation condition information to the storage medium 1025 (OTP) generation key (KEY) value or an OTP generation program to generate an OTP to be generated in the customer's cellular phone.

If the OTP processing unit 1015 is provided with an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1015 is connected to the OTP generation condition information OTP generation key (KEY) value, confirms / determines at least one fixed seed value and dynamic seed value from the OTP generation key (KEY) value, and outputs the fixed seed value and the dynamic seed value to a predetermined OTP generation algorithm It is preferable to substitute the OTP to be generated in the customer's mobile phone.

In a case where the OTP processing unit 1015 includes a plurality of OTP generation functions for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (OTP) generation key (KEY) value associated with the OTP generation condition information and OTP generation program information for selecting an OTP generation algorithm to replace the OTP to be generated in the customer mobile phone, OTP generation program information, and assigns the fixed seed value and the dynamic seed value to the OTP generation algorithm corresponding to the OTP generation program information to generate in the customer mobile phone It is preferable to replace the OTP.

If the OTP processing unit 1015 does not have an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (KEY) value associated with the OTP generation key (KEY) and the OTP generation program code to replace the OTP to be generated in the customer's mobile phone, and confirms one or more fixed seed values and dynamic seed values from the OTP generation key / OTP generation program code and activates the OTP generation program code to replace the OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

When the OTP to be generated by the customer's mobile phone is alternatively generated, the information transmission unit 1020 encrypts the OTP generated and processes the generated OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the replacement-generated OTP is encrypted with an end-to-end data encryption scheme (e.g., AES 128 encryption scheme) between the customer's mobile phone and the system through an encryption key paired with a decryption key provided to the customer's mobile phone , And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the system.

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 11 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a fourth embodiment of the present invention.

In more detail, FIG. 11 is a diagram illustrating an example in which the customer terminal shown in FIG. 10 transmits OTP use information including at least one of customer's mobile phone number information, customer's personal identification number information, The information registration means 1005 sets the customer personal identification number information as the OTP generation condition information and then connects the OTP generation key or the OTP generation program to the storage medium 1025 Storing and registering the OTP generation condition registration process. Referring to FIG. 11, the OTP generation condition registration process may be performed by various methods (for example, a part It is to be understood that the invention may be practiced otherwise than as specifically described herein, Only the exemplary method shown in FIG. 11 shall not be limited to that technical feature. That is, the process shown in FIG. 11 is a basic process for implementing the OTP generation condition registration system shown in FIG. 10, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 10 .

Referring to FIG. 11, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. The OTP use application information including the number information, the customer personal identification number information, and the customer specific information is input and transmitted, the information receiving means 1000 receives the OTP use application information (1100).

The information registering unit 1005 sets the customer personal identification number information as the OTP generation condition information 1105 and connects the OTP generation condition information to the OTP generation key or OTP generation program, (1110).

If the OTP generation condition information is connected to the OTP generation key or OTP generation program in the storage medium 1025 in step 1115, the mobile phone processing unit 1010 transmits the OTP generation key KEY to the customer's cellular phone, Value or an OTP program code for a mobile phone for implementing an OTP through an OTP generation program, and an encryption key and a decryption key are provided (1120).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the mobile phone processing means 1010 is a function of overcoming the two-factor authentication limitation that the mobile payment medium and the authentication medium must be separated when using the mobile payment through the customer's mobile phone Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program, and providing the generated OTP to the customer's cellular phone, And a mobile payment interworking OTP program code having a function of receiving and outputting the OTP and displaying the OTP input interface near the area where the OTP is output and inputting the OTP which is generated in place of the OTP, The mobile payment OTP program code in the mobile payment interworking system It is possible to further comprises a program code, or an integrated OTP generation program code.

FIG. 12 is a diagram illustrating a mobile payment interworking OTP authentication process according to a fourth embodiment of the present invention.

In more detail, FIG. 12 illustrates OTP generation condition information including customer personal identification number information in the storage medium 1025 through an OTP generation condition registration process shown in FIG. 11, or an OTP generation key (KEY) And a mobile payment interworking OTP program code, an encryption key, and a decryption key are provided in a customer's mobile phone. If OTP authentication is required in the mobile payment process using the customer's mobile phone, In order to overcome the two-factor authentication limit, when the mobile payment interworking OTP program code is activated and the customer's personal identification number information is inputted and transmitted, the OTP processing unit 1015 authenticates the customer's personal identification number information, 1025 to generate an OTP generation key (KEY) value or an OTP generation program and generate an OTP to be generated in the customer's mobile phone The present invention is not limited to the above embodiments, and various changes and modifications may be made without departing from the spirit and scope of the present invention. (For example, an operation method in which some steps are omitted or the order is changed). However, the present invention includes all of the above-described embodiments, and the technical features Is not limited. In other words, the process shown in FIG. 12 is a basic process of implementing the OTP generation condition registration system shown in FIG. 10, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 10 .

Referring to FIG. 12, OTP generation condition information including customer personal identification number information is stored in an OTP generation key (KEY) value or an OTP generation program in the storage medium 1025 through the OTP generation condition registration process shown in FIG. After the OTP program code, the encryption key, and the decryption key are provided to the customer's mobile phone, the customer's mobile phone interacts with the mobile payment server (not shown) (1200). If the OTP authentication is required during the mobile settlement (1205), the customer's mobile phone transmits the mobile payment to the mobile And outputs the personal identification number information input interface by operating the payment interworking OTP program code, and transmits the personal identification number information input interface If the customer's personal identification number, type information, and transmits the OTP process unit 1015, the input of the customer's personal identification number information (1210).

According to the embodiment of the present invention, the customer's mobile phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 11, The means 1015 decrypts the received customer personal identification number information through the decryption key matched with the encryption key.

The OTP processing unit 1015 compares the customer's personal identification number information included in the OTP generation condition information stored in the storage medium 1025 with the customer's personal identification number information to authenticate the customer's personal identification number information 1215. [ .

If the customer's personal identification number information is authenticated 1220, the OTP processing unit 1015 receives an OTP generation key (KEY) value associated with the OTP generation condition information including the customer's personal identification number information from the storage medium 1025 (1225), the OTP generation key (KEY) value or an OTP to be generated in the customer's mobile phone through the OTP generation program is generated (1230), and the information transmission means (1020) And provides the replacement generated OTP to the customer's mobile phone (1235).

According to an embodiment of the present invention, the information transmission unit 1020 encrypts the substitute-created OTP with an encryption key matched with a decryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 11 And the customer's cellular phone decodes the received OTP with the decryption key.

The customer's cellular phone outputs the received OTP (1240), and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (1245), the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to a server authenticating the OTP through a mobile communication network (1250) And the mobile payment is processed in connection with a mobile payment server (not shown) according to the result (1255).

FIG. 13 is a diagram illustrating a configuration of an OTP generation condition registration system for mobile payment according to a fifth embodiment of the present invention.

13 illustrates an OTP (OTP) message including at least one of the customer's mobile phone number information, the customer's personal identification number information, and the customer's unique information (for example, information including the customer's name and resident registration number information) The OTP use application information is received from the information receiving means 1300 and the customer personal identification number information is set in the information registering means 1305 as the OTP generation condition information, 1325, and stores the OTP generation key value or OTP generation key to be stored in the second storage medium 1335 to be registered when the customer makes a mobile payment, The OTP processing unit 1310 authenticates the personal identification number information transmitted from the customer's cellular phone through the first storage medium 1325. If the personal identification number information is authenticated, OTP generation key (KEY) value or an OTP generation program from the second storage medium management server 1330 that manages the storage medium 1335 and substitutes the OTP to be generated in the customer's mobile phone, The OTP generation condition registration system is configured to process the OTP generation condition registration system to be transferred from the OTP generation condition registration system to the customer's cellular phone. As shown in FIG. 13, It is to be understood that the present invention is not limited to the embodiment (s), but it is to be understood that the invention may be practiced otherwise than as specifically described herein, The technical characteristics thereof are not limited.

Referring to FIG. 13, the OTP generation condition registration system includes an information receiving unit 1300 for receiving OTP usage application information of a customer from a customer terminal for using mobile settlement, Stores the identification number information as the OTP generation condition information in the first storage medium 1325 and transmits the OTP generation key value or OTP generation program to be provided by the second storage medium management server 1330 (1305) for storing the customer's personal identification number information through the first storage medium (1325) when the mobile payment is made by the customer, OTP processing means (1310) for receiving the OTP generation key (KEY) value or the OTP generation program through the second storage medium management server (1330) And an information transmitting means (1315) for providing the substitute generated OTP to the customer's cellular phone. The cellular phone further includes a cellular phone processing means (1320) for providing a program code for providing an OTP service to the cellular phone .

