KR101767534B1 - Method for providing identity verification using card base on near field communication, card, verification terminal, verification support server and identity verification server using the same - Google Patents

Abstract

Provided by the present invention are a self-authentication service providing method by using a near field communication-based card and a card, a terminal for authentication, an authentication support server, and a self-authentication server by using the method. The method according to the present invention comprises: a step (S205) in which a terminal for authentication transmits an initiation request signal of the self-authentication of a user to a self-authentication server; a step (S210; S215) in which the self-authentication server generates a session identifier corresponding to the initiation request signal or supports a predetermined server to generate the session identifier; a step (S220) in which the self-authentication server transmits the generated session identifier to the terminal for authentication; a step (S230) in which the card maintains a connection with the terminal for authentication through a handshaking with the terminal for authentication; and a step (S240) in which the card transmits data to the terminal for authentication. After the step (S240), the present invention more includes: a step (S250) in which the terminal for authentication transmits data to the self-authentication server when personal information for the verification of the user is obtained (S245); a step (S260, S265) in which the authentication support server draws out a first representative hash value corresponding to a hash value (A); a step (S270) in which the authentication support server generates a result value about the self-authentication of the user after the step (S265); and a step (S275) in which the terminal for authentication receives a result value about the self-authentication.

Description

TECHNICAL FIELD [0001] The present invention relates to a method for providing a personal authentication service using a card based on a short-range wireless communication, a card using the card, an authentication terminal, an authentication support server and an authentication server , VERIFICATION SUPPORT SERVER AND IDENTITY VERIFICATION SERVER USING THE SAME}

The present invention relates to a method of providing a personal authentication service using a card based on a short-range wireless communication, a card using the same, an authentication terminal, an authentication support server, and an authentication server.

In the past, there were two ways in Korea that were used to authenticate themselves online:

The first method is the authentication method of the mobile phone, and the second method is the i-PIN authentication method.

Generally, in the authentication method of the mobile phone, when a mobile phone number registered in the name of the user is input in the terminal of the service used by the user, a randomly generated authentication number is transmitted to the mobile phone of the mobile phone number, Refers to a method by which a provider of a service or a third party authenticates the user as the user by inputting the transmitted authentication number to the terminal.

Next, the Ipin authentication method is a method of using the Ipin, which is a unique number issued to the individual via the identity verification process. The Ipin is composed of 13 digits, such as a resident registration number, and includes basic information such as birth date, birth date, It does not include any information about gender. However, the third and fourth digits of this Ipin include fixed numbers 1 and 6, respectively, as the identity verification code assigned by the Ministry of Information and Communication of the Republic of Korea. According to the Ministry of Information and Communication of the Republic of Korea, currently six companies are providing Ipin certification using Ipin as a substitute for resident number.

However, even in the case of using this Ipin authentication method, there is an inconvenience that it is necessary to go through other identification process such as an authorized certificate, an account number, a credit card number, a face identification, a mobile phone authentication, . That is, there is a possibility that the schemes as described above can be used by another person to impersonate himself / herself.

Therefore, the present inventor has devised a novel method for preventing another person from maliciously authenticating himself or herself through simple deception (for example, a mobile phone) and information. According to this new method, A procedure for generating a signature using a public key and a private key in the card includes various information provided at the time of card issuance such as personal information and card information Or any information such as a security question for identification of a person) is used to provide authentication of a superior security level compared to the conventional one.

Although the signature value by the public key-private key encryption is not information that can be easily input by a general user, the problem of the input can be solved by transmitting it through the near field communication (NFC).

The present inventors have also found that by recording information for authentication in the block chain of virtual money, it is possible to save a transaction fee (transaction fee) for recording in a block chain using a predetermined data structure, I have prepared a plan.

An object of the present invention is to solve the disadvantages of the above-mentioned conventional authentication method.

Specifically, the present invention aims at providing a user authentication easily by using a card which can be carried with light.

Another object of the present invention is to provide a high security level by overcoming the difficulties in inputting a large amount of complicated information which has been a stumbling block in using high-level encryption using short-range wireless communication.

Another object of the present invention is to secure reliability by fundamentally preventing a change in authentication related information such as a public key and a hash value of a public key by using a block chain of virtual money as a database.

In addition, in recording the authentication information for the user in the database, instead of putting all the authentication-related information in a block chain, the merge tree is constructed using the same to register only the root value of the configured merge tree in the block chain, And to reduce transaction costs.

It is another object of the present invention to guarantee the integrity of a database by performing verification using a merge tree generated as described above when requesting authentication of the user.

In order to accomplish the objects of the present invention as described above and achieve the characteristic effects of the present invention described below, the characteristic structure of the present invention is as follows.

According to an aspect of the present invention, there is provided a method for providing a personal authentication service using a card based on short-range wireless communication, the method comprising the steps of: (a) At least one neighboring hash value matching with a specific hash value generated by applying a predetermined function to at least a part of the public key for reference stored in advance so as to correspond to the card is calculated (I) the card information for verification, which is unique information of the card, and the personal information for verification of the user, or the verification card information and the verification personal information (Ii) a public key for verification corresponding to the card, and (iii) a session identifier for the user to the card. The authentication support server extracts the hash value (A) from the database using the hash value (A) of the verification card information and the verification private information, when the session identifier signature value, which is a value signed with a private key Fetching the first representative hash value corresponding to the first representative hash value; (b) the authentication support server transmits at least one of a plurality of hash values matching with a second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification private information, Generating a result value of the user's identity verification with reference to a second representative hash value generated by calculating a neighborhood hash value and the extracted first representative hash value; And (c) transmitting the generated result value to an authentication terminal, which is a terminal used by the user, or supporting a predetermined server to transmit the resultant value to the authentication terminal.

