KR101694637B1 - Apparatus and method for application authentication based on CEN/XFS and financial device - Google Patents

Abstract

The present invention relates to a CEN/XFS-based application authentication apparatus, a control method thereof, and financial equipment. According to the present invention, the authentication apparatus comprises: each application for operating driving on at least one device unit included in the financial equipment; a service provider for receiving a motion control command of the at least one device unit from each application, and driving the at least one device unit corresponding to the motion control command; and an authentication information DB for managing authentication information on each application.

Description

[0001] CEN / XFS-based application authentication apparatus, control method thereof, and financial apparatus [0001]

The present invention relates to a CEN / XFS-based application authentication apparatus, a control method thereof, and a financial instrument.

The financial device is composed of a plurality of device units such as a keypad device, a customer's guest device, a card reader device, a medium recognition device, and the like, and an appropriate device is adopted according to the job and the type of the financial device to perform the requested operation.

XFS-based financial instruments are provided with a CEN / XFS standard in which instructions for driving devices are defined. The CEN / XFS standard defines a user interface to provide consistent control over the driving of devices.

Such an XFS-based financial device can control a plurality of devices according to the firmware of the device using the XFS command even if the device is changed to another manufacturer's device.

However, existing XFS-based financial devices are vulnerable to security because all applications can simultaneously use the devices through XFS commands such as DISPENSE and OPEN SHUTTER without authentication.

SUMMARY OF THE INVENTION An object of the present invention is to provide an information processing apparatus and a method of controlling access to a device of a financial institution by comparing the information of the application with the information registered in the authentication information DB for managing the authentication information of the application, A CEN / XFS-based application authentication apparatus, a control method thereof, and a financial instrument.

According to another aspect of the present invention, there is provided an apparatus for authenticating a CEN / XFS-based application, comprising: an application for operating at least one device unit included in a financial device; A service provider that receives at least one device unit operation control command and drives at least one device unit corresponding thereto, and an authentication information DB that manages authentication information for each application.

Here, the service provider may extract information previously stored for the application from the authentication information DB and verify the application when the application attempts to access the at least one device unit.

According to another aspect of the present invention, there is provided a method of controlling an apparatus for authenticating a CEN / XFS-based application, the method comprising: receiving an XFS command for an application to access at least one device unit included in a financial device; The service provider extracting parameter information for authentication of the application from the XFS command and managing authentication information for each application operating the at least one device unit, Extracting information registered for the application from the application and verifying the application, and allowing or blocking access to the at least one device unit for the application according to the verification result.

According to another aspect of the present invention, there is provided a financial device comprising: a control unit for controlling driving of at least one device unit included in a financial device through each application; A storage unit for storing authentication information for an application, and a media processing device for processing financial transactions under the control of the control unit.

Here, the control unit may compare the parameter information included in the XFS command output from the application with the authentication information of the corresponding application stored in the storage unit through the service provider, and verify the application, To allow or block access to the at least one device unit.

According to the present invention, when an application accesses a device of a financial device, it compares the information of the application with the information registered in the authentication information DB for managing the authentication information of the application, verifies the corresponding AP, The security of the application's access to the financial device can be further enhanced.

1 is a diagram illustrating a configuration of a financial instrument according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a financial instrument according to another embodiment of the present invention.
FIG. 3 is a diagram illustrating an embodiment of an authentication AP information requesting operation of a CEN / XFS-based application authentication apparatus according to an exemplary embodiment of the present invention. Referring to FIG.
FIG. 4 is a diagram illustrating an exemplary embodiment of an AP verification operation of a CEN / XFS-based application authentication apparatus according to an exemplary embodiment of the present invention. Referring to FIG.
5 is a diagram illustrating an example of a structure of authentication information stored in a CEN / XFS-based application authentication apparatus according to an exemplary embodiment of the present invention. Referring to FIG.
6 is a flowchart illustrating a control method of a CEN / XFS-based application authentication apparatus according to the present invention.
FIG. 7 is a view showing a detailed configuration of a financial instrument according to the present invention.
FIG. 8 is a view showing a detailed configuration of the medium processing apparatus of FIG. 7;

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference numerals whenever possible, even if they are shown in different drawings. In the following description of the embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the difference that the embodiments of the present invention are not conclusive.

