KR101972492B1 - Method for Operating Multiple One Time Password based on SD Memory - Google Patents

Abstract

The present invention relates to an SD memory-based multiportieth operation method, which is implemented in a server for receiving an N (N> 1) digit OTP dynamically generated in a chip of an SD memory and performing an authentication procedure, (1n < N) verification OTP and (Nn) digits authentication of the N-digit number of OTP received through the designated communication network after being dynamically generated in the chip of the memory and displayed through the program provided to the user's wireless terminal Extracting and extracting the OTP for verification, and verifying the effectiveness of the OTP for verification and the OTP for authentication, respectively, and verifying the authentication result of the OTP for verification and the authentication result of the OTP for authentication, And the authentication result of the OTP for authentication to selectively deal with the transaction authentication or the transaction failure for the OTP-based transaction. The OTP for verification and the OTP for authentication use different algorithms in the chip of the SD memory Or to respective dynamically created and dynamically generated each other via at least one seed value from the SD memory chip.

Description

[0001] The present invention relates to a method and apparatus for operating a multi-

In the present invention, when an authentication error occurs during authentication of a transaction after displaying an OTP generated through a chip of an SD memory through a program of a wireless terminal, Thereby identifying the program of the wireless terminal and optionally counting the number of errors.

An SD chip corresponding to a secure element (SE) is provided in the SD memory, an OTP (One Time Password) is generated through the IC chip, A memory-based OTP service is disclosed.

Generally, when the OTP service counts the number of errors each time OTP authentication fails, the OTP service blocks the OTP service when the counted number of errors exceeds the designated number of times (for example, 5 times) . In general, when an OTP authentication error occurs, the OTP is mistakenly input by the user and the device generating the OTP is functionally damaged. In most cases, if the OTP is erroneously input, It is rarely reached until the OTP service is blocked because it is normally input. Therefore, an OTP authentication error exceeding the designated number of times in the normal OTP service occurs when the OTP generating device is functionally damaged. Therefore, it is natural that the user visits the designated site to replace the device.

On the other hand, when the conventional OTP error count management method is applied to the SD memory based service as described above, the SD memory is functionally changed to replace the SD memory even though the chip of the SD memory is not damaged. That is, if an OTP authentication error exceeding a specified number of times occurs in the SD memory based service, the chip of the SD memory may be functionally damaged. However, the OTP generated through the chip of the SD memory is displayed through the program of the wireless terminal The probability that the program of the wireless terminal is actually damaged or occupied by the malicious code is higher.

However, when the conventional OTP error count management method is applied to the SD memory based service, it is considered that the chip of the SD memory is damaged because the program of the wireless function is functionally damaged or occupied by the malicious code, There is a problem that the SD memory is replaced unnecessarily.

In order to solve the above problems, an object of the present invention is to provide a method executed in a server for receiving an NTP (N> 1) digit OTP dynamically generated in a chip of an SD memory and performing an authentication procedure, (1n < N) digits of verification OTP and (Nn) digits of the N-digit number of OTP received through the designated communication network after being dynamically generated in the chip of the user's wireless terminal A first step of separating and extracting the OTPs, a second step of processing the extracted and extracted verification OTPs and the authentication OTPs so that the validity of the OTPs is separately authenticated, and the authentication results of the verification OTPs and the authentication OTPs And a fourth step of selectively processing a transaction authentication or a transaction failure for the OTP-based transaction by combining the verification OTP and the authentication result of the OTP for authentication, SD In the memory chip or each respective dynamically generated by a different algorithm, to provide at least one of the SD memory-based respective dynamically created by another seed value O typhimurium multiple operating method in the SD memory chip.

The SD memory-based multi-attribute operation method according to the present invention is implemented in a server for receiving an N (N> 1) -order OTP dynamically generated in a chip of an SD memory and performing an authentication procedure, (1n < N) digits of verification OTP and (Nn) digits of the N-digit number of OTP received through the designated communication network after being dynamically generated in the chip of the user's wireless terminal A first step of separating and extracting the OTPs, a second step of processing the extracted and extracted verification OTPs and the authentication OTPs so that the validity of the OTPs is separately authenticated, and the authentication results of the verification OTPs and the authentication OTPs And a fourth step of selectively processing a transaction authentication or a transaction failure for the OTP-based transaction by combining the verification OTP and the authentication result of the OTP for authentication, wherein the verification OTP and the authentication OTP , Respectively, or dynamically created by the different algorithms on the SD memory chip, it characterized in that the respective dynamically created by another seed value in at least one of a SD memory chip.

According to another aspect of the present invention, there is provided a method for operating an SDHC memory based multi-attribute system, the method comprising: combining an authentication result of the verification OTP and an authentication OTP to determine the number of integrity errors for the verification OTP and the authentication error count for the authentication OTP And a fifth step of selectively controlling the counting or initialization.

According to another aspect of the present invention, there is provided a method for operating a multifactor based on SD memory, wherein the method further includes a sixth step of requesting reinstallation of a program with a program included in the wireless terminal when the counted number of integrity errors exceeds a predetermined number .

According to the present invention, when the validity of both the verification OTP and the authentication OTP is not authenticated, the fourth step processes the OTP-based transaction as a transaction failure, and the fifth step performs integrity verification It is possible to count the number of errors and not to count the number of authentication errors for the authentication OTP.

According to the present invention, if both the verification OTP and the authentication OTP are validated, the fourth step may process the OTP-based transaction as transaction authentication.

According to the present invention, the fifth step may initialize the number of integrity errors for the verification OTP and the number of authentication errors for the authentication OTP.

According to the present invention, when the validity of the OTP for verification is not authenticated and the validity of the OTP for authentication is authenticated, the fourth step processes the OTP-based transaction as a transaction failure, Counts the number of integrity errors for the OTP for authentication, does not count the number of authentication errors for the authentication OTP, or initializes the counted number of authentication errors.

delete

delete

According to the present invention, since the number of errors is counted and exceeds a specified number due to the damage of the chip of the SD memory during the SD memory based OTP service, or the number of errors is counted due to the damage or the occupation by the malicious code of the program of the wireless terminal So that it is possible to grasp whether the number of times is exceeded.

According to the present invention, when the number of errors is counted due to a program of a wireless terminal being damaged or being occupied by a malicious code, the user can reinstall the program through designated non-face authentication without visiting the designated agency, Can be used.

