KR101875257B1 - Mobile authentication and/or moile payment method using near wireless communication with host computer - Google Patents
Mobile authentication and/or moile payment method using near wireless communication with host computer Download PDFInfo
- Publication number
- KR101875257B1 KR101875257B1 KR1020150116491A KR20150116491A KR101875257B1 KR 101875257 B1 KR101875257 B1 KR 101875257B1 KR 1020150116491 A KR1020150116491 A KR 1020150116491A KR 20150116491 A KR20150116491 A KR 20150116491A KR 101875257 B1 KR101875257 B1 KR 101875257B1
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- server
- biometric
- host computer
- smartphone
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
Abstract
The present invention relates to a method for mobile authentication and / or mobile payment through short-range wireless communication between a computer device and a smartphone.
The method of the present invention is structurally separated between a service process performed between the computer device 100 and the service server 300 and an authentication process performed between the smartphone 200 and the authentication server 400. [ The service process and the authentication process are connected through a short-range wireless communication between the computer device 100 and the smartphone 200. If the authentication result obtained between the smartphone 200 and the authentication server 400 is successful, the authentication server 400 notifies the service server 300, and the service server 300 transmits the result back to the screen of the computer device Lt; / RTI >
Description
The present invention relates to a biometric authentication technique. And more particularly to application of security authentication using biometric authentication technology.
Today, people use the Internet to conduct various e-commerce and authentication activities. It primarily runs a web browser through a personal computer to access the target website. Then, the target web site performs a series of authentication procedures. The biggest problem here is security issues caused by malicious hacking. Unique personal information such as credit card number as well as unique information about the individual can be hacked. Several attempts have been made to prevent this. One of the most widely used methods is to install software on a personal computer that blocks hacking and enhances security.
However, this causes severe inconvenience to the user. Users are required to update their software because they need to constantly improve their security vulnerabilities because they are accessing various websites and doing authentication activities, and there are a lot of software to install. In addition, malicious codes are used to mimic or exploit security software And that it can be done. This is because the authentication information is stored in the personal computer.
If so, you might consider not storing your authentication information on your personal computer. This is how it is stored on the server of the certification authority. The server can acquire at least the identification information that can identify the user from the personal computer and use the authentication information stored in the database of the server based on the identification information. The identification information includes an ID, a password, and a cookie. The authentication information will be representative of the card information. For example, Amazon's one-click technology is typical. A server system related to Amazon One-Click Technology is disclosed in U.S. Patents US 5,960,411 and US 8341036.
This technique is very convenient to the user. This is because it is not necessary to install the security program on the personal computer, and the authentication and settlement can be performed simultaneously by inputting the simple identifier without going through the complicated process. However, the more convenient the user, the greater the burden on the service provider. Security issues have become more sensitive. The server system should be protected against malicious attacks. Because there is always the risk of a catastrophic security incident, the service provider must make a wonderful effort and constantly improve security technology. On the other hand, the user must input information such as card information at least once and provide it to the server. You should also keep track of the identifier information. That is, user convenience was not completely guaranteed.
The inventors of the present invention have long studied and pondered to solve the authentication problem in the above personal computer. Storing authentication information on a personal computer has the problem of installing complicated security software as described above. Storing and authenticating authentication information in a server system should place a tremendous security burden on service providers. In addition, the user must provide his / her personal information to the server system, and it is also inconvenient to have to remember the identifier information. We have come to the conclusion that we have to make a completely new attempt to solve these problems.
The inventors have explored mobile devices and biometric information technologies. While authentication activities in the Internet environment have become commonplace through personal computers (including notebooks), authentication methods in new environments have become widespread. Mobile authentication technology. You can store your credit card information on your mobile device and use it to make payments. You can also store biometric information, such as fingerprints, on your mobile device. The key point of the biometric information technology is that biometric information unique to each person can be acquired and easily recognized by recognizing the biometric information. Biometric information is unique to humans and can not be separated, so it can not be lost. Such biometric information can include face, voice, and signature, but fingerprints, finger veins, and irregularities are mainly studied. In view of the development of technology, the installation and configuration of the equipment, and the ease of recognition, it is preferable to use the finger of a user. Biometric technology using fingerprint or finger vein is typical. But how do you use it?