In describing the components of the embodiment of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are intended to distinguish the constituent elements from other constituent elements, and the terms do not limit the nature, order or order of the constituent elements. When a component is described as being "connected", "coupled", or "connected" to another component, the component may be directly connected or connected to the other component, Quot; may be "connected," "coupled," or "connected. &Quot;

The financial device according to an embodiment of the present invention can be used for a variety of media such as banknotes, securities, bills, coins, vouchers, etc. to receive various kinds of media such as banknotes, And the like, and performs a financial task to perform the media processing such as the processing such as the release. Examples of such financial instruments include an automated teller machine (ATM) such as a cash dispenser (CD), a cash recycling machine, and the like. However, the financial instrument is not limited to the above-described example, and may be a device for automating financial business such as FIS (Financial Information System).

Hereinafter, an embodiment of the present invention will be described on the assumption that the financial instrument is a financial automatic instrument. However, this assumption is for convenience of explanation, and the technical idea of the present invention is not limited to the financial automation equipment.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

FIG. 1 is a diagram illustrating a configuration of a CEN / XFS-based application authentication apparatus according to an embodiment of the present invention.

1, a financial device 10 according to the present invention may include a CEN / XFS-based application authentication device 100 (hereinafter, referred to as an 'authentication device') and a media processing device 200 have.

The authentication apparatus 100 includes an application 110, an extensions for financial service (XFS) manager 120, a service provider (hereinafter, referred to as 'SP' ) 130 and an authentication information DB 140. [0031]

The media processing apparatus 200 may include a media input / output unit (not shown), a media recognition unit (not shown), a media return unit (not shown), a media storage unit (not shown) And may be a device that controls and processes the media being traded.

First, the AP 110 refers to a financial transaction application that drives a device unit in the financial instrument 10 to process a specific financial transaction. That is, when there is a financial transaction request, the AP 110 requests the server 20 for authentication before processing the financial transaction, and may process the financial transaction when the authentication is completed from the server 20. At this time, the authentication information of the AP 110 may be stored in the authentication information DB 140. The file structure of the AP 110 stored in the authentication information DB 140 may be as shown in FIG.

Here, the AP 110 can access the device of the financial device 10 using the 'WFSOPEN' command, which is a standard command of XFS (Extended Financial Service). The WFSOPEN command in XFS can be accompanied by information such as APPID (Application ID) and hybrid wavelet-kernel novelty detection (HWND) as parameters.

The XFS manager 120 delivers the WFS command from the AP 110 to the SP 130 operating the actual financial device 10 according to the corresponding command. In other words, when the CEN / XFS manager 120 receives the WFSOPEN command from the AP 110, the CEN / XFS manager 120 can transmit the received WFSOPEN command to the SP 130. In addition, the XFS manager 120 can forward the response data from the SP 130 to the corresponding AP 110. [

The SP 130 receives the command output from the AP 110 through the XFS manager 120 and drives the device unit corresponding to the financial transaction. Here, the SP 130 can control the device unit that processes the financial transaction requested from the AP 110 by calling the API of the XFS manager 120 using the commands defined in the XFS protocol.

At this time, the XFS manager 120 processes the device units included in the financial device 10 so as to perform consistent control according to the CEN / XFS standard specification. Here, the device unit included in the financial instrument 10 may be a keypad module, a printer module, a customer hospitality module, a card reader module, and a medium recognition module.

The SP 130 searches the authentication information DB 140 stored with the AP 110 authentication information from the server 20 when the AP 110 attempts to access the financial device 10 of the AP, 110). At this time, the SP 130 compares the called authentication information with the information received from the AP 110 to verify the AP 110.

Here, the SP 130 includes a process name for the AP 110, process file information such as a file size, a file modification date and an installed location, File information) with the information stored in the authentication information DB 140 to verify that the corresponding AP 110 is an authenticated AP.

In one example, the SP 130 calls information such as the APP ID and HWND of the AP 110 registered in the authentication information DB 140, and determines the parameters accompanied by the WFSOPEN command transmitted from the XFS manager 120, that is, , APPID, and HWND to verify that the corresponding AP 110 is an authenticated AP.

In this case, the SP 130 may verify the APPID and / or HWND values of the parameters associated with the command received from the AP 110 using a hardware (SAM) method and a software (EXE verification) method.

In addition, the SP 130 may transmit the verification result of the AP 110 to the AP 110 through the XFS manager 120. For example, if the verification of the AP 110 is successful, the SP 130 transmits 'WFS_SUCCESS' to the AP 110 and accesses the AP 110 to each device unit of the financial device 10 . Accordingly, the AP 110 can output a command for financial transaction processing of each device unit of the access permitted financial instrument 10.