FIG. 1 is a diagram illustrating a configuration of a multi-OTP operating system based on SD memory for error management according to an embodiment of the present invention.
2 is a diagram showing a configuration of an SD memory according to an embodiment of the present invention.
3 is a diagram showing a functional configuration of a wireless terminal that interfaces with a chip of an SD memory according to an embodiment of the present invention.
4 is a diagram illustrating a process of generating and authenticating an OTP for verification and an OTP for authentication according to an embodiment of the present invention.
5 is a flowchart illustrating an error count management process of the SD memory based OTP according to the first embodiment of the present invention.
6 is a flowchart illustrating an error count management process of an SD memory based OTP according to a second embodiment of the present invention.
7 is a flowchart illustrating an error count management process of an SD memory based OTP according to a third embodiment of the present invention.
8 is a flowchart illustrating an error count management process of an SD memory based OTP according to a fourth embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram illustrating a configuration of a multi-OTP operating system based on an SD memory 200 for error management according to an embodiment of the present invention.

More specifically, FIG. 1 dynamically generates a verification OTP and an authentication OTP through an SD memory 200 having a built-in chip 205 having an OTP (One Time Password) generation function, N (N> 1) -order OTPs combined with OTP for authentication are used as OTPs for transactions, and the transaction authentication or transaction failure is selectively handled by combining the OTP for verification and OTP for authentication separately And the number of errors caused by the authentication failure is not counted indiscriminately. As a person skilled in the art to which the present invention pertains, reference is made to and / It will be appreciated that various implementations of the configuration of the multi-OTP operating system based on the SD memory 200 may be inferred (e.g., some configuration portions omitted, or subdivided, or combined implementation methods) Is made, including any exemplary method, to which the technical feature that is not limited to the exemplary method shown in the figure 1.

The multi-OTP operating system based on the SD memory 200 for error management according to the present invention includes a program 315 for displaying N (N> 1) digit OTP dynamically generated in the chip 205 of the SD memory 200, Interworks with a transaction terminal 170 requesting a transaction using an OTP displayed through a program 315 of the wireless terminal 300, and the wireless terminal 300 The OTP for verification and the OTP for authentication out of N-digit OTPs inputted through the program 315 of the transaction terminal 170 are separated and extracted so as to be individually authenticated, A combination of a server or a server is implemented in the form of a server or a server combination for selectively processing a transaction authentication or a transaction failure by combining the authentication results and managing the number of errors caused by the authentication failure to be counted indiscriminately. The error tube The multi-OTP operating system based on the SD memory 200 for the mobile terminal 300 may be implemented in the form of an operating server 100 interlocked with the mobile terminal 300 and interworking with the transaction terminal 170. However, the multi-OTP operating system based on the SD memory 200 for the error management of the present invention is not limited to the operating server 100 shown in FIG. 1, and the operating server 100 shown in FIG. It is evident that some of the components may be implemented on other servers in conjunction with the operating server 100.

The SD memory 200 is an external memory detached from the wireless terminal 300 and preferably includes an IC chip 205 that conforms to at least one UICC standard including the ISO / IEC 7816 standard. According to the method of the present invention, the IC chip 205 of the SD memory 200 stores at least one dynamic seed value (e.g., a time value, a challenge value, etc.) in a specified OTP algorithm (e.g., MD4, MD5, SHA, And an OTP generation function for dynamically generating a specified number of OTPs by substituting one or more fixed seed values and providing the dynamically generated OTP to the wireless terminal 300. The chip 205 of the SD memory 200 has an encryption / decryption function according to a financial IC card standard, and can encrypt the dynamically generated OTP and provide it to the wireless terminal 300 according to an implementation method.

According to the present invention, the chip 205 of the SD memory 200 stores OTPs for verification (nn (1? N <N)) and NTP Quot;) authentication OTPs, respectively.

According to an embodiment of the present invention, the verification OTP and the authentication OTP are dynamically generated differently from each other on the chip 205 of the SD memory 200 through different OTP algorithms, or the same OTP algorithm is applied to at least one other seed Each value can be dynamically generated differently.

The user's wireless terminal 300 includes an SD recognition unit 310 for recognizing and interfacing with the SD memory 200 and is connected to the chip 205 of the SD memory 200 through the SD recognition unit 310. [ And a program 315 for receiving and outputting an OTP dynamically generated in the chip 205 of the SD memory 200 through the SD recognition unit 310 after providing at least one seed value to the SD memory 200 Preferably a user-owned mobile phone, a smart phone, a tablet PC, and the like.

According to the embodiment of the present invention, when the chip 205 of the SD memory 200 dynamically generates the OTP for verification and the OTP for authentication using different seed values, the program 315 of the wireless terminal 300 May provide a seed value for generating an OTP for verification and a seed value for generating an OTP for authentication differently to the chip 205 of the SD memory 200.

According to the first OTP providing method of the present invention, the chip 205 of the SD memory 200 generates an OTP for verification of n-digits and an OTP for authentication of (Nn) digits, OTP and an authentication OTP of (Nn) digits may be combined to form an OTP of N digits, and then the OTP may be provided to the user's wireless terminal 300.

According to the second OTP providing method of the present invention, the chip 205 of the SD memory 200 generates an OTP for verification of n-digits and an OTP for authentication of (Nn) digits, OTP and (Nn) digits of OTP for authentication are arranged in a predetermined place, so that an OTP of N digits can be configured, and then the OTP can be provided to the user's wireless terminal 300.

According to the third OTP providing method of the present invention, the chip 205 of the SD memory 200 generates an OTP for verification of n-digits and an OTP for authentication of (Nn) digits, respectively, And the program 315 included in the user's wireless terminal 300 combines the OTP for verification of n-digits and the OTP for authentication of (Nn) digits to form an N-digit OTP can do.

According to the fourth OTP providing method of the present invention, the chip 205 of the SD memory 200 generates an OTP for verification of n-digits and an OTP for authentication of (Nn) digits, respectively, And the program 315 included in the user's wireless terminal 300 combines the OTP for verification of n-digits and the OTP for authentication of (Nn) Of OTP can be configured.

The transaction terminal 170 is dynamically generated through the chip 205 of the SD memory 200 and then transmitted through the program 315 of the wireless terminal 300 to the OTP based transaction (for example, Internet banking Mobile banking, payment, etc.), and preferably includes a wired terminal such as a computer and a notebook, and a wireless terminal 300 such as a mobile phone, a smart phone, and a tablet PC. The wireless terminal 300 in which the program 315 is installed and the transaction terminal 170 may be the same terminal according to an embodiment of the present invention, and thus the present invention is not limited thereto.

1, the operation server 100 includes a program management unit 105 for managing a program 315 included in the user's wireless terminal 300, The program management unit 105 may be omitted when the program is managed through a separate management server (not shown).

The program management unit 105 downloads a program 315 linked with the SD memory 200 to the user's wireless terminal 300 through a designated application providing server (e.g., Apple's App Store, etc.) The validity of the program 315 is interlocked with the program 315 of the wireless terminal 300 and an identifier unique to the program 315 is assigned as a result of the program authentication, And identifies and manages a specific program 315 included in the program 300. Preferably, the integrity authentication object of the OTP for verification among the OTP dynamically generated in the chip 205 of the SD memory 200 of the present invention is the program 315 provided in the user's wireless terminal 300.

