KR101812765B1 - Method and System for Providing Service by using Object mapped One Time Code - Google Patents

Abstract

The present invention relates to a service providing system using an object mapped with a disposable code, which is implemented in an authentication server communicating with an application server providing a service related to an object and communicating with a user wireless terminal equipped with an application for processing a disposable code The object of the present invention is to provide a service providing system using a disposable code and a mapped object, the system comprising: an occupancy authentication unit for authenticating a user occupancy state of the application; and an object identifying an object identification value for identifying at least one object to be mapped with the disposable code And an object-disposable code mapping unit for associating the object identification value with a unique identification value that identifies the uniqueness of the application in which the disposable code is to be displayed and storing the object identification value in a storage medium, Through the application corresponding to the unique identification value When the received disposable code is authenticated, a service using the object mapped with the disposable code using the unique identification value as an intermediary is provided to the user through the application server And a service control unit for controlling the service.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a service providing method and system using an object mapped with a one-

The present invention provides a service providing system using an object mapped with a disposable code implemented in an authentication server communicating with an application server providing a service related to an object and communicating with a user wireless terminal having an application processing a disposable code, An object identification unit for identifying an object identification value for identifying an occupation authentication unit for authenticating a user occupation state of the application and at least one object to be mapped with the disposable code and an object identification unit for identifying an uniqueness An object-disposable code mapping unit for storing the unique identification value and the object identification value in association with each other and storing the object identification value in a storage medium, and a disposable code generated by at least one code generation module and processed through an application corresponding to the unique identification value Disposable code receiving unit and the received disposable cord And a service control unit for controlling the service using the object mapped with the disposable code to be provided to the user through the application server by using the unique identification value as an intermediary when the service is authenticated, And a service providing system.

In order for the authentication service, the transaction authentication service, the payment service, and the financial service to be provided through the communication network, a separate object identification value (for example, payment means information, financial means information, etc.) (For example, an electronic signature and encryption using a public key certificate, a security card, a disposable password, a biometric authentication, etc.) for securing the confidentiality and integrity of the object identification value every time the service is provided do.

To solve this inconvenience, a method may be proposed in which the object identification value is mapped to another fixed identifier, and then the identifier is input, transmitted and received, and the mapped object identification value is used. However, as long as the identifier includes a fixed value, the fixed identifier may be exposed at any time. As a result, the method of mapping the object identification value to the fixed identifier may cause a fatal loss by only a single identifier exposure This is a problem.

In order to solve the above problems, an object of the present invention is to provide a method and system for communicating with an application server that provides a service related to an object, a disposable code implemented in an authentication server communicating with a user wireless terminal equipped with an application for processing a disposable code A service providing system using a mapped object, the system comprising: an occupancy authentication unit for authenticating a user occupation state of the application; an object identifying unit for identifying an object identification value for identifying at least one object to be mapped with the disposable code; An object-disposable code mapping unit for associating the object identification value with a unique identification value for identifying an uniqueness of an application to which a code is to be displayed and storing the object identification value in a storage medium; Receiving the processed one-time code through the corresponding application And a service control unit for controlling the service using the object mapped with the disposable code to be provided to the user through the application server by using the unique identification value as an intermediary when the received disposable code is authenticated And a service providing system using the mapped object and the disposable code.

A service providing system using an object mapped with a disposable code according to the present invention is implemented in an authentication server communicating with an application server providing a service related to an object and communicating with a user wireless terminal equipped with an application processing a disposable code A service providing system using an object mapped with a disposable code, the system comprising: an occupancy authentication unit for authenticating a user occupancy state of the application; and an object identification unit for identifying an object identification value for identifying at least one object to be mapped with the one- And an object-disposable code mapping unit for associating the object identification value with a unique identification value for identifying the uniqueness of the application to be displayed by the disposable code and storing the object identification value in a storage medium, Work processed through the application corresponding to the identification value When the received disposable code is authenticated, a service using an object mapped with the disposable code using the unique identification value as an intermediary is provided to the user through the application server And a service control unit for controlling the service provider.
The occupancy authentication unit may authenticate the correspondence between the authentication number displayed on the user terminal and the authentication number input through the application through the application server, Or authenticates the correspondence between the authentication number displayed through the application and the authentication number input through the user terminal.
In the service providing system using the object mapped with the disposable code according to the present invention, the object identifying unit may check the object identification value from the application server, or may identify the object identification value input from the user terminal connected to the application server And receiving the object identification value input through the application, and receiving the object identification value input through the application.
The unique identification value may be a fixed value that is selected to map the disposable code dynamically generated by the at least one code generation module with the object identification value, in the service providing system using the object mapped with the disposable code according to the present invention. A unique key value assigned to the application, a phone number of the mobile terminal, account information of the user, a mail address of the user, and an individual identification key assigned to the user.
In the service providing system using the object mapped with the disposable code according to the present invention, the object includes at least one of a user's ID, a payment means, and a financial means or a combination of two or more thereof.
In the service providing system using the object mapped with the disposable code according to the present invention, the object identification value includes one or two or more combinations of account information, payment means information, and financial means information of a user do.
The disposable code may include a first factor seed value set in the code generation module, a third factor seed value obtained in real time at the time of generation of the one-time code, (N > = 1) seed values corresponding to any one or two or more combinations of 3rd-factor seed values obtained from a medium possessed by the user are substituted into the code generation algorithm.
The disposable code may be generated by a code generation module provided on an application side or generated by a code generation module provided on an authentication server side, Side code generation module and the authentication-server-side code generation module, respectively.
The service providing system using the object mapped with the disposable code according to the present invention may further include a disposable code authentication unit for authenticating the correspondence between the received disposable code and the disposable code generated by the code generation module .
The service using the object may include at least one of a principal authentication service using the object identification value, a transaction authentication service, a payment service, and a financial service using the object mapped with the disposable code according to the present invention, .
A method of providing a service using an object mapped with a disposable code according to the present invention includes the steps of communicating with an application server providing a service related to an object and executing the service by an authentication server communicating with a user wireless terminal equipped with an application for displaying a disposable code The method comprising: authenticating a user occupancy state of the application; identifying an object identification value identifying at least one object to be mapped with the one-time code; Storing a unique identification value for identifying an uniqueness of an application to which a code is to be displayed and the object identification value in association with each other on a storage medium; and generating, by an application corresponding to the unique identification value, Receiving the processed disposable code, And controlling a service using the object mapped with the disposable code to be provided to the user through the application server using the unique identification value as an intermediary when the received disposable code is authenticated.
The service providing system according to the present invention communicates with an application server that provides a service related to an object and includes an object mapped with a disposable code implemented in an authentication server communicating with a user's wireless terminal having an application for displaying a disposable code An object identification unit for identifying an object identification value for identifying at least one object to be mapped with the one-time code; and an object identification unit for identifying the object identification value, An object-disposable code mapping unit for associating the object identification value with a unique identification value that identifies the uniqueness of the application to be displayed and storing the object identification value in a storage medium; a disposable code mapping unit dynamically generated by the at least one code generation module, A disposable code receiving unit for receiving a code, And a service control unit for controlling the service using the object mapped with the disposable code to be provided to the user through the application server by using the unique identification value as an intermediary when the reuse code is authenticated.

According to the present invention, the occupancy authenticating unit authenticates the correspondence between the authentication number displayed on the user terminal and the authentication number input through the application through the application server, or the authentication number displayed through the application and the user terminal The correspondence of the inputted authentication number can be authenticated.

According to the present invention, the object verification unit may check the object identification value from the application server, receive the object identification value input from the user terminal connected to the application server, or receive the object identification value input through the application The object identification value can be confirmed through at least one of the receiving and receiving.

According to the invention, the unique identification value is a fixed value selected to map the one-off code dynamically generated by the at least one code generation module with the object identification value, A telephone number of the terminal, account information of the user, a mail address of the user, and a personal identification key assigned to the user.

According to the present invention, the object includes at least one of a user's account (ID), a payment means, and a financial means, and the object identification value includes at least one of a user's account information, Or a combination of two or more of them.

According to the present invention, the one-time use code includes at least one of a first factor seed value set in the code generation module, a third factor seed value obtained in real time at the time of generation of the one-time code, and a third factor seed value (N > = 1) seed values corresponding to any one or two or more combinations to the code generation algorithm. Here, the first factor seed value is a seed value set in the code generation module. The first factor seed value is a value stored in the wireless terminal, a value input by the application and transmitted to the authentication server, a value shared by the application and the authentication server, And a time value determined by a timer synchronized between the application and the authentication server and a value associated with an object registered with the authentication server in the application and a value exchanged in accordance with a seed exchange procedure specified between the authentication server and the authentication server . ≪ / RTI > The third factor seed value is a seed value that is obtained in real time at the time of generation of the one-time code, and is a value dynamically allocated to the wireless terminal by the communication network connected to the wireless terminal, A value extracted from a code image recognized through a camera unit of the wireless terminal, and a position value of a wireless terminal determined as a location positioning module of the wireless terminal. Further, the medium possessed by the user may be a card (or a portable medium) in which a specific key input value is printed, a card (or a portable medium) in which a code image in the form of a 2D barcode is printed, a card Wherein the third factor seed value includes at least one of a value stored in a stored personal storage device, a specific IC card, a living body of the user, and a value stored by the user himself or herself, , A value recognized from a code image printed on a card (or a portable medium) held by the user through the camera unit of the wireless terminal, a value of a card (or a portable device having the NFC function carried by the user via the NFC module of the wireless terminal A value recognized from the user's personal storage device through the communication port of the wireless terminal, a value recognized from the user's IC card that interfaces with the wireless terminal Key may include at least one of the input values that expression value, the user and their biometric information, and user memory is.

According to the present invention, the disposable code may be generated by a code generation module provided on the application side or by a code generation module provided on the authentication server side, or may be generated by the application side code generation module and the authentication server side code generation module Lt; RTI ID = 0.0 > and / or < / RTI >

According to the present invention, the service providing system may further include a first factor seed distribution unit in which the first factor seed value to be set in the code generation module is shared or distributed.

According to the present invention, the service providing system may further include a third factor rule registration unit for registering a third factor rule for obtaining a third factor seed value to be acquired in real time at the time of generating the one-time code, And a third factor seed distribution unit for acquiring a third factor seed value at a time point when the disposable code is generated according to a rule.

According to the present invention, the service providing system may further include a third factor media registration unit for registering a third factor media corresponding to a third factor seed value obtained from the medium held by the user.

According to the present invention, the service providing system may further include a disposable code authentication unit for authenticating the correspondence between the received one-time use code and the one-time use code generated by the code generation module.

According to the present invention, the service using the object may include at least one of a personal authentication service using the object identification value, a transaction authentication service, a payment service, and a financial service.

A service providing method according to the present invention is a method for communicating with an application server providing a service related to an object and an object mapped with a disposable code executed by an authentication server communicating with a user's wireless terminal equipped with an application for displaying a disposable code The method comprising: authenticating a user occupancy state of the application; identifying an object identification value identifying at least one object to be mapped with the one-time code; Storing the object identification value in a storage medium in association with a unique identification value that identifies the unique identification value of the object, and receiving a disposable code dynamically generated by at least one code generation module and displayed through the application; When the received one-time code is authenticated, the unique identification value And controlling the service using the object mapped with the disposable code to be provided to the user through the application server.