At this time, the SP 130 receives the command output from the AP 110 through the XFS manager 120 and drives the corresponding device. Here, the APIs of the XFS manager 120 can be called using the commands defined in the XFS protocol to control the device that processes the financial transaction requested from the AP 110. [

Meanwhile, when the verification of the AP 110 fails, the SP 130 transmits a failure message 'WFS_ERR_INVALID_HWND' to the AP 110, and accesses the AP 110 to each device unit of the financial device 10 Can be blocked. Of course, the SP 130 may block access to some device units of the financial device 10 to the AP 110 that failed the verification.

In this case, it is possible to prevent a plurality of APs from simultaneously using each device unit of the financial instrument 10 without authentication, and to allow a security enhanced service by allowing access to the financial instrument 10 only to the authenticated AP 110 It has an effect that can be provided.

The authentication information DB 140 stores and manages authentication information for an application. In addition, the media processing apparatus 200 builds a database of registered customer information, and analyzes and manages the characteristics of the customer on the basis of the constructed database.

The authentication apparatus 100 shown in FIG. 1 is configured such that the authentication information DB 140 is implemented in the authentication apparatus 100 independently of the medium processing apparatus 20. However, as shown in FIG. 2, the authentication information DB 140 of the authentication apparatus 100 may be implemented in the internal memory of the media processing apparatus 200. In this case, the media processing apparatus 200 can serve as a DB of the authentication apparatus 100. [

The authentication device 100 according to the present embodiment may be implemented in the form of an independent hardware device, and may be implemented as at least one processor included in another hardware device such as a microprocessor or a general-purpose computer system .

3 is a diagram showing an embodiment to be referred to in describing an authentication AP information registration procedure of an authentication apparatus according to the present invention.

Referring to FIG. 3, the AP 110 requests the server 20 for authentication for use with each device unit of the financial device, and the server 20 can authenticate the AP 110.

Here, the AP 110 authenticated by the server 20 can request information of the AP 110 authenticated to the server 20 as shown in FIG. 3A. (b), when the information about the authentication AP 110 is transmitted from the server 20, the AP 110 stores the information of the authenticated AP 110 in the authentication information DB 140 as shown in (c) do.

In this case, when the SP 130 verifies the access to the financial institution of the corresponding AP 110 through the command output from the AP 110, the SP 130 transmits the authenticated AP (1) stored in the authentication information DB 140 in (c) 110) can be utilized.

4 is a diagram showing an embodiment to be referred to in describing the AP verification operation of the authentication apparatus according to the present invention.

4, when the AP 110 transmits a WFS OPEN command including the ID of the AP 110 and the parameter information of the HWND to the XFS manager 120 as shown in (a), (b) The XFS manager 120 transmits the WFS OPEN command transmitted from the AP 110 to the SP 130 as shown in FIG.

As shown in (c), the SP 130 acquires the information of the corresponding AP from the WFS OPEN command transmitted from the XFS manager 120, and transmits the AP information to the corresponding AP (140) 110). ≪ / RTI > (e), when the SP 130 receives a response to the request of the SP 130 from the authentication information DB 140, the SP 130 transmits the information of the AP acquired in (c) and the information of the AP (e) And the AP is verified by comparing the authentication information of the received AP.

If the AP 110 is an authenticated AP, the information obtained in (c) and the information received in (e) will coincide with each other, and if not the authenticated AP, the information obtained in (c) The SP 130 may receive a message indicating that the received information does not match or that there is no information registered for the AP 110 in step (e). When the verification of the corresponding AP 110 is completed, the verification completion information is transmitted to the XFS manager 120 and the XFS manager 120 transmits the verification completion information transmitted from the SP 130 to the AP 110 as shown in (h).

When the AP 110 confirms the verification completion information from the SP 130, the AP 110 outputs a processing command for each device unit of the financial instrument to the SP 130 via the XFS manager 120 so that the corresponding financial transaction is processed .

5 is a diagram illustrating an embodiment to be referred to in describing the structure of authentication information stored in an authentication apparatus according to the present invention.

As described above with reference to FIG. 3, the authentication information DB may store the information of the authenticated AP received from the server. At this time, the information of the authenticated AP stored in the authentication information DB may be stored in the form as shown in FIG. When the file name of the authenticated AP is 'ABC.EXE', the information of the authenticated 'ABC.EXE' may include the file version of 'ABC.EXE', file size, file modification date, file installation folder, .