It is an object of the present invention to propose an authentication technique using biometric information, and to propose a new method of performing authentication by using short-range communication between heterogeneous devices.
Another object of the present invention is to provide a new biometric information authentication method which can completely prevent the risk of security incidents such as malicious access to a server or a device or hacking.
It is still another object of the present invention to provide a methodology for effectively authenticating biometric information even if the server does not have biometric information.
On the other hand, other unspecified purposes of the present invention will be further considered within the scope of the following detailed description and easily deduced from the effects thereof.
In order to achieve the above object, according to a first aspect of the present invention, there is provided a mobile authentication method for interworking with a host computer in short-
(a) connecting a host computer device to a service server;
(b) the host computer device requesting mobile authentication by executing an authentication event in communication with the service server;
(c) receiving a certification event information of the host computer device in a short-range wireless communication with a smartphone having a built-in short-range wireless communication chip close to a short-range wireless communication device built in the host computer device;
(d) performing the security authentication of the predetermined procedure through the wireless communication with the authentication server by the smartphone;
(e) the authentication server notifying the service server of the mobile authentication result; And
(f) the service server displaying authentication approval through a screen of the host computer device.
In addition, in the mobile authentication method of interworking with a host computer according to a preferred embodiment of the present invention in a short distance communication, the smartphone includes application software supporting a security authentication procedure with the authentication server,
The step (c) may be configured so that the smartphone is close to the NFC device of the host computer device after executing the application software.
In the mobile authentication method of interworking with a host computer according to another preferred embodiment of the present invention in a short distance communication, the smartphone includes application software supporting the security authentication procedure with the authentication server,
The step (c) may be configured to automatically execute the application software when the smartphone is close to the NFC device of the host computer device.
Further, in the mobile authentication method of interworking with a host computer according to a preferred embodiment of the present invention in a short distance communication, the short range wireless communication device may be an NFC device.
Further, in a mobile authentication method for interworking with a host computer according to a preferred embodiment of the present invention in a short distance communication, the authentication event may include authentication for performing a predetermined subsequent process, authentication for authenticating an already- It is preferable that the event is an event for requesting mobile authentication regarding any one or more of the personal authentication for approving the payment.
In addition, in the mobile authentication method interworking with the host computer according to the preferred embodiment of the present invention in the short distance communication, the step (d) further includes the biometric authentication using the biometric image data of the bio object .
In addition, in the mobile authentication method of interworking with a host computer according to a preferred embodiment of the present invention in a short distance communication, the biometric authentication may be performed by a crypto- hash data.
According to another aspect of the present invention, there is provided a mobile authentication method for interworking with a host computer in a short distance communication, the biometric authentication method comprising the steps of: receiving a server authentication value encrypted and stored in the smartphone using the biometric image data; Decrypting the authentication event information, and transmitting the decrypted server authentication value together with the authentication event information to the authentication server.
Further, in the mobile authentication method of interworking with a host computer according to a preferred embodiment of the present invention in a short distance communication, the biometric object used in the biometric authentication may be any one of a fingerprint, finger vein, have.
A second aspect of the present invention is a mobile payment method interworking with a host computer in a short distance communication,
(a) the host computer device requesting an online commodity payment to a service server;
(b) receiving a certification event information of the host computer device from a smartphone having a built-in short-range wireless communication chip close to a short-range wireless communication device built in the host computer device;
(c) the smartphone performs security authentication of a predetermined procedure through wireless communication with an authentication server and executes mobile payment;
(d) the authentication server notifying the service server of the mobile payment result; And
(e) displaying the completion of payment through the screen of the host computer device by the service server.
In the preferred mobile payment method of the present invention, the step (c) may include a step of performing settlement using credit card information stored in advance in the smartphone or the authentication server.
A third aspect of the present invention is a mobile authentication method for interworking with a host computer in a short distance communication,
(a) requesting a host computer device to purchase an online product from a service server;
(b) the host computer device executes an authentication event in communication with the service server to request a mobile authentication
(c) transmitting a smart phone information to the service server through the host computer device, the smart phone having a built-in short-range wireless communication chip close to a short-range wireless communication device built in the host computer device; And
(d) the service server displaying authentication approval through a screen of the host computer device.
