KR101613308B1 - Method for Operating Mobile OTP by using Certification of User's Media - Google Patents

Abstract

According to another aspect of the present invention, there is provided a method of operating a mobile orthophony using a user medium authentication, the method being implemented in a mobile phone of a user having a specific program for implementing an OTP (One Time Password) A procedure for registering authentication information for authenticating the validity of a separate user medium in a specified storage medium, and a procedure for authenticating the mobile phone in which the specific program is installed to the OTP medium owned by the user implementing the OTP to be used in the specified authentication procedure The OTP medium information transmitted through the specific program is registered in the designated server. When the OTP is generated, the user medium information read from the user medium separately owned by the user is checked using the media reader unit of the mobile phone The authentication information of the user medium included in the designated storage medium A procedure for authenticating the validity of the user medium by transmitting the OTP medium information to the designated server through the procedure for authenticating the validity of the user medium and a procedure for receiving the OTP medium information transmitted through the specific program, A step of dynamically generating an OTP to be used in the specified authentication procedure when both the validity of the user medium and the validity of the OTP medium are authenticated, And an eigenvalue that is uniquely assigned uniquely after the specific program is installed in the user's cellular phone to authenticate the user.

Description

[0001] The present invention relates to a method of operating a mobile api using a user medium authentication,

The present invention provides a method for executing on a user's mobile phone having a specific program for implementing an OTP (One Time Password), the method comprising the steps of: authenticating a validity of a separate user medium, And the OTP medium information that can be transmitted through the specific program to be authenticated as a user-owned OTP medium that implements the OTP to be used in the designated authentication procedure The OTP management server performs a procedure of registering with the designated server. When generating the OTP, the media reader unit of the mobile phone confirms the user media information read from the user media separately owned by the user, A process of authenticating the validity of the user medium by using the above- And transmitting the OTP medium information, which is transmittable through the program, to the designated server, and performing a procedure of authenticating the mobile phone driving the specific program to the OTP medium implementing the OTP. The validity of the user medium and the validity of the OTP medium Wherein the OTP medium information includes at least one of a specific program and a specific program to authenticate a mobile phone in a state in which the specific program is installed, The present invention also relates to a method of operating a mobile service using user media authentication, which includes a unique value that is uniquely assigned after being installed.

As non-face-to-face transactions are activated by the development of information and communication technology, non-face traders must certify that the connected user is a valid trader through the communication network and prepare for accidents that may occur.

In the non-face-to-face transaction, the most common method for authenticating a user connected through a communication network is authentication using ID / PW. However, due to the problem that the ID / PW is easily exposed, And is used to identify a trader rather than to be used as a transaction.

As a non-face transaction authentication method more advanced than the method using the ID / PW, an authentication method using a public certificate is used. When a medium (for example, a computer) on which the public certificate is recorded is hacked or a keyboard hacking program When the non-face-to-face transaction is processed through the installed terminal, the authorized certificate also has a problem that it can not provide reliable non-face-to-face transaction authentication.

One-time password (OTP) is used as a method for solving the problem of the above-mentioned public certificate. The OTP is a fixed seed that is exchanged / shared by a trading partner in a non-contact manner when the one or more fixed seed values and a fixed seed value dynamically determined at the time of generating the secret are determined and determined at the time of non- Value and a dynamic seed value to a predetermined code generation algorithm (for example, a hash function) to generate an OTP that can be used once, exchange and authenticate the generated OTP, and reuse the same OTP even if the OTP is exposed It is used as an authentication means which is safer to hacking than other authentication means.

In order to generate the OTP as described above, the user has to carry a portable device called OTP generator. In recent years, the OTP generator has been implemented in an OTP generation program (for example, an OTP generation algorithm A program code and a seed value) are installed and used as an OTP generator.

However, in the conventional mobile phone OTP generator, an OTP generator in the form of a portable device is implemented as a program code on a mobile phone, and the OTP generation program installed in the mobile phone OTP generator is copied (for example, ), Or when the mobile phone OTP generator replicates a mobile phone in which the OTP generation program is installed, the mobile phone OTP generator is no longer reliable.

Also, when wireless non-face-to-face transaction such as wireless settlement / banking is used through a mobile phone used as the mobile phone OTP generator, the mobile phone is used as a transaction medium for the non-face-to-face transaction, In this case, the wireless non-face-to-face transaction as described above may not satisfy the two-factor authentication condition that the transaction medium and the authentication medium must be separated into different media in the non-face-to-face transaction through OTP authentication It has a problem.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a method of executing a method in a user's mobile phone having a specific program that implements a One Time Password (OTP), which is physically separate from the mobile phone and authenticates the validity of a separate user medium And an OTP medium that can be transmitted through the specific program to authenticate the mobile phone in a state in which the specific program is installed to be authenticated as a user-owned OTP medium that implements the OTP to be used in the designated authentication procedure A step of registering the information on the designated server, and a step of, when generating the OTP, checking the user media information read from the user media separately owned by the user using the media reader of the mobile phone, The validity of the user medium is authenticated using the authentication information of the user medium A second step of transmitting the OTP media information transmitted through the specific program to a designated server and authenticating the mobile phone operating the specific program to an OTP medium implementing the OTP; And a third step of dynamically generating an OTP to be used in the specified authentication procedure when both the validity and validity of the OTP medium are authenticated, wherein the OTP medium information includes at least one of a mobile phone And a unique value that is uniquely assigned after the specific program is installed in the mobile phone of the user so as to authenticate the mobile terminal.

A method of operating a mobile authentication using a user medium authentication according to the present invention is a method executed in a mobile phone of a user having a specific program for implementing an OTP (One Time Password) A procedure for registering authentication information for authenticating the validity of a separate user medium in a specified storage medium, and a procedure for authenticating the mobile phone in which the specific program is installed to the OTP medium owned by the user implementing the OTP to be used in the specified authentication procedure A step of registering OTP medium information which can be transmitted through the specific program to a designated server in order to generate OTP; and a step of registering OTP medium information, which is transmitted through the specific program, And authenticates the user medium included in the designated storage medium A method of authenticating the validity of a user medium using information and a method of transmitting OTP medium information transmittable through the specific program to a designated server and authenticating a mobile phone operating the specific program to an OTP medium implementing the OTP And a third step of dynamically generating an OTP to be used in the specified authentication procedure when both the validity of the user medium and the validity of the OTP medium are authenticated, And an eigenvalue that is uniquely assigned to the user's cell phone after the specific program is installed, in order to authenticate the cellular phone in which the specific program is installed and operated.

delete

delete

delete

The validity of the user medium may be confirmed through a specific program of the mobile phone or through a server communicating with the mobile phone in the method of operating the mobile authenticity using the user medium authentication according to the present invention.

delete

The OTP medium information may further include at least one of unique information stored in a memory unit of the mobile phone and code information provided from an IC chip interfaced with the mobile phone, .

The OTP may be generated through a specific program of the mobile phone, or may be generated through an IC chip interfaced with the mobile phone.

delete

The method of claim 1, further comprising the step of constructing at least one seed value among the seeds for OTP generation based on the read user media information, in the mobile orthopy operating method using the user medium authentication according to the present invention, Is characterized in that OTP is dynamically generated by using the seed value as one of the seeds for OTP generation.

In the method of operating a mobile authentication using a user medium authentication according to the present invention, the user medium includes at least one of a contactless IC card, an RF card, an RF device, and an RFID held by a user.

A method for operating a mobile service using a user medium according to the present invention is a method for operating a mobile service using a user medium executed in a wireless terminal having a program for generating an OTP (One Time Password) A first step of verifying user media information read from a user medium using a reader unit and a user medium corresponding to the user medium information through user medium authentication information stored in a designated storage medium, And a third step of dynamically generating an OTP when the validity of the OTP generation is confirmed.

The method of operating a mobile authentication using a user medium according to the present invention may further comprise registering and storing the user media authentication information.

In the method of operating a mobile object using a user medium according to the present invention, the OTP generation validity is confirmed through a program of the wireless terminal or through a server communicating with the wireless terminal.

The method comprising: transmitting predetermined OTP medium information for authenticating an OTP medium to a server authenticating a wireless terminal having the program as an OTP medium for generating an OTP; And receiving a result of authenticating the wireless terminal, on which the program is executed, with the OTP medium based on the OTP medium information from the server.

The method may further include configuring at least one seed value among the seeds for OTP generation based on the user medium information, And the seed value constructed based on the user medium information is used as one of the seeds for OTP generation to dynamically generate the OTP.

The mobile medium may include at least one of a contactless IC card, an RF card, an RF device, and an RFID tag carried by the user.

The method of operating a wireless access point using a user medium according to the present invention comprises the steps of: reading user media information uniquely assigned to a user from a user owned user medium when generating a One Time Password (OTP) at a wireless terminal; Constructing OTP generation information including the read user media information as a seed value, and generating and outputting an OTP using at least one fixed seed value included in the OTP generation information and a dynamic seed value dynamically determined, And the like.

Meanwhile, a method of operating a wireless access point using a user medium according to the present invention includes the steps of storing wireless terminal unique information, user-owned user media information, and server-side OTP generation information in a storage medium, Receiving the OTP generated through the OTP generation information including the user media information read from the OTP generation unit as the seed value, checking the unique information of the wireless terminal that generated the OTP, linking with the wireless terminal unique information from the storage medium And generating OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the user medium information, (Or verification operation) between the received OTP and the generated OTP 'to generate the received OTP validity And authenticating the authentication server.