According to another aspect of the present invention, there is provided a method for providing a personal authentication service using a card based on short-range wireless communication, the method comprising the steps of: (a) At least one neighboring hash value matching with a specific hash value generated by applying a predetermined function to at least a part of the public key for reference stored in advance so as to correspond to the card is calculated The first representative hash value to be generated is registered in the database, the card transmits an information request signal and a session identifier (" ID ") for the user from the authentication terminal, session id); (b) in response to the information request signal, calculating, by the card, a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card; And (c) the card includes: (i) verification card information that is unique information of the card, (ii) a public key for verification corresponding to the card, and (iii) data including the calculated session identifier signature value (Ii) the public key for verification, (iii) the session identifier < RTI ID = 0.0 > A signature value, and (iv) a first representative hash value retrieved from the database, the result value being indicative of the identity of the user, A second representative hash value generated by computing at least one neighboring hash value matching with a second specific hash value generated by applying the predetermined function to at least a part of the personal information and the verification public key, Generated by referring to the fetched first hash value representative ¹-a includes the step of supporting the authentication for the terminal to obtain.

According to another aspect of the present invention, there is provided a method of providing a self-authentication service using a card based on a short-range wireless communication, the method comprising the steps of: (a) And at least one neighboring hash value matched with a specific hash value generated by applying a predetermined function to at least a part of a reference public key stored beforehand corresponding to the card, Transmitting an authentication start request signal of the user's identity to an authentication server of the user, the authentication terminal being the terminal that the user can use or access, while the first representative hash value generated by the user is registered in the database; (b) acquiring a session ID generated so as to correspond to the initiation request signal of the identity authentication, the authentication terminal transmits, from the card through the short-range wireless communication, (i) (Ii) a public key for verification corresponding to the card; and (iii) a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card; (c) when the personal information for verification of the user is obtained, the authentication terminal transmits (i) the verification personal information and the received verification card information, or the verification personal information and the verification card information A hash value, (ii) the public key for verification received, and (iii) the received session identifier signature value to the identity authentication server; (I) the hash value of the verification personal information and the verification card information, or the verification private information and the verification card information, (ii) the verification public key, (iii) the session identifier signature value, and (iv) a result value for the identity verification by the first representative hash value retrieved from the database, the result value being indicative of the verification card information, A second representative hash value generated by calculating at least one neighboring hash value matched with a second specific hash value generated by applying the predetermined function to at least a part of the verification public keys, And a value generated by referring to the value.

According to another aspect of the present invention, there is provided a method of providing a self-authentication service using a card based on a short-range wireless communication, the method comprising the steps of: (a) And at least one neighboring hash value matched with a specific hash value generated by applying a predetermined function to at least a part of a reference public key stored beforehand corresponding to the card, The authentication server transmits an authentication request to the authentication server via the network in response to the authentication request signal from the authentication terminal that is used or accessible by the user, Creating a session identifier or supporting a predetermined server to generate the session identifier; (b) transmitting, by the principal authentication server, the generated session identifier to the authentication terminal; (ii) verification card information, which is unique information of a card acquired by the authentication terminal; (iii) verification private information corresponding to the card, And (iv) a session identifier signature value, which is a value obtained by signing the session identifier with a private key corresponding to the card, is obtained, the authentication server comprising: (i) (Ii) the public key for verification, and (iii) the result value for the identity authentication using the session identifier signature value, and the hash value of the verification private information, The resultant value is calculated by calculating at least one neighboring hash value matching the second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key By The second representative value and the generated hash ¹ generated with reference to a first representative hash value extracted from the database, the method comprising the steps of: obtaining a; And (d) if the result of the authentication is obtained, the authentication server transmits the result of the authentication to the authentication terminal.

According to another aspect of the present invention, there is provided an authentication support server for providing a self-authentication service using a card based on a short-distance wireless communication, the authentication support server including: At least one neighboring hash value matching with a specific hash value generated by applying a predetermined function to at least a part of a reference public key stored beforehand corresponding to the card, (I) the card information for verification, which is unique information of the card, and the personal information for verification of the user, or the verification card information and the verification (Ii) a public key for verification corresponding to the card, and (iii) a session identifier for the user, sessi a communication unit for acquiring a session identifier signature value, which is a value obtained by signing a session key on id with a private key corresponding to the card; And (i) a hash value of the verification card information and the verification private information, or the verification card information and the verification private information, (ii) the verification public key, and (iii) the session identifier signature value (A) corresponding to the hash value (A) from the database using the hash value (A) of the verification card information and the verification private information, The processor calculates at least one neighboring hash value matched with a second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key Generates a result value for authentication of the user with reference to a second representative hash value generated by the first representative hash value and the extracted first representative hash value, And wherein the user is sent to the terminal of the authentication terminal for use, or cause the predetermined server support to send to the terminal for the authentication.

According to another aspect of the present invention, there is provided a short-range wireless communication-based card for providing a personal authentication service, the card comprising: reference card information stored in advance for the card; And a first representative hash value generated by computing at least one neighboring hash value matching a specific hash value generated by applying a predetermined function to at least a part of public keys stored in advance corresponding to the card, A communication unit for receiving an information request signal and a session ID for the user through the short-range wireless communication from an authentication terminal, which is a terminal that the user can use or access, while being registered in the database; And a processor for calculating a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card in response to the information request signal, (Ii) the verification public key corresponding to the card, and (iii) the calculated session identifier signature value, which is unique information of the card, to the authentication terminal, (ii) the public key for verification, (iii) the session identifier signature value, and (iv) the authentication information for the user from the database. A result value for the user's personal authentication generated using data including the extracted first representative hash value; And a second representative hash value generated by calculating at least one neighboring hash value matching a second specified hash value generated by applying the predetermined function to at least a part of the verification public keys, And a value generated by referring to the hash value.