Referring to FIG. 1, the operation server 100 includes a chip management unit 110 for managing a chip 205 of an SD memory 200 issued to the user, and the SD memory 200 The chip management unit 110 may be omitted in the case where the chip 205 of the mobile station 200 is managed through a separate management server (not shown).

The chip management unit 110 may issue a request to the user from a registration terminal (not shown) provided in a personalization organization or a registration authority of the chip 205 embedded in the SD memory 200 or the SD memory 200 issued to the user (For example, chip serial number, personalization agent, issuer, etc.) of the chip 205 of the SD memory 200 or the program 315 provided in the user's wireless terminal 300 The information about the chip 205 of the SD memory 200 issued to the user is registered and managed. Preferably, the OTP-based transaction requested from the transaction terminal 170 is authenticated through the OTP for authentication among the OTP dynamically generated in the chip 205 of the SD memory 200.

1, the operation server 100 is dynamically generated in the chip 205 of the SD memory 200 and displayed through a program 315 provided in the user's wireless terminal 300, An OTP confirmation unit 115 for receiving N (N> 1) -order OTPs received through the designated communication network and confirming the received OTPs of N digits; (120) for separating and extracting the verification OTP (1? N &lt; N) verification OTP and the (Nn) And an authentication processing unit (125).

The SD memory 200 and the program 315 provided in the user's wireless terminal 300 interlock with each other and generate an OTP for verification and an OTP for authentication An OTP of N digits is displayed through a program 315 provided in the user's wireless terminal 300 through at least one of the first to fourth OTP provisioning methods, The OTP of the N digits displayed through the program 315 of the terminal 300 is input to the designated transaction terminal 170 and is transmitted through the designated communication network. When the wireless terminal 300 is the transaction terminal 170 according to the embodiment of the present invention, the N-digit OTP indicated through the program 315 of the wireless terminal 300 is transmitted to the program 315 of the wireless terminal 300 Lt; / RTI &gt;

The OTP checking unit 115 receives N-digit OTPs transmitted from the transaction terminal 170 through the designated communication network. Meanwhile, the N-digit OTP transmitted from the transaction terminal 170 through the designated communication network may be received by the designated OTP server 165. In this case, the OTP checking unit 115 may operate in conjunction with the OTP server 165 It is possible to confirm the N-digit OTP transmitted from the transaction terminal 170.

The separation and extraction unit 120 separates and extracts an OTP for verification of n-digits and an OTP for authentication of (Nn) digits among the N-digit OTPs identified through the OTP verification unit 115. [ When the OTP for verification of n-digits and the OTP for authentication of (Nn) digits are concatenated according to the first or third OTP providing method of the present invention, the separation extracting unit 120 extracts OTP And OTP (Nn) digits can be separately extracted based on the position where the authentication OTP is connected. If the OTP for verification of n-digits and the OTP for authentication of (Nn) digits are arranged in designated places according to the second or third OTP providing method, the separation extracting unit 120 extracts the N-number of OTP It is possible to extract and combine the numbers of the digits corresponding to the OTP and the number of the digits corresponding to the OTP for authentication, and to combine the OTPs for verification of the n digits and the OTP for authentication of the (Nn) digits .

When the OTP for verification of n digits and the OTP for authentication of (Nn) digits are separated and extracted from the N-digit OTP, the authentication processor 125 processes the extracted and extracted n-digit verification OTP so that the validity of the OTP for verification is authenticated (Nn) digits of the OTP for authentication are authenticated.

According to an embodiment of the present invention, the authentication processing unit 125 generates an OTP for verification of n-digits in the chip 205 of the SD memory 200 based on the information registered in the chip management unit 110 And then generates the authentication value of the verification OTP through the same algorithm and the seed value, and then verifies the validity of the verification OTP by comparing the generated authentication value and the verification OTP . Or the authentication processing unit 125 checks the seed value and the algorithm for generating the (Nn) digit OTP for authentication in the chip 205 of the SD memory 200 based on the information registered in the chip management unit 110 , The authentication value of the OTP for authentication may be generated through the same algorithm and the seed value, and then the validity of the OTP for verification may be verified by comparing the generated authentication value and the OTP for authentication.

Meanwhile, the verification OTP and the authentication OTP may be authenticated through a separate OTP server 165. In this case, the authentication processing unit 125 may transmit the verification OTP and the authentication OTP to the OTP server 165 After providing the OTP, the OTP server 165 can receive the authentication result for the OTP for privacy verification and the OTP for authentication.

Referring to FIG. 1, the operation server 100 includes an authentication result confirmation unit 130 for individually checking authentication results of the verification OTP and the authentication OTP, A transaction processing unit (135) for selectively processing a transaction authentication or a transaction failure with respect to the OTP-based transaction requested from the transaction terminal (170) in combination with the authentication result of the authentication OTP; The error counter control unit 140 may be configured to selectively count or initialize the number of integrity errors for the authentication OTP and the number of integrity errors for the OTP for authentication, Or an initialization error counter unit 145 for initializing or initializing the number of authentication errors for the authentication OTP according to the error count control, And an authentication error counter 155 for processing the authentication result. The number of authentication errors can be counted through a separate server (e.g., a banking server, a payment server) associated with the operation server 100 according to an embodiment of the present invention, and thus the present invention is not limited thereto.

The authentication result confirmation unit 130 individually verifies the authentication result of the OTP for verification and the authentication result of the OTP for authentication that are respectively performed through the authentication processing unit 125. The transaction processing unit 135 confirms the authentication result The OTP-based transaction requested from the transaction terminal 170 is combined with the authentication result of the verification OTP and the authentication result of the OTP for authentication that are individually verified through the authentication unit 130, The transaction is deemed to be an unauthorized transaction failure.

According to the first transaction processing and the error count counter processing method of the present invention, when it is confirmed through the authentication result confirmation unit 130 that the validity of the verification OTP and the authentication OTP are both not authenticated, the transaction processing unit 135 processes the requested OTP-based transaction from the transaction terminal 170 as a transaction failure, and the error counter control unit 140 controls to count the number of integrity errors for the verification OTP, (145) counts the number of integrity errors for the verification OTP under the control of the error counter control unit (140). On the other hand, when it is determined that both the verification OTP and the authentication OTP are not authenticated, the error counter control unit 140 controls not to count the number of authentication errors for the authentication OTP, The control unit 155 does not count the number of authentication errors for the authentication OTP. However, in this case, it is preferable not to separately initialize the number of authentication errors already counted.

