KR102268471B1 - Method for Authenticating Non-Faced Transaction by using Transaction Information and Near Field Communication Card for Generating One Time Password - Google Patents

Abstract

The present invention relates to a transaction authentication method using transaction information and an NFCP card, and communicates with a user's terminal through a first channel including a designated communication path, and through a second channel different from the first channel In the method executed by a server communicating with a user's wireless terminal, n (1≤n<N) input or selected by the user among N (N≥2) pieces of transaction information to be input from the user's terminal for non-face-to-face transaction Receives transaction information, checks m (m≥1) transaction information inquired through the ledger system corresponding to the received n transaction information, and selects n'(1≤n) from among the n transaction information (n'+m') pieces of information including at least one of '≤n) pieces of information and m' (1≤m'≤m) pieces of information selected from the m transaction information inquired are transmitted to the user's wireless terminal t(1≤t≤(n'+m')) pieces of authentication information corresponding to preset designated information among (n'+m') pieces of information transmitted to the user's wireless terminal It receives and receives input through the terminal, checks the authentication result by performing an authentication procedure on the n pieces of transaction information or t pieces of authentication information received in response to the designated information among the m pieces of transaction information, and the t pieces of authentication information are When authenticated, information is transmitted to the user's wireless terminal to approve the generation of a disposable code using the chip of the card interfaced through NFC (Near Field Communication), and the disposable generated through the chip of the card from the user's terminal A procedure of receiving and receiving (Nn) transaction information including a code is performed, and an authentication procedure is performed on the received one-time code included in the (Nn) transaction information to confirm the authentication result, and the one-time code When is authenticated, processing a transaction using N pieces of transaction information including n pieces of transaction information received before authenticating the t pieces of authentication information and (Nn) pieces of transaction information received after authenticating the t pieces of authentication information control to carry out the procedure.

Description

Method for Authenticating Non-Faced Transaction by using Transaction Information and Near Field Communication Card for Generating One Time Password

The present invention is a method executed by a server that communicates with a user's terminal through a first channel including a designated communication path and communicates with a user's wireless terminal through a heterogeneous second channel differentiated from the first channel, Receives n (1≤n<N) pieces of transaction information input or selected by the user among N (N≥2) pieces of transaction information to be input for non-face-to-face transaction from the user's terminal, and corresponds to the received n pieces of transaction information Check m (m≥1) transaction information inquired through the ledger system, and select from n' (1≤n'≤n) pieces of information selected from the n pieces of transaction information and m pieces of transaction information inquired (n'+m') pieces of information including at least one of the m' (1≤m'≤m) pieces of information are transmitted to the user's wireless terminal, and (n'+m) transmitted to the user's wireless terminal ') pieces of information, t(1≤t≤(n'+m')) pieces of authentication information corresponding to preset designated information are received and received through the user's wireless terminal, and the n pieces of transaction information or m pieces of information are received. In the transaction information, an authentication procedure is performed on the t pieces of authentication information received in response to the specified information to confirm the authentication result, and when the t pieces of authentication information are authenticated, NFC (Near Field Communication) is performed with the user's wireless terminal. A procedure for transmitting information authorizing the generation of a one-time code using the chip of the card interfaced through the interface, and receiving and receiving (Nn) transaction information including the one-time code generated through the chip of the card from the user's terminal and confirms the authentication result by performing an authentication procedure for the one-time code received included in the (Nn) transaction information, and when the one-time code is authenticated, the n received before authenticating the t pieces of authentication information Transaction information that controls to perform a transaction processing procedure using N pieces of transaction information including (Nn) pieces of transaction information received after authenticating the t pieces of transaction information and the t pieces of authentication information and transaction using the NFCP card It relates to the authentication method.

Recently, memory hacking has become an issue. By using memory hacking, even normal financial transactions using OTP (One Time Password) can be turned into fraudulent financial transactions. For example, even if an authentication error such as password or OTP occurs during non-face-to-face financial transactions, a procedure that requires input of the same password or OTP within 5 times is provided to maintain user convenience and transaction continuity.

Memory hacking manipulates normal transactions by digging into the characteristics of transaction procedures to maintain transaction continuity. If you look at the typical transaction procedure of transfer transaction among conventional non-face-to-face financial transactions, various transaction information required for transfer transaction is input and transmitted on one page (or user interface), and when the transaction information transmission is completed, authentication such as OTP You have to enter a number. At this time, the hacker (or malicious code) copies and stores the transaction information at the time when various transaction information is input and transmitted, copies it at the time when the OTP dynamically generated through the designated OTP token is input and transmitted, and then sends the wrong OTP This leads to an authentication error. Then, the system is initialized to re-enter transaction information. At this time, the hacker (or malicious code) manipulates the copied transaction information (eg, manipulates it to transfer to the hacker's illegal account) and repeats the transaction procedure with the manipulated transaction information using the copied OTP, so that the user can make a normal transaction. tampering with fraudulent transactions. Of course, in order to prevent such memory hacking, if an OTP authentication error occurs, a new OTP can be regenerated and entered through the OTP token, even if a hacker (or malicious code) attempts an illegal transaction through memory hacking. Since the OTP has already been changed, the fraudulent transaction can be blocked. However, such a solution is irrelevant to transaction continuity and causes another problem that hinders user convenience. In addition, the case of memory hacking is not limited to the above method, and may be changed in various ways by copying or replacing transaction information or OTP in memory.

An object of the present invention for solving the above problems is to communicate with a user's terminal through a first channel including a designated communication path and communicate with a user's wireless terminal through a second channel different from the first channel. In a method executed by a communicating server, n (1≤n<N) transaction information input or selected by a user among N (N≥2) transaction information to be input for non-face-to-face transaction is received from the user's terminal a first step of performing a first step of performing a transaction, a second step of checking m (m≥1) pieces of transaction information inquired through the ledger system corresponding to the received n pieces of transaction information, and a second step of checking n' (1≤1) pieces of transaction information (n'+m') pieces of information including n'≤n) pieces of information and at least one piece of m'(1≤m'≤m) pieces of information selected from the m transaction information inquired from the user's wireless terminal t (1≤t≤(n'+m')) pieces of authentication information corresponding to preset designated information among (n'+m') pieces of information transmitted to the user's wireless terminal A fourth step of receiving and receiving input through the user's wireless terminal and performing an authentication procedure for t pieces of authentication information received in response to the designated information among the n pieces of transaction information or m pieces of transaction information to confirm the authentication result A fifth step and a sixth step of transmitting information authorizing generation of a one-time code using a chip of a card interfaced through NFC (Near Field Communication) to the wireless terminal of the user when the t pieces of authentication information are authenticated; A seventh step of receiving and receiving (Nn) pieces of transaction information including the one-time code generated through the chip of the card from the user's terminal and the one-time code received by being included in the (Nn) pieces of transaction information Step 8 of confirming the authentication result by performing an authentication procedure for , and when the one-time code is authenticated, the n pieces of transaction information received before authenticating the t pieces of authentication information and the n pieces of information received after authenticating the t pieces of authentication information The procedure for processing transactions using N pieces of transaction information including (Nn) pieces of transaction information An object of the present invention is to provide a transaction authentication method using transaction information and an NFCP card including a ninth step of controlling to perform.