According to the present invention, each means constituting the OTP generation condition registration system may be implemented as one independent server, or two or more functions may be combined to form a server, or the means may be implemented as one server And it is evident that the present invention is not limited by the method of constituting the means.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) (For example, the name of the customer, the name of the customer, the name of the customer, etc.) through the customer terminal, (OTP) application information including at least one of OTP usage information and OTP usage information.

Alternatively, the customer may apply for a mobile settlement through the customer terminal, or may use the mobile OTP generation program (for example, the OTP generation key (KEY) A program code for generating and outputting an OTP in a mobile phone, or requesting to register an OTP for mobile payment, the customer terminal receives customer's mobile phone number information and customer's personal identification number from the customer through a predetermined information input interface OTP use application information including at least one of number information and customer specific information (for example, information including the name of the customer and resident registration number information).

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined number server (not shown) or the information receiving means 1300 via N N &gt; 1) digit number is automatically assigned to the customer or an N-digit unique identification number that is not duplicated to the customer is input through the PIN pad, (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely allocated to the customer at the first number of the number of (1 <= n <N) Or a unique identification number of N digits or a customer's mobile phone number information uniquely assigned to the customer (or a combination of two or more Or a part (or all) of the number (e.g., resident registration number) combination included in the customer's mobile phone number information and the customer's unique information is determined by an N-digit unique identification number, As shown in FIG.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The client terminal transmits the inputted OTP use application information, the information receiving means 1300 receives the OTP use application information from the client terminal, and the information registering means 1305 registers the customer personal identification number information Is set as the OTP generation condition information.

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the information registration unit 1305 stores and registers the OTP generation condition information in the first storage medium 1325.

The information registering unit 1305 provides the OTP generation key value or the OTP generation program to the second storage medium management server 1330 so that the second storage medium management server 1330 can manage the second storage medium management server 1330, The OTP generation key (KEY) value or the OTP generation program is stored and registered in the storage medium 1335.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a mobile payment virtual OTP medium for receiving and outputting the OTP generated in the server, the information registering unit 1305 stores the OTP generation condition information in the first storage medium 1325, And the OTP generation key (KEY) value is stored in the second storage medium 1335 through the second storage medium management server 1330. When a plurality of OTP generation programs exist, The OTP generation program information to be used for generating the OTP is further stored and registered in the second storage medium 1335 in accordance with the generation condition information It is preferred.

Alternatively, when the mobile phone has a mobile OTP generation program, the information registration unit 1305 stores the OTP generation condition information in the first storage medium 1325, and the second storage medium management server 1330, Stored in the second storage medium 1335 in association with the OTP generation key value and the OTP generation program information (e.g., version, algorithm, etc.) corresponding to the mobile OTP generation program provided to the customer's cellular phone, .

The mobile phone processing unit 1320 provides the OTP generation key (KEY) value to the customer's mobile phone and the OTP program code for the mobile phone for implementing the OTP through the OTP generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated in the server, the mobile phone processing unit 1320 inputs a personal identification number during mobile settlement through the customer's mobile phone, (For example, through a communication server provided in the mobile communication network) to the server, receives the OTP generation key (KEY) value from the server, and receives and outputs the OTP generated on behalf of the customer's cellular phone through the OTP generation program , An OTP input interface for inputting the output OTP, and a server for authenticating the OTP And provides the mobile payment interworking OTP program code to the customer's mobile phone.

According to the method of the present invention, the mobile phone processing unit 1320 transmits information (for example, callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through the mobile communication network, And requesting the mobile payment interworking OTP program code through the information, the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1320 transmits the mobile payment interworking It is possible to provide the OTP program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary type key) is preferably provided to the customer's cellular phone.

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the mobile phone has a mobile OTP generation program, the mobile phone processing unit 1320 transmits information (for example, callback message) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1320 transmits the mobile OTP generation program code to the customer terminal, It is possible to provide a code to be provided to the customer's cellular phone or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary key is provided to the customer's mobile phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., a telephone number, a resident registration number, personal identification information, and the like) after processing the predetermined mobile OTP generation program driven password authentication), encrypts and transmits the authentication information The OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication for the customer authentication information is downloaded from the OTP generation unit 1320 and encrypted and stored in the customer's mobile phone memory or stored in the USIM provided in the customer's mobile phone And the OTP generation program code Key (KEY) when the value is included, but may be a process of downloading the OTP generation key (KEY) values omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's mobile phone through a mobile communication network, and when the customer's mobile phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code with the mobile phone.

According to another embodiment of the present invention, the integrated OTP program code may be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processing unit 1320 may transmit the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or is provided to the customer's mobile phone according to a key exchange procedure defined between the customer's mobile phone and the system (for example, a procedure for generating a session key and encrypting and exchanging a binary key) Do.

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated The mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, or the mobile payment interworking OTP program code may be used. Alternatively, the mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, Only the part for transmitting the customer's personal identification number information from the program code to the server or receiving the OTP generated by the server alternatively can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the system through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between systems.

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) may further include the entered customer specific information in addition to the customer personal identification number information, and thus the present invention is not limited thereto.

The OTP processing unit 1310 receives customer personal identification number information encrypted by the customer's cellular phone, decrypts the encrypted customer personal identification number information to identify the original customer personal identification number information, (1325) to authenticate the validity of the customer personal identification number information.

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1310 further transmits the mobile phone unique identification information or customer- It is preferable to perform processing so as to authenticate the validity.

If the validity of the customer personal identification number information (which may further include the mobile phone unique identification information or the customer specific information) is authenticated, the OTP processing unit 1310 receives the OTP And generating an OTP generation program or an OTP generation program to generate an OTP to be generated in the customer's mobile phone.

When the OTP processing unit 1310 is provided with an OTP generation function for replacing the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1310 generates an OTP Confirms / determines one or more fixed seed values and dynamic seed values from the OTP generation key (KEY) value, assigns the fixed seed value and the dynamic seed value to the predetermined OTP generation algorithm To generate an OTP to be generated in the customer's mobile phone.

If the OTP processing unit 1310 includes a plurality of OTP generation algorithms for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, (KEY) value for generating the OTP, and OTP generation program information for selecting the OTP generation algorithm, and extracting one or more fixed seed values corresponding to the OTP generation program information from the OTP generation key (KEY) And the dynamic seed value and the dynamic seed value are substituted into the OTP generation algorithm corresponding to the OTP generation program information to replace the OTP to be generated in the customer's mobile phone.

If the OTP processing unit 1310 does not have an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, the OTP processing unit 1310 may replace the OTP The OTP generation key (KEY) value to be generated and the OTP generation program code to be generated as an alternative to the OTP are confirmed, and at least one fixed seed value and dynamic seed value are confirmed / determined from the OTP generation key (KEY) It is preferable that the program code is activated to replace the OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

When the OTP to be generated by the customer's mobile phone is alternatively generated, the information transmitting unit 1315 encrypts the OTP generated and processes the generated OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the replacement-generated OTP is encrypted with an end-to-end data encryption scheme (e.g., AES 128 encryption scheme) between the customer's mobile phone and the system through an encryption key paired with a decryption key provided to the customer's mobile phone , And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the system.

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 14 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to the fifth embodiment of the present invention.

In more detail, FIG. 14 shows OTP usage information including at least one of customer's mobile phone number information, customer's personal identification number information and customer's unique information at the customer terminal shown in FIG. 13, and the information receiving means 1300 The OTP usage information is set in the information registration means 1305, and the OTP generation condition information is stored in the first storage medium. In the mobile payment process using the customer mobile phone, And storing and registering an OTP generation key (KEY) value or an OTP generation program for generating an OTP to be generated in the second storage medium 1335, It is possible to refer to and / or modify the FIG. 14 so that various implementation methods for the OTP generation condition registration process (e.g., some steps are omitted, Would be able to infer how landscaped embodiment), the present invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 14. That is, the process shown in FIG. 14 is a basic process for implementing the OTP generation condition registration system shown in FIG. 13, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 13 .