Here, the information of the authenticated AP can be matched with the file name of the corresponding AP and stored. Referring to FIG. 5, a file name 'ABC.EXE' of an authenticated AP is created as shown in FIG. 5 (a), and a file name ' The file modification date '201401151353', and the file installation folder 'C: \ XFSSP' as shown in (e), as shown in the size '879394', (d)

Of course, the embodiment shown in FIG. 5 is only one embodiment, but the present invention is not limited thereto, and it is a matter of course that the information of the AP can be added or deleted according to the setting state, and the order thereof can also be changed.

The operation flow of the control method of the authentication apparatus according to the present invention will be described in more detail as follows.

6 is a flowchart illustrating an operation of a method of controlling an authentication apparatus according to an embodiment of the present invention.

Referring to FIG. 6, an AP of an authentication apparatus according to an embodiment of the present invention transmits a WFS OPEN command including parameter information such as an ID and / or HWND of an AP to an XFS manager (S110). At this time, the XFS manager transmits the WFS OPEN command sent from the AP to the SP (S120).

The SP obtains a parameter value for the AP from the WFS OPEN command transmitted from the XFS manager in step 'S120' (S130). Then, the SP calls the authentication information DB to acquire authentication information for the corresponding AP stored in the authentication information DB (S140).

If the AP is an authenticated AP in step S140, the SP will acquire information matching the parameter information acquired in the process of S130 from the authentication information DB. If the AP is not an authenticated AP, the process proceeds to step S130 Or may receive a message indicating that there is no registered information for the AP.

Accordingly, the SP can verify the parameter value of the corresponding AP by comparing the parameter information acquired in the process of 'S130' and the information obtained in the process of 'S140' (S150).

When the verification of the parameter value of the corresponding AP is completed in the step 'S150', the SP permits access to each device unit of the financial device to the corresponding AP. If the verification fails, all device units of the financial device Access to some device units may be restricted.

At this time, when the verification of the corresponding AP is completed, the SP transmits the verification completion information to the XFS manager (S160), and the XFS manager transmits the verification completion information transmitted from the SP to the AP (S170).

If the AP succeeds in verification, the operation control command for the device unit of the financial instrument is transmitted to the XFS manager (S180), and the XFS manager can transmit the operation control command received in the process of S180 to the SP (S190). Accordingly, the SP controls the operation of the corresponding device unit of the financial instrument according to the operation control command of the AP to process the requested financial transaction (S200).

FIG. 7 is a diagram illustrating a detailed configuration of a financial device to which an authentication apparatus according to an embodiment of the present invention is applied.

The financial instrument 10 according to the present invention includes an input unit 11, a display unit 13, a communication unit 15, a control unit 17, a storage unit 19, a recognition device 100, and a medium processing device 200 can do. Here, the control unit may process the signals transmitted between the respective units of the financial instrument 10.

The input unit 11 is a means for receiving customer information, such as a keypad, a soft key on a touch panel, or the like. In addition, the input unit 11 may include a financial transaction selection unit that allows a customer to select a financial transaction. At this time, if a financial transaction is selected by the financial transaction selection unit, the control unit 10 allows the financial transaction selected by the customer to be processed.

The display unit 13 is a means for outputting transaction progress information, processing status, and the like of the financial instrument 10. For example, the display unit 13 may display a transaction screen or a guidance screen corresponding to each transaction progress stage while the withdrawal transaction proceeds. When the display unit 13 is implemented as a touch screen, the input unit 11 and the display unit 13 may be integrally formed.

The communication unit 15 may include a communication module that supports a communication interface for transmitting and receiving signals between the financial device 10 and the host. At this time, the communication unit 15 can transmit a message for transaction processing to the host and receive a response to the message from the host when a predetermined transaction is performed in the financial device 10. [

The control unit 17 controls the overall operation of the financial instrument 10. That is, the control unit 17 controls the media input / output unit to input or eject the medium, or controls the medium storage unit to eject the medium for storing or storing the recognized medium and to be drawn out through the medium input / output unit, To receive data such as commands or information from the user or to display information to the user through the display unit 20).

In addition, the control unit 17 processes various financial transactions according to the request of the customer. For example, the control unit 17 transmits the financial transaction information according to the request of the customer to the host, and processes the requested financial transaction according to the approval result from the host.

The storage unit 19 may store data, information, and programs necessary for the operation of the financial instrument 10. As an example, the storage unit may store set values and algorithms necessary for deposit and withdrawal operation, transfer operation, inquiry operation and the like of the financial instrument 10, and an algorithm for processing an error occurring in the medium processing may be stored .