According to another aspect of the present invention, there is provided an authentication terminal for providing a self-authentication service using a card based on a short-range wireless communication, wherein the authentication terminal is provided as a terminal that can be used or accessed by a user, A predetermined function is applied to at least a part of the reference card information stored in advance for the card, the reference personal information stored in advance for the user, and the public key stored in advance so as to correspond to the card Transmits a start request signal for authentication of the user's identity to the authentication server in a state where the first representative hash value generated by calculating at least one neighboring hash value matching the generated specific hash value is registered in the database, When a session ID generated so as to correspond to the initiation request signal of the identity authentication is obtained, (Ii) a public key for verification corresponding to the card; and (iii) a private key corresponding to the card, the private key corresponding to the card, a communication unit for receiving a session identifier signature value, which is a value signed by a key; (I) a hash value of the verification personal information and the received verification card information or the verification private information and the verification card information, (ii) And (iii) transmitting the session identifier signature value to the authentication server via the communication unit, wherein the communication unit includes: (i) the verification personal information and the verification card (Ii) the public key for verification, (iii) the session identifier signature value, and (iv) a first representative hash value retrieved from the database, wherein the hash value of the verification private information and the verification card information, The resultant value is obtained by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key A second representative hash value generated by calculating at least one neighboring hash value matching the second specific hash value, and a value generated by referring to the extracted first representative hash value.

According to another aspect of the present invention, there is provided a personal authentication server for providing a personal authentication service using a short-range wireless communication card, the personal authentication server including: And at least one neighboring hash value matched with a specific hash value generated by applying a predetermined function to at least a part of public keys stored in advance corresponding to the card, A communication unit for acquiring a request signal for requesting authentication of a principal from an authentication terminal, which is a terminal that the user can use or access, in a state where a representative hash value generated by the operation is registered in the database; And a processor for generating a session ID corresponding to the start request signal or generating a predetermined server through the communication unit when the start request signal is acquired, (Ii) verification card information, which is unique information of the card acquired by the authentication terminal, from the authentication terminal, and (iii) transmits a session identifier to the authentication terminal, (iii) a verification public key corresponding to the card, and (iv) a session identifier signature value, which is a value obtained by signing the session identifier with a private key corresponding to the card, (Ii) the public key for verification, and (iii) the hash value of the session identifier < RTI ID = 0.0 > signature Value obtained by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key, A second representative hash value generated by calculating at least one neighbor hash value matched with a hash value and a first representative hash value extracted from the database, And transmits a result value for the identity authentication to the authentication terminal.

According to the method of the present invention, it is possible to provide a simple personal authentication using a card which can be carried with ease.

Further, according to the method of the present invention, a high level of security is provided through high-level encryption.

In addition, according to the method of the present invention, reliability of the authentication related information such as a public key and a public key hash value is fundamentally prevented.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention .
1 is a conceptual diagram schematically illustrating an exemplary configuration of an authentication support server, a card, an authentication terminal, and an authentication server for performing a method of providing a personal authentication service using a card based on a short range wireless communication according to the present invention .
FIG. 2 is a sequence diagram exemplarily showing a method of providing a personal authentication service using a card based on a short-distance wireless communication according to the present invention.
FIGS. 3 and 4 are views illustrating an example of a merge tree generated for a personal authentication service using a short-range wireless communication based card according to the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of example, specific embodiments in which the invention may be practiced in order to clarify the objects, technical solutions and advantages of the invention. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention.

Also, throughout the description and claims of this invention, the word 'comprise' and variations thereof are not intended to exclude other technical features, additions, elements or steps. Other objects, advantages and features of the present invention will become apparent to those skilled in the art from this description, and in part from the practice of the invention. The following examples and figures are provided by way of illustration and are not intended to limit the invention.

Moreover, the present invention encompasses all possible combinations of embodiments shown herein. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which such claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

Unless otherwise indicated herein or clearly contradicted by context, items referred to in the singular are intended to encompass a plurality unless otherwise specified in the context. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

1 is a conceptual diagram schematically illustrating an exemplary configuration of an authentication support server, a card, an authentication terminal, and an authentication server for performing a method of providing a personal authentication service using a card based on a short range wireless communication according to the present invention .

Referring to FIG. 1, an authentication support server, a card, an authentication terminal, and a principal authentication server 100 according to an exemplary embodiment of the present invention includes a communication unit 110 and a processor 120. The use of the same reference numerals is for convenience of explanation only and is not intended to mean that these individual devices are the same.

Specifically, the authentication support server, the authentication terminal, and the identity authentication server typically comprise a computing device (e.g., a computer processor, memory, storage, input device and output device, device that may include components of an existing computing device; Electronic information storage systems such as network attached storage (NAS) and storage area network (SAN)) and computer software (i.e., instructions that cause the computing device to function in a particular manner) Lt; RTI ID = 0.0 > desired system performance. ≪ / RTI >

The communication unit 110 of such a computing device can send and receive requests and responses to and from other interworking computing devices. As an example, such requests and responses can be made by the same TCP session, For example, as a UDP datagram.

In addition, the processor 120 of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. It may further include a software configuration of an operating system and an application that performs a specific purpose.