In addition, in the mobile authentication method of interworking with a host computer according to a preferred embodiment of the present invention by local communication,
The authentication event may be an event for requesting a mobile authentication regarding a personal authentication for approving a payment.
According to the present invention, there is an advantage that the service process and the authentication process are completely separated systematically. This has the advantage that the service provider can configure the system optimized for the service and manage the resources. Since the service providing system does not have the information necessary for authentication or settlement, there is no object of security accident caused by malicious attack. This brings great benefits to users. It is not necessary to install various security programs on the user's device when accessing the system of the service provider, and there is no need for the user to provide sensitive personal information such as credit card information to the service provider.
According to a preferred embodiment of the present invention, all processes can be completed automatically by pressing a button for requesting mobile authentication or mobile payment. In short, it has the advantage of providing users with the most convenient payment methods.
In addition, according to a preferred embodiment of the present invention, there is an advantage that more secure self-certification is possible from an attack of a malicious third party. Although the authentication process uses the smartphone biometric authentication method in the authentication process, since the biometric information is not stored in the device or the server, even if the user loses the device, the authentication server loses or hacks the DB information even if the third party maliciously hacks it. The biometrics information inherent to the user can be intrinsically blocked.
The present invention provides a complete and secure authentication method for all commercial or administrative procedures requiring authentication.
On the other hand, even if the effects are not explicitly mentioned here, the effect described in the following specification, which is expected by the technical features of the present invention, and its potential effects are treated as described in the specification of the present invention.
1 is a diagram showing a system configuration according to a preferred embodiment of the present invention.
2 is a conceptual diagram showing the relationship and configuration between heterogeneous devices performing near field wireless communication according to the present invention.
3 is a diagram illustrating various forms of examples of the
4 is a diagram showing an example of various bio-objects performed in the
5 to 8 are diagrams showing various scenarios to which the technical idea of the present invention is applied.
* The accompanying drawings illustrate examples of the present invention in order to facilitate understanding of the technical idea of the present invention, and thus the scope of the present invention is not limited thereto.
Hereinafter, the structure and various embodiments of the present invention will be described in detail with reference to the drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may obscure the subject matter of the present invention.
1 shows a system configuration according to a preferred embodiment of the present invention. A preferred system of the present invention comprises four elements. A
In this case, in the prior art, it was common to authenticate through the security program and the authentication software installed in the
In the context of the present invention, the security and / or authentication software installed in the
The service process is performed through communication between the
This is the link between the service process and the authentication process. First, on the user side, a near field communication (NFC)
The
Then, real-time authentication is performed between the
On the other hand, since the service process and the authentication process are separated, as described above, the
The
Now, the configuration and relationship of the user side device, which is the starting point at which the service process and the authentication process are connected, will be described. 2 shows a heterogeneous device used by a user.
The
The
Although the
In some preferred embodiments of the present invention, the
In another preferred embodiment of the present invention, the
The
FIG. 3 illustrates various types of
3 (e) shows a case where the Internet of Things (IOT) device is the host computer device of the present invention. For example, if an electronic device installed in a vehicle, various electronic devices in a home, a public space (e.g., a subway platform, etc.) can communicate with the Internet, and an
Referring back to FIG. 2, the
In some preferred embodiments of the present invention, after the smartphone executes the mobile application software 250, the
In another preferred embodiment of the present invention, when the smartphone initiates an authentication event at the
The mobile application software 250 of the present invention may include an environment setting tool of a mobile application, a user interface, a database module, and the like. In particular, the mobile application software 250 may include functions for supporting NFC communication, A function for performing a procedure for authentication of the principal, and a function for wirelessly communicating with the authentication server.
In addition, since the configuration of an application processor, an input / output device, a memory, a wireless communication modem, a battery, and a power supply device of a smart phone supports the technical features of the present invention and ensures the implementation of the present invention, detailed description thereof is omitted here . Such components may employ conventional techniques, and future improved techniques may be freely applied to the technical idea of the present invention.
