KR101639794B1 - Authentication method and system for user confirmation and user authentication - Google Patents
Authentication method and system for user confirmation and user authentication Download PDFInfo
- Publication number
- KR101639794B1 KR101639794B1 KR1020150099887A KR20150099887A KR101639794B1 KR 101639794 B1 KR101639794 B1 KR 101639794B1 KR 1020150099887 A KR1020150099887 A KR 1020150099887A KR 20150099887 A KR20150099887 A KR 20150099887A KR 101639794 B1 KR101639794 B1 KR 101639794B1
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- server
- user information
- otp
- usim
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
The present invention relates to an authentication method and system for identity verification and authentication, and more particularly, to an authentication method and system for collecting authentication information stored in a mobile terminal and performing authentication in cooperation with a mobile communication company server.
With the increasing use of digital devices such as computers and smart phones, electronic commerce using such digital devices has been widely used in various fields. In particular, mobile terminals such as smart phones have advantages that users always carry around, and various financial related applications are released to facilitate users' convenience.
In financial transactions such as online payment or Internet banking, the user is essentially required to undergo the authentication process. In the past, various methods such as an authentication number using SMS, CAPTCHA (virtual keyboard), OTP, However, existing authentication methods cause inconvenience and hassle to the user, and mobile OTP authentication methods have a problem in that they are vulnerable to security such as hacking and data forgery when copying mobile phones.
As an effort to solve this problem, Korean Patent Registration No. 10-1210260 entitled " Mobile OTP Authentication Device and Authentication Method Based on Wisdom Chip Using Integrated Center "in Korean Patent No. 10-1210260 discloses an OTP generation program installed in a mobile phone, When the hacker replicates the OTP generation program stored in the mobile phone and requests the worm chip to generate the OTP number by adopting the configuration in which the OTP generation information and the program are stored, the terminal is different and the user key is different. . The prior art document is merely used for authentication by using the key and time value after storing the encrypted information and the key in mind, and there is no owner identification process for the USIM / smart phone, whereas the present invention is provided based on the USIM The encryption of the user information is supported by applying the encryption scheme proposed by the present invention to the proprietary authentication technology to secure the security of the transmission end and the USIM and the subscriber information (information such as ICCID) in the USIM are linked with the communication company It is possible to confirm the authenticity of the user and to utilize the existing system by ensuring the integrity and security of the data by checking whether the user is possessed and performing the operation in the secure area TZ.
In order to solve the above problems, the present invention provides a method and system for authenticating authentication using a USIM authentication applet or trust zone based TA (Trust Application) using a USIM-based UICC authentication function provided by a communication company .
According to a first aspect of the present invention, there is provided an authentication method comprising the steps of: an authentication server receiving an authentication request from a mobile terminal or a user PC; Generating, by the authentication server, a public key and a private key according to the authentication request; The authentication server transmitting an authentication request including the public key to the mobile terminal; Collecting user information from the USIM using the USIM identity verification applet; Encrypting the user information with the public key by the USIM identity verification applet running on the mobile terminal; Transmitting the encrypted user information to the authentication server; The authentication server decrypting the user information using the private key; Performing verification of the user information decrypted by the authentication server through the communication company server; And receiving an authentication result from the communication company server.
According to a second aspect of the present invention, there is provided an authentication server which receives an authentication request from a user PC or a mobile terminal, generates and stores a public key and a private key corresponding to the authentication request, An identity verification server transmitting the encrypted user information to the mobile terminal, decrypting the encrypted user information using the private key, and verifying the decrypted user information with a communication company server; And an OTP server for requesting the mobile terminal to generate an OTP according to a verification result of the identity verification server and receiving and verifying the generated office at the mobile terminal.
According to the authentication method and system of the present invention, since the authentication is performed by utilizing the USIM-based authentication technology supported by the communication company, the verification is facilitated and the security and security are secured by using the encryption technology of the authentication server. In addition, by implementing authentication and OTP serial and key issuance through a communication company server at the time of initial registration, there is an advantage in that the actual authentication process can be simplified, the processing speed can be increased, and the processing load can be reduced.