Meanwhile, a method of operating a wireless access point using a user medium according to the present invention comprises the steps of: associating wireless terminal unique information and OTP generation information including user's own user information with a seed value in a storage medium; Receiving the OTP generated through the OTP generation information including the user media information read from the user medium of the OTP as a seed value, checking the unique information of the wireless terminal that generated the OTP, (Or verification operation) between the received OTP and the generated OTP ', thereby authenticating the received OTP validity, and verifying the received OTP validity by comparing the received OTP with the generated OTP' The method comprising the steps of:

The method of operating a wireless access point using a user medium according to the present invention includes the steps of storing user media authentication information in a USIM / memory of a wireless terminal and storing the user media information and the user media information stored in the USIM / And verifying the validity of the OTP generation by comparing (or verifying) the user's medium authentication information.

The method of operating a wireless access point using a user medium according to the present invention may further comprise processing the user medium information by hashing the seed value data structure of the OTP generation information.

The method of claim 1, wherein the user medium comprises any one of a user-owned IC card, an MS card, an RF card, an RF device, an RFID, and a USB device, The information includes at least one of card information, device information, RFID information, and USB information read from the user medium.

In the method of operating a wireless access point using a user medium according to the present invention, the user media information is included as a fixed seed value of the OTP generation information.

In the method of operating a wireless access point using a user medium according to the present invention, the OTP generation information includes wireless terminal specific information as a fixed seed value.

The OTP generation information may include a combination of terminal OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value and the user media information .

The OTP generation information may include at least one of a combination of server side OTP generation information including a parameter for determining one or more fixed seed values and a dynamic seed value, .

On the other hand, a computer-readable recording medium having recorded thereon a program for executing a wireless orthopedic operation method using the above-mentioned user medium.

Meanwhile, the wireless terminal according to the present invention includes a media reader unit for reading user media information uniquely assigned to the user from a user-owned user medium when generating a One Time Password (OTP) at a wireless terminal, An OTP generation unit for generating an OTP using an information structure unit constituting OTP generation information including the medium information as a seed value and a dynamic seed value dynamically determined by at least one fixed seed value included in the OTP generation information, .

Meanwhile, the wireless ontip operating system using the user medium according to the present invention includes a storage medium for storing wireless terminal unique information, user-owned user medium information and server-side OTP generation information in association with each other, And an OTP generation unit operable to receive the OTP generated through the OTP generation information including the user media information as the seed value, to identify the wireless terminal unique information that generated the OTP, to link the wireless terminal unique information from the storage medium And generating OTP generation information including a seed value included in the server-side OTP generation information and a seed value corresponding to the user medium information, (Or verification operation) between the received OTP and the generated OTP 'to generate the OTP' By having a OTP OTP authentication means for authenticating the validity characterized in that formed.

Meanwhile, the wireless ontip operating system using the user medium according to the present invention includes a storage medium for storing and storing OTP generation information including wireless terminal unique information and user owned user medium information as a seed value, An information receiving means for receiving the OTP generated through the OTP generation information including the user media information read from the medium as the seed value; and an information receiving means for verifying the wireless terminal unique information that generated the OTP, (Or verification operation) between the received OTP and the generated OTP 'to generate the received OTP validity information by comparing the received OTP with the generated OTP' And an OTP authentication means for authenticating the user.

According to the present invention, any one of card information, device information, RFID information, and USB information from a user medium corresponding to any one of an IC card, an MS card, an RF card, an RF device, When generating an OTP in a wireless terminal having a user medium information acquiring function for reading corresponding user medium information, the wireless terminal generates an OTP using the user medium information as a seed value of the OTP, and authenticates the OTP The server confirms the pre-registered user media information at the OTP authentication and authenticates the OTP using the identified user media information as the same seed value. Even if the wireless terminal is stolen / , And has the advantage of eliminating the two-factor authentication limit for OTP.

FIG. 1 is a diagram illustrating a configuration of a wireless terminal having a function of generating OTP using user media information according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a wireless OTP system according to an embodiment of the present invention.
3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.
4 is a diagram illustrating an OTP generation process according to the first embodiment of the present invention.
5 is a diagram illustrating an OTP generation process according to a second embodiment of the present invention.
6 is a diagram illustrating an OTP generation process according to a third embodiment of the present invention.
7 is a diagram illustrating an OTP generation process according to a fourth embodiment of the present invention.
8 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram illustrating a functional configuration of a wireless terminal 100 having a function of generating an OTP using user media information according to an embodiment of the present invention.

More specifically, FIG. 1 is a diagram showing an example of card information, device information, RFID information, and USB information from a user medium corresponding to any one of an IC card, an MS card, an RF card, an RF device, (N > = 2) OTP (One Time Password) using the user media information in the wireless terminal 100 having the OTP agent and the user medium information acquisition function for reading the user media information corresponding to one 1 is a block diagram illustrating a functional configuration of a wireless communication terminal according to an exemplary embodiment of the present invention. Referring to FIG. 1, It is possible to deduce an embodiment having a function of generating an OTP using the user media information in a portable Internet terminal or the like. And the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, FIG. 1 shows a method for generating an OTP of N digits using the user media information in the mobile phone when the cellular phone connected to the mobile communication network is provided with the user medium information acquisition function and the OTP agent. Technical features of the invention will now be described.

The wireless terminal 100 according to an embodiment of the present invention includes an outer body in terms of hardware and a speaker and a microphone, a keypad, a liquid crystal display (LCD), an antenna, and a battery 130 A modem chip (for example, an MSM series modem chip of Qualcomm of the United States) that incorporates functions such as a CDMA (Code Division Multiple Access) modem, a CPU / MPU (Central Processing Unit / Micro Processing Unit) , A memory device, a duplexer filter that separates the transmit and receive signals from one antenna, a power amplifier that amplifies the transmit signal, a high power amplifier (HPA), an isolator that prevents reverse transmission of high- ), An RF / IF SAW filter for removing the desired out-of-band spurious signal, a frequency upstream circuit for the transmission path, a frequency downconversion circuit for the reception path, a VCTCXO (Volt age controlled temperature compensated X-tal oscillator), a UHF frequency synthesizer used as a local signal of frequency up / down conversion, and a codec chip for converting an analog voice signal into a digital signal. Elements are gradually integrated into the modem chip. Various functions for various multimedia services or various additional services are integrated in the modem chip in addition to core components for the mobile communication service.

1, the wireless terminal 100 includes a control unit 105 corresponding to the modem chip on a structure corresponding to the component, a screen output unit 110 corresponding to a LCD (Liquid Crystal Display) A sound processing unit 115 corresponding to a microphone / speaker, a key input unit 120 corresponding to a keypad, a wireless communication unit 135 corresponding to an antenna and various RF modules, a memory unit 150 corresponding to a nonvolatile memory A universal subscriber identity module 140 corresponding to an integrated circuit (IC) chip for storing universal subscriber identification information; a USIM reader 140 for reading / writing information (or data) And a battery 130 for power supply. The USIM 140 and the USIM reader 145 may be omitted according to the intention of those skilled in the art.

According to the present invention, the wireless terminal 100 can receive card information uniquely assigned to a user from a user medium corresponding to any one of an IC card, an MS card, an RF card, an RF device, an RFID, and a USB device, And a media reader unit (125) for reading user medium information corresponding to any one of the RFID information and the USB information.

The control unit 105 includes a processor including a CPU / MPU provided in the modem chip and an execution memory, and includes a program routine for providing a function peculiar to the wireless terminal 100 from a memory device, (Or an integrated circuit) provided for the bus (BUS) for inputting and outputting program data, and the memory (150) or the memory device (or chipset) (Hereinafter, referred to as " user program information ") recorded in the recording medium of the wireless terminal 100 to generate an OTP using the user medium information It is assumed that the program code constructing unit corresponding to the OTP agent is included in the control unit 105 for convenience (Not shown) and one or more system management routines (e.g., power management routines, channel (forward / backward) management routines, power management routines, And a handoff routine (not shown). The control unit 105 realizes various functional configurations to be implemented in the wireless terminal 100. FIG.

According to an embodiment of the present invention, after power is supplied to the wireless terminal 100, the operating system routine (not shown), one or more system management routines (not shown) and various system variables corresponding thereto are transmitted to the controller 105 ), The wireless terminal 100 can determine the system setting detailed state, the pilot channel obtaining detailed state, the synchronous channel obtaining detailed state, and the timing conversion detailed state according to the booting procedure, Quot; mobile station initialization state ", which is included.

After performing the booting procedure, the operating system routine (not shown), one or more system management routines (not shown) and various system variables corresponding thereto are loaded into the execution memory provided in the control unit 105, The wireless terminal 100 is set to the operation mode corresponding to the "mobile station call waiting state ", the" system access state ", or the " Processing) procedure.

According to the embodiment of the present invention, it is preferable that the function of generating the OTP is started (or realized) by key input in the operation mode corresponding to the "mobile station call waiting state"

The screen output unit 110 is a function configuration unit for a screen for checking operation modes of the wireless terminal 100 and corresponding operation states of the wireless terminal 100. The screen output unit 110 includes one or more LCDs And a driver for driving the screen output device. The control unit 105 may output one or more key data input through the key input unit 120 in association with the control unit 105, A function processing screen and a function processing result screen corresponding to one or more functions (or programs) provided in the terminal 100 or outputting one or more contents (or downloaded) provided in the wireless terminal 100 (E.g., text content, image content, and multimedia content).