On the other hand, the card refers to a credit card, a check card, and the like. In this specification, a card includes components that provide a local wireless communication (NFC) function such as an NFC chip. Such a component may include a communication unit that provides a short-range wireless communication function and a processor that provides computing capability of a limited rule, and in some cases, such a component may include a storage unit storing predetermined data . The components of such a card are for performing the method according to the present invention, and a method for providing authentication service using a card based on a short-range wireless communication according to the present invention will now be described.

First, a method for providing a personal authentication service according to the present invention is a method for providing a personal authentication service, comprising: first, referring card information stored in advance for a card held by a user, reference personal information stored in advance for the user, A first representative hash value (of the merge tree) generated by calculating at least one neighboring hash value matching a specific hash value generated by applying a predetermined function to at least a part of the public keys is registered in the database It is assumed that there is a state.

The predetermined function may include an MD4 function, an MD5 function, an SHA-0 function, an SHA-1 function, an SHA-224 function, an SHA-256 function, an SHA-384 function, a SHA-512 function, However, the present invention is not limited thereto. For example, Triple SHA256 would be possible.

Reference will now be made to Figs. 3 and 4 to illustrate an example of a merge tree with respect to the first representative hash value. Figures 3 and 4 illustrate examples of a muckle tree generated for an authentication service according to the present invention. 3 and 4, the following description will be made.

FIG. 3 shows a merge tree in which the number of leaf nodes is 4 (2 ² ). (Tree_id = 0), the hash value of the predetermined message data " Coinplug 2016-01-01 " (triplesha256digest (coinplug_unique_message)) is allocated to the node h0 which is the first leaf node. If a new hash value is provided for authentication, a next leaf node of the last leaf node of the currently configured merge tree is created, and a value obtained by processing the specific hash value or a specific hash value is assigned to the leaf node. do. For example, when the value assignment from the previous step to the h1 node, which is the second leaf node, is completed in the merge tree of FIG. 3, a h2 node, which is the next leaf node, is generated to assign a processed value of a specific hash value or a specific hash value have. At this time, the hash value assigned to the h3 node, which is the sibling node of the h2 node, which is the third leaf node to which (i) the specific hash value and (ii) the specific hash value is allocated, can be calculated. The hash value for the operation value, which is the result of the operation, is assigned to the h2 node and the parent node (h23 node) of the h3 node. Since the parent node (h23 node) is not the root node of the merge tree, the hash value assigned to the h23 node may be repeated as the hash value. That is, the hash value assigned to the h23 node is set as a specific hash value, and the hash value assigned to the h23 node and the hash value assigned to the h01 node are calculated and assigned to the h23 node and the parent node (h0123 node) of the h01 node have. At this time, since the node h0123 is the root node of the merge tree, the value (hex (h {node_index})) obtained by processing the hash value assigned to the node h0123 can be registered in the database as the first representative hash value.

Next, referring to FIG. 4, it can be seen that the root value (hex (h0123)) of the merge tree (tree_id = 0) of FIG. 3 is allocated to the first leaf node (h4 node) of the new merge tree. The present invention has an advantage of improving data integrity by allowing easy tracking even when data is modulated in the middle by connecting a plurality of data structures generated in the database registration as described above.

2 is a flowchart illustrating a method of authenticating a personal authentication service using a card based on a short-range wireless communication according to an embodiment of the present invention, assuming that a first representative hash value is registered in the database in the above- A sequence diagram that illustrates an exemplary method for providing a signal.

Referring to FIG. 2, a method according to the present invention includes a step in which an authentication terminal, which is a user-accessible or accessible terminal, transmits a request signal for authentication of the user to the authentication server.

When the initiation request signal is acquired from the authentication terminal in step S205 (S205), the authentication server of the principal can generate a session identifier corresponding to the initiation request signal, (S210: S215) so that the server of the server can be generated. Such a session identifier may include a random nonce to be used once, or may be a value obtained by processing the random nonce. Meanwhile, the predetermined server may be an authentication support server as shown in FIG.

Next, the method according to the present invention includes the step S220 of the authentication server transmitting the generated session identifier to the authentication terminal.

In step S220, after the session identifier generated to correspond to the initiation request signal is acquired, the authentication terminal transmits (i) verification card information unique to the card, ( ii) a public key for verification corresponding to the card, and (iii) a session identifier signature value, which is a value obtained by signing the session identifier with a private key corresponding to the card (S240) , Which will be described in detail below.

In step S240, if the user provides his / her card for short-range wireless communication with the authentication terminal after step S220, At this time, the card transmits the short distance wireless communication start request signal to the authentication terminal (S225), and maintains interworking with the authentication terminal through handshaking with the authentication terminal (S230 )can do. After the step S230, the card receives the information request signal and the session identifier for the user from the authentication terminal through the short-range wireless communication (S235). That is, in step S235, the authentication terminal transmits the session identifier to the card through the short-range wireless communication, and requests the verification card information, the verification public key, and the session identifier signature value.

Thereafter, according to the method of the present invention, in response to the information request signal, the card calculates a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card (S240 -1; not shown); And the card comprises: (i) card information for verification, (ii) a public key for verification (card public key) corresponding to the card, and (iii) data including the calculated session identifier signature value To the authentication terminal (S240). That is, in step S240, the authentication terminal receives the verification card information, the verification public key, and the session identifier signature value from the card via the short-range wireless communication.

In the method in which the card provides the card public key and the private key (card private key) corresponding to the card, first, the public key and the private key pair corresponding to the card are pre-loaded There is a method in which the processor of the card dynamically generates the card public key and the card private key pair in response to the information request signal.