In the transaction authentication method using transaction information and NFCP card according to the present invention, the user communicates with the user's terminal through a first channel including a designated communication path, and the user through a second channel different from the first channel In the method executed by a server communicating with a wireless terminal of A first step of receiving transaction information, a second step of confirming m (m≥1) pieces of transaction information inquired through a ledger system corresponding to the received n pieces of transaction information, and n selected from the n pieces of transaction information (n'+m') pieces of information including at least one '(1≤n'≤n) pieces of information and m'(1≤m'≤m) pieces of information selected from the m transaction information inquired The third step of transmitting to the user's wireless terminal and t(1≤t≤(n'+m')) corresponding to preset designated information among (n'+m') pieces of information transmitted to the user's wireless terminal A fourth step of receiving and receiving authentication information through the user's wireless terminal and performing an authentication procedure for t pieces of authentication information received in response to the designated information among the n pieces of transaction information or m pieces of transaction information A fifth step of confirming the result and, when the t pieces of authentication information are authenticated, the first step of transmitting information to approve the generation of a one-time code using the chip of the card interfaced through NFC (Near Field Communication) to the user's wireless terminal Step 6 and step 7 of performing a procedure of receiving and receiving (Nn) pieces of transaction information including the one-time code generated through the chip of the card from the user's terminal and the (Nn) pieces of transaction information include Step 8 of performing an authentication procedure on the received one-time code to check the authentication result, and when the one-time code is authenticated, the n pieces of transaction information and the t pieces of authentication information received before authenticating the t pieces of authentication information are authenticated The transaction is processed using N transaction information including (Nn) transaction information received after It is characterized in that it includes a ninth step of controlling to perform the procedure.
In the transaction authentication method using transaction information and NFCP card according to the present invention, the n pieces of transaction information include a deposit bank, a deposit account number, and a deposit amount, and the ledger system includes a ledger system for the deposit bank. Including, the m pieces of transaction information, characterized in that it is made including the name of the account holder of the deposit account.
In the transaction authentication method using transaction information and NFCP card according to the present invention, the n' pieces of information include n' pieces of individual transaction information included in the n pieces of transaction information or partial information of each individual transaction information. It is characterized in that it comprises information.
In the transaction authentication method using transaction information and NFCP card according to the present invention, the m' pieces of information include m' pieces of individual transaction information included in the m pieces of transaction information or partial information of each individual transaction information. It is characterized in that it comprises information.
In the transaction authentication method using transaction information and an NFCP card according to the present invention, the third step includes: designating t pieces of authentication information to be input by a user among the (n'+m') pieces of information; It characterized in that it further comprises the step of transmitting the designation information designating t pieces of authentication information to the user's wireless terminal.
In the transaction authentication method using the transaction information and the NFCP card according to the present invention, the fourth step is when t pieces of authentication information among the (n'+m') pieces of information are designated through the user's wireless terminal. , receiving, from the user's wireless terminal, designation information specifying t pieces of authentication information among the (n'+m') pieces of information.
In the transaction authentication method using transaction information and NFCP card according to the present invention, the one-time code includes a card-side seed value stored in the chip of the card, a time value provided from the wireless terminal to the chip of the card, and in the server It is characterized in that it includes a code generated through the chip of the card by using two or more of the provided server-side seed values as seeds.
The transaction authentication method according to the present invention is executed by a server that communicates with a user's terminal through a first channel including a designated path and communicates with a user's wireless terminal through a second channel different from the first channel. In the transaction authentication method using transaction information and NFCP card, n (1≤n<N) pieces of n (1≤n<N) pieces of transaction information input or selected by a user among N (N≥2) pieces of transaction information to be input from a user's terminal for non-face-to-face transactions A first step of receiving transaction information, a second step of confirming m (m≥1) pieces of transaction information inquired through a ledger system corresponding to the n pieces of transaction information, and n' ( (n'+m') pieces of information each including 1≤n'≤n) pieces of information and m'(1≤m'≤m) pieces of information among the m pieces of transaction information inquired a third step of transmitting to , and receiving t(1≤t≤(n'+m')) pieces of authentication information input by the user through the user's wireless terminal among the (n'+m') pieces of information A fourth step, a fifth step of authenticating the validity of the received t pieces of authentication information through the n pieces of transaction information or m pieces of transaction information; The generation of a one-time code using the chip of the card interfaced through NFC (Near Field Communication) with the terminal is approved, and (Nn) transaction information including the one-time code generated through the chip of the card is transmitted through the user's terminal. and a sixth step of controlling the input to be received.

According to the present invention, the n pieces of transaction information may include a deposit bank, a deposit account number, and a deposit amount.

According to the present invention, the ledger system corresponding to the n pieces of transaction information may include a depositing bank-side ledger system.

According to the present invention, the m pieces of transaction information may include the name of the account holder of the deposit account.

According to the present invention, the n' pieces of information may include n' pieces of information among each individual transaction information included in the n pieces of transaction information or partial information of each individual transaction information.

According to the present invention, the m' pieces of information may include m' pieces of information among each individual transaction information included in the m pieces of transaction information or partial information of each individual transaction information.

According to the present invention, the third step includes the steps of specifying t pieces of authentication information to be input by the user among the (n'+m') pieces of information, and assigning the designating information specifying the t pieces of authentication information to the user's wireless terminal It may further include the step of transmitting to.

According to the present invention, in the fourth step, when t pieces of authentication information among the (n'+m') pieces of information are designated through the user's wireless terminal, the (n'+m') The method may further include receiving designation information designating t pieces of authentication information among pieces of information.

According to the present invention, the disposable code uses two or more of the card-side seed value stored in the chip of the card, the time value provided from the wireless terminal to the card chip, and the server-side seed value provided by the server as a seed. It may contain code generated via a chip on the card.

According to the present invention, the transaction authentication method may further include receiving (Nn) pieces of transaction information from the user's terminal when the validity of the t pieces of authentication information is authenticated.

According to the present invention, the one-time code may be used as an authentication value for using the user's public certificate in the user's terminal. In this case, in the sixth step, when the validity of the one-time code is authenticated, the procedure of using the user's public certificate may be controlled to be performed.

According to the present invention, the transaction authentication method may further include, when the (Nn) pieces of transaction information are received, processing the one-time code included in the (Nn) pieces of transaction information to be authenticated.

According to the present invention, in the transaction authentication method, when the (Nn) pieces of transaction information are received, using the N pieces of transaction information received from the user's terminal, controlling the procedure for processing the non-face-to-face transaction to be performed may further include.