Referring to FIG. 14, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer's mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. The OTP use application information including at least one of the number information, the customer personal identification number information, and the customer's own information is input and transmitted, the information receiving means 1300 receives the OTP use application information (1400).

The information registering unit 1305 sets the customer personal identification number information as the OTP generation condition information 1405 and stores the OTP generation condition information in the first storage medium 1325 in step 1410, An OTP generation key (KEY) value for generating an OTP to be generated in the customer's mobile phone in the mobile payment process through the customer's mobile phone via the management server 1330, or an OTP generation key (KEY) value stored in the second storage medium 1335 (1415).

If the OTP generation condition information is stored in the first storage medium 1325 and the OTP generation key value or OTP generation program is stored in the second storage medium 1335 in operation 1420, The means 1320 provides the OTP generation key (KEY) value to the customer's cellular phone or the OTP program code and the encryption key and decryption key for the mobile phone to implement the OTP through the OTP generation program (1425).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the mobile phone processing unit 1320 is a code for overcoming the two-factor authentication limit that the mobile payment medium and the authentication medium must be separated from each other Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program, and providing the generated OTP to the customer's cellular phone, And a mobile payment interworking OTP program code having a function of receiving and outputting the OTP and displaying the OTP input interface near the area where the OTP is output and inputting the OTP which is generated in place of the OTP, The mobile payment OTP program code in the mobile payment interworking system It is possible to further comprises a program code, or an integrated OTP generation program code.

FIG. 15 is a diagram illustrating a mobile payment interworking OTP authentication process according to a fifth embodiment of the present invention.

In more detail, FIG. 15 shows OTP generation condition information including customer personal identification number information stored in the first storage medium 1325 through the OTP generation condition registration process shown in FIG. 14, and the second storage medium 1335 ), The OTP generation key (KEY) value or the OTP generation program is stored. After the OTP program code, the mobile payment interworking OTP program code, the encryption key and the decryption key are provided to the customer's mobile phone, OTP authentication is required In order to overcome the two-factor authentication limit for the mobile payment in the customer's mobile phone, the mobile payment interworking OTP program code is activated to input the customer's personal identification number information, and the OTP processing means 1310 1 from the second storage medium 1335 through the second storage medium management server 1330 after authenticating the customer's personal identification number information through the first storage medium 1325, The OTP generation program is provided to the customer's cellular phone to generate an OTP to be generated in the customer's cellular phone, and provided to the customer's cellular phone. As a person skilled in the art, Referring to and / or modified with reference to FIG. 15, it will be appreciated that various implementations of the mobile payment interworking OTP authentication process (e.g., omitting some steps or changing the order) may be inferred. And the technical features thereof are not limited only by the method shown in FIG. That is, the process shown in FIG. 15 is a basic process for implementing the OTP generation condition registration system shown in FIG. 13, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 13 .

Referring to FIG. 15, OTP generation condition information including customer's personal identification number information is stored in a first storage medium 1325 through the OTP generation condition registration process shown in FIG. 14, and the second storage medium 1335 ), An OTP generation key (KEY) value or an OTP generation program is stored. After the mobile payment interworking OTP program code, the encryption key and the decryption key are provided to the customer's mobile phone, the customer mobile phone is linked with a mobile payment server (1500) according to a predetermined mobile settlement procedure (1500), and if the OTP authentication is required during the mobile payment (1505), the customer mobile phone The mobile payment interworking OTP program code is activated to output the personal identification number information input interface in order to overcome the two-factor authentication limit for the personal identification number When a customer input through an input interface, a personal identification number information, and transmits the OTP process unit 1310, the input of the customer's personal identification number information (1510).

According to the embodiment of the present invention, the customer's cellular phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 14, The means 1310 decrypts the received customer personal identification number information through the decryption key matched with the encryption key.

The OTP processing unit 1310 compares the customer's personal identification number information included in the OTP generation condition information stored in the first storage medium 1325 with the customer's personal identification number information to authenticate the customer's personal identification number information 1515).

If the personal identification number information is authenticated 1520, the OTP processing unit 1310 receives the personal identification number information from the second storage medium 1335 through the second storage medium management server 1330 OTP generation key (KEY) value associated with the OTP generation condition information or an OTP generation program is received (1525), and an OTP to be generated in the customer's mobile phone through the OTP generation key (KEY) (1530), and the information transmitting means (1315) provides the substitute generated OTP to the customer's mobile phone (1535).

According to the embodiment of the present invention, the information transmission means 1315 encrypts the substitute-created OTP with an encryption key matched with the decryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 14 And the customer's cellular phone decodes the received OTP with the decryption key.

The customer's cellular phone outputs the received OTP (1540) and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface 1545, the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to a server authenticating the OTP through the mobile communication network 1550. The OTP authentication And processes the mobile payment in connection with a mobile payment server (not shown) according to the result (1555).

FIG. 16 is a diagram illustrating a configuration of an OTP generation condition registration server 1600 for mobile settlement according to the first embodiment of the present invention.

FIG. 16 shows an example of an OTP (OTP) service including one or more pieces of customer's mobile phone number information, customer's personal identification number information and customer's unique information (for example, information including the name of the customer, When the use application information is transmitted, the information receiving unit 1605 receives the OTP use application information, sets the customer personal identification number information in the information registration unit 1610 as the OTP generation condition information, And registers the OTP generation key or OTP generation program to be stored in the second storage medium 1635 so that the OTP generation key is stored in the second storage medium 1635. When the mobile payment is made by the customer, (1615) authenticates the personal identification number information transmitted from the customer's cellular phone through the first storage medium (1625), and when the personal identification number information is authenticated, OTP generation key (KEY) value or OTP generation program from the second storage medium management server 1630 that manages the OTP generation server 1635, and generates OTP to be generated in the customer's mobile phone, The OTP generation condition registration server 1600 may be configured to perform various operations (for example, a part of the operation of the OTP generation condition registration server 1600) It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention is not limited to the particular embodiments set forth herein, Or more.

Referring to FIG. 16, the OTP generation condition registration server 1600 includes an information receiver 1605 for receiving OTP usage application information of a customer from a customer terminal for using mobile settlement, Stores the customer personal identification number information as the OTP generation condition information in the first storage medium 1625 and transmits the OTP generation key value or the OTP generation program to be provided to the second storage medium management server 1630 (1625) for managing the customer personal identification number information from the customer's mobile phone through the first storage medium (1625) when using the mobile payment of the customer, The OTP generation key (KEY) value or the OTP generation program is received through the second storage medium management server 1630, and the generated OTP is generated in the customer's mobile phone, And an OTP processor 1615 for providing an OTP service to the mobile phone. The mobile phone processor 1620 may further include a mobile phone processor 1620 for providing program codes for providing OTP services to the mobile phone.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) (For example, the name of the customer, the name of the customer, the name of the customer, etc.) through the customer terminal, ), And transmits the received OTP use application information to the OTP generation condition registration server 1600.

Alternatively, the customer may apply for a mobile settlement through the customer terminal, or may use the mobile OTP generation program (for example, the OTP generation key (KEY) A program code for generating and outputting an OTP in a mobile phone, or requesting to register an OTP for mobile payment, the customer terminal receives customer's mobile phone number information and customer's personal identification number from the customer through a predetermined information input interface OTP use application information including at least one of number information and customer specific information (for example, information including the name of the customer, resident registration number information), and transmits the received OTP use application information to the OTP generation condition registration server 1600.

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined number server (not shown) or N (N > 1) The number of digits is automatically assigned, or the customer inputs the unique identification number of N digits which is not duplicated to the customer through the PIN pad, or the customer selects the n (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely assigned to the customer at the first number of 1 <= n <N Or a unique identification number of N digits, or the customer's mobile phone number information uniquely allocated to the customer (or two or more times that constitute the customer's mobile phone number information) (Or all) of the combination of the customer's mobile phone number information and the number (e.g., resident registration number) included in the customer specific information is determined to be an N-digit unique identification number, It is preferably determined by a unique identification number.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The customer terminal transmits the inputted OTP use application information, and the information receiving unit 1605 receives the OTP use application information from the customer terminal, and the information registration unit 1610 stores the customer's personal identification number information in the OTP And the generation condition information.

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the information registration unit 1610 stores and registers the OTP generation condition information in the first storage medium 1625.