If the personal information for verification of the user is obtained (S245) after the step S240, the authentication terminal transmits (i) the verification personal information and the received verification card information or the verification personal information and (Ii) the received verification public key, and (iii) the received session identifier signature value to the authentication server (S250). Thereafter, the principal authentication server includes (i) a hash value of the verification card information and the verification personal information, or the verification card information and the verification private information, (ii) the verification public key, and (iii) the session identifier signature value is transmitted to the predetermined server (S255), and then the authentication support server sends the session identifier signature value from the database using the hash value (A) of the verification card information and the verification personal information The first representative hash value corresponding to the hash value A is extracted (S260, S265).

In the step of extracting the first representative hash value (S260, S265), the authentication support server determines whether the first representative hash value corresponding to the hash value of the verification card information and the verification private information is included in the database Acquiring a transaction identifier (transaction identifier) indicating a recorded location (S260-1); And a step (S260-2) of, when the transaction identifier is obtained, fetching the first representative hash value corresponding to the hash value from the database using the obtained transaction identifier have.

Step S260-1 specifically identifies the merkle tree information and the leaf node information corresponding to the hash value of the verification card information and the verification personal information by the authentication support server And obtains the transaction identifier corresponding to the identified mu tree tree information.

Step S260-2 further includes: the authentication support server acquiring an OP_RETURN message from the database using the obtained transaction identifier (S260-2a); And extracting the first representative hash value included in the obtained OP_RETURN message (S260-2b).

The information on the transaction identifier (for example, information on the transaction identifier itself, information on the correspondence between the hash value (A) and the transaction identifier, etc.) may be held by the authentication support server, Other servers may have it.

If it is determined that the transaction identifier is not acquired, the authentication support server transmits a result value indicating that the user's authentication has not been performed to a result value of the user's identity authentication as steps S260 and S265 (S260-3). If the first representative hash value is not fetched, the authentication support server transmits a result value indicating that the user's own authentication has not been performed to the user (S260-4) of generating a result of authentication of the user of the mobile terminal

After the step S265, the authentication support server matches the second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification private information, and the verification public key (S270). The second representative hash value is generated by calculating at least one neighboring hash value from the first representative hash value and the second representative hash value.

Wherein the second representative hash value is a hash value assigned to at least one other leaf node that matches the second specific hash value and the second specific hash value in a merge tree assigned to a particular leaf node, May be generated by computing a value. In this case, (x1) the authentication support server can support (i) the second specific hash value and (ii) the hash value assigned to the sibling node of the node to which the second specific hash value is assigned (X2) if the parent node is a root node of the merge tree, the hash value of the operation value, which is the result of the operation, is assigned to the parent node of the node, Compares or compares the hash value assigned to the parent node with the first representative hash value as the second representative hash value, and (x3) if the parent node is not the root node of the merge tree, The support server repeatedly performs the operations (x1) to (x3) using the hash value assigned to the parent node as the second specified hash value. In short, it is to obtain the representative hash value (root hash value) of the merge tree by iterative (or recursive) execution.

If it is determined in step S270 that the second representative hash value does not match the first representative hash value, the authentication support server transmits a result value indicating that the user's own authentication has not been performed Can be generated as a result value of the user's identity verification.

In addition, if it is determined that the verification result of the session identifier signature value is false by the obtained public key for verification before fetching the first representative hash value, There may be an alternative in which a result value indicating that authentication has not been performed is generated as a result value for the user's identity authentication.

The resultant value generated in step S270 is then transmitted to the authentication terminal, which is a terminal that the user can use or access, or the authentication server is supported to transmit to the authentication terminal (S275).

(I) the hash value of the verification personal information and the verification card information, or the verification personal information and the verification card information, and (ii) (Iii) the session identifier signature value, and (iv) the first representative hash value retrieved from the database (S275).

The database used in the method of the present invention may be a block chain of virtual money.

Throughout all of the embodiments of the present invention described above, there is an effect that a simple yet highly secure personal authentication using a card that can be carried with light is provided.

The advantage of the technique described here as the above embodiments is that it is virtually impossible to change the authentication related information such as the public key and the hash value, thereby ensuring authenticity of the authentication.

Based on the description of the above embodiments, one of ordinary skill in the art can clearly understand that the present invention can be accomplished through a combination of software and hardware, or achieved by hardware alone. Objects of the technical solution of the present invention or portions contributing to the prior art can be implemented in the form of program instructions that can be executed through various computer components and recorded on a computer-readable recording medium. The computer-readable recording medium may include program commands, data files, data structures, etc., alone or in combination. The program instructions recorded on the computer-readable recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules for performing the processing according to the present invention, and vice versa. The hardware device may include a processor, such as a CPU or a GPU, coupled to a memory, such as ROM / RAM, for storing program instructions, and configured to execute instructions stored in the memory, And a communication unit. In addition, the hardware device may include a keyboard, a mouse, and other external input devices for receiving commands generated by the developers.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims.

Therefore, the spirit of the present invention should not be construed as being limited to the above-described embodiments, and all of the equivalents or equivalents of the claims, as well as the following claims, I will say.