According to the present invention, transaction information (eg, deposit bank, deposit account number, etc.) that is a target of memory hacking among transaction information input or selected by the user is received through the user's terminal, and based on the received transaction information, the user After confirming separate transaction information that can be intuitively recognized (eg, the name of the account holder), information including at least one of the received and confirmed transaction information is provided to the user's wireless terminal through a separate channel and displayed , there is an advantage of providing a variety of safe one-time code-based transactions while blocking memory hacking by allowing the user to re-enter and transmit authentication information including specified information among the information provided through the separate channel and authenticate it.

1 is a diagram illustrating a system configuration for providing a transaction authentication system of the present invention.
2 is a diagram illustrating a configuration of a transaction authentication system according to an embodiment of the present invention.
3 is a diagram illustrating a functional configuration of a wireless terminal that interfaces with a card according to an embodiment of the present invention.
4 is a diagram illustrating the configuration of a contactless card for generating a disposable code according to an embodiment of the present invention.
5 is a diagram illustrating a process of transmitting and receiving n pieces of transaction information according to an embodiment of the present invention.
6 is a diagram illustrating a process of dynamically generating a one-time code using a chip of a card interfaced with a user's wireless terminal according to an embodiment of the present invention.
7 is a diagram illustrating a process of processing non-face-to-face transactions by transmitting and receiving (Nn) pieces of transaction information according to an embodiment of the present invention.

Hereinafter, the principle of operation of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. However, the drawings shown below and the following description are for preferred implementation methods among various methods for effectively explaining the features of the present invention, and the present invention is not limited only to the following drawings and description. For example, it is possible to be implemented in a form in which a component provided on the server side is implemented on the terminal side, or, conversely, a component provided on the terminal side is implemented on the server side.

In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted. And the terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to the intention or custom of the user or operator. Therefore, the definition should be made based on the content throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those of ordinary skill in the art to which the present invention belongs. only

1 is a diagram illustrating a system configuration for providing a transaction authentication system 200 of the present invention.

In more detail, FIG. 1 shows n (1≤n<N) including designated information among N (N≥2) pieces of transaction information to be input for non-face-to-face transaction through the first channel connected to the user's terminal 100. After receiving transaction information and inquiring m (m≥1) transaction information through the ledger system 120 corresponding to the n pieces of transaction information, a second channel different from the first channel is used. At least one designated information among the n pieces of transaction information input or selected by the user through the ledger system 120 and the m pieces of transaction information inquired through the ledger system 120 is provided and exposed to the user's wireless terminal 300, and the exposed After receiving authentication information by allowing the user to input authentication information including at least some of the information, and when the validity of the transaction information is authenticated through the authentication information, the user's wireless terminal 300 and NFC A system that dynamically generates a one-time code through the chip 405 of the interfaced card 400 and outputs it through the wireless terminal 300 to be used as (Nn) transaction information received through the first channel As showing a configuration diagram, those of ordinary skill in the art to which the present invention pertains, refer to and/or modify this FIG. 1 to provide various implementation methods for the system configuration diagram for providing the transaction authentication system 200 (For example, some components are omitted, or subdivided, or combined implementation methods) can be inferred, but the present invention is made including all the implementation methods inferred above, and only the implementation method shown in this figure 1 The technical characteristics are not limited.

The system configuration of the present invention includes a user's terminal 100 that receives and transmits transaction information input or selected from a user, and receives and displays specified information among the transaction information input or selected by the user, and includes some information of the displayed information It includes a user's wireless terminal 300 for receiving and transmitting authentication information, is connected to the user's terminal 100 through a first channel, and is connected to the user's wireless terminal through a second channel different from the first channel It is connected to the terminal 300 and receives n (1≤n<N) pieces of transaction information including designated information among N pieces of transaction information for non-face-to-face transactions from the user's terminal 100 through the first channel, , after inquiring m (m ≥ 1) transaction information through the ledger system 120 corresponding to the received n transaction information, the n transaction information input or selected by the user himself/herself through the second channel and At least one designated information among the m pieces of transaction information inquired through the ledger system 120 is provided and exposed to the user's wireless terminal 300, and authentication information including at least some of the exposed information is provided to the user. Through the chip 405 of the card 400 interfaced through NFC with the wireless terminal 300 of the user when the validity of the transaction information is authenticated through the authentication information and the authentication information. After dynamically generating a one-time code, it is output through the wireless terminal 300 to be used as (Nn) pieces of transaction information received through the first channel. According to the implementation method of the present invention, the transaction authentication system 200 receives transaction information from the user's terminal 100 and a transaction server 105 that processes non-face-to-face transactions based on this, or authentication of the transaction information At least one server or two of a separate control server 115 that controls the non-face-to-face transaction of the transaction server 105 by performing a procedure, and a code server 110 that generates and/or authenticates the one-time code. It can be implemented through the above servers.

The user's terminal 100 is a generic term for terminals used by the user for non-face-to-face transactions, and preferably includes a wired terminal including a computer, a laptop computer, etc. used by the user, and a mobile phone, a smartphone, a tablet PC, etc. used by the user. It may include a wireless terminal 300 . The user's terminal 100 receives or selects N pieces of transaction information for non-face-to-face transactions from the user and transmits them through a designated path.

The wireless terminal 300 of the shopping user performs an authentication procedure of input or selected transaction information through the user's terminal 100, and when the validity of the transaction information is authenticated through the authentication information, the user's wireless terminal (300) to dynamically generate a disposable code through the chip 405 of the card 400 interfaced through NFC, and to receive and display the dynamically generated disposable code through the chip 405 of the card 400 As a generic term for terminals performing the procedure, it may include a wireless terminal 300 such as a mobile phone, a smart phone, a tablet PC, etc. preferably used by a user.

The user's terminal 100 directly or relay communicates with the transaction authentication system 200 through a first channel, and the user's wireless terminal 300 authenticates the transaction through a second channel different from the first channel Direct or relay communication with the system 200 . In the present invention, the first channel and the second channel are defined as satisfying one or more conditions among heterogeneous terminals, heterogeneous communication networks, heterogeneous programs, and heterogeneous servers. For example, if the user's terminal 100 is a wired terminal used by the user and the user's wireless terminal 300 is the user's wireless terminal 300, the channel separation condition of the present invention is satisfied. Even if the user's terminal 100 is a wireless terminal used by the user, if the user's wireless terminal 300 is a different wireless terminal 300 from the user's terminal 100, the channel separation condition of the present invention is satisfied. . Alternatively, if the user's terminal 100 directly/indirectly communicates with the transaction authentication system 200 through a wired communication network and the user's wireless terminal 300 communicates directly/indirectly through the wireless communication network, the present invention The condition for channel separation is satisfied. Alternatively, even if the user's terminal 100 and the wireless terminal 300 are the same wireless terminal 300, a program for requesting a non-face-to-face transaction for inputting/selecting transaction information in the wireless terminal 300 and the transaction information If the authentication procedure and the program 315 for requesting and outputting a one-time code generation request and output through the chip 405 of the card 400 are separately separated, it can be said that the channel separation condition of the present invention is satisfied. On the other hand, even if the user's terminal 100 and the wireless terminal 300 are the same wireless terminal 300, a server to which a communication channel is connected to request a non-face-to-face transaction by inputting/selecting transaction information and authentication of the transaction information If the server to which the communication channel is connected to perform the procedure for requesting and outputting the one-time code generation request and output through the chip 405 of the card 400 is different from the procedure, it can be said that the channel separation condition of the present invention is satisfied.