According to another aspect of the present invention, there is provided a method of providing a service using an object mapped with a disposable code executed by a wireless terminal communicating with an authentication server, the method comprising: generating at least one of a disposable code The method comprising: inputting an object identification value that identifies at least one object that can be mapped, a unique identification value that identifies the uniqueness of an application to be displayed with the one-time code, a step of transmitting the input object identification value to the authentication server, And displaying the one-time code dynamically generated by at least one code generation module, wherein the same one-time code as the displayed one-time code is input, and the step of transmitting the input one- .

According to the present invention, a separate object identification value (e.g., user account information, payment means information, financial means information, etc.) identifying an object necessary for providing a service can be obtained only by authenticating a disposable code provided in a user's wireless terminal. There is an advantage of providing a service using the object conveniently and safely using the object identification value mapped with the disposable code without inputting the object identification value.

According to the present invention, there is an advantage in that the security level of the disposable code is layered according to the type of service using the object, by sorting and staging the method of determining the seed for generating the disposable code.

1 is a diagram showing a system configuration of the present invention.
2 is a diagram showing a functional configuration of a wireless terminal and an application of the present invention.
3 is a diagram illustrating an exemplary method for authenticating a user's occupancy state of an application provided in a wireless terminal.
4 is a diagram illustrating an exemplary method of authenticating an application for which a one-off code is to be displayed and setting a seed value for generating the one-time code.
5 is a diagram illustrating an exemplary method of mapping an object to be used in a service provided by an application server and a dynamically generated disposable code.
FIG. 6 is a flowchart illustrating an exemplary method of generating and authenticating a disposable code according to a first disposable code generation method of the present invention and processing the disposable code to provide a service corresponding to the object mapped with the disposable code.
FIG. 7 illustrates an exemplary method of generating and authenticating a disposable code according to the second disposable code generation method of the present invention, and processing the disposable code to provide a service corresponding to the object mapped with the disposable code.
8 is a flowchart illustrating an exemplary method of generating and authenticating a disposable code according to a third disposable code generation method of the present invention and processing the disposable code to provide a service corresponding to the object mapped with the disposable code.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. For example, it is possible that a configuration provided on the server side is implemented on the terminal side, or conversely, a configuration portion provided on the terminal side is implemented on the server side.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram showing a system configuration of the present invention.

In more detail, FIG. 1 illustrates mapping of at least one object with a disposable code displayed through an application 215 provided in a user's wireless terminal 200, and then, based on the authentication result of the disposable code, A person skilled in the art will be able to refer to and / or modify the FIG. 1 to understand various ways of implementing the system configuration The present invention is not limited to the above-described embodiments, but the technical features may be limited only by the method shown in FIG. 1 No.

The present invention relates to an application server (100) provided with a service using at least one object to which a user is subscribed and which is mapped with a disposable code, and an authentication server for mapping the at least one object to the one- And an authentication server 125 for controlling the application server 100 to provide a service using the object. The application server 100 and the authentication server 125 may be implemented as a single server or a combination of two or more servers. For example, it is possible that a specific component of the component that implements the application server 100 and the authentication server 125 is implemented as a separate server. Also, the application server 100 and the authentication server 125 may be implemented in the form of a single integrated server according to an embodiment of the present invention. As a result, it is evident that the present invention is not limited by the physical implementation of implementing the application server 100 and the authentication server 125.

The application server 100 is a collective name of a server providing various application services using the object to a user registered as a member, and is a web server providing various web services for a user account (= object) A card company server providing a settlement service using payment means (= object) corresponding to the card, and a financial company server providing financial services using various financial means (= object) opened to the user, It is extensible according to the object that is mapped with the one-off code. For example, if the object is an insurance product, the application server 100 may include an insurance company server, and the application server 100 may include a securities company server when the object is a security account.

A user may access the application server 100 through at least one user terminal 199 among various wired and wireless terminals 200 and join the application server 100 as needed. Alternatively, the user may receive a payment means (for example, a credit card, a check card, a debit card, a prepaid card, a point card, etc.) through a series of face-to-face authentication by the counter / staff of the company operating the application server 100 The application server 100 can be subscribed to the application server 100 through the process of opening / issuing a financial means (e.g., a financial account, a securities account, a cash card, an electronic passbook, etc.).

The authentication server 125 maps the disposable code to be displayed and the at least one object through the application 215 provided in the user's wireless terminal 200 and stores the disposable code in the storage medium 150. When the validity of the disposable code And is a generic name of a server that controls a service using the object through the application server 100 when authenticated, and can be interworked with one or more application servers 100 by service provisioning.

The user's wireless terminal 200 downloads and installs the application 215 to display the disposable code from the application providing server 195 and the application 215 installed in the wireless terminal 200 is downloaded to the authentication server 125, Lt; / RTI > Meanwhile, when the user terminal 199 is the wireless terminal 200, the user terminal 199 connected to the application server 100 and the wireless terminal 200 mounted with the application 215 are connected to the same wireless terminal 200 ), And thus the present invention is not limited thereto.

Referring to FIG. 1, the application server 100 includes a user subscription / authentication unit 105 for subscribing a user as a member or authenticating a user subscribed as a member, A service providing unit 115 for providing a service using an object mapped with the disposable code displayed through the application 215 and an interface unit 120 for providing an interface for interfacing with the authentication server 125.

The user subscription / authentication unit 105 processes an interface necessary for subscription / authentication to be outputted to the user terminal 199 connected to the application server 100 through a communication network, and based on the information input through the interface, The user joins or authenticates the user.

When the user joins as a member, the user subscription / authentication unit 105 allocates the unique ID of the user, and the account is automatically input by the user or according to the designated account assignment rule Can be assigned. The member information of the subscribed user is stored in a database that can be referred to by the application server 100. The member information includes the account and the name of the user, And at least one information that can uniquely identify the user among the numbers, addresses, and the like. Meanwhile, according to the intention of a person skilled in the art, some of the information included in the member information can be used as the account of the user.

When the user is registered as a member, the user subscription / authentication unit 105 confirms the occupation state of the application 215 provided in the wireless terminal 200 or notifies the user through the application 215 In order to provide a service using the displayed disposable code and the mapped object identification value, the user is authenticated by comparing the member information stored in the database with the information input through the interface.

When the user is authenticated by the user subscription / authentication unit 105, the interface unit 120 transmits the disposable code to the authentication server 125 so that the service using the object identification value mapped to the one- ) And a service interworking interface.

The service providing unit 115 is a collective term for providing a service using the object mapped to the disposable code to the user, wherein the service is a service for authenticating the user, Authentication services, payment services, and financial services.

The object mapped with the disposable code may include any one or a combination of two or more of a user's ID, a payment means, and a financial means according to the type of the service, and may be variously expanded according to the intention of a person skilled in the art. For example, an object mapped with the disposable code can be extended to data stored in a medium, such as a product or an article requiring authentication.

The identity authentication service is a service for authenticating the identity of the user before a membership service (for example, an online game, etc.) to be provided to the user, wherein the object includes an account of the user corresponding to the authentication object of the identity authentication service .

Wherein the transaction authentication service is a service for authenticating at least one of confidentiality of a user and integrity of a transaction during non-face-to-face transactions to be provided to a user, the object including an account of a user corresponding to an authentication object of the authentication service, A combination of the user's account and an identification code that uniquely identifies the non-facing transaction.

The payment service is a service for processing a payment using a payment means (e.g., a credit card, a check card, a debit card, a prepaid card, a point card, etc.) of a user, and the object includes a payment means of a user to be used for payment Or a combination of the user payment means and the user account.

The financial service is a service for providing a financial transaction using a user's financial means (for example, a financial account, a securities account, a cash card, an electronic passbook, etc.), and the object includes a financial means of a user to be used in the financial transaction , Or a combination of the user financial means and the user account.

According to the present invention, since the object is mapped with the disposable code, the service providing unit 115 may provide an object identification value (for example, user's account information , Payment means information, financial means information, etc.) is not input, and the service using the object can be provided only by inputting the disposable code.

Referring to FIG. 1, the application server 100 includes a occupancy state checking unit 110 for checking whether an application 215 in which the disposable code is displayed is occupied by a user.

The occupancy state confirmation unit 110 can confirm whether the application 215 is loaded in the user's wireless terminal 200. [ According to the embodiment of the present invention, when the application 215 is loaded on the user's wireless terminal 200, information for confirming whether the application 215 is mounted on the database provided in the application server 100 The occupancy state checking unit 110 may inquire the database to confirm whether the application 215 is loaded in the user's wireless terminal 200. [ Alternatively, the occupancy state checking unit 110 can check whether the application 215 is loaded on the user's wireless terminal 200 by interfacing with the authentication server 125 through the interface unit 120.

If the application 215 is not installed in the user's wireless terminal 200, the occupancy state checking unit 110 may determine whether the user terminal 200 is connected to the application server 100 through the application providing server 195 199 to output a link for downloading and installing the application 215 or a message for requesting download of the application 215. [

The occupancy state checking unit 110 identifies the uniqueness of the application 215 loaded on the user's wireless terminal 200 by interrogating the database or through the interface unit 120 in cooperation with the authentication server 125 . The application 215 downloaded from the application providing server 195 to the wireless terminal 200 is not uniquely identified because the same file is downloaded to the plurality of wireless terminals 200. [ Meanwhile, when the downloaded application 215 is initially executed, a unique key value unique to the application 215 is allocated, so that the application 215 is distinguished from other applications 215 of the same type. If the uniqueness of the application 215 loaded on the user's wireless terminal 200 is not identified, the occupancy checking unit 110 notifies the user terminal 199 connected to the application server 100 of the application (215) to identify uniqueness, or wait until the uniqueness is identified by the authentication server (125).

The occupation state confirmation unit 110 inquires of the database or interlocks with the authentication server 125 through the interface unit 120 so that the application 215 loaded on the user's wireless terminal 200 is occupied by the user Make sure you are. If the occupation state of the application 215 is not confirmed, the occupancy state checking unit 110 interlocks with the authentication server 125 managing the application 215 through the interface unit 120, And confirms the occupation state of the application 215.

1, the authentication server 125 includes an application management unit 130 for managing an application 215 downloaded to the wireless terminal 200 through an application providing server 195, And an occupancy authentication unit (135) for authenticating whether or not the application server (100) is occupied by a user subscribed to the application server (100).

The application 215 confirms its own uniqueness at the same time as execution. For example, the application 215 can check its own identity by checking whether there is a unique key value assigned to it. If the uniqueness of the application 215 is not confirmed, the application 215 performs a process of identifying the uniqueness of the application 215 in cooperation with the application management unit 130.

The application management unit 130 authenticates at least one of the uniqueness, integrity, and validity of the application 215 downloaded to the mobile terminal 200, and periodically verifies and updates the same.

The uniqueness of the application 215 may be identified by a unique key value assigned to the application 215 as a characteristic uniquely identifying the application 215 with another application 215 of the same type. The application 215 downloaded to the wireless terminal 200 as described above is not distinguished from other similar applications 215 and is assigned an inherent key value that is different from other applications of the same type in the application 215, The uniqueness of the data 215 can be identified.