According to the embodiment of the present invention, the screen output unit 110 preferably performs a function of a menu screen corresponding to the function of generating the OTP, a function processing screen, and a screen output means for outputting a function processing result screen .

The sound processing unit 115 processes a sound input and output in each operation mode of the wireless terminal 100. The sound processing unit 115 decodes one or more encoded sound data, And a vocoder and a codec for encoding and outputting a sound signal input through a microphone provided in the wireless terminal 100 or a speaker.

According to the embodiment of the present invention, the sound processing unit 115 may generate sound data corresponding to a ringback tone through the speaker in an operation mode corresponding to the "system access state" among the operation modes of the wireless terminal 100 It is preferable to decode and output the voice signal, or to encode and input the voice signal through the microphone in the operation mode corresponding to the "call channel state ", or to decode and output the voice signal through the speaker.

In addition, the sound processing unit 115 may reproduce one or more sound contents or multimedia contents provided in (or downloaded from) the mobile terminal 100 in one or more operation modes including the " It is preferable that the sound data corresponding to the content is decoded and output.

The key input unit 120 may include a key input device having one or more key buttons including a number key, a character key or a function key, Wherein the key input device detects one or more key input signals generated by clicking (or inputting) the key button in the key input device.

According to the present invention, when a key input signal is detected from a key button provided in the key input device in an input mode or one or more operation modes controlled by the control unit 105, the key input unit 120 detects the key (E.g., MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, and MH_KEY_RELEASEEVENT) corresponding to the input signal, and provides the generated key event to the control unit 105. The control unit 105 controls the wireless terminal 100 (For example, from a key table storing (managing) one or more key data corresponding to a specific key event in each input mode or operation mode) in a current input mode or an operation mode of the key input device Reading the key data in the key event), or reading an instruction that executes a function defined by matching with the key event It characterized.

According to an embodiment of the present invention, the key input unit 120 inputs a telephone number in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the wireless terminal 100, It is preferable to change the operation mode of the wireless terminal 100 to the operation mode corresponding to the "system access state ".

The key input unit 120 inputs a function key (e.g., a menu key) in an operation mode corresponding to the "mobile station call standby state" among the operation modes of the wireless terminal 100, It is preferable to execute various functions provided in the mobile terminal.

According to an embodiment of the present invention, the key input unit 120 performs a function of key input means for inputting one or more key data corresponding to the function of generating the OTP.

The wireless communication unit 135 includes a CDMA modem and various RF modules (e.g., a duplexer filter, a power amplifier, a high power amplifier (HPA), an isolator ), An RF / IF SAW filter, a frequency up conversion circuit, a frequency down conversion circuit, a VCTCXO corresponding to a reference clock source, a UHF frequency synthesizer, etc.) and an antenna and a driver for driving the antenna. A Slot Mode, a Power Control, a Handoff, or a Call Processing procedure corresponding to each operation mode of the wireless terminal 100 .

According to another embodiment of the present invention, if the wireless terminal 100 shown in FIG. 1 is a portable Internet terminal, the wireless communication unit 135 may access a portable Internet based on IEEE 802.16x and configure a wireless communication function And it is possible to implement the present invention by modifying various other types of wireless communication configurations for providing wireless data communication in addition to the portable Internet. It is clear that it is not.

The USIM reader 145 is a functional component for exchanging one or more pieces of information (or data or commands) with the USIM 140 mounted or detached from the wireless terminal 100 through a standard including ISO / IEC 7816. [ The IC card reader includes a contact type IC card reader corresponding to the ISO / IEC 7816 standard. The IC card reader reads one or more pieces of information (or data) from the USIM 140 through an APDU (Application Protocol Data Unit) Data, or command) is exchanged.

The USIM 140 mounted on or detached from the wireless terminal 100 is an IC chip conforming to the ISO / IEC 7816 standard. Referring to the ISO / IEC 7816 standard, the USIM 140 includes a power supply (VCC) (E.g., commands or data) with the USIM reader unit 145 through contact points such as a reset signal RST, a clock signal CLK, a ground GND, a programming power supply VPP, an input / output An input / output interface for exchanging information with a processor, a processor unit including at least one computing element including a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor, (E.g., ROM) among the memory devices, and a memory including at least one memory device including a random access memory (RAM), an electrically erasable programmable read only memory (EEPROM), and a flash memory (FM) Management of IC card internal resources When a power is supplied from the USIM reader 145 through the power supply (VCC) contact point of the input / output interface, the COS stored in the memory is stored in the execution memory (USIM 140) through an APDU (Application Protocol Data Unit) based on a clock frequency (e.g., 3.57 MHz or 4.9 MHz) of the clock signal (CLK) And the USIM reader unit 145. [0050] FIG.

According to the present invention, it is preferable that the memory of the USIM 140 is provided with an OTP applet including various information and a program code necessary for generating the OTP in the wireless terminal 100, A storage unit (not shown) for storing a data set corresponding to information or data read out or used by a processor provided in the processor 100, and a USIM (not shown) by a computation function of the processor unit and a command set provided by the COS 140), and operates as a program routine (for example, a Java applet in the case of a Javacard) used by a processor included in the wireless terminal 100, Processing corresponding to an application including an instruction calling code that interacts with the processor unit and an execution code that is processed by the processor unit (Not shown). In particular, the processing unit reads an instruction provided from a processor included in the wireless terminal 100 via the input / output interface through the APDU, and stores the command in the storage unit on the basis of the read command And provides the result or the read information or data to the processor included in the wireless terminal 100 through the input / output interface through the APDU.

According to an embodiment of the present invention, it is preferable that the storage unit of the OTP applet stores terminal-side OTP generation information for generating the N (N > = 2) OTPs in the wireless terminal 100, The terminal side OTP generation information may be omitted.

The terminal side OTP generation information includes a parameter for determining a fixed seed value dynamic seed value for generating N (N > = 2) OTPs in the OTP agent included in the wireless terminal 100 The dynamic seed value determined by the fixed seed value and the parameter is substituted into the predetermined OTP generation algorithm and the OTP generation method to generate N-digit OTP.

For example, if the OTP is generated in a time-synchronized manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the time-synchronized OTP generation algorithm, and a parameter for determining a dynamic seed value , And a synchronization time setting value for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP).

Alternatively, if the OTP is generated in a challenge-response manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the challenge-response OTP generation algorithm and a parameter for determining a dynamic seed value A random number generation value for generating a random number of a challenge-response, or random number reception information for receiving a random number).

According to an embodiment of the present invention, the terminal-side OTP generation information may be stored in the storage unit of the OTP applet in association with the OTP agent included in the user wireless terminal 100 (encrypted storage is possible).

According to an embodiment of the present invention, the USIM 140 may have a function of generating the N (N> = 2) OTPs, and the OTP generation information for generating the N-digit OTP The processing unit of the OTP applet may include at least one fixed seed value for generating the N-digit OTP through the OTP generation information provided through the wireless terminal 100, And a program code for generating the OTP by inputting the determined one or more fixed seed values and the dynamic seed value into the set OTP algorithm.

According to an embodiment of the present invention, the storage unit of the OTP applet stores (or encrypts and stores) user's medium authentication information for authenticating user medium information obtained through the user medium information acquisition function provided in the wireless terminal 100, In this case, when the user medium information is transmitted from the wireless terminal 100, the processing unit of the OTP applet compares (or verifies) the user medium information with the user medium authentication information, 100 of the mobile terminal 100 authenticates the validity of generating the OTP using the user medium information, and responds to the wireless terminal 100 with the result of the validity authentication.

Here, the user medium information includes card information (or code information set as user medium information and recorded in the memory of the IC card) read from the user medium corresponding to the contactless IC card or the contact type IC card, Card information (or digit information recorded in the track of the MS card set by the user medium information) read from the user medium, card information (or user medium information set from the user medium corresponding to the RF card, (Or code information recorded in the memory of the RFID set by the user medium information) read from the user medium corresponding to the RFID, a USB Device information (or code information set in the user medium information and recorded in the memory of the USB device) It comprises me is preferred.

When the user medium information and the user media authentication information are compared and the OTP generation validity is authenticated, the user media authentication information may include the user media information as it is. And the user media authentication information includes a user media information verification value that is calculated with the user media information to derive a predetermined calculation result when verifying the authenticity of the OTP generation.

According to an embodiment of the present invention, the memory of the USIM 140 is divided into a subscriber information area having a fixed memory address and an application area having a directory file (EFdir) structure. The application area is based on ISO / IEC 10202 The memory includes a protection area in which secret information such as a chip serial number (CSN) is stored, a COS control area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area, and the OTP applet is stored in a designated storage area other than the protection area and the COS control area.

According to the ISO / IEC 7816 standard, an application area of the memory includes one master file (MF) corresponding to a root file, and function information for one or more storage information under the master file (DF) corresponding to each ICC storage information, and actual information or data for a smart card service disposed under the dedicated file are included The OTP applet includes a file structure including the above-described file structure.

The memory unit 150 includes a storage medium for storing one or more pieces of information (or data) in the wireless terminal 100, and a generic name of a nonvolatile memory corresponding to a recording medium for recording a program code corresponding to one or more program routines A read only memory (ROM) corresponding to the read-only memory, a flash memory (FM) capable of reading / writing, and an EEPROM (Electrically Erasable and Programmable Read Only Memory) .