The transaction server 105 is a generic name of a server that processes non-face-to-face transactions using transaction information input or selected by the user through the user's terminal 100, and is preferably a banking server of a bank or electronic finance according to the non-face-to-face transaction. It may include a server provided in various financial institutions, such as a server, a payment server or a payment approval server of various card companies, or a server of a securities company. The non-face-to-face transaction is a non-face-to-face banking transaction using an account opened at a bank (eg, a real account or a virtual account), a non-face-to-face credit card payment using a credit card issued by a card company, a check card issued by the card company, and a bank. Non-face-to-face debit card payment by linking an opened account, non-face-to-face debit card payment or cash card transaction linking a bank-issued debit or cash card with an account opened at a bank, non-face-to-face prepayment using a prepaid card issued by a prepaid card company It may include at least one non-face-to-face transaction among card payments. According to the implementation method of the present invention, the transaction authentication system 200 or at least some components of the transaction authentication system 200 may be implemented in the transaction server 105 .

The code server 110 is a server that performs a procedure for authenticating the one-time code dynamically generated through the chip 405 of the card 400 interfaced with the wireless terminal 300 through the user's wireless terminal 300 As a general name of, the transaction information input or selected by the user (or specified information among transaction information) through the user's terminal 100 is provided through a specified path, and the transaction received through the user's wireless terminal 300 Perform the process of authenticating information. According to the embodiment of the present invention, the transaction authentication system 200 or at least some components of the transaction authentication system 200 may be implemented in the code server 110 .

The control server 115 is a generic term for servers that may include the transaction authentication system 200 or at least some components of the transaction authentication system 200 in addition to the transaction server 105 and the code server 110, When the present invention is implemented using the provided transaction server 105 and code server 110, the transaction authentication system 200 is provided to the provided transaction server 105 and/or code server 110. It provides the ability to practice the present invention without implementation. When the transaction authentication system 200 is provided in the control server 115 , the control server 115 operates in conjunction with the transaction server 105 and/or the code server 110 .

The ledger system 120 is a generic term for a system that is provided in a financial institution that processes non-face-to-face transactions and manages a ledger such as an account or card. Preferably, the ledger system 120 provided in each financial institution is a common network (eg, , financial network, etc.).

Hereinafter, the technical features of the present invention will be described through an embodiment in which the non-face-to-face transaction is a non-face-to-face banking transaction.

Figure 2 is a diagram showing the configuration of the transaction authentication system 200 according to the implementation method of the present invention.

In more detail, FIG. 2 shows n (1≤n<N) including specified information among N (N≥2) pieces of transaction information to be input for non-face-to-face transaction through the first channel connected to the user's terminal 100. After receiving transaction information and inquiring m (m≥1) transaction information through the ledger system 120 corresponding to the n pieces of transaction information, a second channel different from the first channel is used. At least one designated information among the n pieces of transaction information input or selected by the user through the ledger system 120 and the m pieces of transaction information inquired through the ledger system 120 is provided and exposed to the user's wireless terminal 300, and the exposed After receiving authentication information by allowing the user to input authentication information including at least some of the information, and when the validity of the transaction information is authenticated through the authentication information, the user's wireless terminal 300 and NFC A system that dynamically generates a one-time code through the chip 405 of the interfaced card 400 and outputs it through the wireless terminal 300 to be used as (Nn) transaction information received through the first channel As for the configuration of, those of ordinary skill in the art to which the present invention pertains, refer to and/or modify this figure 2 and various implementation methods for the configuration of the transaction authentication system 200 (eg, some components are Omitted, or subdivided, or combined implementation method) may be inferred, but the present invention is made including all the implementation methods inferred above, and the technical characteristics are not limited only to the implementation method shown in FIG. 2 .

Referring to Figure 2, the transaction authentication system 200, the user input or selected n (1≤n<) of N (N≥1) pieces of transaction information to be input for non-face-to-face transaction from the user's terminal 100 A transaction information receiving unit 205 for receiving N) pieces of transaction information, and a transaction information checking unit for checking m (m≥1) pieces of transaction information inquired through the ledger system 120 corresponding to the n pieces of transaction information ( 210) and n'(1≤n'≤n) pieces of information among the n pieces of transaction information and m'(1≤m'≤m) pieces of information among the m pieces of inquired transaction information ( and an information transmitter 220 for transmitting n'+m') pieces of information to the user's wireless terminal 300, and to transmit (n) pieces of transaction information and m pieces of transaction information to the user's wireless terminal 300 An information selection unit 215 for selecting '+m') pieces of information is provided.

The user's terminal 100 receives a selection of a transaction type through an interface provided by the transaction server 105 (eg, an interface on a web page) or an interface displayed through an application provided in the terminal 100 . By selecting the transaction type, N pieces of transaction information to be input for the non-face-to-face transaction corresponding to the transaction type are determined. The N pieces of transaction information include account information, amount information, and a one-time code dynamically generated at the time of non-face-to-face transaction.

The user's terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type. The interface may include an interface for receiving n pieces of transaction information corresponding to some of the N pieces of transaction information to be input for non-face-to-face transaction corresponding to the selected transaction type, or an interface for receiving the N pieces of transaction information can

When N'(N'≥n) pieces of transaction information are input through the interface, the user's terminal 100 transmits the N' pieces of transaction information input or selected by the user through a designated path. For example, the user's terminal 100 may transmit the n pieces of transaction information to a server provided with the transaction authentication system 200 . Alternatively, the user's terminal 100 may transmit the N' pieces of transaction information to a designated transaction server 105, and the transaction server 105 transmits n pieces of transaction information based on the N' pieces of transaction information. It can be transmitted to a server equipped with the authentication system 200 .

The transaction information receiving unit 205 receives n pieces of transaction information input or selected by a user for the non-face-to-face transaction through a designated path. Preferably, the n pieces of transaction information include transaction information corresponding to the deposit bank and deposit account number and transaction information corresponding to the deposit amount (or transfer amount) to be deposited (or transferred) to the deposit account of the deposit bank, Depending on the implementation method, transaction information corresponding to the withdrawal bank and withdrawal account number and transaction information corresponding to the withdrawal amount (or collection amount) to be withdrawn (or collected) from the withdrawal account of the withdrawal bank may be included. Meanwhile, depending on the implementation method, the n pieces of transaction information may include all transaction information related to deposit and withdrawal, and may include transaction information for any one of deposit and withdrawal.