In addition, the storage unit 19 may store information of an application authenticated by the server, and may store an algorithm for verifying an instruction from the application.

The storage unit 19 according to an embodiment of the present invention may be a hard disk drive (HDD), a read only memory (ROM), a random access memory (RAM), a flash memory, a memory Card) and a solid state drive (SDD).

The media processing apparatus 200 determines whether the card is inserted into the card input port and the passbook input port and whether or not the passbook is input, and recognizes the information of the card and the passbook inserted through these input ports. To this end, it is determined whether the inserted medium is a card or a bankbook, and the information of the corresponding medium is recognized according to the determination result.

In addition, the media processing apparatus 200 transports the medium inserted by the customer according to a predetermined path, determines whether the medium is true or false, and stores the normal medium in the medium storage box. On the other hand, if there is a withdrawal request from the customer, the media processing apparatus 200 picks up the medium of the requested amount from the media storage box, transfers it according to the predetermined route, and releases it to the customer through the media input / output unit.

The detailed configuration and operation of the media processing apparatus 200 will be described in more detail with reference to the embodiment of FIG.

8, a media processing apparatus 200 according to the present invention includes a media input / output unit 1110, a medium recognition unit 1120, a temporary storage 1130, a media storage 1140, a collection box 1150 and 1170, And a replenishment recovery bin 1160. In addition, the media processing apparatus 200 may further include a passbook entry / exit portion for entering and leaving the passbook, and a card entry / exit portion for entering / leaving the card, depending on the type of the financial instrument.

Here, the modules constituting the media processing apparatus 200, for example, the media input / output unit 1110, the media recognition unit 1120, the temporary storage 1130, the media storage 1140, the collection boxes 1150 and 1170 And the replenishment recovery box 1160 may be connected by a plurality of transfer paths.

The media input / output unit 1110 is a means for inputting or ejecting a medium such as cash and checks. The media input / output unit 1110 has a media storage space accessible by a customer, and the storage space can be selectively interlocked with the outside by a shutter or the like. The media input / output unit 1110 includes pickup means for separating and transporting the media one by one from the storage space when the customer stores the media, integration means for integrating and discharging the transferred media when the customer takes out the medium May be included.

The medium recognizing unit 1120 recognizes the inputted medium from the customer, identifies the information of the corresponding medium, and recognizes the authenticity of the medium. Here, the medium recognition unit 1120 may include a contact image sensor (CIS) that acquires an image for identifying a medium that is input to the medium recognition unit 1120. The abnormal medium recognized by the medium recognition unit 1120 can be returned to the customer through the medium input / output unit 1110. [

In addition, the medium recognition unit 1120 recognizes the information of the medium transferred to the medium storage box 1140 from the replenishment collection box 1160, that is, the identification information of the medium, . Of course, the medium recognition unit 1120 allows identification information, which is input by the customer or recognized from the medium to be released to the customer, to be transmitted to the control unit of the financial apparatus.

The temporary storage 1130 temporarily stores the medium recognized by the medium recognition unit 1120 so as to be finally confirmed by the customer before storing the medium in the storage units 1140a to 1140d.

The medium storage unit 1140 may include a plurality of storage units 1140a to 1140d for storing the media identified by the medium recognition unit 1120 for each type. At this time, the media storage box 1140 can be stored in each of the storage units 1140a to 1140d for each type of media. If the media withdrawal command is input, the storage units 1140a to 1140d in which the media is stored pick up the received media and provide it to the media input / output unit 1110. [

The collection boxes 1150 and 1170 store a medium recognized as an abnormal medium by the medium recognition unit 1120. Also, the withdrawal boxes 1150 and 1170 may store the media withdrawn by the customer at the request of the customer, which is not withdrawn by the customer.

The replenishment recovery bin 1160 holds media for replenishing the media stored in the media storage 1140. At this time, the media stored in the replenishment collection box 1160 are transferred to the medium recognition unit 1120, sorted by the media recognition unit 1120, and stored in the media storage box 1140. In some cases, the replenishment recovery container 1160 may temporarily store the media input via the media input / output unit 1110. [ In addition, the replenishment recovery bin 1160 temporarily stores a predetermined number of media picked up in the media storage 1140 for the purpose of correction. At this time, the predetermined number of media temporarily stored in the replenishment recovery container 1160 is stored in the original media storage box 1140 again via the medium recognition unit 1120. [

When an instruction is input from an application for which a financial transaction is requested in a financial instrument and an application for processing a financial transaction, the authentication apparatus 100 transmits the parameter information included in the XFS command output from the application via the service provider, Compares the information and verifies the application. At this time, the authentication apparatus 100 may allow or block access to at least one device unit for the application according to the verification result.