According to the second transaction processing and the error count counter processing method of the present invention, when it is confirmed through the authentication result checking unit 130 that both the verification OTP and the authentication OTP are validated, the transaction processing unit 135 ) Processes the OTP-based transaction requested by the transaction terminal 170 as transaction authentication. On the other hand, if it is confirmed that both the verification OTP and the authentication OTP are authenticated, the error counter control unit 140 does not count the number of integrity errors for the verification OTP and the authentication error count for the authentication OTP And controls to initialize the number of integrity errors for the verification OTP and the number of authentication errors for the authentication OTP, respectively, according to the method.

According to the third transaction processing and error count counter processing method of the present invention, when the validity of the verification OTP is not authenticated through the authentication result confirmation unit 130 and the validity of the authentication OTP is verified as authenticated , The transaction processing unit 135 processes the requested OTP based transaction from the transaction terminal 170 as a transaction failure and the error counter control unit 140 controls to count the number of integrity errors for the verification OTP, The integrity error counter 145 counts the number of integrity errors for the verification OTP under the control of the error counter controller 140. On the other hand, if the validity of the OTP for verification is not authenticated and the validity of the OTP for authentication is verified, the error counter control unit 140 controls not to count the number of authentication errors for the authentication OTP, The authentication error counter 155 processes the authentication error count for the authentication OTP so as not to count the authentication error count. If the counted authentication error count is present, The number of times is initialized.

According to the fourth transaction processing and error count counter processing method of the present invention, when the validity of the verification OTP is authenticated through the authentication result confirmation unit 130 and the validity of the authentication OTP is not authenticated , The transaction processing unit 135 processes the OTP-based transaction requested by the transaction terminal 170 as a transaction failure, and the error counter control unit 140 controls to count the number of authentication errors with respect to the OTP for authentication, The authentication error counter 155 processes the number of authentication errors for the authentication OTP to be counted. On the other hand, if the validity of the OTP for verification is authenticated and the validity of the OTP for authentication is not authenticated, the error counter control unit 140 may control not to count the number of integrity errors for the verification OTP, The integrity error counter unit 145 does not count the number of integrity errors for the OTP for verification, and if the number of integrity errors already counted is present, the number of integrity errors .

Referring to FIG. 1, the operation server 100 determines whether the number of integrity errors for the OTP for verification exceeds a specified number. If the number of integrity errors exceeds a specified number, And an integrity error management unit 150 for requesting reinstallation of the program 315 with the program 315 provided in the system.

When the number of integrity errors for the verification OTP is counted through the integrity error counter 145, the integrity error manager 150 determines whether the number of integrity errors for the OTP for verification exceeds the specified number of times. If the number of integrity errors exceeds the designated number of times (for example, five times), the integrity error management unit 150 stops (or stops) the transaction using the dynamically generated OTP through the chip 205 of the SD memory 200 OTP authentication is deactivated), the non-face authentication process designated by the program 315 included in the wireless terminal 300 is requested to reinstall the program 315 provided in the wireless terminal 300, It does not require you to visit.

The program management unit 105 confirms whether the program 315 of the wireless terminal 300 is reinstalled through the designated non-facing authentication procedure and if the program 315 of the wireless terminal 300 is installed again, The error management unit 150 processes the transaction using the dynamically generated OTP through the chip 205 of the SD memory 200 to start again and initializes the integrity error count.

Referring to FIG. 1, the operation server 100 determines whether the number of authentication errors for the authentication OTP exceeds a specified number. If the number of authentication errors exceeds a predetermined number, And an authentication error management unit (160) for requesting a program (315) provided in the SD memory (200) to visit a designated institution corresponding to the chip (205) of the SD memory (200).

When the authentication error count for the authentication OTP is counted through the authentication error counter 155, the authentication error management unit 160 determines whether the number of authentication errors for the authentication OTP exceeds the specified number. If the number of authentication errors exceeds the designated number of times (for example, five times), the authentication error management unit 160 suspends the transaction using the dynamically generated OTP through the chip 205 of the SD memory 200 (For example, the SD memory 200 or the SD memory 200) corresponding to the SD memory 200 with the program 315 provided in the wireless terminal 300 after the OTP authentication is deactivated) ) Issuing agency or registrar, etc.).

The chip management unit 110 processes the OTP-based transaction using the OTP dynamically generated through the chip 205 of the SD memory 200 through the registration terminal of the designated organization corresponding to the SD memory 200 (E.g., new / replacement issue of the SD memory 200). If the OTP-based transaction is resumed through the designated authority, the authentication error management unit 160 processes the transaction using the OTP dynamically generated through the chip 205 of the SD memory 200 to be restarted, Initialize the authentication error count.

FIG. 2 is a diagram showing a configuration of an SD memory 200 according to an embodiment of the present invention.

More specifically, FIG. 2 shows a functional configuration of an SD memory 200 having a built-in chip 205 with an OTP generation function. If the person skilled in the art is familiar with the present invention, 2 may be referenced and / or modified to infer various implementations of the configuration of the SD memory 200 (e.g., some configurations may be omitted, or subdivided, or combined) And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

The SD memory 200 of the present invention is an external memory detached from the wireless terminal 300 and preferably includes an IC chip 205 that conforms to at least one UICC standard including the ISO / IEC 7816 standard.

Referring to FIG. 2, the SD memory 200 includes an SD interface 280 forming a contact SD interface with the wireless terminal 300, a wireless terminal 300 through the SD interface 280, A memory module 275 for forming an external memory area of the wireless terminal 300 in an interfaced state and at least one seed value necessary for dynamically generating an OTP from the wireless terminal 300, And an IC chip 205 having a function of generating OTP by substituting one or more seed values including a seed value provided from the seed value into a specified OTP algorithm. The IC chip 205 includes a chip interface unit 255 for interfacing with the wireless terminal 300, a controller 210 for controlling a procedure for interfacing with the wireless terminal 300 and generating an OTP, And a memory unit 260 for storing at least one program code or a data set necessary for controlling the display unit 210. The chip interface unit 255 of the IC chip 205 may interface with the wireless terminal 300 through a contact point 265 of a chip on board type or may be connected to the SD interface unit 280 and the chip interface unit 255 The IC chip 205 can be interfaced with the wireless terminal 300 through the SD interface unit 280 via the interface module 270 interfacing with the SD memory 200 The present invention is not limited to the above-described embodiments.

The memory unit 260 of the chip 205 incorporated in the SD memory 200 is a generic term of a nonvolatile memory corresponding to a storage resource of the chip 205. The memory unit 260 is preferably a read only memory (ROM) Erasable and Programmable Read Only Memory), and FM (Flash Memory). Preferably, the memory unit 260 includes both a NAND-type memory and a NOR-type memory. And may be included in the category of the memory unit 260 as a RAM (Random Access Memory) provided in the chip 205 according to an implementation method. According to the embodiment of the present invention, the memory 260 stores program codes corresponding to a COS (Chip Operating System), and an applet corresponding to a service to be provided through the chip 205 of the SD memory 200 Is recorded.