According to the first transaction information receiving method of the present invention, the transaction information receiving unit 205 is input or selected transaction information through the user's terminal 100 until a one-time code is input among the N pieces of transaction information for the non-face-to-face transaction. may be received as the n pieces of transaction information.

According to the second transaction information receiving method of the present invention, the transaction information receiving unit 205 is input or selected transaction information through the user's terminal 100 until a one-time code is input among the N pieces of transaction information for the non-face-to-face transaction. Transaction information corresponding to a designated part among the n pieces of transaction information may be received.

According to the third transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information related to the money deposit side first transmitted from the user's terminal 100 among the N pieces of transaction information for the non-face-to-face transaction. It can be received as the n pieces of transaction information.

According to the fourth transaction information receiving method of the present invention, the transaction information receiving unit 205 receives transaction information excluding transaction information used as a one-time code among the N pieces of transaction information for the non-face-to-face transaction as the n pieces of transaction information. can do.

According to the fifth transaction information receiving method of the present invention, the transaction information receiving unit 205 includes transaction information excluding transaction information used as a one-time code among the N pieces of transaction information for the non-face-to-face transaction and the user's terminal 100 It is possible to receive the transaction information related to the money deposit side first received from the n pieces of transaction information.

When the n pieces of transaction information are checked, the transaction information confirmation unit 210 determines the inquiry target ledger system 120 to inquire about the m pieces of transaction information using the n pieces of transaction information. Preferably, the inquiry target ledger system 120 includes a deposit bank-side ledger system 120 (eg, account system), and may include a withdrawal bank-side ledger system 120 according to an implementation method.

According to the embodiment of the present invention, the transaction information confirmation unit 210 may determine the inquiry target ledger system 120 by using a deposit bank and/or a deposit account number among the n pieces of transaction information. For example, when the non-face-to-face transaction is an account transfer transaction between other banks, the transaction information confirmation unit 210 is connected through a common network using the deposit bank and/or deposit account number included in the n pieces of transaction information. The ledger system 120 of the other row may be determined as the inquiry target ledger system 120 . Alternatively, if the non-face-to-face transaction is a bank transfer transaction, the transaction information confirmation unit 210 determines the ledger system 120 of the bank as the inquiry target ledger system 120 using the deposit bank and/or the deposit account number. can

According to another embodiment of the present invention, the transaction information confirmation unit 210 may determine the inquiry target ledger system 120 by using a withdrawal bank and/or a withdrawal account number among the n pieces of transaction information. For example, if the non-face-to-face transaction is a collection-type transaction, the ledger system 120 of another bank or the bank's ledger connected through a common network using the withdrawal bank and/or withdrawal account number included in the n transaction information The system 120 may be determined as the inquiry target ledger system 120 .

When the inquiry target ledger system 120 is confirmed, the transaction information confirmation unit 210 provides at least one piece of information necessary for transaction information inquiry among the n transaction information to the inquiry target ledger system 120 to provide the inquiry m transaction information is provided from the target ledger system 120 . Preferably, the m pieces of transaction information include the name of the account holder of the deposit account, and may include the name of the holder of the withdrawal account according to the implementation method.

According to another implementation method of the present invention, when the transaction authentication system 200 is not the transaction server 105 , the inquiry for the m pieces of transaction information is performed through the transaction server 105 , and the transaction information confirmation unit 210 may be provided with m pieces of transaction information as a result of the inquiry performed through the transaction server 105 . Alternatively, if a ledger inquiry request is possible even if the transaction authentication system 200 is not the transaction server 105 , the transaction information confirmation unit 210 may request and receive m transaction information through the ledger system 120 . .

The information selection unit 215 includes each individual transaction information to be transmitted to the user's wireless terminal 300 among the n pieces of transaction information received through the transaction information receiving unit 205 (eg, deposit bank, deposit account number, deposit amount ( or transfer amount), or partial information of each individual transaction information (eg, partial number of deposit account number, etc.). The information selection unit 215 selects each individual transaction information (eg, name of account holder, deposit account number, etc.) to be transmitted to the user's wireless terminal 300 among the m pieces of transaction information confirmed through the transaction information confirmation unit 210 . or partial information of each individual transaction information (eg, a partial number of the deposit account number, etc.). If each individual transaction information or partial information of each individual transaction information to be transmitted to the user's wireless terminal 300 among the n pieces of transaction information and the m pieces of transaction information is predetermined, the information selection unit 215 can be omitted. .

The information transmitter 220 includes n' pieces of information among the n pieces of transaction information received through the transaction information receiving unit 205 and m' pieces of information out of m pieces of transaction information confirmed through the transaction information check unit 210 . (n'+m') pieces of information including at least one of Preferably, the (n'+m') pieces of information may include a deposit bank, a deposit account number, a deposit amount (or transfer amount), and a name of a depositor. According to an implementation method, the (n'+m') pieces of information may further include a withdrawal bank or withdrawal account number. According to the embodiment of the present invention, even if the password (eg, account password, transfer password, etc.) input by the user is included among the n pieces of transaction information, the (n'+m') pieces of information include the password It is preferable not to

The information transmitter 220 confirms the user's wireless terminal 300 (or the program 315 provided in the wireless terminal 300), and sends the (n'+m) to the user's wireless terminal 300 . ') perform the procedure for transmitting information.

According to an embodiment of the present invention, the information transmitter 220 transmits the (n'+m') pieces of information to the user's wireless terminal 300 according to a specified messaging procedure (eg, user confirms the phone number of the wireless terminal 300 possessed by the user, a token (or identifier) for push to the program 315 provided in the user's wireless terminal 300, etc.), and sends the (n'+ It is possible to request messaging for transmitting m') pieces of information to the user's wireless terminal 300 . When the program 315 provided in the user's wireless terminal 300 receives a message in the messaging procedure and requests the (n'+m') pieces of information, the program 315 sends the (n'+m') ) can be transmitted. If the specified program 315 is driven in the user's wireless terminal 300 and requests the (n'+m') pieces of information, the information transmitter 220 sends the (n'+) information to the program 315. m') pieces of information can be transmitted. Preferably, the (n'+m') pieces of information are encrypted and transmitted. In this case, the encrypted (n'+m') pieces of information include the program 315 provided in the user's wireless terminal 300 . can be decrypted through

According to the implementation method of the present invention, the information transmitter 220 may input t(1≤t≤(n'+m) to be input by the user through the wireless terminal 300 among the (n'+m') pieces of information. ')) pieces of authentication information may be designated, and designated information (or designated interface) for identifying the designated t pieces of authentication information may be transmitted to the wireless terminal 300 of the user. Meanwhile, among the (n'+m') pieces of information, t pieces of authentication information to be input by the user are determined through the program 315 provided in the user's wireless terminal 300, or the t pieces of authentication information are determined by the ( In the case in which predetermined specific information among n'+m') pieces of information is designated in advance, the information transmitting unit 220 does not need to transmit the designated information (or designated interface).