According to an embodiment of the present invention, the application 215 generates at least one unique information (e.g., a telephone number, a USIM serial number, The application management unit 130 receives the inherent key value from the application 215 and stores the inherent key value in association with the inherent key value allocated to another application of the same type After authenticating the duplication, the unique key value may be registered as a unique identification value that identifies the identity of the application 215.

According to another embodiment of the present invention, the application management unit 130 generates a unique key value according to a preset key generation rule and provides the unique key value to the application 215, thereby assigning the unique key value to the application 215 , The unique key value allocated to the application 215 may be registered as a unique identification value that identifies the uniqueness of the application 215.

According to another embodiment of the present invention, the application management unit 130 allocates a unique key value unique to the application 215 through at least one key exchange in conjunction with the key exchange rule included in the application 215 And register the unique key value allocated to the application 215 as a unique identification value that identifies the uniqueness of the application 215. [

The integrity of the application 215 is a characteristic that identifies that the application 215 is running on the user's wireless terminal 200 and has not been tampered with from the downloaded state from the application provision server 195, Lt; RTI ID = 0.0 > 215 < / RTI >

The application 215 may store the unique values of the environment in which the application 215 is executed (for example, an operating system, a memory address where a file is stored, a device token, etc.) (E.g., a subscribed communication carrier, a telephone number, an IP address, a connected base station identifier, and various eigenvalues dynamically allocated for the communication connection of the wireless terminal 200 in the communication company) ). ≪ / RTI > The application management unit 130 receives the eigenvalue from the application 215 and extracts eigenvalues of the same kind as the received eigenvalue from the storage medium 150 or verifies it from the communication company, Verifying that the application 215 has been executed at the user's wireless terminal 200 by comparing and verifying the extracted / verified eigenvalues, wherein the at least one eigenvalue of the comparison- 215 < / RTI >

Or the application 215 hashes the identified at least one eigenvalue according to a predetermined hash rule or hash the data corresponding to the application 215 or the data referenced by the application 215, can do. The application manager 130 receives the hashed value from the application 215, extracts a hash value of the same kind as the received hash value from the storage medium 150, or extracts the original data of the received hash value And can verify that the application 215 has not been tampered by comparing and verifying the received hash value with the extracted / generated hash value after hashing the same hash rule. Meanwhile, when the eigenvalues are included in the original data of the received hash value, the application management unit 130 verifies the hash value to verify that the application 215 has been executed in the user's wireless terminal 200 At the same time, authenticate that the application 215 has not been tampered with.

Meanwhile, the method of authenticating the integrity of the application 215 is not limited in the above-described manner, and various methods can be used to authenticate the integrity of the application 215 according to the intention of those skilled in the art. For example, the application management unit 130 may send an arbitrary number to the wireless terminal 200 through a text message of a voice network to which the wireless terminal 200 accesses, By receiving and authenticating the transmitted random number through the data network, the application 215 can authenticate that it is running on the user's wireless terminal 200 that is connectable to the voice network.

The validity of the application 215 is a characteristic of authenticating a user using the application 215, and can be authenticated through a password or biometric information registered by the user. The validity of the application 215 is authenticated within the application 215 and may be authenticated by the application manager 130 according to an implementation method.

The application management unit 130 authenticates at least one of the uniqueness, integrity and validity of the application 215 at the time when the application 215 downloaded to the wireless terminal 200 is initially executed, and the application 215 ) Repeatedly verifies at least one specified characteristic of the characteristics authenticated at the first execution time, and updates the result thereof. If at least one of the uniqueness, integrity, and validity of the application 215 is not authenticated / verified, the application manager 130 determines that the disposable code displayed through the application 215 is a service Discard it so that it is no longer available.

The occupancy authentication unit 135 may be configured to allow the application 215 loaded on the user's wireless terminal 200 to interact with the occupancy status checking unit 110 of the application server 100 through the interface unit 120, To be authenticated.

According to the first occupancy authentication method of the present invention, the occupancy state checking unit 110 of the application server 100 checks whether the application 215 is occupied by the user whose subscription / authentication has been confirmed, (For example, a user's account or a resident registration number) uniquely identifying the user among the registered member information to the occupancy authentication unit 135. The occupancy authentication unit 135 receives occupancy of the application 215 And supplies the generated authentication number to the occupancy state checking unit 110. The occupancy checking unit 110 displays the authentication number to the user terminal 199 having confirmed the subscription / authentication . Meanwhile, the authentication number is generated by the occupancy checking unit 110 and is displayed on the user terminal 199, and the generated authentication number and unique information of the user are transmitted to the occupancy authentication unit 135, The present invention is not limited thereto. In addition, according to the embodiment of the present invention, the occupancy state checking unit 110 of the application server 100 may use at least one of the authentication number, the application server 100 information, and the user's unique information as a 2D barcode- To the user terminal 199 via the Internet.

The user activates the application 215 of the wireless terminal 200 and inputs the authentication number displayed on the user terminal 199 to the application 215 and the application 215 215 and selects the application server 100 to be authenticated and inputs the same unique information as the unique information of the user transmitted to the occupancy authentication unit 135 by the occupancy state checking unit 110. [ If the occupancy state checking unit 110 of the application server 100 receives at least one of the authentication number, the application server 100 information, and the unique information of the user through the code image in 2D barcode form, If so, the application 215 can recognize and read the code image through the camera unit 206. The application 215 transmits the authentication number, the application server 100 information and unique information to the occupancy authentication unit 135. The occupancy authentication unit 135 receives the application server 100 information and unique information The authentication number transmitted from the application server 100 is compared with the authentication number transmitted from the occupation state checking unit 110 to authenticate the correspondence, Authenticated that the application 215 is occupied by the user. The occupancy authentication unit 135 may provide the authentication number received from the application 215 together with the unique information to the application server 100 corresponding to the information of the application server 100 according to the method of the present invention In this case, the occupancy state confirmation unit 110 can authenticate the correspondence of the authentication number, and thus the present invention is not limited thereto.

According to the second occupancy authentication method of the present invention, the occupancy authentication unit 135 generates an authentication number for confirming the occupation state of the application 215, and provides the authentication number to the wireless terminal 200 to be displayed . Here, the authentication number may be provided through a text message of a voice network connected to the wireless terminal 200, or may be provided through a data network connected to the application 215, It is not limited. According to an embodiment of the present invention, the authentication number may be generated and displayed by the application 215 and then transmitted to the occupancy authentication unit 135, thereby not limiting the present invention. In addition, the occupancy authentication unit 135 may store unique information (e.g., a phone number assigned to the wireless terminal 200, an identification code assigned to the application 215, etc.) uniquely identifying the wireless terminal 200 provided with the authentication number (For example, an account of a user registered in the application server 100) that uniquely identifies the user.

The user inputs the authentication number and the unique information displayed on the wireless terminal 200 to the user terminal 199 and transmits the authentication number and the unique information to the application server 100, 199 and transmits the authentication number and unique information to the occupancy authentication unit 135. The occupancy authentication unit 135 receives the authentication number and unique information from the authentication number and unique information, The application 215 mounted on the wireless terminal 200 of the user who has joined / authenticated to the application server 100 is authenticated by comparing the authentication number transmitted from the occupation state confirmation unit 110 and authenticating the correspondence, It can be verified that it is occupied. According to an embodiment of the present invention, the occupancy authentication unit 135 may provide the occupancy state confirmation unit 110 with the authentication number provided to (or received from) the wireless terminal 200 and the unique information, It is possible for the occupation state confirmation unit 110 to authenticate the correspondence of the authentication number, and thus the present invention is not limited thereto.

1, the authentication server 125 includes an object checking unit 140 for checking an object identification value for identifying at least one object to be mapped with the disposable code, an application 215 for displaying the disposable code, Disposable code mapping unit for identifying a unique identification value for identifying the unique identification value for the disposable code and for associating the unique identification value with the identified object identification value so as to map the disposable code and the object, (145).

The object identification unit 140 identifies an object to be mapped with the disposable code from the wireless terminal 200 of the user who installed the application 215 (for example, user's account information, Information, financial means information, etc.). Alternatively, the object identifying unit 140 receives an object identification value for identifying at least one object to be mapped with the disposable code from the application server 100, or receives the object identification value from the user terminal 199 can do.

If the user's account is included in the object to be mapped with the disposable code, the object verification unit 140 may receive the account information of the user from the application server 100. [ For example, the object verification unit 140 can check the account information of the user through the unique information exchanged with the application server 100 in the process of checking the occupation state of the application 215. Alternatively, the object verification unit 140 may receive the account information of the user from the user's wireless terminal 200 or the account information of the user from the user terminal 199. [

Also, if a user's payment means is included in the object to be mapped with the disposable code, a payment means registration interface for inputting payment means information is displayed in the application 215 provided in the user's wireless terminal 200, Unit 140 can receive the payment means information of the user inputted from the user's wireless terminal 200 through the payment means registration interface. The payment means of the user corresponding to the object to be mapped with the disposable code may include at least one of a credit card, a check card, a debit card, a prepaid card, and a point card, And issuer information, and may further include at least one of an expiration date, a CVC / CVV, and an issuer signature. Alternatively, the object identifying unit 140 may receive the payment means information of the user from the user terminal 199, or may receive the payment means information input by the user terminal 199 through the application server 100 Relay reception is possible.

Meanwhile, if the user's financial means is included in the object to be mapped with the disposable code, a financial instrument registration interface for inputting financial instrument information is displayed in the application 215 provided in the user's wireless terminal 200, Unit 140 may receive the financial means information of the user input from the user's wireless terminal 200 through the financial means registration interface. The financial means of the user corresponding to the object to be mapped with the disposable code includes at least one of a financial account, a securities account, a cash card, and an electronic passbook. According to the type of the financial means, the financial means information includes a card number, And may further include at least one of the validity period, CVC / CVV, and issuer name. Or the object verification unit 140 may receive the financial means information of the user from the user terminal 199 or relay the financial means information inputted by the user terminal 199 through the application server 100 .

The object-disposable code mapping unit 145 may perform at least one of checking the uniqueness of the application 215, checking the occupation state of the application 215, and checking the object identification value of the user Or a unique identification value that identifies the uniqueness of the application 215 through a process of identifying a unique identification value. Wherein the unique identification value is a fixed value that is not fixed and is selected to map the one-off code dynamically generated by at least one code generation module 155 to the object identification value, And may include at least one of a unique key value, a phone number of the wireless terminal 200, a user's account information, a mail address, and a personal identification key (e.g., a key value assigned to the user by the authentication server 125) Any value may be included if it is a value that can identify the uniqueness of the application 215 to be displayed. Meanwhile, when the user of the application 215 joins the authentication server 125 as a member and shares the same with the application server 100, the account of the user corresponding to the unique identification value is transmitted to the authentication server 125 It is possible to include the account of the subscribed application 215 user.

The object-disposable code mapping unit 145 maps the unique identification value identifying the uniqueness of the application 215 in which the disposable code is displayed and the object identification value identifying the object to be mapped to the disposable code, ).