The information registration unit 1610 may provide the OTP generation key value or the OTP generation program to the second storage medium management server 1630 so that the second storage medium management server 1630 The OTP generation key (KEY) value or the OTP generation program is stored and registered in the medium 1635.

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the information registration unit 1610 stores the OTP generation condition information in the first storage medium 1625, And the OTP generation key (KEY) value is stored in the second storage medium 1635 through the second storage medium management server 1630. In a case where a plurality of OTP generation programs exist, The OTP generation program information to be used for generating the OTP according to the condition information is further stored and registered in the second storage medium 1635 desirable.

Alternatively, when the mobile phone has a mobile OTP generation program, the information registration unit 1610 stores the OTP generation condition information in the first storage medium 1625, and the second storage medium management server 1630 (E.g., version, algorithm, and the like) corresponding to the OTP generation key (KEY) value and the mobile OTP generation program provided to the customer mobile phone are stored and registered in the second storage medium 1635 It is preferable to treat them.

The mobile phone processor 1620 provides the OTP generation key (KEY) value to the customer's mobile phone and the OTP program code for the mobile phone for implementing the OTP through the OTP generation program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the mobile phone processor 1620 inputs a personal identification number during mobile payment through the customer's mobile phone, (For example, via a communication server provided in the mobile communication network) to the server. The server receives and outputs the OTP generation key (KEY) value and the OTP generated on behalf of the customer's cellular phone through the OTP generation program, An OTP input interface for inputting the output OTP is transmitted to a server for authenticating the OTP The mobile payment interworking OTP program code is provided to the customer's mobile phone.

According to an embodiment of the present invention, the mobile phone processor 1620 transmits information (for example, a callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through a mobile communication network, It is preferable that the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request for the mobile payment interworking OTP program code through the information.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processor 1620 transmits the mobile payment interworking OTP It is possible to provide the program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided in the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary type key) is preferably provided to the customer's cellular phone.

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the mobile phone has a mobile OTP generation program, the mobile phone processor 1620 transmits information (for example, callback URL) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code may be provided to the customer mobile phone through the customer terminal. In this case, the mobile phone processor 1620 transmits the mobile OTP generation program code To be provided to the customer's cellular phone, or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary key is provided to the customer's mobile phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., telephone number, resident registration number, personal identification information, etc.) after encrypting and transmitting the user authentication information (e.g., telephone number, resident registration number, personal identification information, etc.) 1620), the OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication for the customer authentication information is downloaded and stored in the customer's mobile phone memory in encrypted form or in a USIM provided in the customer's mobile phone And wherein the mobile OTP generation program code includes an OTP generation key KEY) value is included, the process of downloading the OTP generation key value may be omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's cellular phone through a communication network, and when the customer's cellular phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code.

According to another embodiment of the present invention, the integrated OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processor 1620 provides the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or is provided to the customer's mobile phone according to a key exchange procedure defined between the customer's mobile phone and the system (for example, a procedure for generating a session key and encrypting and exchanging a binary key) Do.

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated The mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, or the mobile payment interworking OTP program code may be used. Alternatively, the mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, Only the part for transmitting the customer's personal identification number information from the program code to the server or receiving the OTP generated by the server alternatively can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the system through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between systems.

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) may further include the entered customer specific information in addition to the customer personal identification number information, and thus the present invention is not limited thereto.

The OTP processor 1615 receives the customer identification number information encrypted by the customer's mobile phone, decrypts the encrypted customer identification number information to identify the original customer identification number information, 1625 in order to authenticate the validity of the customer personal identification number information.

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer mobile phone according to the embodiment of the present invention, the OTP processing unit 1615 further uses the mobile phone unique identification information or the customer specific information So as to authenticate the validity.

If the validity of the customer personal identification number information (which may further include the mobile phone unique identification information or the customer specific information) is authenticated, the OTP processing unit 1615 transmits the OTP generation request to the second storage medium management server 1630 A key value or an OTP generation program to generate an OTP to be generated in the customer's mobile phone.

When the OTP processing unit 1615 is provided with an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1615 generates an OTP generation key Determining an OTP generation key (KEY) value from the OTP generation key (KEY), determining one or more fixed seed values and a dynamic seed value from the OTP generation key (KEY) value, and substituting the fixed seed value and the dynamic seed value into a predetermined OTP generation algorithm It is preferable to replace the OTP to be generated in the customer's mobile phone.

When the OTP processing unit 1615 includes a plurality of OTP generation functions for each OTP generation algorithm to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, And generating OTP generation key information for selecting one or more fixed seed values corresponding to the OTP generation program information from the OTP generation key (KEY) It is preferable that the seed value is determined / determined, and the fixed seed value and the dynamic seed value are substituted into the OTP generation algorithm corresponding to the OTP generation program information to replace the OTP to be generated in the customer's cellular phone.

If the OTP processing unit 1615 does not have an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to another embodiment of the present invention, the OTP processing unit 1615 may alternatively generate the OTP OTP generation key (KEY) value and an OTP generation program code to replace the OTP, and confirm / determine at least one fixed seed value and dynamic seed value from the OTP generation key (KEY) value, To generate an OTP to be generated in the customer's mobile phone through the fixed seed value and the dynamic seed value.

When the OTP to be generated by the customer's mobile phone is alternatively generated, the OTP processor 1615 encrypts the generated OTP and processes the generated OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the replacement-generated OTP is encrypted with an end-to-end data encryption scheme (e.g., AES 128 encryption scheme) between the customer's mobile phone and the system through an encryption key paired with a decryption key provided to the customer's mobile phone , And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the system.

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 17 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a sixth embodiment of the present invention.

In more detail, FIG. 17 shows OTP usage information including at least one of customer's mobile number information, customer's personal identification number information and customer's unique information at the customer terminal shown in FIG. 16, and the OTP generation condition registration server 1600 ), Sets the customer personal identification number information as the OTP generation condition information, stores the customer personal identification number information in the first storage medium, replaces the OTP to be generated in the customer mobile phone in the mobile payment process through the customer mobile phone And storing the OTP generation key value or the OTP generation program in the second storage medium 1635. Those skilled in the art will appreciate that the present invention is not limited to the above embodiments, 17 and / or by modifying the OTP generation conditions according to various embodiments of the OTP generation condition registration process (for example, ) Would be able to infer, the present invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 17. That is, the process shown in FIG. 17 is a basic process for implementing the OTP generation condition registration system shown in FIG. 16, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 16 .

Referring to FIG. 17, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. The OTP generation condition registration server 1600 receives the OTP use application information (1700) by inputting the OTP usage application information including the number information, the customer personal identification number information, and the customer specific information.

The OTP generation condition registration server 1600 sets the customer personal identification number information as OTP generation condition information 1705, stores the OTP generation condition information in the first storage medium 1625 (1710) An OTP generation key (KEY) value for generating an OTP to be generated in the customer's mobile phone in the mobile payment process through the customer's mobile phone via the storage medium management server 1630 or an OTP generation key (KEY) value stored in the second storage medium 1635 , It is processed so as to be registered (1715).

If the OTP generation condition information is stored in the first storage medium 1625 and the OTP generation key value or OTP generation program is stored in the second storage medium 1635 in operation 1720, The condition registration server 1600 provides the OTP generation key (KEY) value to the customer's mobile phone or the OTP program code, the encryption key, and the decryption key for the mobile phone for implementing the OTP through the OTP generation program (1725).

Here, the OTP program code for the mobile phone provided in the customer's mobile phone in the OTP generation condition registration server 1600 may include a two-factor authentication limit that the mobile payment medium and the authentication medium must be separated from each other Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program and providing the generated OTP to the customer's mobile phone, And a mobile payment interworking OTP program code having a function of receiving and outputting a substitute-generated OTP and inputting the substitute-generated OTP by displaying an OTP input interface near the area where the OTP is output, , The mobile payment interworking OTP program code may be transferred to the mobile &lt; RTI ID = 0.0 &gt; It is possible to further include the OTP generation program code or to include the integrated OTP generation program code.

18 is a diagram illustrating a mobile payment interworking OTP authentication process according to a sixth embodiment of the present invention.