As described above, in the preferred embodiment of the present invention, enhanced mobile authentication can be ensured by using biometric information of a bio-object (i.e., human body). In this embodiment, the mobile application software 250 supports biometric authentication using biometric image data. As shown in Fig. 4, the bio-object may be a fingerprint, an iris, or a finger. The biometric image data in any preferred embodiment of the present invention may be the
Hereinafter, how the biometric image data of the bio object is processed by the
This is the first biometric authentication method. The authentication server may have a database of the user's biometric information. Preferably, the authentication server does not have the original biometric image of the user, but has a hash value corresponding to the biometric image data. It can also hold a reference value that modifies the biometric source data to a specific rule. If the authentication server has the biometric image data or the biometric original data, there are legal problems related to personal information protection and malicious attacks such as hacking.
The authentication server can construct a database of vector sets as hash values related to the user ID and the user biometric characteristic. The smart phone can scan the biometric image data to transmit the feature vector set, and compare it with the vector set of the authentication server to authenticate. Communication between the authentication server and the smartphone can be performed through a dynamic communication encryption key. Hereinafter, the first biometric authentication method will be described.
The biometric information database of the authentication server previously stores a user ID and a biometric feature vector set decrypted by the user. The user ID can be used to specify the user. The feature vector set of the biometric image decrypted using the cryptographic hash function is referred to as a first feature vector set for convenience. This first feature vector set can be used to determine whether biometric authentication is successful or unsuccessful. Thus, in order to attempt authentication using the authentication server, the user must register his ID and his or her hashed biometric feature vector set in the authentication server in advance.
This feature can be set in the form of a direct password, for example, by the person who secretly hides the vector. Also, it is a secret that only the user knows is unknown to the authentication server to be secreted. The user scans his or her biometric information with a smartphone, and then extracts feature vectors from the biometric image data. The feature vector set at this time is expressed as a second feature vector set. Then, they can be hashed using the secret sharing method registered in the authentication server, and then transmitted to the authentication server.
The authentication server compares the first feature vector set and the second feature vector set, and determines that authentication is successful when a predetermined number or more of hash values are matched with the feature vector values. This is because biometric information causes a slight error in each measurement.
The smartphone application software can control to delete the second set of feature vectors used once, the biometric image data, and the secret key. By deleting both the biometric image, the hashed second feature vector, and the secret key in the smartphone, it is possible to prevent the biometric information from being stolen by using the smart phone.
The basic framework of the authentication process is to compare the biometric information scanned by the smartphone and the biometric information held by the authentication server with the encrypted feature vectors. In addition to this, it is possible to add mobile payment by using information related to the credit card built in the smart phone, adding a protocol for authentication between the authentication server and the smart phone, or employing various biometric authentication algorithms.
This is the second biometric authentication method. Unlike the first biometric authentication method, a hash value related to biometric information or a user's unique secret information required for mobile authentication or mobile settlement is encrypted using a biometric value as an encryption key without storing the modified reference value of the biometric information in the server, It can be stored on the phone (re-encryption of the password value). When the heterogeneous device moves from the service process to the authentication process through short-range wireless communication between the heterogeneous devices, the user can communicate with the authentication server by decrypting the unique information necessary for the authentication using the biometric information of the user as a key.
Let us explain the second biometric authentication method in more detail. And stores user-specific information for authentication such as various secret data of the user in the data store of the smart phone, for example, information relating to a password and a credit card. However, this means that biometric data such as biometric data such as fingerprint, finger vein, iris, and the like is used as a cryptographic key to be stored in an encrypted state. In short, in this embodiment, the encryption key of the user-specific information for authentication can be generated by the user's biometric data. For example, a fuzzy extraction algorithm may be used. The fuzzy extraction algorithm is based on a symmetric key having the same encryption key and decryption key for each data. For example, the user's secret data d is encrypted using the user's biometric data value k as an encryption key, . When decoding the corresponding data e, e is decoded using the biometric data value k 'obtained by scanning the biometric data of the user who has requested decryption. When k' is similar to k within a predefined approximation range, decoding k ' Key to decode e to d exactly. To measure the success or failure of the decryption, e and h (d) are stored in the smartphone's storage, where h (d) is a value obtained by encrypting the user data source. Therefore, when d is obtained by attempting to decode e by k ', decryption succeeds when the value of h (d') is equal to h (d), and decryption failure is determined when it is not. Therefore, only the value of each user secret data d (e, h (d)) is stored in the user database. Therefore, even if the database is attacked or the smartphone is stolen, the user's biometric information and original secret data are safely protected .