Existing identity verification was limited to confirming the information about the person himself, but it was impossible to confirm whether the person who owns the smartphone which is the medium used for confirmation and confirms the identity of the person himself. The present invention has an advantage in that impersonation can be blocked at its source by checking whether the user who owns the smartphone currently matches the identity verification information (name, date of birth, phone number, etc.) of the user via the communication company.
In particular, since the present invention performs identity verification based on the TZ OTP registered through the identity verification of the communication company and the terminal confirmation, it is possible to identify and authenticate the identity of the user without checking the identity of the user every time the identity is authenticated, . In addition, by solving problems such as smuggling and theft by simply verifying the identity using SMS, the company provides a solution to the problem of the existing authentication service through the UICC technology of the communication company and the TZ OTP. The present invention is an asymmetric key method that is evaluated in the most secure way of public key / private key. It has a security authentication effect similar to that of a public key certificate. Even if a separate medium such as an authorized certificate is not present, There is an advantage that it can be conveniently authenticated. In addition, there is an advantage that the identity verification service can be used even without a separate membership, and the number of services required to authenticate the identity of a non-face-to-face mobile card issuer, an Internet professional bank, In the current market situation, there is an advantage that the needs of the market and customers can be met when a security-enhanced identity verification service is needed.
Further, when the authentication process according to the present invention is used, it is not necessary to have a separate device such as a separate hardware OTP device. By using the portable terminal of a user, it is possible to recognize and report quickly even if it is lost, It is advantageous in that it is economical, practical, and scalable because it can utilize the existing infrastructure without using it. In addition, the authentication method of the present invention can replace various means such as a security card, a USB security key, an SMS OTP, a CAPTCHA (Virtual Keyboard), an SMS, or a public certificate used in the existing authentication method, Convenience is provided.
1 is a block diagram for explaining an authentication server according to an embodiment of the present invention.
2 is a flowchart for explaining an authentication method according to an embodiment of the present invention.
3 is a block diagram illustrating an authentication method using a USIM of a mobile terminal according to an embodiment of the present invention.
4 is a block diagram illustrating an authentication method using a TZ technology of a mobile terminal according to another embodiment of the present invention.
5 is a block diagram specifically illustrating a configuration of a mobile terminal according to an embodiment of the present invention.
6 illustrates an operating system of a mobile terminal according to an embodiment of the present invention.
FIG. 7A shows a general operation of a mobile terminal according to an embodiment of the present invention, FIG. 7B shows a comparison of operations of a mobile terminal according to another embodiment of the present invention, and FIG. c) illustrates an implementation of a security UI according to an embodiment of the present invention.
8 is a flowchart for explaining an authentication service registration method according to an embodiment of the first embodiment of the present invention.
9 is a flowchart for explaining an authentication service registration method according to another embodiment of the first embodiment of the present invention.
10 is a flowchart for explaining an OTP authentication method according to an embodiment of the present invention.
FIG. 11 is a flowchart for explaining a method of authenticating a personal identity and an authentication method according to a second embodiment of the present invention.
12 is a flowchart illustrating an authentication service registration method according to a third embodiment of the present invention.
FIG. 13 is a flowchart for explaining a method for identifying and authenticating a principal according to a third embodiment of the present invention.
In the various drawings, the same reference numerals and symbols denote the same elements.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference numerals whenever possible, even if they are shown in different drawings. In the following description of the embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the difference that the embodiments of the present invention are not conclusive. In this specification, when it is mentioned that a certain element includes an element, it means that it may further include other elements.
The present invention proposes a method and service system for carrying out identity verification using occupancy authentication (or proprietary authentication) using a value capable of identifying a mobile terminal and user information (e.g., real name, date of birth) in cooperation with a communication company .