Claims (37)

A method for providing a personal authentication service using a card based on short-range wireless communication,
(a) applying a predetermined function to at least a part of the reference card information stored in advance for the card, the reference personal information stored in advance for the user, and the public key stored in advance so as to correspond to the card A first representative hash value generated by computing at least one neighboring hash value matching the generated specific hash value is registered in the database, and (i) the card information for verification, which is unique information of the card, (Ii) a public key for verification corresponding to the card; and (iii) a session identifier for the user, When a session identifier signature value, which is a value signed by a private key corresponding to a card, is obtained, the authentication support server transmits the verification card information and the verification individual Retrieving the first representative hash value corresponding to the hash value (A) from the database using the hash value (A) of the information;
(b) the authentication support server transmits at least one of a plurality of hash values matching with a second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification private information, Generating a result value of the user's identity verification with reference to a second representative hash value generated by calculating a neighborhood hash value and the extracted first representative hash value; And
(c) transmitting the generated result value to an authentication terminal, which is a terminal used by the user, or supporting a predetermined server to transmit the resultant value to the authentication terminal
≪ / RTI > The method according to claim 1,
The second representative hash value is a value
The second specific hash value is generated by calculating a hash value assigned to at least one other leaf node matching the second specific hash value and the second specific hash value in a merge tree allocated to a specific leaf node Lt; / RTI > 3. The method of claim 2,
(x1) the authentication support server supports to calculate or calculate a hash value assigned to (i) the second specific hash value and (ii) the sibling node of the node to which the second specific hash value is assigned, To assign or assign a hash value to the parent node of the node,
(x2) if the parent node is a root node of the merge tree, the authentication support server compares the hash value assigned to the parent node with the first representative hash value as the second representative hash value Compare,
(x3) If the parent node is not the root node of the merge tree, the authentication support server repeats the above (x1) to (x3) with the hash value assigned to the parent node as the second specified hash value . ≪ / RTI > The method according to claim 1,
The step (b)
If the first representative hash value does not coincide with the first representative hash value, the authentication support server transmits a result value indicating that the user's own authentication has not been performed to the authentication support server As a result value. The method according to claim 1,
In the step (a)
If it is determined that the result of verifying the session identifier signature value by the obtained public key for verification before fetching the first representative hash value is false, then the authentication support server authenticates the user And a result value indicating that the user has not been authenticated. The method according to claim 1,
The step (a)
(a1) the transaction support server is a transaction identifier corresponding to the hash value of the verification card information and the verification personal information, and the transaction has a first transaction hash value Obtaining an identifier; And
(a2) when the transaction identifier is obtained, the authentication support server fetches the first representative hash value corresponding to the hash value from the database using the obtained transaction identifier
≪ / RTI > The method according to claim 6,
The step (a2)
(a2-1) the authentication support server acquiring an OP_RETURN message from the database using the obtained transaction identifier; And
(a2-2) fetching the first representative hash value included in the obtained OP_RETURN message
≪ / RTI > The method according to claim 6,
The step (a)
(a3) if the transaction identifier is not obtained, the authentication support server generates a result value indicating that the user is not authenticated as a result of the user's identity authentication ≪ / RTI > The method according to claim 6,
The step (a)
(a4) if the first representative hash value is not fetched, the authentication support server generates a result value indicating that the user's own authentication has not been performed as a result value for the user's own authentication ≪ / RTI > The method according to claim 6,
The step (a1)
The authentication support server identifies the merkle tree information and the leaf node information corresponding to the hash value of the verification card information and the verification private information, To obtain the transaction identifier. The method according to claim 1,
The predetermined function may include:
MDA function, MD5 function, SHA-0 function, SHA-1 function, SHA-224 function, SHA-256 function, SHA-384 function, SHA-512 function and HAS-160 function. The method according to claim 1,
Wherein the database is a block chain of virtual currency. A method for providing a personal authentication service using a card based on short-range wireless communication,
(a) applying a predetermined function to at least a part of the reference card information stored in advance for the card, the reference personal information stored in advance for the user, and the public key stored in advance so as to correspond to the card A first representative hash value generated by calculating at least one neighboring hash value matched with the generated specific hash value is registered in the database and the card is transmitted from an authentication terminal Receiving an information request signal and a session id for the user through the short-range wireless communication;
(b) in response to the information request signal, calculating, by the card, a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card; And
(c) the card further comprises: (i) verification card information that is unique information of the card, (ii) a public key for verification corresponding to the card, and (iii) To the authentication terminal,
(Ii) the public key for verification, (iii) the session identifier signature value, and (iv) the authentication information for the user, A result value for the user's personal authentication generated using data including a first representative hash value fetched from a database, the result value including at least one of the card information for verification, the personal information for verification, A second representative hash value generated by calculating at least one neighboring hash value matched with a second specific hash value generated by applying the predetermined function to at least a part of the generated first hash value, - the step of supporting the authentication terminal to acquire
≪ / RTI > 14. The method of claim 13,
Before the step (a)
(a0) transmitting the short-range wireless communication start request signal to the authentication terminal, and maintaining interworking with the authentication terminal through handshaking with the authentication terminal
≪ / RTI > 14. The method of claim 13,
Wherein the card is pre-loaded with the verification public key and private key pair corresponding to the card. 14. The method of claim 13,
Wherein,
And dynamically generating the verification public key and private key pair corresponding to the card in response to the information request signal. A method for providing a personal authentication service using a card based on short-range wireless communication,
(a) applying a predetermined function to at least a part of the reference card information stored in advance for the card, the reference personal information stored in advance for the user, and the public key stored in advance so as to correspond to the card And a first representative hash value generated by calculating at least one neighboring hash value matching the generated specific hash value is registered in the database, the authentication terminal, which is a terminal that the user can use or can access, Transmitting an initiation request signal for authentication of the principal to the principal authentication server;
(b) acquiring a session ID generated so as to correspond to the initiation request signal of the identity authentication, the authentication terminal transmits, from the card through the short-range wireless communication, (i) (Ii) a public key for verification corresponding to the card; and (iii) a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card;