According to the embodiment of the present invention, the memory unit 150 can encrypt and store the terminal side OTP generation information for generating the N (N> = 2) OTPs in the wireless terminal 100 , The terminal side OTP generation information may be omitted according to the method. However, when the terminal side OTP generation information is stored in the memory unit 150, the terminal side OTP generation information is preferably encrypted and stored in the memory unit 150.

The terminal side OTP generation information includes a parameter for determining a fixed seed value dynamic seed value for generating N (N > = 2) OTPs in the OTP agent included in the wireless terminal 100 The dynamic seed value determined by the fixed seed value and the parameter is substituted into the predetermined OTP generation algorithm and the OTP generation method to generate N-digit OTP.

For example, if the OTP is generated in a time-synchronized manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the time-synchronized OTP generation algorithm, and a parameter for determining a dynamic seed value , And a synchronization time setting value for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP).

Alternatively, if the OTP is generated in a challenge-response manner, the terminal-side OTP generation information includes at least one fixed seed value to be substituted into the challenge-response OTP generation algorithm and a parameter for determining a dynamic seed value A random number generation value for generating a random number of a challenge-response, or random number reception information for receiving a random number).

According to the embodiment of the present invention, the memory unit 150 encrypts and stores user-medium authentication information for authenticating user-medium information acquired through the user-medium information acquiring function provided in the wireless terminal 100 In this case, when the user medium information is obtained through the user medium information acquisition function, the wireless terminal 100 compares (or verifies) the user medium information with the user medium authentication information, It is preferable that the mobile terminal 100 authenticates the validity of generating the OTP using the user media information, and responds to the wireless terminal 100 with the validity authentication result.

The medium reader 125 reads out the card information corresponding to the user medium information (or the code information set as the user medium information and recorded in the memory of the IC card) from the user medium corresponding to the contactless IC card or the contact type IC card, An MS card reader for reading the card information corresponding to the user medium information (or the digit information recorded in the track of the MS card set as the user medium information) from the user medium corresponding to the MS card, An RF card reader unit for reading card information corresponding to the user medium information (or code information set as user medium information and recorded in the memory of the RF card) from a user medium corresponding to the RF card, The RFID information corresponding to the user's medium information (or the user's memory) (Or code information recorded in the memory of the USB device set as user medium information) corresponding to the user medium information from the user medium corresponding to the USB device, And a USB reader unit for reading the user medium. The user medium type and the user medium information structure to be read from the user medium may be variously modified according to the intention of the person skilled in the art, The invention clearly discloses that all media that record usable information as the user media information and deliver the user media information to the mobile phone via the media reader 125 are usable as the user media.

Referring to FIG. 1, when the user medium information is obtained through the media reader 125, the wireless terminal 100 compares the user medium information with user medium authentication information stored in the memory unit 150 (Or verification operation) to authenticate the validity of generating the OTP through the user medium information, or to transmit the user medium information to the USIM 140 so that the validity of generating the OTP through the user medium information is authenticated And an authentication unit (155) for performing authentication.

When the user medium information is obtained through the media reader unit 125, the authentication unit 155 transmits the user medium information to the USIM 140 / (Or a data structure capable of comparing (or verifying) the user media authentication information with the data structure of the user media information) Can be omitted if included).

If the memory unit 150 includes the user medium authentication information, the authentication unit 155 compares the user medium information with the user medium authentication information to check whether the user medium information is matched, The validity of generating the OTP through the user media information is authenticated by checking whether the predicted result is derived by processing the user authentication information and the user media authentication information.

According to another embodiment of the present invention, when the user medium authentication information is provided to the USIM 140, the authentication unit 155 transmits the user medium information to the USIM 140, The USIM 140 compares the user media information with the user media authentication information to check whether the user media information matches with the user media information and the user medium authentication information to check whether the predicted result is derived , And verifies the validity of generating the OTP through the user media information by responding to the comparison (or verification operation) result.

According to another embodiment of the present invention, the user media authentication information can be stored and maintained in a server on a communication network. In this case, the authentication unit 155 transmits the user media information to a server on the communication network , It is possible to authenticate the validity of generating the OTP through the user media information by receiving a result of the comparison (or verification operation) on the user medium information and the user medium authentication information from the server.

According to another embodiment of the present invention, the USIM 140 / memory unit 150 stores a password (or a personal identification number) registered by a user and inputs a password (or a personal identification number) The authentication unit 155 authenticates the input password (or the personal identification number) and authenticates the validity of generating the OTP through the user media information, or authenticates the password (or personal Identification number), and the present invention is not limited thereto.

1, the wireless terminal 100 includes an authentication processing unit 160 for authenticating that the wireless terminal 100 is an OTP medium having the user medium information acquisition function and the OTP agent through the wireless communication network The authentication processing unit 160 may be omitted according to the intention of the person skilled in the art or may be extended to the communication network by the authentication unit 155 to authenticate the validity of generating the OTP through the user medium information It is possible to do.

The authentication processing unit 160 identifies the unique information of the wireless terminal 100 provided in the USIM 140 and the memory 150 and configures the OTP media authentication information including the unique information of the wireless terminal 100 And transmits the encrypted OTP medium authentication information to a server on a communication network that authenticates the wireless terminal 100 with an OTP medium. The OTP medium authentication information is transmitted in an encrypted form using a decryptable encryption method by the server.

The unique information of the MS 100 provided in the USIM 140 includes a mobile identification number (MIN), a serial number (ESN), a subscriber identification number , An International Mobile Equipment Identity (IMEI), a Mobile Station International ISDN Number (MSISDN), and an IC chip serial number constituting the USIM 140, or the wireless terminal 100 may include one or more (E.g., a non-duplicated code value) or a USIM 140 identifier registered to authenticate that the OTP medium is an OTP medium having an OTP agent.

Alternatively, the unique information of the mobile terminal 100 included in the memory unit 150 may include a mobile identification number (MIN) stored in a predetermined system area of the memory unit 150 provided in the mobile terminal 100, (OTP) that is capable of generating the OTP, or may include at least one of a serial number (ESN), a subscriber identification number, and an International Mobile Equipment Identity (IMEI) (E.g., a non-redundant code value).

According to an embodiment of the present invention, the OTP medium authentication information may further include the user media information in addition to the unique information of the wireless terminal 100. To this end, the server on the communication network may compare the user media information (Or verification operation) is stored in the DB, and when the user medium information is received, it is checked whether the user medium information is matched with the user medium authentication information, And a function of transmitting the result of the comparison (or verification operation) to the wireless terminal 100 after confirming that the previously verified result is obtained by processing a predetermined verification operation with respect to the medium authentication information.

Referring to FIG. 1, the wireless terminal 100 includes an information configuration unit 170 that configures OTP generation information that includes the user media information as a seed value for generating N (N> = 2) Determining one or more fixed seed values and a dynamic seed value for generating the N-digit OTP from the constructed OTP generation information, and transmitting the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation (OTP) generation unit 175 for generating OTP by substituting the USIM 140 / memory with the USIM 140. When the OTP generation information is stored in the USIM 140 / memory, the USIM 140 / The OTP generation unit 170 generates the OTP generation information by combining the OTP generation information with the user media information to form N (N) pieces of OTP generation information, > = 2) digit OTP generation information for generating OTP of the number of OTPs.

If the validity of generating the OTP through the user medium information is authenticated by the authentication unit 155 (or the authentication processing unit 160), the information constructing unit 170 acquires the OTP And if the user media information does not match the data structure for generating the N-digit OTP, converts the obtained user media information into a data structure for generating the N-digit OTP . If the user medium information obtained through the medium reader 125 is composed of the data structure for generating the N-digit OTP or the data structure of the user medium information obtained through the medium reader 125 It is not necessary to convert the data structure of the user media information, and thus the present invention is not limited thereto.

According to an embodiment of the present invention, the user media information is hashed through a hash function that hashes a series of text / binary data into a data structure of a seed value constituting the OTP generation information, It is preferable that the data structure is converted into a data structure for generation.

The information constructing unit 170 constructs OTP generation information for generating N-digit OTP by including the user media information as a fixed seed value for generating the N-digit OTP.

According to the embodiment of the present invention, the information constructing unit 170 includes the unique ID of the wireless terminal 100 stored in the USIM 140 / memory unit 150 as a fixed seed value of the OTP generation information, It is preferable to configure OTP generation information for generating OTP of the number of digits.

If the N-digit OTP is a time-synchronized OTP, the information configuration unit 170 determines a time value (or a time value for a specific time interval) identified from a timer included in the wireless terminal 100 And construct OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is an OTP of the challenge-synchronization type, the information construction unit 170 generates a predetermined random number value and transmits / exchanges with the server, or receives / It is preferable that OTP generation information for generating the OTP of N digits is formed by including the random number value as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM 140 / memory, the information verification unit 165 confirms the terminal side OTP generation information from the USIM 140 / memory unit 150, Unit 170 processes the user media information into a fixed seed value for generating the N-digit OTP, combines the confirmed OTP generation information and the user media information to generate an N-digit OTP It is desirable to configure the OTP generation information for the OTP generation.

When OTP generation information including the user media information as the fixed seed value for generating the N-digit OTP is configured by the information configuration unit 170, the OTP generation unit 175 generates OTP generation information Determining one or more fixed seed values included in the OTP generation information, determining one or more dynamic seed values based on the parameters included in the OTP generation information, and determining the determined one or more fixed seed values and the dynamic seed value to a predetermined OTP generation algorithm And generates N (N > = 2) OTPs. Here, the number of digits of N for the OTP may be fixed or dynamically changed every time OTP is generated, so that the present invention is not limited thereto.