The storage medium 150 may be provided in the authentication server 125 or may be provided in the application server 100 or at least one of the authentication server 125 and the application server 100, As shown in FIG.

According to an embodiment of the present invention, when the storage medium 150 is provided to the authentication server 125, the storage medium 150 may store the unique identification value and the object identification value.

When the storage medium 150 is provided in the application server 100 according to another embodiment of the present invention, the storage medium 150 of the application server 100 may store the unique identification value and the object identification value And a unique identification value identical to the unique identification value stored in the storage medium 150 of the application server 100 side may be maintained on a separate medium on the authentication server side.

When the storage medium 150 is distributed to the authentication server 125 and the application server 100 according to another embodiment of the present invention, the storage medium 150 on the application server 100 side The storage medium 150 of the authentication server side stores the unique identification value and the object identification value, and the storage medium 150 stores the unique identification value and the object identification value, which are stored in the storage medium 150 of the application server 100, Reference values can be stored. Here, the object reference value may include a reference code allocated to reference the object identification value stored in the storage medium 150 of the application server 100. For example, when the object identification value includes payment means information (or financial means information), the payment means information (or financial means information) can not be stored in the authentication server 125 for security reasons, The storage medium 150 of the application server 100 is stored in the storage medium 150 of the application server 100. The storage medium 150 of the application server 100 is stored in the storage medium 150 of the application server 100, An object reference value for referencing an object identification value can be stored.

According to the present invention, the disposable code displayed in the application 215 is dynamically generated by at least one code generation module 155, and the authentication server 125 converts N (N? 1) And a code generation module (155) for dynamically generating an arbitrary code value by substituting the generated code value into a generation algorithm, wherein the code generation module (155) for generating the one-time code is provided in the application side, , And may be implemented in at least one form distributed among the application 215 and the authentication server side.

According to the first disposable code generation method of the present invention, the code generation module 155 may be included in the application 215, and the one-off code to be displayed in the application 215 may be provided to the application- Lt; / RTI >

According to the second disposable code generation method of the present invention, the code generation module 155 may be provided at the authentication server side, and the one-time code to be displayed in the application 215 may be provided to the authentication server- And may be provided to the application 215, in which case the application-side code generation module 155 may be omitted.

According to the third disposable code generation method of the present invention, the code generation module 155 may be distributed to the application 215 and the authentication server side, and the one- (215) and the authentication server (125).

Meanwhile, the authentication server 125 may include a code generation module 155 for authenticating the disposable code displayed in the application 215. In the case of the second or third disposable code generation method of the present invention, The code generation module 155 for authenticating the disposable code and the code generation module 155 for generating the disposable code to be displayed in the application 215 may be the same. If the one-off code is generated or authenticated through a separate code authentication server associated with the authentication server 125, the code generation module 155 may be provided in the code authentication server.

According to the present invention, the N seed values to be substituted into the code generation module 155 to generate the disposable code may be a three-stage factor including a first factor seed value, a third factor seed value, (Factor). Here, the factor means a factor to be equipped or added to generate the disposable code.

The first factor seed value may be previously shared or distributed to the code generation module 155 before the disposable code is generated and may be transmitted to a device having the code generation module 155 such as the wireless terminal 200, 125 or the like) does not use a communication network to generate a disposable code or does not have a separate resource other than a timer (or a clock) necessary for driving the apparatus, it is possible to generate the disposable code as a generic term A value stored in the memory unit 213 or the USIM of the wireless terminal 200 or a value input by the application 215 and transmitted to the authentication server 125 and a value stored in the application 215 A value shared by the application 215 and the authentication server 125, a value exchanged between the application 215 and the authentication server 125 according to a designated seed exchange procedure, And a time value determined by a timer synchronized between the application 215 and the authentication server 125. The authentication server 125 may include a value associated with an object registered with the authentication server 125 have.

The third factor seed value is not shared / distributed in advance, and is shared / distributed in real time via a communication network at the time when the one-time code is generated or is transmitted to a specific resource (e.g., camera 206 ), The positioning module 211, and the like), only when the device provided with the code generation module 155 is connected to the communication network or can use a specific resource, Quot; seed value "

The 3rd factor seed value is a generic name of a seed value that can be substituted into the code generation module 155 only when the user has a specific 3rd factor medium. Card, prepaid card, point card, membership card, etc.), a 2D barcode-type card (e.g., a bank card-issued random number card, a credit card issued by each issuer, a check card, a debit card, (E.g., a USB memory, etc.) storing a specific key value, a specific IC card (e.g., a wireless terminal 200 An IC card for interfacing with the IC card reader when the IC card reader is provided in a specific SD area of the USIM), and a value that can be stored by the user himself / All. On the other hand, in order to use the third factor seed value, the third factor medium must be registered in advance on the authentication server side, and the third factor seed value may be regarded as a seed value separated from the first factor seed value, The first factor seed value is distinguished from the first factor seed value in that a separate third factor medium is required in addition to the apparatus having the code generation module 155.

According to the present invention, the seed value of the first factor seed value, the third factor seed value, and the third factor seed value to be included in the N seed values and to be substituted into the code generation module 155 . The seed policy determines one or a combination of one or more of the first factor seed value, the third factor seed value, and the third factor seed value as a necessary seed value according to the code generation algorithm included in the code generation module 155, 100 or a seed value of the specific factor included in the essential seed value, or a seed value of the seed value of the specific factor included in the essential seed value, in accordance with the kind of the service provided through the seed server 100 or the association condition with the application server 100 And may be operated in the form of adding a seed value of a certain kind.

Referring to FIG. 1, the authentication server 125 transmits n (1? N? N) first factor seed values among N seed values to be substituted into the code generation module 155 according to the seed policy, And a first factor seed distribution unit 160 for previously sharing or distributing the same between the authentication server 215 and the authentication server 125. The first factor seed value may be embedded in the code generation module 155 according to the seed policy or shared or distributed before a specific application server 100 or a service is determined or after a specific application server 100 or a service is determined It is possible to share or distribute before the one-time use code for the application server 100 or the service is generated in the application server 100, and the present invention is not limited by the time point when the first factor seed value is shared or distributed.

If the first factor seed value shared / distributed in advance by the first factor seed distributor 160 is N, the code generation module 155 substitutes the N first factor seed values into the code generation algorithm, You can dynamically generate code.

The first factor seed distributor 160 may include the unique identification value or some value of the unique identification value identified by the application manager 130 or the occupancy authentication unit 135 in the first factor seed value, The first factor seed value can be personalized into a seed value for generating a disposable code to be displayed in the application 215 and registered in the code generation module 155. Alternatively, the first factor seed distribution unit 160 may include the object identification value or some value of the object identification value identified by the object identification unit 140 in the first factor seed value, and then transmit the first factor seed value It can be personalized into a seed value for generating a disposable code to be displayed in the application 215 and registered in the code generation module 155. Alternatively, the first factor seed distributor 160 may perform a seed exchange procedure with the application 215 to determine at least one seed value to be included in the first factor seed value, and then transmit the agreed seed value to the application 215 The first factor seed value for generating a one-off code to be displayed in the code generation module 155, and registering the personalization seed value in the code generation module 155.

Meanwhile, if the first factor seed value shared / distributed beforehand by the first factor seed distributor 160 is not N and the seed value is Nn (Nn) to be dynamically determined at the time of generation of the one-time code or shared / distributed in real time (Nn) > = 1) third factor seed values, the authentication server 125 dynamically determines the third factor seed value at the time when the one-time code is generated, And a third factor rule registering unit (165) for registering a third factor rule for determining a third factor seed value to be performed. The third factor rule may be stored in the code generation module 155 according to the seed policy or may be registered before a specific application server 100 or a service is determined or after a specific application server 100 or a service is determined, It is possible to register before the server 100 or the one-time code for the service is generated, and the present invention is not limited by the time when the third factor rule is registered.

The third factor rule registering unit 165 may register a third factor rule for dynamically determining at least one seed value among the N seed values to be substituted in the code generation algorithm and including the seed factor in the second factor seed value. Here, the dynamically determined seed value may be a seed value dynamically generated by substituting a seed value generated in a random number form, at least one value specified in a specified seed determination algorithm, and a seed value dynamically generated in a communication network A seed value corresponding to a network identification value dynamically assigned to the wireless terminal 200 and a seed value corresponding to a location identification value of the wireless terminal 200 having the application 215, . Or if the one-time code is generated by the application-side code generation module 155, the third factor rule registering unit 165 registers at least one of the values registered on the authentication server side not previously shared / It is possible to register the third factor rule so that one seed value is transmitted to the application 215 at the time of generating the one-time code.

Meanwhile, the third factor rule may include at least one of a path and a pattern in which the second factor seed value is delivered in real time.

According to an embodiment of the present invention, the third factor rule includes a path for transmitting a third factor seed value from the authentication server 125 to the application-side code generation module 155 through a communication channel connected to the wireless terminal 200 . ≪ / RTI >

According to another embodiment of the present invention, the third factor rule may include communication resources available in the device having the code generation module 155 and specific resources (e.g., the camera 206, the positioning module 211, Location location server, and the like).

According to another embodiment of the present invention, the third factor rule transforms at least one seed value among the third factor seed values into a data structure that can be transmitted to the user terminal 199 through the application server 100, And a path and a pattern for providing the seed value of the converted data structure to the user terminal 199 through the application server 100. [ For example, the second factor seed value may be converted into a code image encoded in a 2D barcode form and displayed on the user terminal 199 through the application server 100.

Referring to FIG. 1, the authentication server 125 receives a key input by a user among N seed values to be substituted into the code generation module 155 according to the seed policy, And a third factor medium registration unit 170 for registering a medium corresponding to n '(1? N'<N) third factor seed values recognized from the third factor medium owned by the user using the resource. The third factor medium is registered before the specific application server 100 or the service is determined according to the seed policy or after the specific application server 100 or the service is determined, the disposable code for the application server 100 or the service It can be registered before being created, and the present invention is not limited by the time when the 3rd factor medium is registered. In particular, if the third factor medium is registered after the application server 100 or the service is determined, the third factor medium preferably includes a medium issued to the user by an organization that manages the application server 100.

The third factor media registrar 170 receives the media identification value identifying the third factor media from the user terminal 199 and generates the disposable code to be displayed on the application 215 (Or a 3rd factor seed value) for identifying the 3rd factor medium for obtaining the 3rd factor seed value, and registers the value in the code generation module 155.

If the third factor medium is a card in which a specific key input value is printed (or embossed), the medium identification value may include card identification number and issuer information printed (or embossed) on the card.

Alternatively, when the third factor medium is a card (or a portable medium) on which a code image in the form of a 2D bar code is printed, the medium identification value includes a card unique number and issuer information printed (or embossed) on the card, Or may include information obtained by recognizing and reading the code image through the camera unit 206 of the wireless terminal 200. If the information read from the code image includes a URL, the medium identification value may include a value recorded in the medium corresponding to the URL.

Alternatively, when the third factor medium is a card (or a portable apparatus) equipped with an NFC function, the medium identification value includes a unique number printed on the card (or the portable device) and issuer information, (Or a portable device) via the NFC module 210 of the mobile terminal 200. [0040]

Alternatively, when the third factor medium is a personal storage device storing a specific key value, the medium identification value may include a unique number printed on the personal storage device and issuer information, Lt; / RTI &gt; information from the personal storage device.