(c) when the personal information for verification of the user is obtained, the authentication terminal transmits (i) the verification personal information and the received verification card information, or the verification personal information and the verification card information A hash value, (ii) the public key for verification received, and (iii) the received session identifier signature value to the identity authentication server; And
(i) a hash value of the verification personal information and the verification card information, or the verification private information and the verification card information, (ii) the public key for verification, ( (iii) the session identifier signature value, and (iv) a first representative hash value retrieved from the database, the result value being indicative of the authentication card information, the verification private information, A second representative hash value generated by calculating at least one neighboring hash value matched with a second specific hash value generated by applying the predetermined function to at least a part of the public keys for verification, - a step of receiving
≪ / RTI > 18. The method of claim 17,
The step (b)
(b1) transmitting, by the authentication terminal, the session identifier to the card via the short-range wireless communication, and requesting the verification card information, the verification public key, and the session identifier signature value; And
(b2) receiving, by the authentication terminal, the verification card information, the verification public key, and the session identifier signature value from the card via the short-range wireless communication
≪ / RTI > 19. The method of claim 18,
Before the step (b1)
(b0) further comprising the step of the authentication terminal acquiring a request signal for the short-range wireless communication from the card, and maintaining interworking with the card through handshaking with the card Lt; / RTI > 18. The method of claim 17,
Wherein the session identifier comprises:
Wherein the authentication server is generated by the authentication server or a predetermined server linked with the authentication server. 18. The method of claim 17,
Wherein the session identifier comprises:
A random nonce for use once, or a value obtained by processing the random nonce. A method for providing a personal authentication service using a card based on short-range wireless communication,
(a) applying a predetermined function to at least a part of the reference card information stored in advance for the card, the reference personal information stored in advance for the user, and the public key stored in advance so as to correspond to the card A representative hash value generated by calculating at least one neighboring hash value matched with the generated specific hash value is registered in the database and the authentication request is transmitted from the authentication terminal which is a terminal that the user can use or access to, The authentication server generates a session ID corresponding to the initiation request signal or supports a predetermined server to generate the session ID;
(b) transmitting, by the principal authentication server, the generated session identifier to the authentication terminal;
(ii) verification card information, which is unique information of a card acquired by the authentication terminal; (iii) verification private information corresponding to the card, And (iv) a session identifier signature value, which is a value obtained by signing the session identifier with a private key corresponding to the card, is obtained, the authentication server comprising: (i) (Ii) the public key for verification, and (iii) the result value for the identity authentication using the session identifier signature value, and the hash value of the verification private information, The resultant value is calculated by calculating at least one neighboring hash value matching the second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key By The second representative value and the generated hash ¹ generated with reference to a first representative hash value extracted from the database, the method comprising the steps of: obtaining a; And
(d) when the result of the authentication is obtained, the authentication server transmits, to the authentication terminal, a result value of the identity authentication
≪ / RTI > 23. The method of claim 22,
The step (c)
(c1) the authentication server of the personal authentication server further comprises: (i) a hash value of the verification card information and the verification personal information, or the verification card information and the verification private information, (ii) (iii) transmitting the session identifier signature value to the predetermined server so as to cause the predetermined server to transmit (i) the verification card information and the verification personal information, or the verification card information and the verification personal information (Ii) the public key for verification, (iii) the session identifier signature value, and (iv) the first representative hash value retrieved from the database. Supporting the creation; And
(c2) the identity authentication server acquiring a result value for the identity authentication from the predetermined server
≪ / RTI > 1. An authentication support server for providing a personal authentication service using a card based on a short-range wireless communication,
A specific function generated by applying a predetermined function to at least one of public key information stored in advance for the card, reference private information stored in advance for the user, and public keys stored in advance corresponding to the card, A first representative hash value generated by computing at least one neighbor hash value matched with a hash value is registered in the database, and (i) the card information for verification, which is the unique information of the card, (Ii) a public key for verification corresponding to the card, and (iii) a session ID for the user, corresponding to the card A communication unit for obtaining a session identifier signature value that is a value signed by a private key; And
(i) a hash value of the verification card information and the verification private information, or the verification card information and the verification private information, (ii) the verification public key, and (iii) the session identifier signature value Acquiring the first representative hash value corresponding to the hash value (A) from the database using the hash value (A) of the verification card information and the verification personal information,
, ≪ / RTI &
The processor comprising:
And generating at least one neighboring hash value matching the second specific hash value generated by applying the predetermined function to at least a part of the verification card information, the verification personal information, and the verification public key, 2 representative hash value and the extracted first representative hash value, generates a result value for the user's identity authentication,
Wherein,
And transmits the generated result value to an authentication terminal, which is a terminal used by the user, or supports a predetermined server to transmit the resultant value to the authentication terminal. 25. The method of claim 24,
The second representative hash value is a value
The second specific hash value is generated by calculating a hash value assigned to at least one other leaf node matching the second specific hash value and the second specific hash value in a merge tree allocated to a specific leaf node Authentication support server. 26. The method of claim 25,
The processor comprising:
(x1) supports to calculate or calculate a hash value assigned to (i) the second specific hash value and (ii) a sibling node of the node to which the second specific hash value is assigned, To assign or assign a hash value to the parent node of the node,
(x2) to compare or compare the hash value assigned to the parent node with the first representative hash value as the second representative hash value if the parent node is a root node of the merge tree,
(x3) If the parent node is not the root node of the merge tree, it performs the operations (x1) to (x3) repeatedly using the hash value assigned to the parent node as the second specified hash value Authentication support server. 25. The method of claim 24,
The processor comprising:
Acquiring a transaction identifier indicating a position where the first representative hash value is recorded in the database, as a transaction identifier corresponding to the hash value of the verification card information and the verification personal information,