If you use this method, you can encrypt the authentication secret value for authenticating the server to the server as above. Therefore, when a smartphone user logs in to the service server or purchases goods by authenticating himself / herself, his / her biometric value is input to his / her smartphone to decrypt the encrypted identity authentication secret value, It is possible. In this way, you can authenticate yourself without having to store your biometric hash value (or template) on the server.
As described above, the basic skeleton of the authentication process of the present embodiment is that the user extracts the encrypted user-specific information stored in the smartphone using his / her biometric information as a key key, and then authenticates the authentication server and the smartphone Communication is performed. The biometric image data scanned on the smart phone is deleted after being used as a key key for authentication user information. If a virus is already hidden in your smartphone to steal biometric information, your smartphone may scan your biometrics and delete it from memory before it is used to intercept or steal biometric data There is a possibility. To prevent this, a security program can be installed that restricts programs that scan the user's biometric information from being controlled by other programs, including viruses, in the smartphone.
This is the third biometric authentication method. Information such as the user's biometric data, credit card information, and server authentication value are stored in a hardware-specific security module such as a software and / or hardware attack-resistant module, such as a crypto-processor or a hardware security module . In this case, the user's smartphone assumes that the module is mounted. In the smartphone, only one or a plurality of specific programs whose security has been verified can communicate with the module, and the program scans the biometric information of the user.
When the third biometric authentication method is used, the user scans his or her biometric information with a program that scans the biometric information provided in the smartphone. The program transmits the biometric information of the user to the program communicable with the security module or directly transmits the biometric information of the user to the security module when the program itself is the program. The security module determines the similarity between the scanned biometric information of the user and the stored biometric information, and then determines authentication success and failure. If it is successful, the stored secret information of the user is transmitted to the program, and the program transmits the information directly to the authentication server or to the process / program in the smart phone responsible for communication with the authentication server. The secret information of the user of the programs is then deleted in the smartphone. However, the user biometric data and secret information stored in the security module are not deleted.
Both the first biometric authentication method and the second biometric authentication method do not store the biometric information by the device. Therefore, even if you lose your smartphone or have a malicious hacking attack, you can rest assured. Even in the case of the third biometric authentication method, a special hardware security module is used, so that it can be relieved from an external attack.
5 to 8 illustrate scenarios of various forms and contents using the authentication method of the present invention. First, FIG. 5 shows an example of a procedural configuration of a scenario relating to authentication of authentication between the
First, the
In this embodiment, the
Preferably, there will be a < mobile authentication > button on the user screen, and an authentication event is generated by selecting it. Then, the NFC device built in the
The authentication process is executed between the
This is true if the second biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
If the mobile authentication is successful in this procedure, the
The scenario of FIG. 6 relates to a scenario in which the
First, a series of services is performed through communication between the
An approval procedure to approve the work is required (S110). Preferably, there will be a < Mobile Authentication > button on the user screen, and an authentication event can be generated by selecting it. Then, the NFC device built in the
The authentication process is executed between the
This is true if the second biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
If the mobile authentication is successful in this procedure, the
Fig. 7 is an application example of Fig. When a user purchases a product at an Internet shopping mall, mobile payment can be performed using the method of the present invention. Unlike the scenario of Fig. 6, there are few cases where it is implemented together with Fig.
First, a series of shopping services are performed through communication between the
The payment user screen provided by the
The mobile payment process is executed between the
This is true if the second biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. And decrypts the encrypted server authentication value stored in the device using the biometric image data. And connects to the server using the decrypted data. The
This is the case if the third biometric authentication method is used. After the smartphone receives the session token of the service process with NFC, it scans the user's biometric object to obtain the biometric image data. Then, the server authentication value stored in the security module in the device is read using the biometric image data. Connect to the server using this data. The
If the mobile payment is successful in this procedure, the
If the mobile payment method of the present invention is used, payment by the computer can be ended simply by clicking the < mobile payment > button. It is also possible to perform a simple settlement in a state in which perfect security is ensured. There is no need to input a card number in a conventional method, that is, to enter a card number on a computer screen, to make a payment by calling a certificate having weak security, or to use an OTP device. You only need to authenticate using your favorite smartphone. The rest of the communication is done by a set procedure.