18, OTP generation condition information including customer's personal identification number information is stored in the first storage medium 1625 through the OTP generation condition registration process shown in FIG. 17, and the second storage medium 1635 ), The OTP generation key (KEY) value or the OTP generation program is stored. After the OTP program code, the mobile payment interworking OTP program code, the encryption key and the decryption key are provided to the customer's mobile phone, OTP authentication is required In order to overcome the two-factor authentication limit for the mobile payment in the customer's mobile phone, the mobile payment interworking OTP program code is activated to input the customer's personal identification number information, and the OTP generation condition registration server 1600 After authenticating the customer's personal identification number information through the first storage medium 1625, the customer's personal identification number information is transmitted to the second storage medium 1635 via the second storage medium management server 1630 And generating an OTP generation key (KEY) value or an OTP generation program to replace the OTP to be generated in the customer's cellular phone and providing the generated OTP to the customer's cellular phone. It will be possible to refer to and / or modify the FIG. 18 to various implementations of the mobile payment interworking OTP authentication process (e.g., omitting some steps or changing the order) The present invention is not limited to the above-described embodiments. That is, the process shown in FIG. 18 is a basic process for implementing the OTP generation condition registration system shown in FIG. 16, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 16 .

18, OTP generation condition information including customer personal identification number information is stored in the first storage medium 1625 through the OTP generation condition registration process shown in FIG. 17, and the second storage medium 1635, An OTP generation key (KEY) value or an OTP generation program is stored in the customer's mobile phone, and the OTP program code, the encryption key, and the decryption key associated with the mobile payment are provided to the customer's mobile phone. If the OTP authentication is required during the mobile payment (1805), the mobile phone handles the settlement of the mobile payment (step 1805) In order to overcome the two-factor authentication limit, the mobile payment interworking OTP program code is activated to output the personal identification number information input interface, When the customer personal identification number information is inputted through the input interface, the inputted customer personal identification number information is transmitted to the OTP generation condition registration server 1600 (1810).

According to an embodiment of the present invention, the customer's cellular phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 17, The condition registration server 1600 decrypts the received customer personal identification number information through the decryption key matching with the encryption key.

The OTP generation condition registration server 1600 compares the customer's personal identification number information included in the OTP generation condition information stored in the first storage medium 1625 with the customer's personal identification number information, (1815).

If the customer personal identification number information is authenticated 1820, the OTP generation condition registration server 1600 transmits the OTP generation condition registration server 1600 to the second storage medium 1635 via the second storage medium management server 1630 OTP generation key (KEY) value to be generated in place of the OTP or an OTP generation program is received (1825), and an OTP to be generated in the customer's mobile phone is alternatively generated through the OTP generation key (KEY) value or the OTP generation program 1830), and provides the substitute-generated OTP to the customer's mobile phone (1835).

According to the embodiment of the present invention, the OTP generation condition registration server 1600 encrypts the substitute generated OTP with an encryption key matched with the decryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 17 And the customer's cellular phone decrypts the received OTP with the decryption key.

The customer mobile phone displays the received OTP (1840) and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (1845), the customer mobile phone encrypts the input OTP and transmits the encrypted OTP to a server that authenticates the OTP through a mobile communication network (1850) And processes the mobile payment in connection with a mobile payment server (not shown) according to the result (1855).

FIG. 19 is a diagram illustrating a configuration of an OTP generation condition registration server 1900 for mobile payment according to a second embodiment of the present invention.

19 illustrates an OTP (OTP) message including at least one of customer's mobile phone number information, customer's personal identification number information, and customer's unique information (for example, information including the customer's name and resident registration number information) The OTP use application information is received from the information receiving unit 1905, the OTP generation condition information is set in the information registration unit 1910 and the OTP generation key KEY is set. Value or an OTP generation program to store and register in the storage medium 1925. If the personal identification number information transmitted from the customer's cellular phone is authenticated in the OTP processor 1915 when the customer uses mobile payment, 1925) or an OTP generation key (KEY) value associated with the OTP generation condition information stored in the OTP generation condition information storage unit 1925 or an OTP generation program If the OTP generation condition registration server 1900 is configured to refer to and / or modify the FIG. 19, the OTP generation condition registration server 1900 may be configured to transmit the OTP generation condition registration request to the customer's cellular phone. It is to be understood that the invention may be embodied in many different ways (e.g., some of the components may be omitted, or subdivided, or combined), but the invention encompasses all such contemplated embodiments, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 19, the OTP generation condition registration server 1900 includes an information receiver 1905 for receiving OTP usage application information of a customer from a customer terminal for using mobile settlement, An information registration unit 1910 for setting the customer personal identification number information as the OTP generation condition information and storing it in the storage medium 1925 in connection with the OTP generation key value or the OTP generation program, After receiving and verifying the customer's personal identification number information from the mobile phone, an OTP generation key (KEY) value associated with the OTP generation condition information including the customer's personal identification number information, or an OTP generation program, And an OTP processing unit 1915 for providing the generated OTP to the customer's cellular phone. The OTP processing unit 1915 is provided to the storage medium 1925, And a mobile phone processor 1920 for providing program codes for providing an OTP service to the mobile phone when the generation condition information is stored in association with the OTP generation key value or the OTP generation program.

According to the present invention, each means constituting the OTP generation condition registration server 1900 may be implemented as one independent server, or a combination of two or more functions may be implemented in a server form, Server, and it is evident that the present invention is not limited by the method of constructing the means.

The customer may request the mobile settlement or create an OTP in the customer's cellular phone according to a predetermined OTP generation algorithm through a mobile OTP generation program (e.g., an OTP generation key (KEY) value provided in the customer's cellular phone) (For example, the name of the customer, the name of the customer, the name of the customer, etc.) through the customer terminal, (OTP) application information including at least one of OTP usage information and OTP usage information.

Here, the customer's mobile number information may be a customer's mobile phone that uses mobile payment, a customer's mobile phone that receives a mobile OTP creation program, or a virtual OTP medium for mobile payment that receives and outputs an OTP generated by a server on behalf of the customer's mobile phone And a telephone number assigned to the customer's mobile phone, as information for identifying the customer's mobile phone corresponding to one or more of the customer's mobile phones to be used as the mobile phone.

According to an embodiment of the present invention, the customer mobile number information includes at least one of a terminal serial number (ESN), a USIM serial number (e.g., a chip serial number, a USIM serial number, and a serial number recorded in a USIM) Or a USIM identification code recorded in the USIM, or a terminal identification code stored in the memory of the cellular phone to generate and encrypt a code value that is not duplicated in order to identify the customer cellular phone, desirable.

That is, the customer mobile phone number information includes at least one of all the mobile phone related identification information held through the memory (or the USIM) of the mobile phone even when the customer mobile phone connects to or does not access the mobile communication network. As a result, the customer's mobile phone number information of the present invention is not limited to the above-described ones, and it is possible to include various identification information according to the type of the customer's mobile phone and a fixed ID value uniquely identifying it, It is clear that the present invention is not limited by the kind of the material.

Wherein the customer personal identification number information is used to authenticate generation of an OTP through the mobile OTP generation program when the mobile phone has a mobile OTP generation program, A Personal Identification Number (PIN) for authenticating the creation of an OTP on behalf of the customer's mobile phone by accepting the OTP medium for mobile payment for receiving and outputting the OTP generated by the server, A PIN for OTP generation registered through the PIN pad, or a unique identification number uniquely registered so as not to be duplicated for each customer for the OTP generation.

If the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the unique identification number is transmitted to a predetermined number server (not shown) or N (N > 1) The number of digits is automatically assigned, or the customer inputs the unique identification number of N digits which is not duplicated to the customer through the PIN pad, or the customer selects the n (E.g., the customer's mobile phone number information or the resident registration number included in the customer's unique information) of the (Nn) number uniquely assigned to the customer at the first number of 1 <= n <N Or a unique identification number of N digits, or the customer's mobile phone number information uniquely allocated to the customer (or two or more times that constitute the customer's mobile phone number information) (Or all) of the combination of the customer's mobile phone number information and the number (e.g., resident registration number) included in the customer specific information is determined to be an N-digit unique identification number, It is preferably determined by a unique identification number.

If the customer is registered as a customer for the mobile settlement, the customer specific information may be a database included in the server providing the mobile settlement service, If the customer is a new customer of the server providing the mobile payment service, the customer specific information may include the customer identification information for identifying the customer, (E.g., a name, a resident registration number, an address, a contact address, etc.) that can be registered on a database provided in the server.

The information terminal 1905 receives the OTP use application information from the customer terminal, and the information registration unit 1910 transmits the customer's personal identification number information to an OTP And the generation condition information.