Referring to FIG. 1, when the N-digit OTP is generated through the OTP generation unit 175, the wireless terminal 100 outputs an OTP output through the screen output unit 110 When the wireless terminal 100 is equipped with a local communication unit (not shown), the OTP output unit 180 transmits the generated OTP To the terminal (or device) located close to the wireless terminal 100.

When the OTP is generated, the OTP output unit 180 outputs the generated OTP to a predetermined area on the screen of the wireless terminal 100 in cooperation with the screen output unit 110.

According to one embodiment of the present invention, the OTP output unit 180 outputs an OTP output screen on the screen of the wireless terminal 100 in association with the screen output unit 110, OTP < / RTI >

According to another embodiment of the present invention, the OTP output unit 180 outputs (or assigns) an OTP output area to the screen area currently output on the screen of the mobile station 100, in association with the screen output unit 110 ), And outputs the generated OTP to the OTP output area.

If the wireless terminal 100 is equipped with local communication means (e.g., Bluetooth, infrared communication, RFID communication, RF communication, etc.), the OTP output unit 180 generates It is possible to output the OTP to the terminal (or device) located close to the wireless terminal 100.

According to another embodiment of the present invention, in the case where the wireless terminal 100 transmits the generated OTP to a server that is provided on the communication network and authenticates the OTP, the OTP output unit 180 transmits the generated OTP to the wireless communication unit 135 (For example, an encryption / decryption-based communication channel) for transmitting the OTP to a server authenticating the OTP through a secure communication channel, It is possible to directly transmit the generated OTP to the server, and thus the present invention is not limited thereto.

2 is a diagram illustrating the configuration of a wireless OTP system according to an embodiment of the present invention.

2 shows an OTP agent for generating an OTP of N digits using the user media information to a wireless terminal 200 having the function of acquiring user media information, 1 shows a wireless OTP system configuration for authenticating N-digit OTPs generated using the user media information at the wireless terminal 200 after having the functional configuration of the wireless terminal 200 shown in FIG. 1, Those skilled in the art will be able to refer to and / or modify this FIG. 2 to illustrate various implementations of the wireless OTP system configuration (e.g., some configuration portions may be omitted, or fragmented, However, the present invention is not limited to the above-described embodiments, This is not limited.

Referring to FIG. 2, the wireless OTP system includes a wireless terminal 200 having the functional configuration shown in FIG. 1, an OTP authentication request server 200 for requesting OTP authentication to a user having the wireless terminal 200, And OTP medium information corresponding to the wireless terminal 200 registered with the OTP medium and having the same functional configuration as that of FIG. 1, and storing the OTP medium information and the server-side OTP generation information in the storage medium 255, The wireless terminal 200 provides an OTP agent corresponding to the functional configuration of the wireless terminal 200 shown in FIG. 1 (if the OTP agent is provided in the wireless terminal 200) And an OTP operating system for receiving and authenticating N-digit OTPs generated by the mobile terminal 200 using the user media information when the terminal 200 is used as an OTP medium. The wireless A user terminal 205 used by a user having the terminal 200 and a separate OTP server 220 for authenticating the N-digit OTP generated by the wireless terminal 200.

According to the present invention, in the OTP operating system, each means constituting the OTP operating system is implemented in the form of a single integrated server, or each means (or a combination of two or more means) constituting the OTP operating system, A part of the means constituting the OTP operating system is implemented in the form of a server, and a part of the means is constituted by the OTP server 220, the OTP authentication requesting server 215, Each of the means constituting the OTP operating system may be implemented as a component of one or more servers of the communication company server 210 provided in the wireless communication network to which the wireless terminal 200 is connected, The authentication request server 215, and the communication company server 210, and the OTP operating system is implemented Expression bayida put out clearly that the invention is not limited by the type of server and SHALL implementation location and number.

The wireless terminal 200 is a wireless communication terminal device registered as an OTP medium for generating an OTP of N digits using the user medium information among the wireless terminals 200 having the user medium information acquisition function, 1, or by receiving an OTP generation request through a wireless communication network, or by driving an OTP agent shown in FIG. 1 to authenticate the OTP generation, And OTP generation information including user media information is generated to generate and output OTP of N digits.

The OTP authentication request server 215 is a generic name of servers that request to authenticate a user, payment settlement, and financial transaction through an OTP generated by the wireless terminal 200. The OTP authentication request server 215 includes an OTP A shopping mall server or a content providing server or a home shopping server for processing authentication of payment through OTP generated by the wireless terminal 200, and an OTP generated by the wireless terminal 200 The present invention is not limited to the above-described OTP authentication request server 215 and the OTP authentication request method.

The user terminal 205 is a generic name of a communication terminal to which the user having the wireless terminal 200 accesses the OTP authentication request server 215 via a communication network. The user terminal 205 includes a key input unit, a screen output unit, (E.g., a wireless terminal 200, a portable Internet terminal, etc.) connected to a wireless communication network, a bi-directional communication terminal A digital TV having functions, an IP-TV, a household terminal connected to a home network, and the like.

According to the method of the present invention, the user terminal 205 and the wireless terminal 200 may be the same apparatus, and thus the present invention is not limited thereto.

The OTP server 220 receives N-digit OTPs generated by the wireless terminal 200 through a communication network, generates an OTP 'that matches the OTP, compares the OTP with OTP' ) To process the OTP authentication. The function of authenticating the OTP by the OTP server 220 may be provided in the OTP operating system, so that the present invention is not limited thereto.

Referring to FIG. 2, the OTP operating system registers the wireless terminal 200 having the user media information acquisition function as an OTP medium for generating N-digit OTP using the user medium information, And OTP media registration means 225 for forming server-side OTP generation information for generating OTP 'for authenticating N-digit OTPs generated by the OTP generation means 200 and storing the generated OTP generation information in the storage medium 255 , An OTP agent that generates N-digit OTPs using the user media information is provided to the wireless terminal 200 registered as the OTP medium, or terminal-side OTP generation information matching with the server-side OTP generation information is configured And wireless terminal processing means (230) for providing to the wireless terminal (200).

The OTP media registration means 225 may provide the OTP registration information to the wireless terminal 200. The OTP registration means 225 provides the OTP registration information to the wireless terminal 200, And stores the OTP medium information in the storage medium 255. When the OTP registration terminal (or the customer terminal used by the customer) provides the user medium information, The OTP media registration means 225 further stores the user media information in the OTP medium information in the storage medium 255.

The OTP registration terminal is a general term of a terminal device requesting to register the wireless terminal 200 as an OTP medium and includes a user terminal 205 used for the user, an OTP registration authority (For example, a national institution terminal, an OTP authentication request server 215, an operator terminal, a credit card terminal, a financial institution terminal, a securities company terminal, and the like) included in the server 215 operating agency, card company, .

The unique information of the mobile terminal 200 included in the OTP medium information includes at least one of a mobile identification number (MIN), a serial number (ESN) stored in a predetermined system area of the memory unit of the mobile terminal 200, An identification number, and an International Mobile Equipment Identity (IMEI), or a separate OTP medium registered to authenticate that the wireless terminal 200 is an OTP medium having an OTP agent capable of generating the N-digit OTP And an identifier (e.g., a code value that is not duplicated).

Alternatively, the unique information of the mobile terminal 200 may include a mobile identification number (MIN), a serial number (ESN), a subscriber identification number, an IMEI (International Mobile Equipment Identity), an MSISDN (Mobile Station International ISDN Number), and an IC chip serial number constituting a USIM, or the OTP agent capable of generating the N-digit OTP (For example, a non-duplicated code value) or a USIM identifier registered to authenticate that the OTP medium is an OTP medium having an OTP medium.

The customer information preferably includes a resident registration number corresponding to a name (or a user) of the wireless terminal 200 to be used as the OTP medium. It is preferable that the customer information includes a name, an address, a contact name And the like.

If the financial transaction is included in the authentication target using the wireless terminal 200 as the OTP medium, the customer information may further include financial information (e.g., account number, bank, etc.) of the customer corresponding to the customer information .

Or card transaction is included in the authentication target using the wireless terminal 200 as the OTP medium, the customer information may further include card information (e.g., card number, card company, etc.) of the customer corresponding to the customer information .

According to the intention of a person skilled in the art practicing the present invention and the field of using the wireless terminal 200 as an OTP medium, the customer information may include various information (for example, an object to be authenticated using the wireless terminal 200 as an OTP medium) And authentication information, the client account information for the game, and the like), and thus the present invention is not limited thereto.

The user medium includes any one of an IC card, an MS card, an RF card, an RF device, an RFID, and a USB device, and the user medium information includes at least one of a contactless IC card, (Or code information set in the user medium information and recorded in the memory of the IC card), card information (or code information set in the user medium information and recorded in the track of the MS card, which is read from the user medium corresponding to the MS card) ), Card information (or code information set as user media information and recorded in the memory of the RF card) read from the user medium corresponding to the RF card, RFID information (or user media information (E.g., code information set in the memory of the RFID), USB device information Code information set as user medium information and recorded in the memory of the USB device).

When the OTP medium information is received, the OTP media registration unit 225 provides the client information and the unique information of the wireless terminal 200 to the communication company server 210 to which the wireless terminal 200 is connected, It is preferable to authenticate whether or not the use of the wireless terminal 200 as an OTP medium through the server 210 is valid.