According to the implementation method of the present invention, when a server-side seed value is needed to generate a one-time code through the chip 405 of the card 400 interfaced to the wireless terminal 300, the information transmitter 220 is While transmitting the (n'+m') pieces of information to the user's wireless terminal 300, it is possible to determine and transmit a server-side seed value, and the present invention is not limited thereto.

According to the present invention, the transaction authentication system 200 transmits the (n'+m') pieces of information to the user's wireless terminal 300 and receives and authenticates t pieces of authentication information after output exchange. In connection with the procedure, a one-time code is dynamically generated through the chip 405 of the card 400 interfaced with the user's wireless terminal 300, and for this, the information transmitting unit 220 is configured to the user's wireless terminal ( 300) and the designated user's contactless card 400 may transmit guiding information to interface. If the guidance information is output by itself through the program 315 provided in the user's wireless terminal 300, the guidance information may not be transmitted.

According to the present invention, the transaction authentication system 200, in order to dynamically generate a one-time code through the chip 405 of the card 400 interfaced with the user's wireless terminal 300, the card ( 400) a member operation unit (not shown) for registering and authenticating the user who has been issued as a member, and a program authentication unit (not shown) for authenticating the validity of the program 315 mounted on the wireless terminal 300 of FIG. 3; An information storage unit (not shown) for storing information for authenticating the one-time code dynamically generated through the chip 405 of the card 400 of FIG. 4 through the wireless terminal 300 of FIG. 3 may be provided.

The member operation unit receives the user who has been issued the card 400 of FIG. 4 as a member. The membership registration may be performed in conjunction with the member registration/authentication unit of the program 315 shown in FIG. 3 , or may be made through a user's terminal 100 other than the wireless terminal 300 of FIG. 3 . Alternatively, at the time of issuing the card 400 of FIG. 4 to the user, it may be processed through a management terminal provided in a card issuing institution or a management terminal for managing the transaction authentication system 200 .

When a one-time code is dynamically generated through the chip 405 of the card 400 interfaced with the user's wireless terminal 300 , the member operation unit registers for membership in the program 315 provided in the wireless terminal 300 . / It is possible to process member authentication for the user in conjunction with the authentication unit.

If the present invention is provided only by program authentication or terminal authentication without membership registration, or the transaction authentication system 200 is provided in the code server 110 or the control server 115, the program 315 of the wireless terminal 300 If provided by the transaction server 105, the member operation unit of the transaction authentication system 200 may be omitted.

The program authentication unit authenticates the validity of the program 315 provided in the wireless terminal 300 according to the first to sixth program authentication methods in conjunction with the authentication procedure unit 325 of the program 315 shown in FIG. 3 . . If the transaction authentication system 200 is provided in the code server 110 or the control server 115 and the program 315 of the wireless terminal 300 is provided by the transaction server 105, the transaction authentication system ( 200) can be omitted.

The information storage unit uses the information allocated to the program 315 in the process of authenticating the validity of the program 315 provided in the wireless terminal 300 through the program authentication unit, The terminal identification value including at least one of the information stored in 300), and/or information stored in the reading area of the wireless terminal 300 in conjunction with the identification value registration unit of the program 315 shown in FIG. At least one of information stored in the unique storage area of the wireless terminal 300, information recorded in the H/W configuration of the wireless terminal 300, and information allocated/given by the network to which the wireless terminal 300 is connected Check the terminal identification value including, and store the confirmed terminal identification value in a designated storage medium.

On the other hand, the information storage unit receives the registration information on the chip 405 of the card 400 by interworking with a management terminal provided in a card issuing institution or a management terminal for managing the transaction authentication system 200, and is stored in a designated storage medium. can be saved Preferably, the information storage unit is a unique code stored in the chip 405 of the card 400 (eg, a Card Serial Number or Chip Serial Number (CSN) stored in a designated unique area of the chip 405, stored in a designated seed area). seed value) can be registered and stored in a designated storage medium.

Referring to Figure 2, the transaction authentication system 200, among the (n'+m') pieces of information, t(1≤t≤(n'+) input by the user through the user's wireless terminal 300 An authentication information receiving unit 225 for receiving m')) pieces of authentication information, and a transaction information authentication unit 230 for authenticating the validity of the received t pieces of authentication information through the n pieces of transaction information or m pieces of transaction information. and a transaction information control unit 235 that controls to receive (Nn) pieces of transaction information from the user's terminal 100 when the validity of the t pieces of authentication information is authenticated, and from the user's terminal 100 and a non-face-to-face transaction control unit 240 for controlling the non-face-to-face transaction processing procedure to be performed using the received N pieces of transaction information.

The program 315 provided in the user's wireless terminal 300 receives the (n'+m') pieces of information and displays them on the screen, and displays t pieces of authentication information among the (n'+m') pieces of information. Displays the input interface. When designation information for designating t pieces of authentication information among the (n'+m') pieces of information is transmitted from the information transmitter 220, the program 315 provided in the user's wireless terminal 300 ( An interface for inputting t pieces of authentication information corresponding to the designated information among n'+m') pieces of information is displayed. Alternatively, when a designated interface for specifying and inputting t pieces of authentication information among the (n'+m') pieces of information is provided through the information transmitter 220, the program 315 provided in the user's wireless terminal 300 ) may indicate the designated interface. On the other hand, when the designated information (or designated interface) is not provided to the user's wireless terminal 300 through the information transmitting unit 220, the program 315 provided in the user's wireless terminal 300 is It is possible to designate t pieces of authentication information among (n'+m') pieces of information, display the (n'+m') pieces of information, and display an interface for inputting the designated t pieces of authentication information. If the (n'+m') pieces of information are to be used as the t pieces of authentication information in advance, the program 315 provided in the user's wireless terminal 300 displays the (n'+m') pieces of information. ) of pieces of information, an interface for inputting the t pieces of authentication information designated in advance may be displayed. For example, when the (n'+m') pieces of information include the deposit bank, the deposit account number, the deposit amount (or transfer amount), and the name of the depositor of the deposit account, provided in the user's wireless terminal 300 The program 315 may display an interface for inputting the deposit account number (or a partial number of the deposit account number) and the deposit amount (or transfer amount) as the t pieces of authentication information. For example, the t pieces of authentication information may be designated as the last four digits of the deposit account number, or the second number and the last three digits before the deposit account number, and such a designated dynamically or pre-specified form may include

According to the present invention, the user recognizes (n'+m') pieces of information displayed on the screen of the wireless terminal 300, and selects t pieces of authentication information displayed on the interface among the (n'+m') pieces of information. Enter If (n'+m') pieces of information displayed on the screen of the wireless terminal 300 include information different from the n pieces of transaction information input or selected through the user's terminal 100, or m pieces of transaction information If not accepted, the user may report (or cancel) the transaction through the transaction report (or transaction cancellation) related interface displayed on the interface without inputting t pieces of authentication information.