Here, the OTP generation condition information may include an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone, when the personal identification number information transmitted from the customer's cellular phone is authenticated, Or OTP generation program, the OTP generation condition information includes an OTP generation key (KEY) value for generating an OTP on behalf of the customer's cellular phone or an OTP generation key value And stored.

According to the embodiment of the present invention, when the customer's personal identification number information includes a unique identification number uniquely registered so as not to be duplicated for each customer, the OTP generation condition information preferably includes the customer's personal identification number information Do.

Even if the customer personal identification number information does not include the unique identification number or the customer personal identification number information includes the unique identification number, the OTP generation condition information may include the customer's mobile phone number information (e.g., (E.g., mobile phone number), customer-specific information (e.g., resident registration number), one or more mobile phone unique identification information (e.g., terminal serial number (ESN) assigned to the customer's mobile phone, USIM serial number, , And one or more USIM identification codes recorded in the cellular phone USIM), and thus the present invention is not limited thereto.

When the OTP generation condition information is set, the information registration unit 1910 stores the OTP generation condition information in a storage medium 1925 by connecting the OTP generation condition information to an OTP generation key or an OTP generation program .

Here, the OTP generation key (KEY) value preferably includes at least one fixed seed value for generating an OTP and a parameter for determining a dynamic seed value.

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, (KEY) value preferably includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP.

Alternatively, if the OTP is generated by a challenge-response scheme, the fixed seed value of the OTP generation key (KEY) value includes a seed fixed to be substituted for the challenge-response OTP generation algorithm, and the OTP generation key (KEY ) Value comprises a random number generation seed for generating a random number corresponding to the dynamic seed value of the challenge-response type OTP.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated in the server, the OTP generation key (KEY) value may be one or more A fixed seed value, and a parameter for determining the dynamic seed value.

If the mobile phone has a mobile OTP generation program in addition to using the customer mobile phone as the virtual OTP medium for mobile payment, the OTP generation key (KEY) value may be a mobile OTP generation program And a parameter for determining a dynamic seed value, wherein the OTP generation key (KEY) value is provided to the customer's mobile phone, and the encryption key Or stored (or encrypted) in a USIM provided in the customer's mobile phone.

The OTP generation program includes an OTP generation algorithm for generating an OTP using one or more fixed seed values confirmed through the OTP generation key value and one or more dynamic seed values dynamically determined / When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting an OTP generated from a server, the OTP generation program is provided on a server for generating the OTP, The OTP generation program is implemented in the form of a mobile OTP generation program provided to the customer's cellular phone.

According to the embodiment of the present invention, a plurality of OTP generation algorithms for generating the OTP may exist depending on the type and the modification method. In this case, a plurality of OTP generation programs may exist according to the OTP generation algorithm.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer's cellular phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the information register 1910 couples the OTP generation condition information and the OTP generation key (KEY) (OTP) generation program information to be used for generating an OTP according to the OTP generation condition information, and stores the generated OTP generation program information in the storage medium (1925) It is preferable to store the data in the database.

If the OTP generation program is provided according to the OTP generation condition information, the information registration unit 1910 can store and register the OTP generation condition information and the OTP generation program information in the storage medium 1925.

Alternatively, when the mobile phone has a mobile OTP generation program, the information registration unit 1910 generates the OTP generation condition information, the OTP generation key value, and the OTP generation corresponding to the mobile OTP generation program provided to the customer mobile phone, It is preferable that program information (for example, version, algorithm, etc.) is stored and registered in the storage medium 1925 in conjunction with each other.

When the OTP generation condition information is stored in the storage medium 1925 in association with the OTP generation key value or the OTP generation program, the mobile phone processor 1920 generates OTP generation key (KEY) OTP program code for mobile phone to implement OTP through program.

If the personal identification number information transmitted from the customer's mobile phone is authenticated upon using the mobile payment through the customer's mobile phone according to the embodiment of the present invention, an OTP is generated on the server instead of the customer's mobile phone and transmitted to the customer's mobile phone, When the customer mobile phone is used as a virtual OTP medium for mobile payment for receiving and outputting the OTP generated at the server, the mobile phone processor 1920 inputs a personal identification number during mobile payment through the customer mobile phone, (For example, via a communication server provided in the mobile communication network) to the server. The server receives and outputs the OTP generation key (KEY) value and the OTP generated on behalf of the customer's cellular phone through the OTP generation program, An OTP input interface for inputting the output OTP is transmitted to a server for authenticating the OTP The mobile payment interworking OTP program code is provided to the customer's mobile phone.

According to the embodiment of the present invention, the mobile phone processor 1920 transmits information (for example, callback URL) for providing the mobile payment interworking OTP program code to the customer's mobile phone through a mobile communication network, It is preferable that the mobile payment interworking OTP program code is provided to the customer mobile phone in response to the request for the mobile payment interworking OTP program code through the information.

According to another embodiment of the present invention, the mobile payment interworking OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processor 1920 transmits the mobile payment interworking OTP It is possible to provide the program code to be provided to the customer's cellular phone or to process the mobile payment interworking OTP program code provided in the customer terminal to be provided to the customer's cellular phone.

The mobile payment interworking OTP program code may include an encryption code for encrypting the personal identification number and transmitting the encrypted personal identification number to the server through a mobile communication network and a decryption code for decrypting the OTP encrypted and transmitted by the server , The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and provided to the customer's cellular phone or may be provided to the customer's cellular phone through a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary type key) is preferably provided to the customer's cellular phone.

If the customer's mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile OTP generation program code, The OTP program code need not include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile payment interworking OTP program code preferably has a function of setting a communication interval with a server connected to the customer's mobile phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

Alternatively, when the mobile phone has a mobile OTP generation program, the mobile phone processor 1920 transmits information (for example, callback message) for providing the mobile OTP generation program code to the customer mobile phone through the mobile communication network And requesting the mobile OTP generation program code through the information from the customer mobile phone, the mobile OTP generation program code is provided to the customer mobile phone in response to the request.

According to another embodiment of the present invention, the mobile OTP generation program code may be provided to the customer mobile phone through the customer terminal. In this case, the mobile phone processor 1920 transmits the mobile OTP generation program code To be provided to the customer's cellular phone, or to process the mobile OTP generation program code provided in the customer terminal to be provided to the customer's cellular phone.

Here, the mobile OTP generation program code includes an encryption code for encrypting the OTP generated in the customer's mobile phone and transmitting the encrypted OTP to the server through the mobile communication network, and a decryption code for decrypting the information encrypted and transmitted by the server The encryption key for encryption or the decryption key for decryption may be included in the encryption code or the decryption code and may be provided to the customer's cellular phone or may be a key exchange procedure defined between the customer's cellular phone and the system A procedure for encrypting and exchanging a binary key is provided to the customer's mobile phone.

If the customer mobile phone is provided with the mobile payment interworking OTP program code and the mobile OTP generation program code together and the encryption / decryption uses the encryption code and the decryption code included in the mobile payment interworking OTP program code, the mobile OTP The generated program code does not need to include the encryption code and the decryption code, and a corresponding encryption key or decryption key may not be provided to the customer's mobile phone.

In addition, the mobile OTP generation program code preferably has a function of setting a communication interval with a server connected via a mobile communication network from the customer's mobile phone to a TLS (Transport Layer Security) encryption section.

When the mobile OTP generation program is initially provided in the mobile phone in the case where the mobile phone OTP generation program code is provided in the customer mobile phone according to the embodiment of the present invention, (E.g., telephone number, resident registration number, personal identification information, etc.) after encrypting and transmitting the user authentication information (e.g., telephone number, resident registration number, personal identification information, etc.) 1920), the OTP generation key (KEY) value associated with the mobile OTP generation program after the customer authentication for the customer authentication information is downloaded and stored in the customer's mobile phone memory in encrypted form or in a USIM provided in the customer's mobile phone And wherein the mobile OTP generation program code includes an OTP generation key KEY) value is included, the process of downloading the OTP generation key value may be omitted.

According to another embodiment of the present invention, it is possible to provide an integrated OTP generation program in which the mobile payment interworking OTP program code and the mobile OTP generation program code are integrated in the customer's mobile phone. In this case, (For example, a callback URL) for providing the integrated OTP program code to the customer's cellular phone through a communication network, and when the customer's cellular phone requests the integrated OTP program code through the information, It is desirable to provide the integrated OTP program code.