1 is a block diagram for explaining an authentication server according to an embodiment of the present invention. The authentication service of the present invention includes a user's PC 10, a
The user's PC 10 is a device capable of accessing the
The
The
The authentication application is an application that provides a function to install and operate the TZ OTP TA on a terminal supporting TZ, and can be implemented in the same or integrated form as the above-mentioned authentication application, or in a form of a separate application or interworking. A function of safely storing the public key received from the
The present invention is not limited to the above-described embodiment. The present invention is not limited to the above-described embodiment, Authentication information transfer may be performed.
The
A mobile communication company server 40 (hereinafter, referred to as a "communication company server") is a server that provides an authentication technique using a USIM, receives authentication information, and transmits a result of authentication processing. And performs verification of information.
The authentication service of the present invention provides the authentication request to the
The authentication service of the present invention collects user information and terminal information using a UICC technology provided by a mobile communication company, and the
2 is a flowchart for explaining the authentication method of the present invention. First, the
After receiving the authentication request, the
When the user confirmation is completed on the authentication app of the
The authentication application encrypts the authentication information including at least one of the collected user information, USIM information, and terminal information, and transmits the encrypted authentication information to the authentication server (30). At this time, the authentication information may generate authentication information and authentication request information through the API provided by the mobile communication company, and may transmit the authentication information and authentication request information to the
The
If the authentication is successful, the USIM-OTP is generated automatically or manually on the authentication application of the mobile terminal 20 (step 296). The USIM-OTP can be generated by a hash algorithm, a random function or another OTP generation method, and can be implemented so that an OTP is generated on a security area in a logically separated USIM.
The user inputs the generated USIM-OTP value to the
According to the authentication service method, the authentication using the USIM-based information is enabled in the mobile communication company, and the authentication application collects the information stored in the USIM through the USIM identity authentication applet, encrypts the collected information and transmits it to the communication company server, And the communication company server, and it is possible to prevent forgery and falsification of the authentication information and deodorization of the authentication information.
3 is a block diagram illustrating an authentication method using the
First, the
When the
Here, the authentication information may be generated using the API provided by the mobile communication company, and transmitted to the communication company server through the authentication server 30 (350, 370). The
In this embodiment, the
The
When the user authentication process is completed, the OTP generation process is performed on the
4 is a block diagram illustrating an authentication method using a TZ technology of a mobile terminal according to another embodiment of the present invention. In the embodiment described with reference to FIG. 3, the authentication application encrypts the authentication information stored in the
When the
The
The
5 is a block diagram specifically illustrating a configuration included in the
In the embodiment described later, the
The USIM
The
The user can access the financial company web page through the
6 and 7 illustrate a trust zone technique applied to the
The
In one embodiment, data stored using the
As such, the
In particular, the trust zone-based
In one embodiment, the
FIG. 7A shows a general operation in the
6, the
On the other hand, when the
Particularly, when the
When the security UI is executed, all rights of the screen input / output can be acquired by the security area, and data input / output can be blocked. Capture or recording of the output screen is also impossible. For example, there is no way to block the screen capture by a hardware capture method (for example, a method of capturing a screen by pressing the home key and the power key at the same time) even if a security screen is implemented through an existing software security method. However, when the
The
Using the TA and TUI based on the trust zone technology, the authentication process and the OTP generation process can be implemented as in the embodiment shown in FIG. First, a normal region (Normal World) includes basic hardware 511 of a mobile terminal and may include an OTP generation app 512. The secure domain (Secure World) may include an OTP generation engine 513. The OTP generation application 512 requests the TSM server 520 to authenticate the OTP generation app and the TSM server 520 that has received the authentication request transmits the authentication request to the MI system 530 ). The MI system 530 sends the authenticated smart app to the
The OTP generation app 512 performs TEE authentication according to the authentication result, and accesses the security area via TEE (547). The Trusted Ececution Environment (TEE) is a software platform composed of hardware functions (trust zones) that support general areas and logical separation, and software that provides security services using the hardware functions (trust zones) To provide security services to processors, peripherals, and storage devices. The OTP generation engine 513 included in the secure area generates an OTP on the trust zone and allocates an OTP to the OTP generation app 512 (548).