When the user inputs t pieces of authentication information specified through the interface displayed on the screen of the wireless terminal 300 among (n'+m') pieces of information displayed on the screen of the wireless terminal 300 , the user's wireless terminal The program 315 provided in the 300 transmits the input t pieces of authentication information to the transaction authentication system 200 . Preferably, the t pieces of authentication information are encrypted and transmitted. In this case, the encrypted t pieces of authentication information may be decrypted through the authentication information receiving unit 225 . If the program 315 provided in the user's wireless terminal 300 designates t pieces of authentication information among the (n'+m') pieces of information, the program 315 provided in the user's wireless terminal 300 ) may transmit designation information identifying t pieces of authentication information among the (n'+m') pieces of information together with the input t pieces of authentication information. When t pieces of authentication information among the (n'+m') pieces of information are determined through the information transmission unit 220 or designated in advance, the designation information may be omitted.

The authentication information receiving unit 225 receives the information input by the user through the user's wireless terminal 300 among (n'+m') pieces of information transmitted to the program 315 provided in the user's wireless terminal 300 . Receives t pieces of authentication information, and may further receive designation information identifying t pieces of authentication information among the (n'+m') pieces of information according to an implementation method.

When t pieces of authentication information among (n'+m') pieces of information are input and received from the program 315 provided in the user's wireless terminal 300 , the transaction information authenticating unit 230 provides the received t pieces of information. After checking information corresponding to n' pieces of information among the authentication information, and verifying whether the checked information matches the n pieces of transaction information (or n' pieces of information), the result is checked. For example, when a deposit account number is included in the n' pieces of information, and the last 4 digits of a deposit account number are included in the t pieces of authentication information, the transaction information authentication unit 230 may include the n pieces of transaction information. It is possible to check a deposit account number corresponding to (or n' pieces of information) and verify whether the last four digits of the deposit account number match the four-digit number included in the t pieces of authentication information. Alternatively, the transaction information authentication unit 230 checks information corresponding to m' pieces of information among the received t pieces of authentication information and authenticates whether the checked information matches the m pieces of transaction information (or m' pieces of information). do. For example, when the m' pieces of information include the name of the account holder and the t pieces of authentication information include the name of the account holder, the transaction information authentication unit 230 may provide the m pieces of transaction information (or m' pieces of information). It is possible to check the name of the account holder corresponding to , and verify whether the name of the account holder matches the name of the account holder included in the t pieces of authentication information. Validity authentication for the t pieces of authentication information is performed only on any one of n pieces of transaction information (or n' pieces of information) and m pieces of transaction information (or m' pieces of information) according to the configuration of the t pieces of authentication information, or all can be performed for

According to the implementation method of the present invention, when the t pieces of authentication information are authenticated through a separate server other than the transaction authentication system 200, the transaction information authentication unit 230 receives the t pieces of authentication information through the separate server. You can check the authenticated authentication result.

The transaction information control unit 235 determines whether to continue or stop the non-face-to-face transaction requested through the user's terminal 100 . If information corresponding to a transaction report (or transaction cancellation) is received from the program 315 provided in the user's wireless terminal 300 or the validity of the t pieces of authentication information is not authenticated, the transaction information control unit 235 determines to stop the non-face-to-face transaction requested through the user's terminal 100, and controls to perform the non-face-to-face transaction stop (or terminate) procedure through the user's terminal 100, This is notified to the program 315 provided in the user's wireless terminal 300 .

On the other hand, if the validity of the t pieces of authentication information is authenticated, the transaction information control unit 235 determines that the non-face-to-face transaction requested through the user's terminal 100 is continuously performed, and the user's terminal 100 Control to perform a procedure of receiving (Nn) pieces of transaction information from, or control to transmit (Nn) pieces of transaction information from the user's terminal 100 to the transaction server 105 that processes the non-face-to-face transaction (eg, request to receive (Nn) transaction information to the transaction server 105, etc.). Preferably, the (Nn) transaction information includes a disposable code dynamically generated through the chip 405 of the card 400 interfaced through NFC with the wireless terminal 300 of the user to authenticate the non-face-to-face transaction For the (Nn) pieces of transaction information, one or more transaction information among digital signature values signed through the user's public certificate is included.

According to the embodiment of the present invention, the transaction information control unit 235 transmits the one-time code dynamically generated through the chip 405 of the card 400 interfaced through the user's wireless terminal 300 and NFC to the user's It is controlled to be used as (Nn) pieces of transaction information to be input through the terminal 100 . To this end, the transaction information control unit 235 uses the program 315 provided in the user's wireless terminal 300 to control the chip 405 of the card 400 interfaced with the user's wireless terminal 300 through NFC. To request (or approve) the generation of a one-time code through, the program 315 of the wireless terminal 300 dynamically generates a one-time code through the chip 405 of the card 400 interfaced through NFC based on this. and receives the one-time code dynamically generated through the chip 405 of the card 400 and displays it on the screen. According to an implementation method, the transaction information control unit 235 determines a server-side seed value for dynamically generating a one-time code through the chip 405 of the card 400, and sets the determined server-side seed value to the wireless terminal ( 300) may be provided as a program 315. The server-side seed value is a stored value stored in the DB on the transaction authentication system 200, a randomly generated random number value, and a code value generated based on the n transaction information and m transaction information (eg, the n transaction information and a hash value obtained by hashing specified transaction information among m pieces of transaction information).

The one-time code generated through the chip 405 of the card 400 interfaced with the wireless terminal 300 is input as one of (Nn) transaction information input through the user's terminal 100, and the user of the terminal 100 transmits (Nn) pieces of transaction information including the one-time code through a designated path.

When receiving (Nn) pieces of transaction information from the transaction authentication system 200 , the transaction information receiving unit 205 is input or selected through the user's terminal 100 according to the control of the transaction information control unit 235 . (Nn) transaction information can be received.

When N pieces of transaction information are received from the user's terminal 100 through the transaction information receiving unit 205, the non-face-to-face transaction control unit 240 processes the non-face-to-face transaction using the N pieces of transaction information carry out If the non-face-to-face transaction is performed through a separate transaction server 105 , the non-face-to-face transaction control unit 240 may control the process of processing the non-face-to-face transaction through the transaction server 105 to be performed. If the (Nn) pieces of transaction information are controlled to be transmitted to the transaction server 105 by the transaction information control unit 235, the transaction server 105 processes non-face-to-face transactions using the N pieces of transaction information. In this case, the non-face-to-face transaction control unit 240 does not need to perform a separate non-face-to-face transaction control procedure.

Referring to FIG. 2 , the transaction authentication system 200 is dynamically generated through the chip 405 of the card 400 interfaced with the user's wireless terminal 300 and is input through the user's terminal 100 . and a code authentication processing unit 245 that processes the validity of the one-time code to be authenticated.