If the third factor medium is a living body of a user, the medium identification value may correspond to a camera unit 206 provided in the wireless terminal 200 and a biometric unit (e.g., a camera unit 206 for capturing an image of a living body) , A touch screen for recognizing a fingerprint, and the like).

When the one-time use code is generated by the application-side code generation module 155 according to the first one-time use code generation method of the present invention, the one-time use code is transmitted to the application-side code generation module 155, Generated by a factor seed value or by a combination of the first factor seed value and the second factor seed value that is shared / distributed in real time by the application side code generation module 155 or confirmed, A third factor seed value input / recognized by the terminal 200 and transmitted to the application-side code generation module 155, or a combination of the 1st factor seed value, the 3rd factor seed value, and the 3rd factor seed value Lt; / RTI &gt; may be generated dynamically via at least one of the &lt; RTI ID = 0.0 &gt;

Alternatively, when the one-time code is generated by the authentication server-side code generation module 155 according to the second one-off-code generation method of the present invention and then provided to the application 215, the one- The third factor seed value generated / generated by the first factor seed value previously shared / distributed to the code generation module 155, or the first factor seed value that is shared / distributed in real time by the authentication server side code generation module 155 Or a combination of the first factor seed value and a 3rd factor seed value input / recognized by the wireless terminal 200 and transmitted to the authentication server side code generation module 155, Can be dynamically generated through at least one of the combination of the factor seed value, the third factor seed value, and the third factor seed value.

Alternatively, when the one-time use code is generated by cooperation of the application 215 and the code generation module 155 distributed to the authentication server 125 according to the third one-time use code generation method of the present invention, The method of claim 1, wherein the one-time use code of m (1? M <M) generated by the application through the first one-time use code generation method of M (Mm) generated by the server is combined to form an M-position disposable code, or a disposable code generated at the application side through the first disposable code generation method is generated in the second disposable code Or a second factor seed value for generating a one-time code generated at the authentication server side through a code generation method, or the second one- Wherein the one-time use code generated by the authentication server side is generated as a third factor seed value for generating the one-time use code generated at the application side through the first one-time use code generation method Lt; / RTI &gt;

Referring to FIG. 1, the authentication server 125 dynamically determines the third factor seed value when a seed factor value of a third factor is required to generate a one-off code through the code generation module 155 according to the seed policy And distributes it to the application 215 or realizes a real-time agreement with the application 215. Meanwhile, if the second factor seed value can be obtained by the application 215 at the time of generating the disposable code, the third factor seed distribution unit 175 may be omitted, and thus the present invention is not limited thereto.

The third factor seed distributor 175 receives a seed value generated by randomly assigning a seed value generated in a random number form and at least one value specified in a specified seed decision algorithm to a seed value dynamically generated on a communication network to which the wireless terminal 200 is connected A seed value corresponding to a network identification value dynamically allocated to the wireless terminal 200, a seed value corresponding to a network identification value generated from the values registered in the authentication server 125 among the values not previously shared / Module 155, and transmits the confirmed second factor seed value to the application 215 according to the path or pattern of the third factor seed value according to the seed policy.

According to an embodiment of the present invention, the third factor seed distribution unit 175 may transmit the third factor seed value to the application side code generation module 155 through a communication channel connected to the wireless terminal 200. Or the second factor seed distribution unit 175 converts at least one seed value among the seeds of the second factor seeds into a data structure that can be transmitted to the user terminal 199 through the application server 100, To the user terminal (199) through the application server (100). For example, the seed value may be transformed into a code image encoded in a 2D barcode form and displayed on the user terminal 199 through the application server 100, and the application 215 may be displayed on the wireless terminal 200 And the second factor seed value included in the code image may be acquired. If the third factor seed value is at least one of a seed value corresponding to a network identification value that the wireless terminal 200 itself can obtain from the communication network and a location identification value of the wireless terminal 200 having the application 215 The third factor seed distribution unit 175 may not distribute the third factor seed value.

1, the authentication server 125 is dynamically generated by at least one code generation module 155 through any one of the first to third disposable code generation methods, And a disposable code authentication unit 185 for authenticating the correspondence between the received disposable code and the disposable code generated by the code generation module 155. The disposable code authentication unit 185 receives the disposable code,

The disposable code receiving unit 180 receives the disposable code generated through one of the first to third disposable code generation methods in the application 215 of the wireless terminal 200, Receives a disposable code entered by the user from the user and identifies a unique identification value that identifies the uniqueness of the application 215 in which the disposable code is displayed. Here, the unique identification value may be confirmed through protocol analysis of the process of receiving the disposable code, or may be received from the application 215.

Meanwhile, the application server 100 may display a code input interface for inputting the disposable code displayed in the application 215 to the user terminal 199 (or display a code input interface by a program provided in the user terminal 199) The disposable code receiving unit 180 may receive the disposable code inputted by the user from the user terminal 199 or relay the received disposable code through the application server 100. [ The code input interface further includes an interface for inputting a unique identification value that identifies the uniqueness of the application 215 in which the disposable code is displayed. The disposable code receiving unit 180 receives the disposable code from the user terminal 199, Or receive the unique identification value input by the application server 100 through the relay server.

The disposable code authentication unit 185 receives the disposable code received through the disposable code receiving unit 180 and the verification code (or disposable code provided by the application 215) generated by the code generation module 155, To verify the correspondence.

When the one-time use code generating module 155 generates the one-time use code according to the first one-time use code generation method of the present invention, the one-time use code authenticating part 185 responds to the application side code generating module 155 The one-time code is generated by the authentication server-side code generation module 155. The generated one-time code is compared with the generated one-time code to authenticate the one-time code.

Alternatively, when the disposable code is generated by the authentication server-side code generation module 155 according to the second disposable code generation method of the present invention and then provided to the application 215, May compare the one-time use code provided to the application 215 with the received one-time use code to authenticate the one-time use code.

Alternatively, when the one-time use code is generated by cooperation between the application 215 and the code generation module 155 distributed to the authentication server 125 according to the third disposable code generation method of the present invention, Side code generation module 155 to the intermediate code of the authentication server-side code generation module 155 generated in the process of collaborating with the application-side code generation module 155 to generate the one- The disposable code may be further generated by generating a verification code for authenticating the disposable code, and then comparing the received disposable code with the generated verification code to authenticate the disposable code. On the other hand, when the disposable code to be displayed in the application 215 is finally generated and provided to the application 215 by the authentication server-side code generation module 155 during the cooperation of the third disposable code generation method, The code authenticating unit 185 can authenticate the disposable code by comparing the disposable code provided to the application 215 with the received disposable code.

If the disposable code is authenticated through the separate code authentication server, the disposable code authentication unit 185 transmits the received disposable code to the code authentication server, and in response to the disposable code generation method, The disposable code can be authenticated according to the authentication procedure of the above-described one-time code performed by the authentication server.

1, when the received disposable code is authenticated, the authentication server 125 uses the unique identification value as an intermediary and transmits a service using the object mapped with the disposable code to the application server 100 And a service control unit 190 for controlling the service control unit 190 to be provided to the user.

When the disposable code is authenticated by the disposable code authentication unit 185, the service control unit 190 receives the disposable code from the storage medium 150 using the unique identification value identified in the process of receiving the disposable code, The application server 100 confirms the object identification value mapped with the authenticated one-off code and provides the identified object identification value to the application server 100 through the interface unit 120, The authentication service, the transaction authentication service, the payment service, and the financial service is provided to the user.

If the object identification value is stored in the application server 100 and the object identification value referring to the object identification value is held in the authentication server 125, the service control unit 190 stores the unique identification value The object reference value mapped to the authenticated one-off code is provided to the application server 100, and the object reference value mapped to the authenticated one-off code is provided to the application server 100, The authentication service, the transaction authentication service, the payment service, and the financial service.

2 is a diagram showing a functional configuration of a wireless terminal 200 and an application 215 of the present invention.

2 illustrates a configuration of an application 215 and a wireless terminal 200 that display one-off codes mapped to at least one object. If the person skilled in the art is familiar with the present invention, Referring to and / or modifying FIG. 2, various implementations of the functionality of the wireless terminal 200 may be inferred, but the present invention includes all of the above- The technical features thereof are not limited by the implementation method alone.

2, the wireless terminal 200 includes a control unit 201, a memory unit 213, a screen output unit 202, a key input unit 203, a sound output unit 204, a sound input unit 205, A camera module 206, a wireless network communication module 209, a short range wireless communication module 208, an NFC module 210, a positioning module 211, a USIM reader 212 and a USIM, And a battery 207 for the battery.

The control unit 201 is a general term for controlling the operation of the wireless terminal 200. The control unit 201 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 201 loads at least one program code included in the wireless terminal 200 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the wireless terminal 200. Hereinafter, the application configuration of the present invention, which is implemented in the form of program code for convenience, is shown in the control unit 201 and described.

The memory unit 213 is a generic name of a nonvolatile memory corresponding to a storage resource included in the wireless terminal 200 and includes at least one program code executed through the control unit 201 and at least one program code One data set is stored and maintained. The memory unit 213 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 200, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 200, The program code and data set corresponding to the application 215 of the present invention are also stored in the memory unit 213. [

The screen output unit 202 is composed of a screen output device (for example, a liquid crystal display (LCD) device) corresponding to an output resource provided in the wireless terminal 200 and a screen output module for driving the screen output device. 201 and a bus, and outputs the calculation result corresponding to the screen output among the various calculation results of the control unit 201 to the screen output device.

The key input unit 203 comprises a key input device (or a touch screen device coupled to the screen output unit 202) corresponding to an input resource provided in the wireless terminal 200 and a key input module for driving the key input device And inputs a command for instructing various operations of the control unit 201 or data necessary for the operation of the control unit 201 by a bus connection with the control unit 201. [

The sound output unit 204 includes a speaker corresponding to an output resource provided in the wireless terminal 200 and a sound module for driving the speaker and is connected to the control unit 201 through a bus, The operation result corresponding to the sound output is outputted through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 205 is composed of a microphone corresponding to an input resource provided in the wireless terminal 200 and a sound module for driving the microphone and transmits the sound data input through the microphone to the controller 201 do. The sound module encodes and encodes a sound signal input through the microphone.

The camera unit 206 includes an optical unit, a CCD (Charge Coupled Device), and a camera module for driving the CCD unit, and acquires bitmap data input to the CCD through the optical unit. The bitmap data may include both still image data and moving image data.

The wireless network communication module 209 and the short-range wireless communication module 208 are communication resources provided in the wireless terminal 200. The wireless network communication module 209 accesses a wireless communication network through a base station, The wireless communication module 208 connects to a short range communication device or a wireless AP located in a short distance.

The wireless network communication module 209 is a general term for a communication configuration for connecting the wireless terminal 200 to the wireless terminal 200 and includes an antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving a radio frequency signal of a specific frequency band And is connected to the control unit 201 through a bus so as to transmit calculation results corresponding to wireless communication among various calculation results of the control unit 201 through wireless communication or receive data through wireless communication To the control unit 201, and maintains connection, registration, communication, and handoff procedures of the wireless communication. According to the present invention, the wireless network communication module 209 can connect the wireless terminal 200 to a voice network including a voice channel and a data channel via the exchange, and in some cases, And can be connected to a data network providing data communication based on exchange communication.