If the validity of the OTP medium information is received or the validity of using the wireless terminal 200 as the OTP medium is authenticated, the OTP medium registration means 225 registers the wireless terminal 200 on the basis of the OTP medium information, Side OTP generation information for authenticating the N-digit OTP that is generated using the user media information.

Here, the server-side OTP generation information includes information for generating an OTP 'of N digits to be compared (or verified) with the N-digit OTP generated by the wireless terminal 200, The above-mentioned fixed seed value and the parameter for determining the dynamic seed value.

In the case where the user media information is used as a fixed seed value for generating the N-digit OTP, the server-side OTP generation information may include the user media information to generate the N-digit OTP ' As seed values.

If the wireless terminal 200 uses the unique information of the wireless terminal 200 provided in the USIM / memory unit as it is or changes the data structure of the unique information of the wireless terminal 200 to generate the N-digit OTP When used as a fixed seed value, the server side OTP generation information preferably includes a fixed seed value corresponding to the unique information of the wireless terminal 200 as a fixed seed value for generating the N-digit OTP '.

According to the embodiment of the present invention, the server-side OTP generation information preferably includes a fixed seed value generated based on the unique information of the mobile station 200 and / or the customer information included in the OTP medium information, The generated fixed seed value is preferably included in the terminal-side OTP generation information to be provided to the wireless terminal 200.

If the N-digit OTP is generated in a time-synchronized manner, the server-side OTP generation information includes synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronization method OTP .

Or if the N-digit OTP is generated in a challenge-response manner, the server-side OTP generation information may generate a random number corresponding to the dynamic seed value of the challenge-response OTP, or receive a random number through the wireless communication network And a random number generation value for generating a random number.

When the server-side OTP generation information is generated (or allocated), the OTP media registration unit 225 configures terminal-side OTP generation information to be matched with the server-side OTP generation information. Information included in the wireless terminal 200 or can be determined dynamically in the OTP agent provided to the wireless terminal 200 without any additional information, The present invention is not limited thereto.

The OTP media registration unit 225 stores the OTP medium information and the server-side OTP generation information in the storage medium 255 in association with each other, thereby allowing the wireless terminal 200 to transmit the N-digit OTP As an OTP medium.

If the user media information is received from the OTP registration terminal, the OTP media registration unit 225 may further store the user media information in the OTP medium information in the storage medium 255.

If the wireless terminal 200 does not have an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1, the wireless terminal processing unit 230 transmits the OTP agent to the wireless terminal 200 ) And provides the OTP agent program code corresponding to the configuration shown in FIG. 1 to the wireless terminal 200 through the communication channel, so that the wireless terminal 200 The OTP agent program code may be omitted from providing the OTP agent program code to the wireless terminal 200 if the OTP agent is installed in the wireless terminal 200. [

When the terminal side OTP generation information is configured by the OTP media registration means 225, the wireless terminal processing means 230 transmits the OTP generation information to the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 through the wireless communication network Side OTP generation information to the wireless terminal 200 through the communication channel to be recorded in a USIM / memory unit provided in the wireless terminal 200, and the terminal-side OTP If generation information is not configured or OTP can be generated through the wireless terminal 200 unique information and user medium information provided in the wireless terminal 200 without the terminal side OTP generation information at the wireless terminal 200 , It may be omitted to provide the terminal side OTP generation information to the wireless terminal 200.

According to an embodiment of the present invention, the wireless terminal processing unit 230 provides the OTP agent program code and terminal-side OTP generation information to the wireless terminal 200 through a separate communication channel, It is possible to provide the wireless terminal 200 with package data including a code and terminal side OTP generation information.

In addition, the wireless terminal processing unit 230 may provide user media authentication information corresponding to the user media information of the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 through a wireless communication network, 200 to be recorded in the USIM / memory unit.

When the user terminal 200 authenticates the OTP generation validity by comparing the user media information with the user media authentication information, the user media authentication information may include the user media information as it is. And when the user media authentication information is verified to verify the OTP generation validity, the user media authentication information may include a user media information verification value that is calculated with the user media information to induce a predetermined calculation result .

Referring to FIG. 2, the OTP operating system receives OTP medium authentication information from the wireless terminal 200 through a wireless communication network, compares the OTP medium authentication information with OTP medium information stored in the storage medium 255 (Or verification operation) to authenticate the wireless terminal 200 as an OTP medium.

When the wireless terminal 200 transmits the OTP medium authentication information, the medium authentication unit 235 receives the OTP medium authentication information, and receives from the storage medium 255 the configuration information included in the OTP medium authentication information (Or verification operation) between the configuration information included in the OTP medium authentication information and the configuration information included in the OTP medium information, and performs the comparison (or verification operation) with the configuration information included in the OTP medium authentication information, As a result, if the configuration information included in the OTP medium authentication information matches (or matches) the configuration information included in the OTP medium information stored in the storage medium 255, or if a result predicted through the verification operation is derived, The wireless terminal 200 that has transmitted the OTP media authentication information is authenticated by the OTP media registration means 225 to the valid wireless terminal 200 registered as the OTP medium.

According to the embodiment of the present invention, the OTP medium authentication information includes unique information of the wireless terminal 200 provided in the USIM / memory unit of the wireless terminal 200. In this case, (Or verify operation) between the unique information of the wireless terminal 200 included in the OTP medium authentication information and the unique information of the wireless terminal 200 included in the OTP medium information stored in the storage medium 255, Is authenticated as an OTP medium.

Also, the OTP medium authentication information may further include the user medium information. When the user medium information is stored in the storage medium 255, the medium authentication unit 235 may include the OTP medium authentication information (Or verify operation) with the user media information included in the OTP media information stored in the storage medium 255 to authenticate the mobile terminal 200 as an OTP medium.

Referring to FIG. 2, the OTP operating system receives N-digit OTPs generated using the user media information from an OTP agent provided in the wireless terminal 200 through a communication network, An information receiving means 240 for confirming the unique information of the terminal 200 and an information checking means 240 for checking OTP generation information for generating N-digit OTP 'to be compared (or verified) with the received N-digit OTP An OTP authentication unit 245 for generating N-digit OTP 'through the OTP generation information, and comparing (or verifying) the N-digit OTP with OTP' to verify whether the received OTP is valid The information receiving means 240, the information checking means 250 and the OTP authentication means 245 may be implemented in a separate OTP server 220, All methods that can be inferred This is clearly stated.

When the OTP is input and transmitted through the OTP input interface displayed on the user terminal 205, the information receiving means 240 transmits the OTP to the user terminal 205 via the communication network, The user terminal 205 receives the OTP from the user terminal 205. In this case, the user terminal 205 may receive the unique information of the wireless terminal 200 that generated the N-digit OTP, And the information receiving means 240 receives the unique information of the mobile terminal 200 from the user terminal 205 or receives the OTP medium information from the OTP medium information based on the customer information, It is desirable to confirm the unique information of the wireless terminal 200 that has generated the OTP of the wireless terminal 200.

Alternatively, the wireless terminal 200 can generate the OTP of the N digits and then transmit the generated OTP through the wireless communication network. In this case, the information receiving means 240 may receive the OTP through the wireless communication network, The mobile terminal 200 receives the OTP from the terminal 200. The mobile terminal 200 may identify the wireless terminal 200 by reading a communication protocol defined in the wireless communication network, 200) unique information.

According to the method of the present invention, when the OTP is encrypted and transmitted, the information receiving unit 240 decodes the OTP according to a predetermined decoding method.

When the OTP is received, the information checking unit 250 checks the server side OTP generation information associated with the unique information of the wireless terminal 200 from the storage medium 255.

According to an embodiment of the present invention, the confirmed server side OTP generation information includes the same fixed seed value as the OTP generation information including the user media information to generate N-digit OTP in the wireless terminal 200, If the OTP generation information includes the parameter for determining the seed value, the information checking means 250 identifies the confirmed server side OTP generation information as OTP generation information for generating OTP 'of N digits.

According to another embodiment of the present invention, when the verified server side OTP generation information does not include the user medium information, the information checking means 250 checks whether the server side OTP generation information OTP generation information for generating OTP 'of N digits by combining the server side OTP generation information and the user medium information, and the user medium information is composed of N digits OTP ', the information checking unit 250 may convert the user media information into a data structure for generating the N-digit OTP'.

When the OTP generation information for generating the N-digit OTP 'is confirmed / configured, the OTP authentication means 245 identifies one or more fixed seed values for generating the OTP' from the OTP generation information, Determines one or more dynamic seed values through the parameters included in the generation information, and substitutes the determined one or more fixed seed values and dynamic seed values into the predetermined OTP generation algorithm to generate OTP 'of N digits.

When the N-digit OTP 'is generated, the OTP authentication unit 245 compares (or verifies) the received N-digit OTP' with the generated OTP 'to authenticate the OTP validity.

If the OTP and OTP 'match (or match) with each other as a result of the comparison, or if the predicted result is obtained through a verification operation, the OTP authentication unit 245 processes the OTP validity as authenticated, And provides the validity authentication result to at least one of the OTP authentication request receiving server 215, the user terminal 205, and the wireless terminal 200 that requires the OTP authentication result.

On the other hand, if the OTP and OTP 'do not match (or match) as a result of the comparison, or if the predicted result is not obtained through the verification operation, the OTP authentication unit 245 treats the OTP validity as unauthenticated And provides the OTP validity authentication result to at least one of the OTP authentication request receiving server 215, the user terminal 205, and the wireless terminal 200 that requires the OTP authentication result.