The OTP generated as an embodiment can be output through the OTP generation app 512 operating in the general area. The OTP generated as an alternative embodiment may be output using the TUI via the TA operating in the trust zone in the secure environment.
The user can enter the generated OTP into the
As described above, it is possible to collect user information, USIM information, and terminal information stored in the TA operating in the security zone using the trust zone, and to perform identity verification and occupancy authentication by encrypting in the TA.
The embodiments described with reference to FIG. 2 to FIG. 7 perform identity verification and occupancy authentication in cooperation with a communication company every time a person identification is required (for example, every financial transaction) using authentication information held in a USIM or a trust zone Process.
On the other hand, the embodiments described with reference to FIGS. 8 to 13 are a process of performing an identity verification process in cooperation with a communication company server at the time of initial registration, and performing OTP verification through an authentication server without verification of a communication company server at the time of actual transaction . The load on the communication company server can be reduced by interlocking with the communication company server only at the time of initial registration, and the processing load of the authentication server is lowered even in the actual transaction and the processing speed is improved.
In the following embodiments, a new subscriber of the
As an embodiment, in the case of a TZ non-supported terminal, a separate USIM OTP applet can be installed and used in place of TZ OTP TA that performs OTP functions such as OTP issuance, generation, and authentication.
8 is a flowchart for explaining the identity verification and TZ OTP registration procedures according to an embodiment of the first embodiment of the present invention. The present embodiment is characterized in that the
The
The user inputs registration information on the
The
The
The
9 is a flowchart for explaining the identity verification and TZ OTP registration procedures according to another embodiment of the first embodiment of the present invention. The present embodiment is characterized in that the main server for generating and storing the public key and the private key is the
The
The
The
The
It is possible to encrypt authentication information (user information) using the public key and the private key generated by the
The
The
In the case of the web service, the user inputs the OTP value displayed in the
In the case of using the identity verification process, only verification is performed using the
11 is a flowchart for explaining a method of authenticating an authentication service according to a second embodiment of the present invention. In the second embodiment, the authentication service of the present invention can be used by downloading and installing an authentication app without a separate registration process in the
The user can execute the financial transaction or the commerce transaction by executing the
In
When the
As described above, the second embodiment of the present invention is an embodiment in which the communication company server 40 (e.g., a communication company authentication platform) performs identity verification through the communication
When the user selects the security authentication as the authentication means on the
However, in the identity authentication process, the user authentication and the ownership authentication are performed using only the telephone number without inputting the user information inputted when the identity is confirmed. When the
As described above, according to the second embodiment, since the authentication using the communication company UICC is implemented, there is an advantage that anyone can easily use the service without joining a separate service. Unlike the other embodiments, there is a difference in not using the OTP.
12 is a flowchart illustrating an authentication service registration method according to a third embodiment of the present invention. Unlike the public key / private key method of the first embodiment, the third embodiment is an embodiment for performing identity verification and personal authentication using an OTP, and is similar to the authentication application provided by the authentication server 30 (222).
First, the user can download and install the
Upon completion of the identity verification and the ownership authentication through the communication company, the
Next, the
After the USIM or
FIG. 13 is a flowchart for explaining a method for identifying and authenticating a principal according to a third embodiment of the present invention. If the user authentication or authentication procedure is required in the
The
When the authentication is completed, the
The merchant's
When the user information matches the user information, the USIM information (ICCID) value stored in the
After the verification, the
The authentication process according to the third embodiment can be performed through the
The above-described third embodiment is advantageous in that it is simple and safe since the identity verification and authentication are performed using the OTP registered through the identity verification process through the communication company. Particularly, in the case of the authentication of the user, the response speed is fast and the processing cost is reduced because the authentication is not performed at every authentication.
While the present invention has been described in detail in the foregoing for the purpose of illustration, it is to be understood that the components, their connections and relationships, and their functions are merely exemplary. In the present invention, each component may be implemented as a physically separated form or as an integrated form of one or more components as needed.