The control unit 210 of the chip 205 incorporated in the SD memory 200 is a general term for controlling the operation of the chip 205 and preferably includes a CPU (Central Process Unit), an MPU (Micro Process Unit) And a combination of one or more of the coprocessors and an execution memory for arithmetic processing. According to the embodiment of the present invention, the controller 210 may define a state in which the program code corresponding to the COS recorded in the memory unit 260 is loaded into the execution memory and operated by the processor, The configuration of the OTP generation function according to the present invention among the program codes corresponding to the applet operating on the Internet will be described with reference to FIG.

According to an embodiment of the present invention, the control unit 210 includes a cryptographic module 215 for encrypting one or more values through a specified encryption algorithm (for example, SEED, DEA, IDEA, DES, etc.) And a decryption module 220 for decrypting the decrypted data. The cryptographic module 215 and the decryption module 220 may be implemented as separate modules or as a module.

The cryptographic module 215 and the decryption module 220 may be implemented in the form of a logical circuit using the co-processor, a program code on a COS, or a program code implementing an applet And that the cryptographic module 215 and the decryption module 220 are implemented in the chip 205. The present invention is not limited thereto.

2, the chip 205 of the SD memory 200 includes an information receiving unit 225 for receiving at least one seed value from the interfaced wireless terminal 300, And an OTP generation unit 240 for generating an OTP through one or more seed values. When the encrypted information (for example, a seed value) is received through the information receiving unit 225, And an authentication processing unit 235 that includes a processing unit 230 and processes the designated authentication for generating the OTP.

When the chip 205 of the SD memory 200 is interfaced with the wireless terminal 300, the information receiving unit 225 receives at least one seed value from the interfaced wireless terminal 300. Preferably, the seed value received from the wireless terminal 300 may include a dynamic seed value (e.g., a time value, a challenge value, etc.) among seed values to be applied to a specified OTP algorithm (e.g., MD4, MD5, SHA, have.

If the seed value is encrypted and received, the decryption processing unit 230 can decrypt the encrypted seed value through the decryption module 220.

The OTP generation unit 240 generates a seed value (e.g., a fixed seed value) stored in the memory unit 260 and a seed value (e.g., a dynamic value of a time value or a challenge value) received from the wireless terminal 300, To an OTP algorithm to generate an OTP.

According to an embodiment of the present invention, the OTP generation unit 240 generates an OTP for verification of n (1? N <N) and an OTP for authentication of (Nn) digits among N (N> 2) can do.

According to the first OTP generation method of the present invention, the information receiving unit 225 receives a first seed value for generating an OTP for verification and a second seed value for generating an OTP for authentication, and the OTP generating unit 240) applies one or more seed values including the first seed value to a specified OTP algorithm to generate an OTP for verification of n digits, and applies one or more seed values including the second seed value to a specified OTP algorithm (Nn) digits of OTP for authentication can be generated.

According to the second OTP generation method of the present invention, the OTP generation unit 240 includes a first OTP algorithm corresponding to the OTP for verification and a second OTP algorithm corresponding to the OTP for authentication, (Nn) digit authentication by applying the at least one seed value to the second OTP algorithm by applying one or more seed values including a seed value received through the first OTP algorithm to the first OTP algorithm to generate an OTP for verification of n digits, OTP can be generated.

According to the third OTP generation method of the present invention, the information receiving unit 225 receives a first seed value for generating an OTP for verification and a second seed value for generating an OTP for authentication, and the OTP generation unit 240) comprises a first OTP algorithm corresponding to the OTP for verification and a second OTP algorithm corresponding to the OTP for authentication, and applying one or more seed values including the first seed value to the first OTP algorithm, (Nn) digits of authentication OTP by applying one or more seed values including the second seed value to the second OTP algorithm.

According to the fourth OTP generation method of the present invention, the information receiving unit 225 and the OTP generation unit 240 generate an OTP (OTP) for n-digits using a combination of two or more of the first to third OTP generation methods, And generate an OTP for authentication of (Nn) digits.

The authentication processing unit 235 receives at least one seed value from the wireless terminal 300 at the time of interfacing with the wireless terminal 300 to generate at least one OTP (for example, OTP for verification, OTP for authentication, etc.) The designated authentication can be handled at a specified point in time. Preferably, the designated authentication may include PIN (Personal Identification Number) authentication. The authentication processing unit 235 stores a PIN authentication value for PIN authentication, receives a PIN value from the interfaced wireless terminal 300, and can authenticate the received PIN value using the PIN authentication value . For example, the PIN value may be received and authenticated before the seed value is received, or received and authenticated with the time value. According to an embodiment of the present invention, the time when the authentication is processed may be performed before providing at least one OTP from the chip 205 of the SD memory 200 to the wireless terminal 300, and thus the present invention is not limited thereto . It is to be understood that the authentication process may be omitted or replaced in accordance with the intention of those skilled in the art.

2, the chip 205 of the SD memory 200 includes an OTP provider 250 for providing one or more OTPs generated through the OTP generator 240 to the wireless terminal 300 And an encryption processing unit 245 for encrypting information to be provided to the wireless terminal 300 (for example, verification OTP, authentication OTP, or N-digit OTP).

When encrypting the OTP to be provided to the wireless terminal 300, the encryption processing unit 245 encrypts the OTP to be provided to the wireless terminal 300 by using one of the first to fourth OTP provisioning methods among the OTPs generated through the OTP generation unit 240 The OTP to be provided to the terminal 300 is encrypted through the cryptographic module 215. [ Preferably, the encryption processing unit 245 can encrypt the OTP for verification and the OTP for authentication, or the N-digit OTP that combines the verification OTP and the authentication OTP.

The OTP provider 250 transmits an OTP to be provided to the wireless terminal 300 according to one of the first to fourth OTP provisioning methods among the OTPs generated through the OTP generator 240, And provides the encrypted OTP to the wireless terminal 300 through the encryption processing unit 245.

3 is a functional block diagram of a wireless terminal 300 interfacing with a chip 205 of the SD memory 200 according to an embodiment of the present invention.

3 shows a configuration of a wireless terminal 300 that interfaces with a chip 205 of the SD memory 200 shown in FIG. 1 and a configuration of a program 315 operating in the wireless terminal 300 Those skilled in the art will be able to refer to and / or modify the FIG. 3 to derive various implementations of the functional configuration of the wireless terminal 300 The present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG. The wireless terminal 300 of the present invention collectively refers to all terminals that interface with the chip 205 of the SD memory 200 and preferably includes at least one smart phone, a tablet PC, a mobile phone, and the like.