According to an embodiment of the present invention, the wireless network communication module 209 is a mobile communication module that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to a CDMA / WCDMA standard . Meanwhile, the wireless network communication module 209 according to the intention of a person skilled in the art may further include a portable internet communication configuration for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is clear that the present invention is not limited by the wireless communication configuration provided by the wireless network communication module 209.

The short-range wireless communication module 208 is a short-range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance, and preferably includes at least one of Wi-Fi communication, Bluetooth communication, . According to an embodiment of the present invention, the short range wireless communication module 208 may be integrated with the wireless network communication module 209. According to the present invention, the short-range wireless communication module 208 connects the wireless terminal 200 to a packet-switched communication-based data network through a wireless AP.

The NFC module 210 is a proximity communication module for transmitting inter-terminal data at a proximity distance of about 10 cm according to an NFC (Near Field Communication) standard using the 13.56 Mz frequency band of the wireless communication standard of the ISO 18000 series standard, Wireless communication module 208, or may be implemented as a separate communication module. According to the intention of the person skilled in the art, the NFC module 210 can provide proximity communication of other frequency bands (for example, 900 MHz band) supported by the ISO 18000 series standard in addition to the 13.56 Mz frequency band, No. Meanwhile, the NFC module 210 may be included in the communication resources of the wireless terminal 200 according to an object to which the NFC module 210 is communicating.

The positioning module 211 includes a GPS positioning module for positioning a moving position of the wireless terminal 200. The positioning module 211 receives a satellite signal transmitted from at least three GPS satellites orbiting the earth orbit, 200 are calculated. According to another embodiment of the present invention, the position location module 211 is connected to at least two base stations (or connection points) (Or an arrival angle) between the mobile terminal 200 and the mobile terminal 200. The terrestrial positioning module may be configured to determine a position of the mobile terminal 200 in a terrestrial positioning system.

The USIM reader 212 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module that is mounted or detached from the mobile station 200 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is a SIM type card having an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader 212, (Or processing) the program code for the IC chip or extracting (or processing) the data set in accordance with at least one command transmitted from the wireless terminal 200 in connection with the input / output interface To the input / output interface.

The application 215 of the present invention is downloaded from the application providing server 195 (for example, Apple's AppStore or the like) through the data network to which the communication resource is connectable and is stored in the memory unit 213. The downloaded application 215 is manually or automatically activated. A separate program may be running in advance for automatically driving the application 215, and thus the present invention is not limited thereto.

2, the application 215 of the wireless terminal 200 accesses the authentication server 125 through a data network to which the communication resource is connectable, and subscribes the user as a member, An application authenticating unit 225 for authenticating at least one of the uniqueness, integrity, and validity of the application 215 through at least one communication network to which the communication resource can be connected, Respectively.

The application 215 has communication connection macro information for accessing the authentication server 125 through a data network to which the communication resource is connectable. The membership subscription / authentication unit 220 includes a screen output unit 202, And transmits the information input through the interface to the authentication server 125 via the data network to register the user as a member of the authentication server 125 And registration / authentication of the authentication server 125 may be omitted according to the intention of the person skilled in the art.

The application authentication unit 225 is configured to allow the application authentication unit 225 to control the uniqueness of the application 215 in association with the application management unit 130 provided in the authentication server 125 via at least one communication network among the data network and the voice network, And authenticity of at least one of integrity and validity.

2, the application 215 of the wireless terminal 200 includes an occupancy authentication procedure unit 230 for authenticating whether the application 215 is occupied by a user subscribed to the application server 100 And an object registration unit 235 for registering an object identification value for identifying at least one object to be mapped with the disposable code to the authentication server 125. The object identification value is transmitted to the authentication server 125 by the authentication server 125 The one-off code is mapped to a unique identification value that identifies the uniqueness of the application 215 being displayed.

The occupancy authentication procedure unit 230 may determine whether the occupancy state verification unit 110 of the application server 100 and the occupancy authentication unit 135 of the authentication server 125 cooperate with each other, ) Side occupancy authentication procedure.

When the occupation state checking unit 110 of the application server 100 displays the authentication number in the user terminal 199 according to the first occupancy authentication method of the present invention, An authentication number displayed on the user terminal 199, an application server 100 displaying the authentication number, an interface for inputting the same unique information as the unique information of the user, And transmits the selected information to the occupancy authentication unit 135 of the authentication server 125. [ According to an embodiment of the present invention, the occupancy state checking unit 110 of the application server 100 may use at least one of the authentication number, the application server 100 information, and the user's unique information as a code image in the form of a 2D barcode The occupancy authentication procedure unit 230 recognizes and reads the code image through the camera unit 206 and displays the code image in the occupancy authentication unit 135 of the authentication server 125, Lt; / RTI &gt;

According to the third occupancy authentication method of the present invention, the occupancy authentication procedure unit 230 receives and outputs the authentication number transmitted from the occupancy authentication unit 135 of the authentication server 125 or internally generates and outputs the authentication number , The authentication number may be received from the application server 100 according to the method. The output authentication number is input to the user terminal 199 by the user.

The object registration unit 235 outputs an object registration interface for inputting an object identification value for identifying at least one object to be mapped with the disposable code through the screen output unit 202, And inputs at least one object identification value of the user's account information, payment means information, and financial means information.

The object registration unit 235 encrypts the object identification value according to a security procedure agreed with the object verification unit 140 of the authentication server 125 and transmits the encrypted object identification value to the authentication server 125, May further transmit a unique identification value that identifies the identity of the user.

According to the present invention, the disposable code displayed in the application 215 is dynamically generated by at least one code generation module 155. The application 215 substitutes N seed values into a code generation algorithm to generate random And the code generation module 155 may be provided in the application 215 or may be provided in the authentication server 125 or may be provided in the application 215 and the application 215. [ It may be implemented in at least one of the authentication server 125 and the authentication server 125. The code generation module 155 generates a one-time code according to any one of the first to third disposable code generation methods described above, and generates a one-way code according to the seed policy of the authentication server 125, N seed values corresponding to any one or two or more combinations of the seed value and the 3rd factor seed value are substituted into the code generation algorithm to generate the one-time code.

Referring to FIG. 2, the application 215 of the wireless terminal 200 transmits n first factor seed values among N seed values to be substituted into the code generation module 155 to the first factor of the authentication server 125 And a first factor seeding coordination unit 240 for agreeing with the distribution unit and holding the same in the code generation module 155. If the n first factor seed values are transmitted to the authentication server 230 in the application authentication process of the application authentication unit 225, the occupancy authentication process of the occupancy authentication procedure unit 230, and the object identification value registration process of the object registration unit 235, 125, the first factor seeding coordination part 240 may be omitted, so that the present invention is not limited thereto.

The first factor seed value agreed by the first factor seed agreement section 240 is selected from among the values stored in at least one of the memory section 213 and the USIM, or is stored through the agreement process.

On the other hand, if the first factor seed value determined by the first factor seed agreement unit 240 is not N, and the (Nn) third factor seed value to be dynamically determined at the time of generation of the disposable code or to be agreed in real time The application 215 dynamically determines the third factor seed value at the time when the one-time use code is generated according to the seed policy of the authentication server 125 or acquires the real time agreement with the application 215 And a third factor rule setting unit 245 for setting a third factor rule for setting the third factor rule.

The third factor rule setting unit 245 sets the third factor rule that is the same as the third factor rule registered in the third factor rule registering unit 165 of the authentication server 125, It is possible to authenticate whether or not the condition for acquiring the second factor seed value at the time of generating the disposable code is satisfied. If the resource included in the wireless terminal 200 does not meet the above condition, the third factor rule setting unit 245 sets the third factor rule according to the condition of the resource included in the wireless terminal 200 The second factor rule registration unit 165 of the authentication server 125 can adjust the third factor rule.

Referring to FIG. 2, the application 215 of the wireless terminal 200 may be keyed by a user among N seed values to be substituted into the code generation module 155 according to a seed policy of the authentication server 125 , The third factor medium corresponding to n 'third factor seed values recognized from the third factor medium owned by the user is registered in the third factor registration section of the authentication server 125 using the resources provided in the wireless terminal 200 And a third factor registration processing unit (250). If the n 'number of 3rd seed seed values are not input to the code generation module 155 to generate the disposable code, the 3rd factor registration processing unit 250 may be omitted, and thus the present invention is not limited thereto.

The third factor registration processing unit 250 may further include a third factor medium for obtaining n 'third seed factor values among the N seed values to be substituted into the code generation module 155 according to the seed policy of the authentication server 125 And determines to register with the authentication server 125.

If the 3rd factor medium is registered, the 3rd factor registration processing unit 250 outputs a media registration interface for registering the 3rd factor medium for acquiring the 3rd factor seed value according to the seed policy. The medium registration interface includes an interface for registering a card on which a specific key input value is printed (or embossed), an interface for registering a value read from the code image, a card (or a portable medium) on which a 2D barcode- An interface for registering a value obtained through NFC with a card (or a portable device) equipped with the NFC function, an interface for registering a value stored in the personal storage device, a personal storage device in which a specific key value is stored, An interface for registering the biometric information of the user himself / herself, and an interface for storing the key input value by the user himself / herself.

If the medium factor value for the 3rd factor medium is input through the medium registration interface, the 3rd factor registration processing unit 250 receives the medium factor value from the 3rd factor medium registration unit 170 of the authentication server 125, And transmits the medium identification value to the authentication server 125.

2, in order to generate the one-time use code according to the seed policy of the authentication server 125, the application 215 of the wireless terminal 200 may transmit at least one of a third factor seed value and a third factor seed value And a seed value obtaining unit 255 for obtaining the third factor seed value using the resource of the wireless terminal 200 or obtaining the third factor seed value, if necessary.

When the third factor rule is set by the third factor rule setting unit 245, the seed value obtaining unit 255 obtains the third factor seed value using the specific resource of the mobile station 200 according to the third factor rule . The third factor seed value may be dynamically determined by the third factor seed distribution unit 175 of the authentication server 125 and received via the data network. Alternatively, the second factor seed value may be transmitted in the form of a code image (or a key input value) displayed on the user terminal 199 through the application server 100, A third factor seed acquisition interface that recognizes the code image through the first factor input unit 206 or receives the key input value and acquires the third factor seed value, 206, or obtain the third factor seed value by receiving the key input value. Alternatively, the seed value obtaining unit 255 may check the communication network identification value allocated to the wireless terminal 200 on the communication network connected to the wireless terminal 200 or identify the location identification value of the wireless terminal 200 , The third factor seed value can be obtained.

Alternatively, when the 3rd factor medium is registered by the 3rd factor registration processing unit 250, the seed value obtaining unit 255 obtains the 3rd factor seed from the registered 3rd factor medium by using the resources of the wireless terminal 200, A third factor seed input / output interface for inputting / recognizing a third factor seed input value, and inputs / recognizes a third factor seed value using the resources of the wireless terminal 200 based on the third factor seed input interface.