All FinTech technologies require infrastructure changes. This is the biggest barrier to implementing the new PinTech technology. FIG. 8 shows a scenario in which the existing infrastructure is used as it is but the characteristics of the present invention can be exhibited.
Online shopping (S300, S310) performed through communication between the
The payment user screen provided by the
The
The
The
For reference, the mobile authentication method according to various preferred embodiments of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, magneto-optical media such as floptical disks, A hard disk drive, a flash memory, and the like. Examples of program instructions include high-level language code that can be executed by a computer using an interpreter, as well as machine accords such as those produced by a compiler. A hardware device may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
The authentication event using the technical idea of the present invention may have various modifications. There is a personal authentication for executing a predetermined subsequent process. This also includes identity verification for logging in to the service server. In addition, there is a personal authentication for approving a process that has already been done. Such is the service provided by financial institutions and administrative agencies. There is also a self-certification to approve payment. The outstanding advantages of the present invention are, for example, such. I shopped on the desktop, but the payment method does not use the desktop, it can just be done by pressing a button on the screen. This is because the service (e.g., shopping) process and the authentication (including billing) process are completely separate. It has the advantage that there are far fewer systematic efforts to "prevent" malicious attacks. This advantage will be even more pronounced when the user's computer device is a matter Internet device with an embedded NFC chip. You can use your smartphone anytime and anywhere to authenticate yourself and make mobile payments.
In addition, the above embodiments of the present invention have proposed a method using an NFC module embedded in a heterogeneous device. However, it goes without saying that other types of devices and communication technologies can be employed as long as the module supports short-range wireless communication.
In implementing the method of the present invention, it is most likely if a user is a member of both a service server and an authentication server. Because the user's unique identifier is available, the authentication process is easy to identify the service process (and vice versa). However, if the authentication session generated on the user screen of the service server can be specified through the NFC communication between the same user's computer and the smartphone, the user does not always have to be subscribed to the service server.
The scope of protection of the present invention is not limited to the description and the expression of the embodiments explicitly described in the foregoing. It is again to be understood that the present invention is not limited by the modifications or substitutions that are obvious to those skilled in the art.
Claims (19)
(a) connecting a host computer device to a service server;
(b) the host computer device requesting mobile authentication by executing an authentication event in communication with the service server;
(c) receiving a certification event information of the host computer device in a short-range wireless communication with a smartphone having a built-in short-range wireless communication chip close to a short-range wireless communication device built in the host computer device;
(d) the smart phone acquires biometric image data from a bio-object for an authentication process, and then performs security authentication of a predetermined procedure through wireless communication with an authentication server Wherein the biometric authentication is performed using the biometric image data without using the biometric image data. The security authentication is performed between the smartphone and the authentication server in a completely security-controlled manner, Does not provide data to the service server);
(e) the authentication server notifying the service server of the mobile authentication result; And
(f) displaying the authentication approval on the screen of the host computer device by the service server.
The smartphone includes application software supporting a security authentication procedure with the authentication server in advance,
Wherein the step (c) is performed in a short distance communication with a host computer, wherein the smartphone is close to an NFC device of the host computer device after executing the application software.
The smartphone includes application software supporting a security authentication procedure with the authentication server in advance,
Wherein the step (c) is performed automatically when the smartphone is close to the NFC device of the host computer device.
Wherein the short-range wireless communication device is an NFC device and cooperates with a host computer in short-range communication.
Wherein the authentication event is an event for requesting a mobile authentication regarding at least one of authentication of a user to perform a predetermined subsequent process, authentication of a user to approve a process already performed, and authentication of a user to approve a payment, And a mobile authentication method linked with a short distance communication.
Wherein the biometric authentication transmits the authentication event information and the decrypted data of the biometric image data to the authentication server.
Wherein the biometric authentication device decrypts the server authentication value encrypted and stored in the smartphone using the biometric image data and transmits the decrypted server authentication value together with the authentication event information to the authentication server. Mobile authentication method that works with computer and local communication.