According to another embodiment of the present invention, the integrated OTP program code can be provided to the customer's mobile phone through the customer terminal. In this case, the mobile phone processor 1920 provides the integrated OTP program code to the customer terminal To be provided to the customer's cellular phone, or to process the integrated OTP program code provided to the customer terminal to be provided to the customer's cellular phone.

Herein, the integrated OTP program code may include an encryption code for encrypting the personal identification number and transmitting the personal identification number to the server through a mobile communication network, encrypting the OTP generated by the customer mobile phone and transmitting the encrypted OTP to the server through a mobile communication network, And a decryption code for decrypting the information encrypted and transmitted by the server, wherein the encryption key for encryption or the decryption key for decryption is stored in the encryption code or the decryption code Or is provided to the customer's mobile phone according to a key exchange procedure defined between the customer's mobile phone and the system (for example, a procedure for generating a session key and encrypting and exchanging a binary key) Do.

In addition, the integrated OTP program code preferably has a function of setting a communication interval with a server connected to the customer's cellular phone via a mobile communication network as a TLS (Transport Layer Security) encryption section.

According to the present invention, the mobile OTP generation program code provided in the customer's mobile phone can not be used for mobile settlement due to the limitation of two-factor authentication that a mobile payment medium and an authentication medium must be separated The mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, or the mobile payment interworking OTP program code may be used. Alternatively, the mobile payment interworking OTP program code may be used as the mobile payment OTP authentication medium, Only the part for transmitting the customer's personal identification number information from the program code to the server or receiving the OTP generated by the server alternatively can be used.

Therefore, when OTP authentication is required when using the mobile payment through the customer's mobile phone, the customer's mobile phone activates the mobile OTP generation program code (or the integrated OTP program code) to output a personal identification number input interface, When the customer's personal identification number information is input through the input interface, the inputted customer's personal identification number information is encrypted with a predetermined encryption key and transmitted.

According to an embodiment of the present invention, the customer personal identification number information is encrypted by an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the system through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between systems.

According to the embodiment of the present invention, the mobile OTP generation program code (or the integrated OTP program code) provided in the customer's mobile phone may include, in addition to the customer's personal identification number information input through the personal identification number input interface, One or more mobile phone unique identification information (for example, one or more of a terminal serial number (ESN) assigned to a customer's mobile phone, a USIM serial number, a terminal identification code stored in the memory of the mobile phone, and a USIM identification code recorded in the mobile phone USIM) It is possible to confirm the mobile phone identification information, and to transmit the mobile phone identification information further including the identified mobile phone identification information, thereby not limiting the present invention.

Alternatively, the personal identification number input interface may further include a user interface for inputting customer-specific information (for example, a resident registration number) in addition to a user interface for inputting the customer's personal identification number information. In this case, The mobile OTP generation program code (or the integrated OTP program code) may further include the entered customer specific information in addition to the customer personal identification number information, and thus the present invention is not limited thereto.

The OTP processor 1915 receives the customer identification number information encrypted by the customer's mobile phone, decrypts the encrypted customer identification number information to identify the original customer identification number information, And authenticates the validity of the customer personal identification number information.

When more than one mobile phone unique identification information or customer specific information is further received (and decoded) from the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1915 further uses the mobile phone unique identification information or customer- So as to authenticate the validity.

If the validity of the customer personal identification number information (which may further include the mobile phone unique identification information or the customer specific information) is authenticated, the OTP processing unit 1915 connects the OTP generation condition information to the storage medium 1925 An OTP generation key (KEY) value or an OTP generation program to generate an OTP to be generated in the customer's cellular phone.

If the OTP processing unit 1915 includes an OTP generation function to replace the OTP to be generated in the customer's mobile phone according to an embodiment of the present invention, the OTP processing unit 1915 generates an OTP Confirms / determines one or more fixed seed values and dynamic seed values from the OTP generation key (KEY) value, substitutes the fixed seed value and the dynamic seed value into a preset OTP generation algorithm It is preferable to alternatively generate an OTP to be generated in the customer's mobile phone.

When the OTP processing unit 1915 has a plurality of OTP generation functions for each OTP generation algorithm to replace the OTP to be generated in the customer's cellular phone according to another embodiment of the present invention, (KEY) value associated with the generation condition information, and OTP generation program information for selecting an OTP generation algorithm to replace the OTP to be generated in the customer's cellular phone, and generating the OTP generation key from the OTP generation key Determining whether or not at least one fixed seed value and a dynamic seed value corresponding to the program information have been determined; and assigning the fixed seed value and the dynamic seed value to the OTP generation algorithm corresponding to the OTP generation program information, As shown in FIG.

If the OTP processing unit 1915 does not include an OTP generation function to replace the OTP to be generated in the customer's cellular phone according to another embodiment of the present invention, Confirms the connected OTP generation key (KEY) value and OTP generation program code to replace the OTP to be generated in the customer's cellular phone, and confirms / determines one or more fixed seed values and dynamic seed values from the OTP generation key (KEY) And activates the OTP generation program code to replace the OTP to be generated in the customer's cellular phone through the fixed seed value and the dynamic seed value.

If the OTP to be generated by the customer's mobile phone is alternatively generated, the OTP processor 1915 encrypts the OTP generated and processes the OTP to be provided to the customer's mobile phone through the mobile communication network.

According to an embodiment of the present invention, the replacement-generated OTP is encrypted with an end-to-end data encryption scheme (e.g., AES 128 encryption scheme) between the customer's mobile phone and the system through an encryption key paired with a decryption key provided to the customer's mobile phone , And is preferably double encrypted through a TLS encryption method set in a communication interval between the mobile phone and the system.

Wherein the customer's cellular phone receives the alternately generated OTP through the mobile communication network and, when the received OTP is encrypted, decrypts the OTP through a predetermined decryption key and outputs the decrypted OTP to an OTP output area on the screen , And displays an OTP input interface in a predetermined area near the OTP output area. When the OTP is inputted through the OTP input interface, the input OTP is encrypted and transmitted to a server that authenticates the OTP through a mobile communication network .

Here, the OTP is encrypted with an end-to-end data encryption method (for example, AES 128 encryption method) between the customer's mobile phone and the server authenticating the OTP through an encryption key provided in the customer's mobile phone, It is preferable that the encryption is double-encrypted through a TLS encryption method set in a communication interval between servers.

The server for authenticating the OTP receives and decrypts the OTP through the mobile communication network, generates an OTP 'by checking an OTP generation key value or an OTP generation key value corresponding to the received OTP, And OTP 'to perform OTP authentication for the mobile payment transaction, and provides the OTP authentication result to the server for providing the mobile settlement.

FIG. 20 is a diagram illustrating an OTP generation condition registration process for mobile settlement according to a seventh embodiment of the present invention.

In more detail, FIG. 20 shows OTP usage information including at least one of customer's mobile phone number information, customer's personal identification number information and customer's unique information at the customer terminal shown in FIG. 19, and the OTP generation condition registration server 1900 ), Sets the customer personal identification number information as the OTP generation condition information, and generates an OTP generation key (KEY (KEY)) for generating an OTP to be generated in the customer mobile phone in the mobile payment process through the customer mobile phone ) Value or an OTP generation program and stores the program in the storage medium 1925 and registers the program in the storage medium 1925. Those skilled in the art will be able to refer to and / It is possible to infer various execution methods (for example, omitting some steps or changing the order) for the OTP generation condition registration process Would, in the present invention are made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 20. That is, the process shown in FIG. 20 is a basic process for implementing the OTP generation condition registration system shown in FIG. 19, and the actual OTP generation condition registration process includes all the various embodiments shown in FIG. 19 .

Referring to FIG. 20, when the customer requests the mobile payment or provides the mobile OTP generation program to the customer mobile phone, or requests the mobile payment OTP registration, the customer terminal shown in FIG. The OTP use condition registration server 1900 receives the OTP use application information when the OTP use application information including at least one of the number information, the customer personal identification number information, and the customer's unique information is input and transmitted.

The OTP generation condition registration server 1900 sets the OTP generation condition information as the OTP generation condition information and the OTP generation condition information and the OTP to be generated in the customer mobile phone in the mobile payment process through the customer mobile phone, An OTP generation key (KEY) value for creating an alternative or an OTP generation program is connected and stored in the storage medium 1925 (2010).