The present invention is not necessarily limited to these embodiments, as all the constituent elements constituting the embodiment of the present invention are described as being combined or operated in one operation. That is, within the scope of the present invention, all of the components may be selectively coupled to one or more of them.
Furthermore, the terms "comprises", "comprising", or "having" described above mean that a component can be implanted unless otherwise specifically stated, But should be construed as including other elements. All terms, including technical and scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used terms, such as predefined terms, should be interpreted to be consistent with the contextual meanings of the related art, and are not to be construed as ideal or overly formal, unless expressly defined to the contrary.
The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
10: PC
20: Mobile terminal
30: Authentication server
40:
Claims (24)
Generating, by the authentication server, a public key and a private key according to the authentication request;
The authentication server transmitting an authentication request including the public key to the mobile terminal;
Collecting user information from the USIM using the USIM identity verification applet;
Encrypting the user information with the public key by the USIM identity verification applet running on the mobile terminal;
Transmitting the encrypted user information to the authentication server;
The authentication server decrypting the encrypted user information using the private key;
Performing verification of the user information decrypted by the authentication server through a communication company server; And
And receiving an authentication result from the communication company server,
Wherein the mobile terminal comprises an authentication app,
The authentication app receives the public key from the authentication server and stores it in the USIM through the USIM identity verification applet,
The collecting step may include collecting user information and terminal information using a universal IC card (UICC) standard provided by a communication company,
The mobile terminal registering user information in an authentication service using an authentication application;
The mobile terminal requesting an OTP input on a predetermined app or web;
The mobile terminal activating the authentication app;
Performing the PIN authentication in cooperation with the USIM or the TZ Authenticate applet;
The authentication server generating an OTP using a USIM or a TZ authenticator applet;
The mobile terminal inputs an OTP on the application or the web and requests an authentication server to perform OTP verification; And
Wherein the mobile terminal receives an OTP authentication result from the authentication server and outputs the OTP authentication result to the application or the web,
The step of registering user information in the authentication service comprises:
Storing the authentication result by the authentication server;
The authentication server transmitting a TZ OTP use authentication to the mobile terminal;
Receiving the TZ OTP use authentication from the authentication application of the mobile terminal and transmitting the authentication to the TZ;
Setting a PIN number in the TZ;
Requesting the TZ to issue an OTP key to the authentication server through the authentication app;
Generating and storing an OTP serial and a secret key according to the request; And
And the authentication server transmitting and storing the OTP serial and the secret key to the TZ through the authentication app.
The step of registering user information in the authentication service comprises:
Transmitting an authentication request to the authentication server through the authentication app on the mobile terminal;
Generating, by the authentication server, a public key and a private key according to the authentication request;
Receiving the public key from the authentication server and storing the public key;
Requesting user information by the authentication app including the public key in a USIM identity verification applet;
Encrypting user information collected from a USIM using the public key by the USIM identity verification applet;
Receiving the encrypted user information and transmitting a registration request including encrypted user information to the authentication server;
The authentication server decrypting the user information with the private key;
Performing verification of the user information decrypted by the authentication server through a communication company server; And
And receiving an authentication result from the communication company server.
The step of registering user information in the authentication service comprises:
Transmitting an authentication request to an authentication server through an authentication app on a mobile terminal;
The authentication server transmitting the authentication request to a communication company server;
Generating a public key and a private key by the communication company server according to the authentication request;
Receiving the public key from the communication company server and storing the public key;
Receiving the user information from the authentication app;
Encrypting the user information using the public key;
Transmitting, by the authentication app, a registration request including the encrypted user information to the communication company server;
Decrypting and verifying the user information with the private key by the communication company server; And
And the authentication server receiving the authentication result from the communication company server.
The step of registering user information in the authentication service comprises:
The authentication app calls the TZ OTP to the TZ;
Receiving and verifying PIN from the TZ;
Generating and outputting the TZ OTP in the TZ;
Inputting the TZ OTP on a financial web or an app of the mobile terminal; And
Further comprising the step of the mobile terminal authenticating the TZ OTP via the authentication server.