3, the wireless terminal 300 includes a control unit 301, a memory unit 311, a screen output unit 302, a key input unit 303, a sound processing unit 304, a wireless network communication unit 308, A short range wireless communication unit 307, a proximity wireless communication unit 305, a USIM reader unit 309 and a USIM, and includes an SD recognition unit 310, an SD memory 200, and a battery 306 for power supply do.

The control unit 301 is a general term for controlling the operation of the wireless terminal 300. The control unit 301 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 301 loads at least one program code included in the wireless terminal 300 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the wireless terminal 300. FIG. Hereinafter, the configuration of the program 315 of the present invention, which is implemented in the form of program code for convenience, is shown in the control unit 301 and will be described.

The memory unit 311 is a generic name of a nonvolatile memory corresponding to a storage resource of the wireless terminal 300 and includes at least one program code executed through the control unit 301 and at least one Save and maintain the dataset. The memory unit 311 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 300, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 300, The program code and data set corresponding to the program 315 of the present invention are also stored in the memory unit 311. [

The screen output unit 302 is composed of a screen output device (e.g., an LCD (Liquid Crystal Display) corresponding to the output resource of the wireless terminal 300 and a driving module for driving the screen output device) And outputs the calculation result corresponding to the screen output among the various calculation results of the control unit 301 to the screen output device.

The key input unit 303 includes at least one user input device corresponding to the input resource of the wireless terminal 300 such as a button, a keypad, a touch pad, a touch screen linked to the screen output unit 302, And inputs a command for instructing various operations of the control unit 301 in cooperation with the control unit 301 or inputs data necessary for the operation of the control unit 301. [

The sound processing unit 304 is composed of a speaker corresponding to the output resource of the wireless terminal 300, a microphone corresponding to the input resource of the wireless terminal 300 and a driving module for driving the microphone, And outputs the operation result corresponding to the sound output from the various operation results of the control unit 301 through the speaker or transmits the sound data inputted through the microphone to the control unit 301. [ The driving module decodes sound data to be outputted through the speaker and converts the sound data into a sound signal or encodes the sound signal inputted through the microphone to encode the sound signal.

The proximity wireless communication unit 305 is a communication unit that processes at least one of proximity wireless communication, bidirectional proximity wireless communication, full-duplex proximity wireless communication, and half-duplex proximity wireless communication using a radio frequency signal as a communication medium at a close distance (e.g., As a collective term of resources, it is possible to process the proximity wireless communication according to the NFC (Near Field Communication) standard of the 13.56 Mz frequency band. Alternatively, the proximity wireless communication unit 305 may process proximity wireless communication of the ISO 18000 series standard, and in this case, it may process proximity wireless communication for a frequency band other than the 13.56 Mz frequency band. For example, the proximity wireless communication unit 305 can operate in a reader mode, a tag mode, or a bidirectional communication mode. Meanwhile, the proximity wireless communication unit 305 may be included in a communication resource for connecting the wireless terminal 300 to a communication network according to an object to be communicated nearby.

The wireless network communication unit 308 and the short-range wireless communication unit 307 are collectively referred to as communication resources for connecting the wireless terminal 300 to a designated communication network. Preferably, the wireless terminal 300 may include a wireless network communication unit 308 as a basic communication resource, and may include one or more short-range wireless communication units 307.

The wireless network communication unit 308 is a collective term for a communication resource that connects the wireless terminal 300 to a wireless communication network via a base station and includes an antenna for transmitting / receiving a radio frequency signal of a specific frequency band, an RF module, a baseband module, And transmits the calculation result corresponding to the wireless communication among the various calculation results of the controller 301 to the controller 301 through the wireless communication network or receives data through the wireless communication network To the control unit 301, and performs connection, registration, communication, and hand-off procedures of the wireless communication. According to the present invention, the wireless network communication unit 308 can connect the wireless terminal 300 to a telephone communication network including a communication channel and a data channel via the exchange, and in some cases, May be connected to a data network providing communication-based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 308 is a mobile communication unit that performs at least one connection, a location registration, a call processing, a call connection, a data communication, and a handoff to a mobile communication network according to the CDMA / WCDMA / &Lt; / RTI &gt; Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 308 may further comprise a portable Internet communication configuration for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 308. [ That is, the wireless network communication unit 308 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless zone, a type of a communication network, or a protocol.

The short-range wireless communication unit 307 is a generic name of communication resources connecting a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connecting the wireless terminal 300 to the communication network based on the communication session , The wireless terminal 300 may be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to an embodiment of the present invention, the short-range wireless communication unit 307 may be integrated with or separated from the wireless network communication unit 308. According to the present invention, the short-range wireless communication unit 307 connects the wireless terminal 300 to a data network providing packet-based short-range wireless data communication through a wireless AP.

The USIM reader unit 309 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module that is mounted or detached from the mobile station 300 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is a generic name of a chip card conforming to the UICC standard, including the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 309, (Or processing) a program code for the IC chip in accordance with at least one command transmitted from the wireless terminal 300, or extracting (or processing) the data set in connection with the input / output interface, Interface to the processor.

The SD recognition unit 310 is a collective term for a unit for interfacing with the SD memory 200 shown in FIG. 1. The SD memory unit 200 preferably includes SD Contacts. According to an embodiment of the present invention, the chip 205 of the SD memory 200 is connected to the SD memory 200 via the SD interface 280 through the interface module 270 provided in the SD memory 200 shown in FIG. And may be electrically connected to the SD contact point of the SD recognition unit 310 to interface with the wireless terminal 300. According to another embodiment of the present invention, the SD recognition unit 310 may include a chip contact forming an electrical contact with the contact point 265 corresponding to the COB of the SD memory 200. In this case, The chip 205 of the SD memory 200 may be electrically connected to the chip contact through the contact point 265 to interface with the wireless terminal 300.

The program 315 of the present invention is downloaded from a program providing server (for example, an Apple App Store or the like) through a data network to which the communication resource can be connected and is stored in the memory unit 311. The downloaded program 315 operates in conjunction with a designated server, and can be manually operated by a user, or can be activated (or activated) automatically after user confirmation or automatically by receiving a message. Meanwhile, a separate program 315 may be in operation for activating the program 315 after user confirmation or automatically, and thus the present invention is not limited thereto.