Wherein the bio-object used in the biometric authentication is one of a fingerprint, a finger vein, and a body of an iris.
(a) the host computer device requesting an online commodity payment to a service server;
(b) receiving a certification event information of the host computer device from a smartphone having a built-in short-range wireless communication chip close to a short-range wireless communication device built in the host computer device;
(c) after the smart phone acquires biometric image data from a bio object for an authentication process, performs security authentication of a predetermined procedure through wireless communication with an authentication server and executes mobile payment Wherein the biometric authentication is performed using the biometric image data without using the device information of the phone. The security authentication is performed between the smartphone and the authentication server in a completely security-controlled manner, The biometric image data being used is not provided to the service server);
(d) the authentication server notifying the service server of the mobile payment result; And
(e) displaying the completion of payment through the screen of the host computer device by the service server.
Wherein the short-range wireless communication device is an NFC device and cooperates with a host computer in short-range communication.
Wherein the step (c) includes executing settlement using credit card information stored in advance in the smartphone or the authentication server.
Wherein the biometric authentication transmits data encrypted with the biometric image data together with the authentication event information to the authentication server.
Wherein the biometric authentication device decrypts the server authentication value encrypted and stored in the smartphone using the biometric image data and transmits the decrypted server authentication value together with the authentication event information to the authentication server. A mobile payment method that works with a computer and local area network.
Wherein the bio-object used in the biometric authentication is one of a fingerprint, a finger vein, and an irregular body, and is linked with the host computer by close-range communication.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150116491A KR101875257B1 (en) | 2015-08-19 | 2015-08-19 | Mobile authentication and/or moile payment method using near wireless communication with host computer |
US15/006,280 US20170055146A1 (en) | 2015-08-19 | 2016-01-26 | User authentication and/or online payment using near wireless communication with a host computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150116491A KR101875257B1 (en) | 2015-08-19 | 2015-08-19 | Mobile authentication and/or moile payment method using near wireless communication with host computer |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170022039A KR20170022039A (en) | 2017-03-02 |
KR101875257B1 true KR101875257B1 (en) | 2018-07-05 |
Family
ID=58427260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150116491A KR101875257B1 (en) | 2015-08-19 | 2015-08-19 | Mobile authentication and/or moile payment method using near wireless communication with host computer |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101875257B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102213219B1 (en) * | 2020-07-15 | 2021-02-05 | 주식회사 고스트패스 | System and method for ordering and payment using biometric information of user |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101459283B1 (en) * | 2013-09-17 | 2014-11-07 | 주식회사 아이넵 | 2 Channel authentication device and method |
-
2015
- 2015-08-19 KR KR1020150116491A patent/KR101875257B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101459283B1 (en) * | 2013-09-17 | 2014-11-07 | 주식회사 아이넵 | 2 Channel authentication device and method |
Also Published As
Publication number | Publication date |
---|---|
KR20170022039A (en) | 2017-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11663578B2 (en) | Login using QR code | |
US11223948B2 (en) | Anonymous authentication and remote wireless token access | |
US9741033B2 (en) | System and method for point of sale payment data credentials management using out-of-band authentication | |
CN106575326B (en) | System and method for implementing one-time passwords using asymmetric encryption | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
US11132694B2 (en) | Authentication of mobile device for secure transaction | |
US9800562B2 (en) | Credential recovery | |
US20220122088A1 (en) | Unified login biometric authentication support | |
US20170055146A1 (en) | User authentication and/or online payment using near wireless communication with a host computer | |
CN113474774A (en) | System and method for approving a new validator | |
WO2019226115A1 (en) | Method and apparatus for user authentication | |
EP3662430B1 (en) | System and method for authenticating a transaction | |
KR20220167366A (en) | Cross authentication method and system between online service server and client | |
KR101835718B1 (en) | Mobile authentication method using near field communication technology | |
KR101875257B1 (en) | Mobile authentication and/or moile payment method using near wireless communication with host computer | |
Kreshan | THREE-FACTOR AUTHENTICATION USING SMART PHONE | |
KR101603683B1 (en) | Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof | |
KR20150089569A (en) | Method for authentication using user apparatus, digital system, user apparatus, and authentication system thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right |