Wherein the user information includes at least one of a name, a telephone number, a communication company, a date of birth, sex, an alien, and whether or not to agree to a term.
Selecting an authentication means on an application (App) or a web (Web) in which the mobile terminal proceeds the identity verification service;
Receiving the unencrypted user information from the merchant application and transmitting the unencrypted user information to the authentication server; And
Further comprising the step of the mobile terminal executing the authentication application using the push message received from the authentication server,
The authentication app works in cooperation with the communication company authentication app,
Wherein the step of verifying the user information decrypted by the authentication server through the communication company server comprises the steps of: requesting the communication company authentication application to perform authentication of own authentication and ownership to the authentication platform of the communication company through the USIM identity authentication applet; An authentication step of receiving an authentication result through the authentication application, the authentication application transmitting the authentication result to the authentication application, and the authentication application transmitting the authentication result to the authentication server.
Wherein the non-encrypted user information includes a telephone number,
Wherein the USIM identity verification applet encrypts the non-encrypted user information stored in the USIM and transmits the encrypted user information to the communication company authentication platform.
Wherein the user information includes at least one of a name, a birth date, a sex, a communication company, a telephone number, a foreigner's presence, an OTP serial, and a condition agreement.
The step of registering user information in the authentication service comprises:
Installing and executing the authentication application by the mobile terminal;
Inputting user information into the authentication application;
Transmitting the user information encrypted by the authentication app to a communication company authentication application and transmitting the user information to the user authentication application via a secure channel;
Encrypting the user information and the USIM information to the communication server, transmitting the encrypted user information and the USIM information, and requesting identity verification and proprietary authentication;
The USIM identity confirmation applet receiving the identity verification and ownership authentication result from the communication company server; And
And the USIM identity confirmation applet transmitting the authentication result to the authentication application through the communication company authentication application.
The step of registering user information in the authentication service comprises:
Registering a PIN or a fingerprint authentication when the authentication application receives the authentication result and the authentication is successful;
Supporting the TZ OTP applet to install the TZ OTP applet if the TZ usage is available, and installing the USIM OTP applet if the TZ usage is not available;
Storing the user information and the OTP information using the TZ OTP applet or the USIM OTP applet; And
Further comprising encrypting the USIM information and transmitting the encrypted USIM information to an authentication server.
Wherein the USIM information is ICCID information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020150099887A KR101639794B1 (en) | 2015-07-14 | 2015-07-14 | Authentication method and system for user confirmation and user authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020150099887A KR101639794B1 (en) | 2015-07-14 | 2015-07-14 | Authentication method and system for user confirmation and user authentication |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020160027299A Division KR101656458B1 (en) | 2016-03-07 | 2016-03-07 | Authentication method and system for user confirmation and user authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| KR101639794B1 true KR101639794B1 (en) | 2016-07-14 |
Family
ID=56499368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020150099887A KR101639794B1 (en) | 2015-07-14 | 2015-07-14 | Authentication method and system for user confirmation and user authentication |
Country Status (1)
| Country | Link |
|---|---|
| KR (1) | KR101639794B1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190054280A (en) * | 2017-11-13 | 2019-05-22 | 주식회사 하나은행 | Method and mobile terminal unit for providing asset management service |
| CN116916310A (en) * | 2023-07-07 | 2023-10-20 | 中移互联网有限公司 | Verification code generation and verification method and device and electronic equipment |