If the OTP generation condition information and the OTP generation key value or the OTP generation program are connected and stored in the storage medium 1925 in step 2015, the OTP generation condition registration server 1900 generates the OTP And provides OTP program code, encryption key, and decryption key for the mobile phone to implement OTP through a key value or an OTP generation program (2020).

Here, the OTP program code for the mobile phone provided to the customer's mobile phone in the OTP generation condition registration server 1900 may be configured such that the mobile payment medium and the authentication medium are separated from each other when the mobile payment is made through the customer's mobile phone, Providing an OTP generation key (KEY) value in the server or an OTP to be generated in the customer's mobile phone through an OTP generation program and providing the generated OTP to the customer's mobile phone, And a mobile payment interworking OTP program code having a function of receiving and outputting a substitute-generated OTP and inputting the substitute-generated OTP by displaying an OTP input interface near the area where the OTP is output, , The mobile payment interworking OTP program code may be transferred to the mobile &lt; RTI ID = 0.0 &gt; It is possible to further include the OTP generation program code or to include the integrated OTP generation program code.

FIG. 21 is a diagram illustrating a mobile payment interworking OTP authentication process according to a seventh embodiment of the present invention.

In more detail, FIG. 21 illustrates OTP generation condition information and an OTP generation key (KEY) value including customer's personal identification number information in a storage medium 1925 through an OTP generation condition registration process shown in FIG. 20, And the OTP program code, the encryption key, and the decryption key are provided to the customer's mobile phone and the OTP program code, the encryption key, and the decryption key are provided in the customer's mobile phone. If OTP authentication is required during the mobile payment process using the customer's mobile phone, In order to overcome the factor authentication limit, when the mobile payment interworking OTP program code is activated and the customer personal identification number information is inputted and transmitted, the OTP generation condition registration server 1900 transmits the customer personal identification number After confirming the information, the OTP generation key (KEY) value or the OTP generation program is checked and the OTP to be generated in the customer's mobile phone The present invention is not limited to the above embodiments, and various modifications and changes may be made to the mobile payment interworking OTP authentication process by referring to and / or modifying the FIG. It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention is not limited to the disclosed embodiments, Features are not limited. That is, the process shown in FIG. 21 is a basic process for implementing the OTP generation condition registration system shown in FIG. 19, and the actual mobile payment interworking OTP authentication process includes all the various embodiments shown in FIG. 19 .

Referring to FIG. 21, OTP generation condition information and OTP generation key (KEY) values including customer's personal identification number information or OTP generation program in the storage medium 1925 through the OTP generation condition registration process shown in FIG. After the mobile phone is provided with a mobile payment interworking OTP program code, an encryption key and a decryption key, the customer mobile phone interacts with a mobile payment server (not shown) , And IC chip settlement (2100). If the OTP authentication is required during the mobile settlement (2105), the customer's mobile phone can perform mobile settlement to overcome the limit of two-factor authentication for the mobile settlement Activates the interworking OTP program code to output a personal identification number information input interface, When the customer's personal identification number information is inputted, the inputted customer's personal identification number information is transmitted to the OTP generation condition registration server 1900 (2110).

According to an embodiment of the present invention, the customer's mobile phone preferably encrypts the customer's personal identification number information with an encryption key provided to the customer's mobile phone through the OTP generation condition registration process shown in FIG. 20, The condition registration server 1900 decrypts the received customer personal identification number information through the decryption key matched with the encryption key.

The OTP generation condition registration server 1900 compares the customer's personal identification number information included in the OTP generation condition information stored in the storage medium 1925 with the customer's personal identification number information to authenticate the customer's personal identification number information 2115).

If the customer's personal identification number information is authenticated 2120, the OTP generation condition registration server 1900 receives an OTP generation key KEY associated with the OTP generation condition information including the customer's personal identification number information from the storage medium 1925 ) Value or an OTP generation program (step 2125), an OTP generation key (KEY) value or an OTP to be generated in the customer's mobile phone through an OTP generation program is alternatively generated (2130) Provide customers with mobile phones (2135).

According to the embodiment of the present invention, the OTP generation condition registration server 1900 encrypts the substitute generated OTP with an encryption key matched with a decryption key provided to the customer's cellular phone through the OTP generation condition registration process shown in FIG. 20 And the customer's cellular phone decrypts the received OTP with the decryption key.

The customer mobile phone outputs the received OTP (2140), and displays the OTP input interface in a predetermined area near the area where the OTP is output. If the output OTP is input through the OTP input interface (2145), the customer's cellular phone encrypts the input OTP and transmits the encrypted OTP to a server that authenticates the OTP through a mobile communication network (2150) And processes the mobile payment in connection with a mobile payment server (not shown) according to the result (2155).

100: first server 105: second server
110: storage medium 115: mobile communication company server

Claims (13)

A method executed by a server communicating with a customer's cellular phone,
Receiving the customer's mobile phone number information and the customer's unique information of the customer using the program of the customer's mobile phone from the program of the customer's cellular phone through which the program implementing the One Time Password (OTP) is installed via the communication network, A first step of receiving identification number information for providing an OTP dynamically generated through a program of the customer's cellular phone;
A second step of processing the validity of the customer using the program of the customer's mobile phone to be authenticated using the customer's mobile phone number information and the customer's unique information;
If the validity is authenticated, the identification number information is mapped and stored with the customer's mobile number information or the customer's own information, and the OTP to be implemented through the program of the customer's mobile phone is dynamic The OTP generating program mapping the OTP generating program on the generated server and the customer's mobile phone to be provided with the OTP and registering the customer's cellular phone as an OTP medium provided with the OTP dynamically generated through the OTP generating program 3. The method of claim 1,
delete The method according to claim 1,
A telephone number of a customer's cellular phone having the program, terminal information of a customer's cellular phone having the program, an identification code stored in a memory portion of a customer's cellular phone that is uniquely generated and has the program, And an identification code stored in the at least one identification information storage unit.
The method according to claim 1,
Further comprising the step of processing the customer's mobile phone so that a program to be provided with the OTP dynamically generated through the OTP generation program on the designated server is provided to the customer's mobile phone.
The method according to claim 1,
Further comprising the step of processing the decryption key for decrypting the OTP encrypted by the program of the customer's cellular phone to be provided.
2. The method according to claim 1,
Further comprising processing the validity of the program provided in the customer's mobile phone to be authenticated using the customer's mobile phone number information.
The method according to claim 1,
Further comprising checking an OTP generation program on a designated server for dynamically generating an OTP that can be displayed through the program of the customer's mobile phone using the customer's mobile phone number information,
Wherein the third step maps the program of the customer's mobile phone and the identified OTP generation program using the customer's mobile number information or the customer's unique information.
The method according to claim 1,
Further comprising checking a generated key value for dynamically generating an OTP to be provided to a program of the customer's cellular phone,
The third step may further include storing the generated generated key value as a generated key value to be applied to the OTP generation program on the designated server using the customer's mobile phone number information or the customer's unique information A method for registering an orthophile medium of a customer's mobile phone.
The method according to claim 1,
Receiving an identification number inputted through the customer's cellular phone from a program of the customer's cellular phone at the time of OTP output through a program of the customer's cellular phone;
And authenticating the identification number received from the program of the customer's mobile phone using the identification number mapped with the customer's mobile phone number information.
The method according to claim 1,
A fourth step of confirming the dynamically generated OTP to be provided to the program of the customer's cellular phone through the OTP generation program of the designated server at the time of OTP output through the program of the customer's cellular phone;
A fifth step of encrypting the OTP so as to be decryptable through a program of the customer's cellular phone; And
And a sixth step of transmitting the encrypted OTP to the program of the customer's cellular phone.
11. The method of claim 10,
Receiving the customer's mobile number information from the program of the customer's mobile phone when outputting OTP through a program of the customer's mobile phone; And
And authenticating the customer mobile phone having the program using the customer mobile number information received from the program of the customer's mobile phone as an OTP medium that displays the dynamically generated OTP through the OTP generation program of the designated server Wherein the method comprises the steps of:
11. The method of claim 10,
Further comprising generating an encryption key corresponding to a decryption key corresponding to the program of the customer's cellular phone using the customer's mobile phone number information,
And the fifth step encrypts the OTP using the generated encryption key.
The method according to claim 1,
Wherein the server communicating with the customer's cellular phone and the server having the OTP generation program comprise a single server or a separate server connected to each other.

Images