3 is a diagram illustrating an OTP media registration process according to an embodiment of the present invention.

In more detail, FIG. 3 shows a process of registering a user's wireless terminal 200 as an OTP medium on the wireless OTP system shown in FIG. 2, and a person skilled in the art , It is possible to refer to and / or modify the FIG. 3 to derive various implementations of the OTP media registration process (e.g., omitting some steps or changing the order) All the methods of implementation are included, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 3, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 3, when an OTP registration terminal accesses a server through a communication network and requests registration of the user's wireless terminal 200 as an OTP medium (300), the server registers the user information of the user, The OTP registration terminal provides an OTP media registration interface 300 for inputting / registering OTP media information including the unique information of the mobile terminal 200 corresponding to the user's wireless terminal 200, OTP media information including the unique information of the wireless terminal 200, the customer information, and the user media information through the registration interface, and transmits the OTP medium information to the server (310).

The server receives the OTP medium information including the unique information of the wireless terminal 200, the customer information and the user medium information from the OTP registration terminal, and transmits the OTP registration information including the unique information of the wireless terminal 200, (315) to the communication company server 210 corresponding to the unique information of the wireless terminal 200 and verifies the validity of using the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 as the OTP medium.

If the validity of using the wireless terminal 200 as an OTP medium is not confirmed at step 320, the server provides OTP medium error information to the OTP registration terminal at step 325, The process of registering with the medium is terminated.

On the other hand, when the validity of using the wireless terminal 200 as an OTP medium is confirmed 320, the server generates an N-digit number (Or assigns) the server-side OTP generation information for authenticating the OTP 330, and stores the OTP medium information and the server-side OTP generation information in the storage medium 255 (335).

When providing the terminal side OTP generation information to the wireless terminal 200 according to an embodiment of the present invention, the server preferably configures terminal side OTP generation information matching with the server side OTP generation information, Side OTP generation information can be dynamically determined in the OTP agent provided to the wireless terminal 200 without information or including information based on the wireless terminal 200, And the present invention is not limited thereto.

Then, the server checks whether the OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is provided to the wireless terminal 200 corresponding to the unique information of the wireless terminal 200 (340).

According to the embodiment of the present invention, the server transmits OTP agent information (for example, OTP agent version information, OTP issuer information, OTP use location information, OTP agent information, (Not shown) or an OTP server 220 or a communication company server 210 that stores the OTP agent in the wireless terminal 200 in association with the OTP agent.

If the OTP agent is not installed in the wireless terminal 200 in operation 345, the server is operable in a platform (or an operating system) included in the wireless terminal 200 and the wireless terminal 200 ) OTP agent program code corresponding to the configuration of the wireless terminal 200, and when the terminal-side OTP generation information matching with the server-side OTP generation information is configured, the terminal-side OTP generation information is transmitted to the wireless terminal 200 The wireless terminal 200 records the OTP agent in a recording medium (e.g., a program area of a USIM / memory) provided in the wireless terminal 200, To the OTP agent and stores it in the USIM / memory unit of the wireless terminal 200 (360).

On the other hand, if the OTP agent is installed in the wireless terminal 200 (345), the server may not provide the OTP agent program code to the wireless terminal 200, Side OTP generation information to the wireless terminal 200 (350), the wireless terminal 200 transmits the terminal-side OTP generation information to the wireless terminal 200 (E.g., a program area of the USIM / memory unit) and stores the program in the USIM / memory unit of the wireless terminal 200 (360).

4 is a diagram illustrating an OTP generation process according to the first embodiment of the present invention.

In more detail, FIG. 4 illustrates a process of generating N-digit OTP using the user media information in the wireless terminal 200 shown in FIG. 1. Referring to FIG. 4, It is possible to refer to and / or modify the FIG. 4 to derive various implementations of the OTP generation process (e.g., omitting some steps or changing the order) All the methods to be inferred are included, and the technical features thereof are not limited only by the method shown in FIG.

For example, in FIG. 4, the wireless terminal 200 transmits OTP medium authentication information including the user medium information and the unique information of the wireless terminal 200 to the OTP operating system shown in FIG. 2, 200, but the present invention is not limited thereto, and the OTP medium authentication process may be omitted.

Hereinafter, in FIG. 4, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 4, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection (Or an OTP agent driving command) is received through the mobile communication network, the OTP agent corresponding to the configuration of the mobile terminal 200 shown in FIG. 1 is driven to transmit the mobile terminal 200 to the OTP The user authentication is requested (400), and the user authentication is processed through the password (or the personal identification number) (405).

If the user authentication is not processed (410), the wireless terminal (200) outputs user authentication error information (415) and ends the OTP generation process.

When the user authentication is processed 410, the wireless terminal 200 is connected to any one of an IC card reader, an MS card reader, an RF card reader, an RFID reader, and a USB reader included in the wireless terminal 200 (420) the user medium information corresponding to any one of the card information, the device information, the RFID information, and the USB information through the corresponding media reader.

If the user media information is obtained through the user media information acquisition function (step 425), the wireless terminal 200 configures OTP media authentication information including the user media information and the unique information of the mobile terminal 200 430, and transmits the OTP medium authentication information to the server to request authentication of the wireless terminal 200 with the OTP medium (435).

If the wireless terminal 200 is not authenticated as an OTP medium (440), the wireless terminal 200 outputs OTP medium error information (445) and ends the OTP generation process.

If the wireless terminal 200 is authenticated as an OTP medium (440), the wireless terminal 200 generates the N-digit OTP by including the user media information as a fixed seed value for generating the N-digit OTP (450).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms the terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the user medium information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified UE-side OTP generation information with the user medium information after processing the N-digit OTP to generate a fixed seed value.

If the OTP generation information including the user media information as the fixed seed value is configured (455), the wireless terminal 200 checks one or more fixed seed values included in the configured OTP generation information, (Step 460). In step 460, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

5 is a diagram illustrating an OTP generation process according to a second embodiment of the present invention.

More specifically, FIG. 5 illustrates a process of generating N-digit OTP using the user media information in the wireless terminal 200 shown in FIG. 1. Specifically, the USIM / And verifying the validity of OTP generation using the user media information through the user media authentication information when the user medium authentication information to be compared (or verified) with the user medium information is included in the memory unit Respectively.

Those skilled in the art will be able to refer to and / or modify the FIG. 5 to understand the various ways of implementing the OTP generation process (e.g., omitting some steps or changing the order) However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

For example, in FIG. 5, the process of authenticating the user through the password (or the personal identification number) of the user is omitted for the sake of convenience by including the process of checking the OTP generation validity through the user medium information and the user medium authentication information. The present invention is not limited thereto, and the user authentication process may be further provided.

5, for convenience, the wireless terminal 200 transmits the OTP medium authentication information including the user medium information and the unique information of the wireless terminal 200 to the OTP operating system shown in FIG. 2, 200, but the present invention is not limited thereto, and the OTP medium authentication process may be omitted.

Hereinafter, in FIG. 5, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 5, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection Or when an OTP generation command (or an OTP agent driving command) is received through the mobile communication network, an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is driven to be provided to the wireless terminal 200 Corresponding to one of the card information, the device information, the RFID information, and the USB information via the medium reader corresponding to any one of the IC card reader, the MS card reader, the RF card reader, the RFID reader and the USB reader (500).

If the user medium information is acquired through the user medium information acquisition function (505), the wireless terminal 200 compares the acquired user medium information with user medium authentication information provided in the USIM / And verifies the validity of the OTP for generating N-digit OTP through OTP generation information including the user media information (510).

If the OTP validity is not confirmed (515), the wireless terminal 200 outputs OTP generation validity error information (520) and ends the OTP generation process.

On the other hand, when the validity of the OTP is confirmed (515), the wireless terminal 200 constructs OTP medium authentication information including the user medium information and the unique information of the wireless terminal 200 (525) And transmits the medium authentication information to request the OSS medium to authenticate the wireless terminal 200 (530).

If the wireless terminal 200 is not authenticated as the OTP medium (535), the wireless terminal 200 outputs the OTP medium error information (540) and ends the OTP generation process.

If the wireless terminal 200 is authenticated as an OTP medium (535), the wireless terminal 200 generates the N-digit OTP by including the user medium information as a fixed seed value for generating the N-digit OTP (545).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms the terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the user medium information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified UE-side OTP generation information with the user medium information after processing the N-digit OTP to generate a fixed seed value.

If the OTP generation information including the user medium information as the fixed seed value is configured 550, the wireless terminal 200 checks one or more fixed seed values included in the configured OTP generation information, (Step 555). In step 555, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

6 is a diagram illustrating an OTP generation process according to a third embodiment of the present invention.

More specifically, FIG. 6 illustrates a process of generating N-digit OTP using the user media information in the wireless terminal 200 shown in FIG. 1. Specifically, the USIM / And verifying the validity of OTP generation using the user media information through the user media authentication information when the user medium authentication information to be compared (or verified) with the user medium information is included in the memory unit Respectively.

Those skilled in the art will appreciate that various implementations of the OTP generation process (e.g., omitting some steps or changing the order) may be implemented by referring to and / or modifying FIG. 6, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, in FIG. 6, the process of authenticating the user through the password (or the personal identification number) of the user is omitted for simplicity by including the process of confirming the validity of the OTP generation through the user medium information and the user medium authentication information. The present invention is not limited thereto, and the user authentication process may be further provided.