And when the transaction identifier is obtained, fetches the first representative hash value corresponding to the hash value from the database using the obtained transaction identifier. 28. The method of claim 27,
The processor comprising:
Acquiring an OP_RETURN message from the database using the obtained transaction identifier,
And extracts the first representative hash value included in the obtained OP_RETURN message. A short-range wireless communication-based card for providing authentication service,
A specific function generated by applying a predetermined function to at least one of public key information stored in advance for the card, reference private information stored in advance for the user, and public keys stored in advance corresponding to the card, A first representative hash value generated by calculating at least one neighboring hash value matched with a hash value is registered in a database, the information is transmitted from the authentication terminal, which is a terminal that the user can use or can access, A communication unit for receiving a request signal and a session id for the user; And
A session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card in response to the information request signal,
, ≪ / RTI &
The processor comprising:
Through the communication unit,
(i) card information for verification that is unique information of the card, (ii) a public key for verification corresponding to the card, and (iii) data including the calculated session identifier signature value to the authentication terminal,
(Ii) the public key for verification, (iii) the session identifier signature value, and (iv) the authentication information for the user, A result value for the user's personal authentication generated using data including a first representative hash value fetched from a database, the result value including at least one of the card information for verification, the personal information for verification, A second representative hash value generated by calculating at least one neighboring hash value matched with a second specific hash value generated by applying the predetermined function to at least a part of the generated first hash value, And the authentication terminal obtains the authentication result. 30. The method of claim 29,
Before receiving the information request signal and the session identifier,
Wherein the communication unit transmits the short distance wireless communication start request signal to the authentication terminal and maintains interworking with the authentication terminal through handshaking with the authentication terminal. . 30. The method of claim 29,
Further comprising a storage unit for pre-loading the verification public key and the private key pair corresponding to the card. 30. The method of claim 29,
The processor comprising:
And dynamically generates the verification public key and private key pair corresponding to the card in response to the information request signal. An authentication terminal for providing a personal authentication service using a card based on a short-range wireless communication, the authentication terminal comprising:
Generated by applying a predetermined function to at least one of public key information stored in advance for the card, reference private information stored in advance for the user, and a public key stored in advance so as to correspond to the card, A first representative hash value generated by calculating at least one neighboring hash value matching a specific hash value is registered in the database, and transmits a start request signal of the user's own authentication to the authentication server, (I) a card identification information unique to the card, (ii) a card identification information unique to the card, and (iii) a session ID corresponding to the card, (Iii) session identification, which is a value obtained by signing the session identifier with a private key corresponding to the card A communication unit for receiving the self signature value; And
(I) a hash value of the verification personal information and the verification card information or the verification personal information and the verification card information, (ii) And (iii) transmitting the received session identifier signature value to the authentication server through the communication unit.
, ≪ / RTI &
Wherein,
(i) a hash value of the verification private information and the verification card information, or the verification private information and the verification card information, (ii) the verification public key, (iii) the session identifier signature value, and (iv) a result value for the identity verification based on the first representative hash value extracted from the database, and the resultant value includes at least a part of the verification card information, the verification private information, A second representative hash value generated by calculating at least one neighboring hash value matched with a second specific hash value generated by applying a predetermined function, and a value generated by referring to the extracted first representative hash value The authentication terminal. 34. The method of claim 33,
Wherein,
Transmits the session identifier to the card through the short-range wireless communication, requests the verification card information, the verification public key, and the session identifier signature value,
Wherein the verification terminal receives the verification card information, the verification public key, and the session identifier signature value from the card via the short-range wireless communication. 35. The method of claim 34,
Wherein,
Acquires a request signal for the short-range wireless communication from the card, and maintains interworking with the card through handshaking with the card. 1. A personal authentication server for providing a personal authentication service using a card based on a short range wireless communication,
A specific function generated by applying a predetermined function to at least one of public key information stored in advance for the card, reference private information stored in advance for the user, and public keys stored in advance corresponding to the card, A representative hash value generated by calculating at least one neighboring hash value matched with a hash value is registered in the database, and a request signal for requesting authentication of the principal is obtained from the authentication terminal, which is a terminal that the user can use or access A communication unit; And
A processor for generating a session ID corresponding to the start request signal or generating a session ID to a predetermined server through the communication unit when the start request signal is acquired,
, ≪ / RTI &
Wherein,
Transmits the generated session identifier to the authentication terminal,
The processor comprising:
(I) authenticating personal information of the user, (ii) verification card information that is unique information of a card acquired by the authentication terminal, (iii) verification public key corresponding to the card, and (iv) if a session identifier signature value that is a value obtained by signing the session identifier with a private key corresponding to the card is obtained, (i) the card information for verification and the verification private information, (Ii) a public key for verification, and (iii) a result value for the identity authentication using the session identifier signature value, and the resultant value is the verification card information A second representative hash value generated by calculating at least one neighboring hash value matching the second specific hash value generated by applying the predetermined function to at least a part of the verification private key and the verification public key, And a value generated by referring to a first representative hash value fetched from the database,
Wherein,
And transmits a result value for the identity authentication to the authentication terminal when a result value for the identity authentication is obtained. 37. The method of claim 36,
The processor comprising:
Through the communication unit,
(i) a hash value of the verification card information and the verification private information, or the verification card information and the verification private information, (ii) the public key for verification, and (iii) the session identifier signature value (I) a hash value of the verification card information and the verification personal information, or the verification card information and the verification personal information, and (ii) (Iii) the session identifier signature value, and (iv) the first representative hash value retrieved from the database to generate a result value for the user's identity verification,
Wherein,
And obtains a result value for the identity authentication from the predetermined server.

Images