Referring to FIG. 2, the application 215 of the wireless terminal 200 receives N seed values corresponding to one or more combinations of the first factor seed value, the third factor seed value, and the third factor seed value A disposable code generation unit 260 that dynamically generates a disposable code in accordance with a code generation algorithm by substituting the at least one code generation module 155 into one code generation module 155, And a disposable code display unit 265 for displaying the disposable code dynamically generated by the disposable code display unit 265. [

In the case where the one-use code is generated by the application-side code generation module 155 according to the first one-time code generation method of the present invention, the one-time use code generation unit 260 generates the one- Side code generation module 155 to generate the one-off code or to generate the first factor seed value and the third factor seed value obtained in real time by the seed value acquisition unit 255, Side code generation module 155 to generate the disposable code or provide the first factor seed value and the third factor seed value input / recognized by the seed value acquisition unit 255 to the application-side code generation module 155, Or provides the first factor seed value, the third factor seed value, and the third factor seed value to the application-side code generation module 155, And generating code, the one-time code display unit 265 displays through the display output unit 202, the generated one-time codes.

Meanwhile, when the one-time use code is generated by the authentication server-side code generation module 155 according to the second one-off code generation method of the present invention and then provided to the application 215, if the one- Or if the authentication server 125 is generated using the third factor seed value that can be confirmed / determined in real time by itself, the one-time use code generation unit 260 generates the one- Requests the creation of a one-off code. Meanwhile, the disposable code may be generated using the second factor seed value obtained using the specific resource of the wireless terminal 200, or may be generated using the third factor If the seed value is generated using the seed value, the disposable code generation unit 260 transmits at least one seed value among the 2nd factor seed value and the 3rd factor seed value obtained by the seed acquisition unit to the authentication server side code generation module 155 ), And requests the generation of the disposable code. The disposable code display unit 265 receives the disposable code provided from the authentication server 125 and displays the disposable code through the screen output unit 202.

If the disposable code is generated by cooperation between the application 215 and the code generation module 155 distributed to the authentication server 125 according to the third disposable code generation method of the present invention, (Mm) generated at the authentication server side via the second one-time code generation method, the one-time use code (260) Code generated by combining the code and the n-digit one-time code to generate an M-digit one-time code, or generating the one-time code generated by the application through the first one- And transmits the generated disposable code from the authentication server 125. Alternatively, the disposable code generated by the authentication server 125 may be used as a first factor seed value for generating the one- The one-time use code generated by the authentication server side through the second one-time use code generation method is used as the third factor seed value of the one-time use code generated at the application side through the first one-time use code generation method to generate the one- , And the disposable code display unit 265 displays the generated disposable code through the screen output unit 202.

Referring to FIG. 2, the application 215 of the wireless terminal 200 includes a disposable code input control unit 270 for controlling the displayed disposable code to be input by the user, 125) for transmitting the disposable code.

The disposable code display unit 265 displays the disposable code and outputs a disposable code input interface for directly inputting the displayed disposable code into a predetermined area of the screen area on which the disposable code is displayed, The control unit 270 controls the disposable code input through the disposable code input interface to be keyed. If the displayed one-off code is input to the user terminal 199, the disposable code input interface may not be output, and the disposable code input control unit 270 and the disposable code providing unit may be omitted.

According to the embodiment of the present invention, the disposable code input control unit 270 controls the disposable code input unit 265 to input the disposable code inputted through the disposable code input interface in the same manner as the disposable code displayed on the same screen do. For example, the one-time code input control unit 270 periodically performs a check of the identity between the one-time code input through the one-time code input interface and the one-time code displayed by the one-time code display unit 265, Color, and sound.

The disposable code transmission unit 275 encrypts the disposable code input through the disposable code input interface according to a security procedure agreed with the disposable code receiving unit 180 of the authentication server 125 and transmits the encrypted disposable code.

FIG. 3 is a diagram illustrating an exemplary method for authenticating a user's occupancy state of an application 215 provided in the wireless terminal 200. Referring to FIG.

3 illustrates a process of authenticating whether an application 215 included in a wireless terminal 200 of a user subscribed to the application server 100 is occupied by a user. It is to be understood and appreciated by those skilled in the art that various changes and modifications may be made without departing from the scope of the present invention by those skilled in the art with reference to and / However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

Referring to FIG. 3, the user terminal 199 requests the application server 100 to subscribe / authenticate the user 300. In response, the application server 100 subscribes / authenticates the user 305, And provides unique information of the subscriber / authenticated user to the authentication server 125 (310).

The authentication server 125 generates an authentication number for the occupancy authentication of the application 215 provided in the user wireless terminal 200 and provides the generated authentication number to the application server 100 320), the application server 100 outputs the authentication number to the user terminal 199 (325).

The application 215 included in the user's wireless terminal 200 is downloaded and driven through a series of procedures, receives the authentication number, selects the application server 100 outputting the authentication number, If the unique information identifying the user is input 335, the authentication server 125 transmits the authentication number and the application server 100 information and unique information 340 to the authentication server 125. The authentication server 125 transmits the unique information And compares the authentication number provided to the application server 100 with the received authentication number based on the application server 100 information and authenticates the correspondence (345).

If the authentication number matches the authentication number, the authentication server 125 determines 350 that the user occupation state of the application 215 included in the wireless terminal 200 is authenticated (350) After the occupancy verification result is stored (355), the occupancy verification result is provided to the application server 100 and the application 215 (360). The application server 100 receives and stores the occupancy verification result (365), the application (215) outputs the occupancy verification result (365).

4 illustrates an exemplary method of authenticating an application 215 for which a one-off code is to be displayed and setting a seed value for generating the one-time code.

4 more specifically, after authenticating at least one of the uniqueness, integrity and validity of the downloaded application 215 to the user's wireless terminal 200, the application 215 and the authentication server 125), N seed values to be substituted into the code generation module 155 among the first factor seed value, the second factor seed value, and the third factor seed value are agreed upon. As a person skilled in the art, referring to and / or modifying FIG. 4, various implementation methods (for example, a method in which some steps are omitted, a subject is changed, or a sequence is changed) However, the present invention is not limited to the above-described embodiments, Shall not.

Referring to FIG. 4, when the application 215 is downloaded 400 to the user's wireless terminal 200 and the downloaded application 215 is executed, the application 215 is linked to the authentication server 125 (405) such that at least one specified property of uniqueness, integrity and validity of the application (215) is authenticated and the authentication server (125) associates with the application (215) Authenticate (405) at least one of the specified attributes of integrity and validity.

Once the application 215 is authenticated, the authentication server 125 may share the authentication result with the application 215 and the application 215 may send the authentication result to one or more application servers 100 to wait for the user occupancy state for the application 215 to be authenticated (415).

The application 215 agrees and stores the first factor seed value with the authentication server 125 and the authentication server 125 transmits the first factor seed value to the application 215, The first factor seed value is shared / distributed and registered (420). According to the seed policy, the process 420 may be performed before the occupancy authentication of the application 215 is confirmed.

If it is necessary to agree on the third factor rule to generate the one-time code according to the seed policy, the application 215 agrees with the authentication server 125 to set up the second factor rule (425) 125) also registers with the application 215 in agreement with the third factor rule (425). According to the seed policy, the process 425 may be performed before the occupancy authentication of the application 215 is confirmed.

If it is necessary to register the 3rd factor media in order to generate the one-time code according to the seed policy, the application 215 outputs a media registration interface for registering the 3rd factor media, The authentication server 125 receives the medium identification value for the third factor medium and stores the medium identification value for the third factor medium in operation 440. The medium identification value for the third factor medium is received and transmitted to the authentication server 125 in operation 435.

5 is a diagram illustrating an exemplary method of mapping an object to be used in a service provided by the application server 100 and a dynamically generated one-time code.

In more detail, FIG. 5 illustrates a process of mapping a disposable code and an object identification value using a unique identification value that identifies the uniqueness of the application 215 as an intermediary, and it is a common knowledge in the technical field of the present invention It is possible to refer to and / or modify the FIG. 5 to implement various methods of mapping the object and the disposable code (e.g., a method in which some steps are omitted, or subjects are changed, or procedures are changed in order) It should be understood that the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 5, the application 215 outputs an object registration interface for registering an object to be mapped with a disposable code 500, and if an object identification value is input through the object registration interface 505, And transmits the identification value to the authentication server 125 (510). Meanwhile, if the unique identification value to be used as the intermediary by the authentication server 125 is not automatically confirmed, the application 215 may transmit the unique identification value to the authentication server 125 together with the object identification value (510).

The authentication server 125 receives 515 the object identification value from the application 215 and verifies 515 the unique identification value to be used as the intermediary, and if the unique identification value is not automatically confirmed The unique identification value transmitted from the application 215 is received (515).

The authentication server 125 authenticates (520) whether the object identification value can be mapped to the disposable code. The validity authentication of the object identification value may include a step of providing the issuer who issued the object with the object identification information and the unique information of the user to authenticate the object as the object possessed by the user.

If the validity of the object identification value to be mapped to the disposable code is authenticated, the authentication server 125 maps the object identification value and the disposable code using the unique identification value as an intermediary, and stores the object identification value in the storage medium 150 (525).

6 illustrates an exemplary method of generating and authenticating a disposable code according to a first disposable code generation method of the present invention and processing the disposable code to provide a service corresponding to the object mapped with the disposable code.

In more detail, FIG. 6 illustrates a process of authenticating the one-time code generated through the application-side code generation module 155 and then processing the application using the object mapped with the authenticated one- 6 is a flow chart illustrating a method of generating a disposable code according to an embodiment of the present invention. Referring to FIG. 6, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it will be appreciated that the invention may be practiced otherwise than as specifically described herein, Technical features are not limited.

Referring to FIG. 6, if the application 215 is requested (600) to display 600 the disposable code to provide an object related service mapped with the disposable code, The first factor seed value is confirmed (605).

If it is necessary to acquire the third factor seed value to generate the one-time use code according to the seed policy, the application 215 uses the resource of the wireless terminal 200 according to the designated third factor rule to calculate the third factor seed value (610).

If the 3rd factor seed value is to be input / recognized in order to generate the one-time code according to the seed policy, the application 215 outputs a 3rd factor seed input interface for inputting / recognizing the 3rd factor seed value from the 3rd factor medium (615) and inputs / recognizes a 3rd factor seed value using resources of the wireless terminal (200) based on the 3rd factor seed input interface (620).

The application 215 provides the N seed values determined according to the seed policy among the first factor seed value, the third factor seed value, and the third factor seed value to the code generation module 155 to generate a disposable code (625 And displays the generated one-time code on the screen of the wireless terminal 200 (630).

If the disposable code is input through the application 215 according to the method of the present invention, the application 215 outputs a disposable code input interface for receiving the disposable code on the screen displaying the disposable code (635 ), And controls the input of the disposable code same as the displayed disposable code through the disposable code input interface (640). If the disposable code is inputted through the disposable code input interface, the authentication server (125) The one-time code is transmitted (645). If the authentication server 125 does not automatically check the unique identification value that identifies the uniqueness of the application 215 upon receiving the disposable code, the application 215 transmits the unique identification value together with the disposable code (645).