Hereinafter, in FIG. 6, the OTP operating system shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 6, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection Or when an OTP generation command (or an OTP agent driving command) is received through the mobile communication network, an OTP agent corresponding to the configuration of the wireless terminal 200 shown in FIG. 1 is driven to be provided to the wireless terminal 200 Corresponding to one of the card information, the device information, the RFID information, and the USB information via the medium reader corresponding to any one of the IC card reader, the MS card reader, the RF card reader, the RFID reader and the USB reader (600).

If the user medium information is acquired through the user medium information acquisition function (605), the wireless terminal 200 compares the obtained user medium information with user medium authentication information provided in the USIM / And verifies the validity of the OTP for generating N-digit OTP through the OTP generation information including the user media information (610).

If the OTP validity is not confirmed (615), the wireless terminal 200 outputs OTP generation validity error information (620), and ends the OTP generation process.

On the other hand, if the OTP validity is confirmed (615), the wireless terminal 200 includes OTP generation information for generating N-digit OTP by including the user media information as a fixed seed value for generating the N-digit OTP (625).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms the terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the user medium information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified UE-side OTP generation information with the user medium information after processing the N-digit OTP to generate a fixed seed value.

If the OTP generation information including the user media information as the fixed seed value is configured 630, the wireless terminal 200 checks one or more fixed seed values included in the configured OTP generation information, (Step 635). In step 635, one or more dynamic seed values are determined based on the parameters included in the OTP generation algorithm, and one or more fixed seed values and dynamic seed values determined / determined are substituted into the predetermined OTP generation algorithm.

7 is a diagram illustrating an OTP generation process according to a fourth embodiment of the present invention.

FIG. 7 shows a process of generating N-digit OTP using the user media information in the wireless terminal 200 shown in FIG. 1. Referring to FIG. 7, It is possible to refer to and / or modify the FIG. 7 to various implementations of the OTP generation process (e.g., omitting some steps or changing the order). However, And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

Hereinafter, in FIG. 7, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 7, the wireless terminal 200 receives a dedicated key button for requesting to generate an N-digit OTP through key input means, or requests to generate the N-digit OTP through a predetermined menu selection (Or an OTP agent driving command) is received through the mobile communication network, the OTP agent corresponding to the configuration of the mobile terminal 200 shown in FIG. 1 is driven to transmit the mobile terminal 200 to the OTP The user authentication is requested (700), and the user authentication is processed through the password (or the personal identification number) (705).

If the user authentication is not processed (710), the wireless terminal 200 outputs user authentication error information (715) and ends the OTP generation process.

If the user authentication is processed (710), the wireless terminal 200 is connected to any one of an IC card reader, an MS card reader, an RF card reader, an RFID reader, and a USB reader provided in the wireless terminal 200 (720) reads and acquires user media information corresponding to any one of card information, device information, RFID information, and USB information through a corresponding media reader.

If the user media information is acquired through the user media information acquisition function (725), the wireless terminal 200 includes the user media information as a fixed seed value for generating the N-digit OTP, OTP generation information for generating OTP is configured (730).

According to the embodiment of the present invention, when terminal-side OTP generation information is not stored in the USIM / memory unit, the server transmits the unique information of the wireless terminal 200 stored in the USIM / memory unit to the OTP generation information It is preferable to construct OTP generation information for generating the N-digit OTP.

If the OTP of the N digits is a time-synchronized OTP, the wireless terminal 200 determines a time value (or a time value for a specific time interval) confirmed from a timer included in the wireless terminal 200 , And configures the OTP generation information for generating the N-digit OTP by including the determined time value as the dynamic seed value of the OTP generation information.

Alternatively, if the OTP of the N digits is the challenge-synchronization type OTP, the wireless terminal 200 generates a predetermined random number and transmits / exchanges it with the server or receives / exchanges the random number value generated by the server It is preferable to configure the OTP generation information for generating the N-digit OTP by including the random number as the dynamic seed value of the OTP generation information.

If the terminal side OTP generation information is stored in the USIM / memory, the wireless terminal 200 confirms the terminal side OTP generation information from the USIM / memory unit, and the wireless terminal 200 transmits the user medium information It is preferable to configure the OTP generation information for generating N-digit OTP by combining the identified UE-side OTP generation information with the user medium information after processing the N-digit OTP to generate a fixed seed value.

If the OTP generation information including the user media information as the fixed seed value is configured (735), the wireless terminal 200 checks one or more fixed seed values included in the configured OTP generation information, And generates and outputs an NTP OTP by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm in operation 740.

8 is a diagram illustrating an OTP authentication process according to an embodiment of the present invention.

8 is a flowchart illustrating an operation of the OTP operating system shown in FIG. 2, in which N (N) generated by the wireless terminal 200 shown in FIG. 1 through the process shown in FIGS. > = 2) number of digits of the OTP to match with the OTP, and compares (or verifies) the received OTP of the N digits with the OTP 'to verify the validity of the OTP Those skilled in the art will be able to refer and / or modify FIG. 8 to illustrate various implementations of the OTP authentication process (e.g., some steps may be omitted, However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Hereinafter, in FIG. 8, the OTP operating system shown in FIG. 2 is referred to as a "server" for the sake of convenience.

Referring to FIG. 8, after the N-digit OTP is generated / outputted by the wireless terminal 200 shown in FIG. 1 through the process shown in FIGS. 4 to 7, 1, receives the N-digit OTP inputted through the OTP input interface outputted to the user terminal 205, or receives the generated N-digit OTP from the wireless terminal 200 shown in FIG. 1, (OTP generation information) associated with the unique information of the wireless terminal 200 from the storage medium 255, and transmits the OTP generation information to the wireless terminal 200, (805), the OTP generation information including the user media information as the fixed seed value is confirmed / configured (810) by combining (or linking) the user medium information and the server side OTP generation information.

If the server side OTP generation information includes the user media information as a fixed seed value according to the embodiment of the present invention, the server generates OTP generation information for generating the N-digit OTP ' It is desirable to check with information.

Thereafter, the server checks one or more fixed seed values for generating the N-digit OTP 'from the OTP generation information, determines one or more dynamic seed values based on the parameters included in the OTP generation information, / OTP 'of N digits is generated by substituting the determined one or more fixed seed values and the dynamic seed value into the predetermined OTP generation algorithm (815).

If the N-digit OTP 'is generated (820), the server compares (or verifies) the received N-digit OTP with OTP' to check the OTP validity (825).

According to the embodiment of the present invention, when the OTP and the OTP 'are matched (or matched) as a result of the comparison between the OTP and the OTP', or when the predicted result is obtained through the verification operation, .

If the OTP validity is not confirmed 830, the server transmits an OTP authentication result corresponding to the OTP validity error to the OTP authentication result receiving means (e.g., the OTP authentication request server 215, the user terminal 205, (Including one or more of terminal 200).

On the other hand, if the validity of the OTP is confirmed 830, the server transmits an OTP authentication result corresponding to the OTP validation confirmation to the OTP authentication result receiving means (e.g., the OTP authentication request server 215, the user terminal 205, (E. G., One or more of < / RTI >

100: wireless terminal 105:
110: Screen output unit 115: Sound processing unit
120: key input unit 125: media reader unit
130: Battery 135:
140: USIM 145: USIM reader unit
150: memory unit 155: authentication unit
160: authentication processing unit 165:
170: Information configuration unit 175: OTP generation unit
180: OTP output unit

Claims (7)

1. A method executed in a user's mobile phone having a specific program for implementing an OTP (One Time Password)
A process of registering authentication information for authenticating the validity of a separate user medium held by the user physically separated from the mobile phone in a specified storage medium and a procedure for registering an OTP to be used in a designated authentication procedure A first step of registering OTP medium information that can be transmitted through the specific program to a designated server in order to be authenticated as an OTP medium owned by a user to be implemented;
When the OTP is generated, the media reader unit of the mobile phone confirms the user medium information read from the user medium separately owned by the user, and the validity of the user medium is authenticated using the authentication information of the user medium included in the designated storage medium And a second step of transmitting the OTP medium information to the designated server and authenticating the mobile phone operating the specific program with the OTP medium that implements the OTP. And
And a third step of dynamically generating an OTP to be used in the specified authentication procedure when both the validity of the user medium and the validity of the OTP medium are authenticated,
Wherein the OTP medium information includes an eigenvalue that is uniquely assigned uniquely after the specific program is installed in the mobile phone of the user to authenticate a mobile phone in which the specific program is installed and operated. A method of operating a mobile api by using.
delete 2. The method of claim 1,
Confirmed through a specific program of the mobile phone, or
And confirming via a server communicating with the mobile phone.
The method as claimed in claim 1,
Unique information stored in a memory unit of the mobile phone,
Further comprising at least one of code information provided from an IC chip interfaced with the mobile phone.
The method according to claim 1,
Generated through a specific program of the mobile phone, or
Wherein the mobile authentication is generated through an IC chip interfaced with the mobile phone.
The method of claim 1, further comprising configuring at least one seed value among seeds for OTP generation based on the read user media information,
Wherein the third step dynamically generates an OTP by using the seed value as one of the seeds for OTP generation.
The method of claim 1,
Wherein the user authentication information includes at least one of a contactless IC card, an RF card, an RF device, and an RFID that the user possesses.

Images