3, the program 315 of the wireless terminal 300 includes a chip interlocking unit 320 for confirming a state in which the chip 205 of the SD memory 200 is interlocked through the SD recognition unit 310, A seed acquirer 330 for acquiring a seed value to be provided to the chip 205 of the SD memory 200 and a seed acquirer 330 for providing the obtained seed value to the chip 205 of the SD memory 200, An OTP verifying unit 340 for verifying an OTP dynamically generated through the chip 205 of the SD memory 200 and an OTP outputting unit 345 for outputting the verified OTP, And an authentication procedure unit 325 for performing an authentication procedure for generating an OTP through the chip 205 of the SD memory 200. [

The chip interlocking unit 320 checks whether the SD memory 200 having the chip 205 having the OTP generation function is recognized through the SD recognition unit 310. If the OTP generation is requested in the state that the chip 205 of the SD memory 200 is recognized, the seed acquiring unit 330 acquires a seed value including a time value through a timer, The seed providing unit 335 acquires the challenge value (e.g., a random number value generated at the wireless terminal 300 side or a random number generated at the designated server) And provides the obtained seed value to the chip 205 of the SD memory 200. [

After the chip 205 of the SD memory 200 is recognized and before the seed value is provided to the chip 205 of the SD memory 200, the authentication procedure unit 325, And a PIN value input through the PIN input interface through the SD recognition unit 310, thereby performing a PIN authentication procedure. Depending on the implementation method, the PIN authentication procedure may be omitted or replaced with another authentication method.

When the OTP is generated in the chip 205 of the SD memory 200, the OTP checking unit 340 may use at least one of the first to fourth OTP provisioning methods using the SD recognition unit 310 The OTP output unit 345 obtains one or more OTPs dynamically generated through the chip 205 of the SD memory 200 through the OTP output unit 345 and outputs the obtained OTP. Depending on the implementation, the private OTP can be sent to the designated server.

FIG. 4 is a diagram illustrating a process of generating and authenticating an OTP for verification and an OTP for authentication according to an embodiment of the present invention.

More specifically, FIG. 4 shows an example of an N-bit OTP received through a designated communication network after being dynamically generated in the chip 205 of the SD memory 200 and displayed through a program 315 provided in the user's wireless terminal 300 (1n &lt; N &lt; N) digit verification OTP and (Nn) digit authentication OTP are separately extracted and authenticated individually. Referring to and / or modified with respect to FIG. 4, it is possible to infer various implementations (e.g., omitting some steps or changing the order) for the process of creating and authenticating the OTP for verification and OTP for authentication The present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 4, the wireless terminal 300 recognizes (400) the SD memory 200, and the chip 205 of the SD memory 200 generates one or more And provides the seed value to the chip 205 of the SD memory 200 (400).

The chip 205 of the SD memory 200 receives one or more seed values (405), identifies one or more OTP algorithms for dynamically generating an OTP for authentication and an OTP for authentication (405) (Nn) digits of authentication OTP are generated dynamically (410) by applying a seed set including the received seed value to the algorithm (step 410). In the first to fourth OTP provision methods of the present invention The wireless terminal 300 provides N-digit OTPs to the wireless terminal 300 through at least one method, and the wireless terminal 300 transmits N-digit OTPs through at least one of the first to fourth OTP provisioning methods, (420) and displays it (425). The N-digit OTP is input to the transaction terminal 170 requesting the OTP-based transaction.

The transaction terminal 170 requests an OTP-based transaction by inputting the N-digit OTP displayed on the wireless terminal 300. The inputted N-bit OTP is transmitted to the operation server 100 through the designated communication network (435).

The operating server 100 is dynamically generated in the chip 205 of the SD memory 200 and displayed on the program 315 provided in the user's wireless terminal 300 and then input to the transaction terminal 170, (N> 1) -order OTPs transmitted through the N-number of OTPs (435), and separates and extracts the OTPs for verification of n digits and the OTPs for authentication of N-digit digits among the identified N-digit OTPs 440).

The operation server 100 processes the separated and extracted verification OTP and the authentication OTP so that the validity of the separately extracted OTP and the authentication OTP are individually authenticated (445) according to the designated OTP authentication procedure. If the verification OTP and the authentication OTP are authenticated individually, the operation server 100 individually confirms the authentication result of the authenticated OTP and the authentication result of the authentication OTP 450, respectively.

5 is a flowchart illustrating an error count management process of the OTP based on the SD memory 200 according to the first embodiment of the present invention.

In more detail, FIG. 5 is a flowchart illustrating an OTP-based transaction as a transaction failure in the case where it is confirmed through the process shown in FIG. 4 that the validity of the OTP for verification and the OTP for authentication among the N-digit OTPs is not authenticated And counting the number of integrity errors for the OTP for verification and not counting the number of authentication errors for the OTP for authentication. The present invention is not limited to the above- , It is possible to refer to and / or modify the FIG. 5 to derive various implementations of the error count management process (e.g., omitting some steps or changing the order). However, All the methods of implementation are included, and the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 5, when it is confirmed that the validation OTP and the authentication OTP are not both validated (500), the operation server 100 receives a request from the transaction terminal 170 It is determined that OTP authentication for the requested OTP-based transaction has failed (505), the number of integrity errors for the OTP for verification is counted (510), and the number of authentication errors for the OTP for authentication is not counted 515).

Meanwhile, when the number of integrity errors for the OTP for verification is counted, the operation server 100 determines whether the number of integrity errors to be counted exceeds a predetermined number (520). If the number of integrity errors is less than a designated number , The operation server 100 stops the transaction using the dynamically generated OTP (or deactivates the OTP authentication) through the SD memory 200, Facsimile authentication procedure designated by the program 315 to request reinstallation of the program 315 provided in the wireless terminal 300 (525). If the number of integrity errors does not exceed the designated number or the reinstallation of the program 315 is confirmed, a process of processing a transaction using the OTP dynamically generated through the chip 205 of the SD memory 200 .

6 is a flowchart illustrating an error count management process of the OTP based on the SD memory 200 according to the second embodiment of the present invention.

In more detail, FIG. 6 is a flowchart illustrating the process of processing the OTP-based transaction as transaction authentication when it is determined that the validity of both the OTP for verification and the OTP for authentication among the N-digit OTPs is verified through the process shown in FIG. 6 is a flowchart illustrating a method of managing the number of errors according to an exemplary embodiment of the present invention. Referring to FIG. 6, However, it should be understood that the present invention is not limited to the above-described embodiments, and may be modified in various ways.

Referring to FIG. 6, when it is confirmed that the verification OTP and the authentication OTP are both not authenticated (600) through the process shown in FIG. 4, the operation server 100 transmits (605), the number of integrity errors for the OTP for authentication is not counted (610), the number of authentication errors for the OTP for authentication is not counted (615 (610, 615) when the number of integrity errors for the verification OTP and the number of authentication errors for the authentication OTP are counted according to the execution method.

7 is a flowchart illustrating an error count management process of the OTP based on the SD memory 200 according to the third embodiment of the present invention.