Meanwhile, if the one-time use code is inputted through the user terminal 199 according to another embodiment of the present invention, the user terminal 199 outputs an interface for inputting the one-time code and the unique identification value (650) If the disposable code and unique identification value displayed on the application 215 are input through the interface 655, the disposable code and unique identification value are transmitted to the authentication server 125 in operation 660.

The authentication server 125 receives (665) the disposable code displayed in the application 215 and confirms or receives the unique identification value (665), and the application side code generation module 155 Generates the verification code using the same method as that of generating the one-time code (670), and compares the received one-time code with the verification code to authenticate the one-time code (675).

If the one-time code is authenticated, the authentication server 125 confirms (680) the object identification value of the user mapped with the authenticated one-time code from the storage medium 150 using the unique identification value as an intermediary, The application server 100 transmits the object identification value of the user to the application server 100 and the application server 100 provides the service using the object requested by the user using the object identification value of the user in operation 690.

FIG. 7 illustrates an exemplary method of generating and authenticating a disposable code according to a second disposable code generation method of the present invention and processing the disposable code to provide a service corresponding to the mapped object.

In more detail, FIG. 7 shows an example of a case where after authenticating the one-time code generated by the authentication server-side code generation module 155 and provided to the application 215, an object mapped with the authenticated one- If the person skilled in the art is familiar with the present invention, it is possible to refer to and / or modify the FIG. 7, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention may be practiced otherwise than as specifically described herein (including, for example, The technical characteristics are not limited only by the method shown in FIG. For the sake of convenience, FIG. 7 omits the process of obtaining the third factor seed value using the specific resource of the wireless terminal 200 among the methods shown in FIG.

Referring to FIG. 7, if the application 215 is requested (700) to display 700 the disposable code to provide the object related service mapped with the disposable code, the application 215 determines that the 3rd factor seed value If the third factor seed value is not input / recognized, the application 215 transmits information requesting the disposable code to the authentication server 125 (705). If the third factor seed value is not inputted / recognized, The unique identification value is transmitted as needed (705). If the 3rd factor seed value is to be input / recognized, the application 215 outputs (710) a 3rd factor seed input interface for inputting / recognizing the 3rd factor seed value from the 3rd factor medium, (715) a third factor seed value using the resources of the wireless terminal 200 based on the third factor seed value and transmits the third factor seed value and the request for the one-time use code to the authentication server 125 (720), and transmits the unique identification value as needed (720).

The authentication server 125 identifies (725) the unique identification value of the application 215 for which the one-off code is requested, and receives the third factor seed value according to the seed policy (725).

The authentication server 125 confirms the first factor seed value registered in the authentication server 125 in response to the one-time use code request of the application 215 (730).

If it is necessary to acquire the third factor seed value to generate the one-time code according to the seed policy, the authentication server 125 acquires the third factor seed value in real time according to the designated third factor rule (735).

If the 3rd factor seed value is to be input / recognized in order to generate the one-time code according to the seed policy, the authentication server 125 checks the 3rd factor seed value received from the application 215 in step 740.

The authentication server 125 provides the N seed values determined according to the seed policy among the first factor seed value, the third factor seed value, and the third factor seed value to the code generation module 155 to generate a disposable code 745), the generated disposable code is provided to the application 215 (750), and the application 215 receives and outputs the disposable code (755).

If the disposable code is input through the application 215 according to the method of the present invention, the application 215 outputs a disposable code input interface for receiving the disposable code on the screen displaying the disposable code (760 (760), when the disposable code is inputted through the disposable code input interface, the control server (125) transmits the disposable code to the authentication server (125) The one-off code is transmitted (765). If the authentication server 125 does not automatically check the unique identification value that identifies the uniqueness of the application 215 upon receiving the disposable code, the application 215 transmits the unique identification value together with the disposable code (765).

Meanwhile, if the one-time use code is inputted through the user terminal 199 according to another embodiment of the present invention, the user terminal 199 may include an interface for inputting the one- And transmits the disposable code and the unique identification value to the authentication server 125 in operation 660. If the disposable code and the unique identification value are displayed in the application 215 via the interface 655, .

The authentication server 125 receives (770) the disposable code displayed in the application 215, checks or receives the unique identification value (770), and transmits the disposable code provided to the application (215) The disposable code is compared with the verification code to authenticate the disposable code (775).

If the disposable code is authenticated, the authentication server 125 checks (780) the object identification value of the user mapped with the authenticated one-off code from the storage medium 150 using the unique identification value as an intermediary, The application server 100 transmits the object identification value of the user to the application server 100 and the application server 100 provides a service using the object requested by the user using the object identification value of the user in operation 790.

8 illustrates an exemplary method of generating and authenticating a disposable code according to the third disposable code generation method of the present invention and processing the disposable code to provide a service corresponding to the mapped object.

In more detail, in FIG. 8, after the application-side code generation module 155 and the authentication server-side code generation module 155 cooperate to authenticate the generated one-time code, the application server 100 transmits the one- A process of providing a service using a mapped object is illustrated. If the person skilled in the art is familiar with the present invention, referring to FIG. 8 and / or modified, the disposable code generation and object related service It is to be understood that the invention may be embodied in many different implementations (e.g., some steps may be omitted, or alternatives, or alternatives may be made), but the present invention includes all such contemplated embodiments , But the technical features thereof are not limited only by the method shown in FIG. For the sake of convenience, the process of checking the respective seed values to be substituted in the application-side code generation module 155 and the authentication server-side code generation module 155 is omitted for convenience.

Referring to FIG. 8, the application 215 provides the N seed values confirmed through the process shown in FIG. 6 according to the seed policy to the code generation module 155 to generate m-digit one- A one-off code is generated (800). The authentication server 125 also provides the N 'seed values confirmed through the process shown in FIG. 7 to the code generation module 155 according to the seed policy, and generates a disposable code (Mm) of the M- (805), and provides the generated (Mm) digit disposable code to the application (215) (810). When the (Mm) disposable code is received (815) from the authentication server 125, the application 215 combines the m-digit disposable code and the (Mm) (820), and outputs the generated M-digit disposable code to the screen of the wireless terminal 200 (825).

If the one-off code is input through the application 215 according to the method of the present invention, the application 215 outputs a disposable code input interface for receiving the disposable code on the screen displaying the disposable code (830 And controls the input of the disposable code same as the disposable code through the disposable code input interface 830. If the disposable code is input through the disposable code input interface, The one-off code is transmitted (835). If the authentication server 125 does not automatically check the unique identification value that identifies the uniqueness of the application 215 upon receiving the disposable code, the application 215 transmits the unique identification value together with the disposable code (835).

Meanwhile, if the one-time use code is inputted through the user terminal 199 according to another embodiment of the present invention, the user terminal 199 may include an interface for inputting the one- And transmits the disposable code and the unique identification value to the authentication server 125 in operation 660. If the disposable code and the unique identification value are displayed in the application 215 via the interface 655, .

The authentication server 125 receives 840 the disposable code displayed in the application 215 and confirms or receives 840 the unique identification value and transmits the disposable code provided to the application 215 and the received And compares the disposable code with the verification code to authenticate the disposable code (845).

If the disposable code is authenticated, the authentication server 125 checks (850) the object identification value of the user mapped with the authenticated one-time code from the storage medium 150 using the unique identification value as an intermediary, The application server 100 transmits the object identification value of the user to the application server 100 and the application server 100 provides a service using the object requested by the user using the object identification value of the user in operation 860.

100: Application server 105: User subscription / authentication unit
110: Occupancy status confirmation unit 115:
120: interface unit 125: authentication server
130: Application management unit 135: Occupancy authentication unit
140: Object Identification Unit 145: Object - Disposable Code Mapping Unit
150: storage medium 155: code generation module
160: First factor seed distribution part 165: Third factor rule registration part
170: Third factor media registration unit 175: Third factor seed distribution unit
180: disposable code receiving unit 185: disposable code authentication unit
190: service control unit 195: application providing server
200: wireless terminal 215:

Claims (36)

1. A service providing system using an object mapped with a disposable code implemented in an authentication server communicating with an application server providing a service related to an object and communicating with a user wireless terminal having an application processing a disposable code,
An occupancy authentication unit for authenticating a state of occupancy of the application;
An object identification unit for identifying an object identification value identifying at least one object to be mapped with the one-time code;
An object-disposable code mapping unit for storing the unique identification value identifying the uniqueness of the application to be displayed with the disposable code and the object identification value in a storage medium;
A disposable code receiver dynamically generated by at least one code generation module and receiving a disposable code processed through an application corresponding to the unique identification value; And
And a service controller for controlling a service using the object mapped with the disposable code to be provided to the user through the application server by using the unique identification value as an intermediary when the received disposable code is authenticated And a service providing system using mapped objects.
The information processing apparatus according to claim 1,
Authenticates the correspondence between the authentication number displayed on the user terminal and the authentication number input through the application through the application server, or
And authenticating the correspondence between the authentication number displayed through the application and the authentication number input through the user terminal. The service providing system using the mapped object and the one-time code.
The apparatus according to claim 1,
Checking the object identification value from the application server,
Receiving an object identification value input from a user terminal connected to the application server,
And the object identification value is confirmed through at least one of receiving the object identification value input through the application.
2. The method of claim 1,
A fixed value selected to map the one-off code dynamically generated by at least one code generation module with the object identification value,
A unique key value assigned to the application, a phone number of the mobile terminal, account information of the user, a mail address of the user, and an individual identification key allocated to the user. Service using system.
The method of claim 1,
And a combination of at least one of a user's account (ID), a payment means, and a financial means. The service providing system using the mapped code and the mapped object.
2. The method of claim 1,
And a combination of at least one of a user's account information, payment means information, and financial means information.
The method of claim 1,
A first factor seed value set in the code generation module,
A third factor seed value obtained in real time at the time when the disposable code is generated,
(N &gt; = 1) seed values corresponding to any one or two or more combinations of 3rd-factor seed values obtained from a medium possessed by the user, to the code generation algorithm. Service Providing System Using.
The method of claim 1,
Or may be generated by a code generation module provided on the application side,
Generated by a code generation module provided on the authentication server side,
Wherein the generated code is generated through at least one of a combination of the application-side code generation module and the authentication server-side code generation module.
The method according to claim 1,
Further comprising a disposable code authentication unit for authenticating the correspondence between the received one-time use code and the one-time use code generated by the code generation module.
The method of claim 1,
A service authentication service, a payment service, and a financial service using the object identification value, and the service providing system using the mapped object and the mapped object.
A service providing method using an object mapped with a disposable code executed by an authentication server communicating with an application server providing a service related to an object and communicating with a user wireless terminal having an application displaying a disposable code,
Authenticating a user occupancy state for the application;
Identifying an object identification value identifying at least one object to be mapped with the disposable code;
Storing the unique identification value identifying the uniqueness of the application in which the disposable code is to be displayed and the object identification value in a storage medium;
Receiving a disposable code dynamically generated by at least one code generation module and processed through an application corresponding to the unique identification value; And
Using the unique identification value as an intermediary and controlling the service using the object mapped with the disposable code to be provided to the user through the application server when the received disposable code is authenticated, A service providing method using a mapped object.

delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images