| KR20240075374A (en) | 2022-11-22 | 2024-05-29 | 김명환 | System and method for financial transaction service based on authentication using portable device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010000738A (en) * | 2000-10-17 | 2001-01-05 | 안병엽 | Provably secure public key encryption scheme based on computational diffie-hellman assumption |
| KR20050055814A (en) * | 2003-12-09 | 2005-06-14 | 주식회사 팬택앤큐리텔 | System and method of servicing automatically fare settlement by using the mobile communication terminal |
| KR20120108599A (en) * | 2011-03-25 | 2012-10-05 | 주식회사 스마트솔루션 | Credit card payment service using online credit card payment device |
| KR101210260B1 (en) | 2011-01-07 | 2012-12-18 | 사단법인 금융보안연구원 | OTP certification device |
| KR101502997B1 (en) * | 2014-05-14 | 2015-03-24 | 유한회사 실릭스 | Payment system and payment method using one time password |
-
2015
- 2015-07-14 KR KR1020150099887A patent/KR101639794B1/en active IP Right Grant
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20010000738A (en) * | 2000-10-17 | 2001-01-05 | 안병엽 | Provably secure public key encryption scheme based on computational diffie-hellman assumption |
| KR20050055814A (en) * | 2003-12-09 | 2005-06-14 | 주식회사 팬택앤큐리텔 | System and method of servicing automatically fare settlement by using the mobile communication terminal |
| KR101210260B1 (en) | 2011-01-07 | 2012-12-18 | 사단법인 금융보안연구원 | OTP certification device |
| KR20120108599A (en) * | 2011-03-25 | 2012-10-05 | 주식회사 스마트솔루션 | Credit card payment service using online credit card payment device |
| KR101502997B1 (en) * | 2014-05-14 | 2015-03-24 | 유한회사 실릭스 | Payment system and payment method using one time password |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190054280A (en) * | 2017-11-13 | 2019-05-22 | 주식회사 하나은행 | Method and mobile terminal unit for providing asset management service |
| KR102577560B1 (en) * | 2017-11-13 | 2023-09-11 | 주식회사 하나은행 | Method and mobile terminal unit for providing asset management service |
| KR20240075374A (en) | 2022-11-22 | 2024-05-29 | 김명환 | System and method for financial transaction service based on authentication using portable device |
| CN116916310A (en) * | 2023-07-07 | 2023-10-20 | 中移互联网有限公司 | Verification code generation and verification method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12022282B2 (en) | Anonymous authentication and remote wireless token access | |
| US20220417230A1 (en) | Managing credentials of multiple users on an electronic device | |
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| KR101621254B1 (en) | Payment method, computer readable recording medium and system using virtual number based on otp | |
| US20190364032A1 (en) | Method for carrying out a two-factor authentication | |
| US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
| KR101656458B1 (en) | Authentication method and system for user confirmation and user authentication | |
| US20190087814A1 (en) | Method for securing a payment token | |
| JP2023508317A (en) | contactless card personal identification system | |
| CA2879910C (en) | Terminal identity verification and service authentication method, system and terminal | |
| JP2019530265A (en) | Method and apparatus for providing and acquiring graphic code information and terminal | |
| JP2012507900A (en) | Remote user authentication using NFC | |
| KR20180013710A (en) | Public key infrastructure based service authentication method and system | |
| JP2024099827A (en) | Multi-factor authentication providing credential via contactless card for secure messaging | |
| US11405782B2 (en) | Methods and systems for securing and utilizing a personal data store on a mobile device | |
| KR101659847B1 (en) | Method for two channel authentication using smart phone | |
| KR20220167366A (en) | Cross authentication method and system between online service server and client | |
| KR101639794B1 (en) | Authentication method and system for user confirmation and user authentication | |
| KR101799517B1 (en) | A authentication server and method thereof | |
| KR20170042392A (en) | Method for Providing Mobile Payment Service by Using Account Information | |
| WO2015162276A2 (en) | Secure token implementation | |
| KR101835718B1 (en) | Mobile authentication method using near field communication technology | |
| KR101502999B1 (en) | Authentication system and method using one time password | |
| KR101604459B1 (en) | Method, apparatus and system for generating transaction related otp | |
| GB2525423A (en) | Secure Token implementation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AMND | Amendment | ||
| AMND | Amendment | ||
| AMND | Amendment | ||
| X701 | Decision to grant (after re-examination) | ||
| GRNT | Written decision to grant |