In more detail, FIG. 7 illustrates an OTP-based transaction when the validity of the OTP for verification among the N-digit OTPs is not authenticated, but the validity of the OTP for authentication is verified through the process shown in FIG. Counts the number of integrity errors for the OTP for verification, does not count the number of authentication errors for the OTP for authentication, or initializes the counted number of authentication errors Those skilled in the art will be able to refer to and / or modify the FIG. 7 to determine various ways of performing the error count management process (e.g., some steps may be omitted, However, the present invention is not limited to the above-described embodiments, And the technical features thereof are not limited only by the illustrated method.

Referring to FIG. 7, when the validity of the OTP for verification is not authenticated through the process shown in FIG. 4 but the validity of the OTP for authentication is confirmed (700), the operation server 100 determines (705) that the OTP authentication for the OTP-based transaction requested by the OTP-based transaction is failed, counts the number of integrity errors for the OTP for verification (710), counts the number of authentication errors for the OTP for authentication (715). If the authentication error count for the authentication OTP is counted according to the method, the operation server 100 may initialize the counted number of authentication errors (715).

If the number of integrity errors for the OTP for verification is counted, the operation server 100 determines whether the number of integrity errors to be counted exceeds a predetermined number (720). If the number of integrity errors is greater than the designated number of times 5), the operation server 100 suspends (or deactivates OTP authentication) transactions using the dynamically generated OTP through the chip 205 of the SD memory 200, and the operation of the wireless terminal 300 Face authentication process designated by the program 315 provided in the wireless terminal 300 to request reinstallation of the program 315 provided in the wireless terminal 300 (725). If the number of integrity errors does not exceed the designated number or the reinstallation of the program 315 is confirmed, a process of processing a transaction using the OTP dynamically generated through the chip 205 of the SD memory 200 .

8 is a flowchart illustrating an error count management process of the OTP based on the SD memory 200 according to the fourth embodiment of the present invention.

More specifically, FIG. 8 illustrates an OTP-based transaction when the validity of the OTP for verification among the N-digit OTPs is authenticated through the process shown in FIG. 4, but the validity of the OTP for authentication is not authenticated Processing for processing a transaction failure and counting the number of authentication errors for the OTP for authentication but not counting the number of integrity errors for the OTP for verification or initializing the counted number of integrity errors Those skilled in the art will appreciate that various modifications and variations of the method of managing the number of errors (e.g., some steps may be omitted or the sequence may be changed) However, it should be understood that the present invention includes all of the above- Only the exemplary method shown in FIG. 8 is not limited that technical feature.

Referring to FIG. 8, if the validity of the OTP for verification is authenticated through the process shown in FIG. 4, but the validity of the OTP for authentication is not authenticated (800) It is determined that the OTP authentication for the OTP-based transaction requested by the OTP-based transaction has failed (805), and the number of authentication errors for the OTP for authentication is counted (810) It does not count (815). If the number of integrity errors for the verification OTP is counted according to the method, the operating server 100 may initialize the counted number of integrity errors (815).

If the authentication error count for the OTP for authentication is counted, the operation server 100 determines whether the counted authentication error count exceeds a specified number (820). If the authentication error count is less than the designated number (e.g., 5), the operation server 100 suspends (or deactivates OTP authentication) transactions using the dynamically generated OTP through the chip 205 of the SD memory 200, and the operation of the wireless terminal 300 (For example, the SD memory 200 or the issuing authority or the registrar of the chip 205 of the SD memory 200) corresponding to the SD memory 200 by the program 315 provided in the SD memory 200 (825). If the number of times of authentication failure does not exceed the designated number or the user visits the designated organization and information about the SD memory 200 is updated, A process of processing a transaction using an OTP can be performed.

100: Operation server 105: Program management section
110: chip management unit 115: OTP verification unit
120: separation and extraction unit 125: authentication processing unit
130: authentication result confirmation unit 135: transaction processing unit
140: Error counter control unit 145: Integrity error counter unit
150: Integrity error management unit 155: Authentication error counter unit
160: authentication error management unit 200: SD memory

Claims (10)

A method executed in a server that receives an OTP dynamically generated N (N > 1) digits in a chip of an SD memory and performs an authentication procedure,
(1n < N) number of verification OTPs and (Nn) digits of the N-digit number of OTP received through the designated communication network after being dynamically generated in the chip of the SD memory and displayed through a program installed in the user's wireless terminal, A first step of separating and extracting the OTP for authentication of the present invention;
A second step of processing the extracted and extracted verification OTP and the authentication OTP so that the validity of the verification OTP and the authentication OTP are respectively authenticated;
A third step of individually checking the authentication result of the verification OTP and the authentication result of the authentication OTP; And
And a fourth step of selectively processing transaction authentication or transaction failure for the OTP-based transaction by combining the authentication result of the OTP for verification and the authentication result of the OTP for authentication,
The OTP for verification and the OTP for authentication,
Each chip in the SD memory is dynamically generated by different algorithms,
Wherein each SD chip is dynamically generated on at least one different seed value in a chip of the SD memory.
The method according to claim 1,
And a fifth step of controlling the number of integrity errors for the verification OTP and the number of authentication errors for the authentication OTP to be selectively counted or initialized by combining the authentication results of the verification OTP and the authentication OTP Wherein the method comprises the steps of:
3. The method of claim 2,
And a sixth step of requesting reinstallation of the program with the program included in the wireless terminal when the counted number of times of integrity failure exceeds the designated number of times.
3. The method of claim 2,
If the validity of both the verification OTP and the authentication OTP is not authenticated,
The fourth step includes processing the OTP-based transaction as a transaction failure,
Wherein the fifth step counts the number of integrity errors for the verification OTP and does not count the number of authentication errors for the authentication OTP.
3. The method of claim 2,
If both the verification OTP and the authentication OTP are validated,
Wherein the fourth step is to process the OTP-based transaction as transaction authentication.
6. The method according to claim 5,
Wherein the number of integrity errors for the verification OTP and the number of authentication errors for the authentication OTP are initialized.
3. The method of claim 2,
When the validity of the OTP for verification is not authenticated and the validity of the OTP for authentication is authenticated,
The fourth step includes processing the OTP-based transaction as a transaction failure,
Wherein the fifth step counts the number of integrity errors for the OTP for verification but does not count the number of authentication errors for the authentication OTP or initializes the counted number of authentication errors A method for operating multi - object based on SD memory.
3. The method of claim 2,
When the validity of the OTP for verification is authenticated and the validity of the OTP for authentication is not authenticated,
The fourth step includes processing the OTP-based transaction as a transaction failure,
Wherein the fifth step comprises processing to count the number of authentication errors for the authentication OTP and to not count the number of integrity errors for the verification OTP or to initialize the number of integrity errors that have been counted. Based multipotent operating method.
delete delete

Images