If access to at least one device unit for the application is blocked, the authentication device 100 can output the information via the display unit 13 and notify the information. At this time, the financial transaction requested by the customer is canceled and the card or the like is returned to the customer, and the display unit 13 can return to the initial transaction menu screen.

In addition, the information of the application that failed to be verified may be stored in the storage unit 19 and may be later inquired by a staff member and / or an administrator.

The above-described authentication apparatus 100 corresponds to the application authentication apparatus 100 described above with reference to FIGS. 1 to 6, and the description of the configuration and operation of the application authentication apparatus 100 will be omitted.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments. That is, within the scope of the present invention, all of the components may be selectively coupled to one or more of them. In addition, although all of the components may be implemented as one independent hardware, some or all of the components may be selectively combined to perform a part or all of the functions in one or a plurality of hardware. As shown in FIG. The codes and code segments constituting the computer program may be easily deduced by those skilled in the art. Such a computer program can be stored in a computer-readable storage medium, readable and executed by a computer, thereby realizing an embodiment of the present invention. As the storage medium of the computer program, a magnetic recording medium, an optical recording medium, a carrier wave medium, or the like may be included.

Furthermore, the terms "comprises", "comprising", or "having" described above mean that a component can be implanted unless otherwise specifically stated, But should be construed as including other elements. All terms, including technical and scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used terms, such as predefined terms, should be interpreted to be consistent with the contextual meanings of the related art, and are not to be construed as ideal or overly formal, unless expressly defined to the contrary.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

10: financial instrument 11: input
13: Display section 15:
17: storage unit 19: control unit
20: server 100: authentication device
110: Application (AP) 120: XFS manager
130: Service Provider (SP) 140: Authentication Information DB
200: Media processing device

Claims (11)

Each application operating a drive for at least one device unit included in a financial instrument;
A service provider for receiving at least one operation control command of the at least one device unit from each application and driving at least one device unit corresponding thereto; And
And an authentication information DB for managing authentication information for each of the applications,
The service provider comprises:
A CEN / XFS-based application authentication apparatus for extracting information stored in advance from an authentication information DB for an application when the application attempts to access the at least one device unit and verifying the application. The method according to claim 1,
The service provider comprises:
A CEN / XFS-based application authentication apparatus for receiving authentication information for each application from a server and storing the authentication information in the authentication information DB. The method according to claim 1,
The service provider comprises:
Wherein the parameter information included in the XFS command received from the application is extracted and verified by comparing with the information stored in the authentication information DB. The method of claim 3,
The service provider comprises:
And verifies the application through at least one parameter information of APPID (Application ID) and HWND (hybrid wavelet-kernel novelty detection) included in the XFS OPEN command from the application. The method according to claim 1,
The service provider comprises:
Wherein the CEN / XFS-based application authentication device permits access to the device units to the application upon completion of verification of the application, and restricts access to some device units of the financial device if verification fails. The method according to claim 1,
The service provider comprises:
Wherein when the verification of the application is completed, access to the device units for the application is permitted, and if the verification fails, access to all the device units of the financial device is blocked. The method according to claim 1,
The authentication information for the application includes:
Wherein the information includes at least one of a file name, a file version, a file size, a file modification date, and a file installation folder of the application. The method according to claim 1,
The authentication information DB,
Wherein the CEN / XFS-based application authentication device is implemented in an internal memory of the financial device. The method according to claim 1,
And an XFS manager for connecting the application and the service provider. Outputting an XFS instruction that the application attempts to access at least one device unit included in the financial instrument;
Wherein the service provider extracts parameter information for authentication of the application from the XFS command and receives authentication information from an authentication information DB that manages authentication information for each application operating the at least one device unit Extracting registered information on the application and verifying the application; And
Allowing or blocking access to the at least one device unit for the application in accordance with the verification result
Wherein the CEN / XFS based authentication method comprises: A storage unit for storing authentication information for each application authenticated by the server;
A control unit for controlling driving of at least one device unit included in the financial device through each application;
An authentication device for authenticating each application accessing the at least one device unit; And
And a media processing apparatus for processing a financial transaction under the control of the control section,
The authentication device includes:
The method comprising: verifying the application by comparing the parameter information included in the XFS command output from the application with the authentication information of the application stored in the storage unit through the service provider; A financial instrument that allows or blocks access to the unit.

Images