The code authentication processing unit 245 is dynamically generated through the chip 405 of the card 400 interfaced with the user's wireless terminal 300 and is input through the user's terminal 100 and received through a designated path. Check the one-time code, and generate a code value for authenticating the validity of the one-time code using the same algorithm and seed as the algorithm and seed that dynamically generated the one-time code in the chip 405 of the card 400, The validity of the one-time code may be verified by comparing the code value with the received one-time code.

When the one-time code is authenticated through a separate code authentication server (not shown) in addition to the transaction authentication system 200 according to the implementation method of the present invention, the code authentication processing unit 245 transmits the one-time code to the code authentication server. It is possible to check the result of authenticating the validity of the one-time code through the code authentication server.

When the validity of the one-time code is authenticated or confirmed through the code authentication processing unit 245, the non-face-to-face transaction control unit 240 performs a procedure for processing the non-face-to-face transaction using the N pieces of transaction information. can When the procedure of the non-face-to-face transaction is performed through the transaction server 105 other than the transaction authentication system 200, the code authentication processing unit 245 may provide the authentication result of the one-time code to the code authentication server. .

3 is a diagram showing the functional configuration of the wireless terminal 300 that interfaces with the card 400 according to the embodiment of the present invention.

In more detail, FIG. 3 shows the configuration of the wireless terminal 300 that interfaces with the chip 405 of the card 400 shown in FIG. 4 through NFC and the function of the program 315 operating in the wireless terminal 300. As shown in the configuration, those of ordinary skill in the art to which the present invention pertains can infer various implementation methods for the functional configuration of the wireless terminal 300 by referring to and/or modifying this FIG. 3 . However, the present invention is made including all the implementation methods inferred above, and the technical characteristics are not limited only to the implementation method shown in FIG. 3 . The wireless terminal 300 of the present invention is a generic term for all terminals interfaced with the card 400 through NFC. Hereinafter, for convenience, the wireless terminal 300 interfacing with the chip 405 of the card 400 through NFC is smart. The functional configuration of the wireless terminal 300 will be described with reference to the embodiment of the wireless terminal 300 such as a phone, a tablet PC, and a mobile phone.

Referring to FIG. 3 , the wireless terminal 300 interfacing with the chip 405 of the card 400 includes a control unit 301 , a memory unit 310 , a screen output unit 302 , a user input unit 303 , and It includes a sound processing unit 304, a wireless network communication unit 308, a short-range wireless communication unit 307, an NFC module 305, a USIM reader unit 309, and a USIM, and a battery 306 for supplying power.

The control unit 301 is a generic term for components that control the operation of the wireless terminal 300, and includes at least one processor and an execution memory, and includes each component and a bus ( connected via BUS). According to the present invention, the control unit 301 loads at least one program code provided in the wireless terminal 300 through the processor into the execution memory for operation, and outputs the result to at least one configuration through the bus. It is transmitted to the unit to control the operation of the wireless terminal 300 . Hereinafter, for convenience, the configuration of the program 315 of the present invention implemented in the form of a program code will be described by showing it in the control unit 301 .

The memory unit 310 is a generic term for nonvolatile memories corresponding to the storage resources of the wireless terminal 300 , and includes at least one program code executed through the control unit 301 , and at least one program code used by the program code. Save and maintain the dataset. The memory unit 310 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 300 , a communication program code and a communication data set for processing wireless communication connection of the wireless terminal 300 , and at least One application program code and an application data set are stored, and a program code and a data set corresponding to the program 315 of the present invention are also stored in the memory unit 310 .

The screen output unit 302 is composed of a screen output device (eg, liquid crystal display (LCD), etc.) corresponding to the output resource of the wireless terminal 300 and a driving module for driving it, and is interlocked with the control unit 301 . and outputting an operation result corresponding to a screen output among various operation results of the control unit 301 to the screen output device.

The user input unit 303 includes one or more user input devices (eg, buttons, keypads, touchpads, touch screens interworking with the screen output unit 302 ) corresponding to the input resources of the wireless terminal 300 and driving them. It is composed of a driving module, and is interlocked with the control unit 301 to input a command for instructing various operations of the control unit 301 , or input data necessary for the operation of the control unit 301 .

The sound processing unit 304 includes a speaker corresponding to the output resource of the wireless terminal 300, a microphone corresponding to the input resource of the wireless terminal 300, and a driving module for driving the same, and the control unit 301 and It is linked to output an operation result corresponding to a sound output among various operation results of the control unit 301 through the speaker or transmits sound data input through the microphone to the control unit 301 . The driving module decodes sound data to be output through the speaker and converts it into a sound signal, or encodes and encodes a sound signal input through the microphone.

The NFC module 305 is a generic term for communication resources that process at least one of two-way NFC, full-duplex NFC, and half-duplex NFC by using a radio frequency signal as a communication medium at a close distance (eg, around 10cm), preferably 13.56Mz NFC can be processed according to the NFC (Near Field Communication) standard of the frequency band. Alternatively, the NFC module 305 may process NFC of the ISO 18000 series standard, and in this case, may process NFC for a frequency band other than the 13.56Mz frequency band. For example, the NFC module 305 may operate in a reader mode, operate in a tag mode, or operate in a two-way communication mode. Meanwhile, the NFC module 305 may be included in a communication resource for connecting the wireless terminal 300 to a communication network according to a target to communicate in proximity.

The wireless network communication unit 308 and the short-range wireless communication unit 307 are generic names of communication resources for connecting the wireless terminal 300 to a designated communication network. Preferably, the wireless terminal 300 may include a wireless network communication unit 308 as a basic communication resource, and may include one or more short-range wireless communication units 307 .

The wireless network communication unit 308 is a generic term for communication resources for connecting the wireless terminal 300 to a wireless communication network via a base station, and includes an antenna, an RF module, a baseband module, and a signal for transmitting and receiving a radio frequency signal in a specific frequency band. It is configured to include at least one processing module, and is connected to the control unit 301 to transmit an operation result corresponding to wireless communication among various operation results of the control unit 301 through a wireless communication network or receive data through a wireless communication network to the control unit 301, and at the same time perform the procedures of access, registration, communication, and handoff of the wireless communication. According to the present invention, the wireless network communication unit 308 can connect the wireless terminal 300 to a telephone communication network including a communication channel and a data channel via a switch, and in some cases, packets without passing through the switch. It can be connected to a data network that provides communication-based wireless network data communication (eg, the Internet).

According to an embodiment of the present invention, the wireless network communication unit 308 performs at least one of accessing, location registration, call processing, call connection, data communication, and handoff to a mobile communication network according to the CDMA/WCDMA/LTE standard. includes configuration. Meanwhile, according to the intention of those skilled in the art, the wireless network communication unit 308 may further include a portable Internet communication configuration for performing at least one of accessing, location registration, data communication, and handoff to the portable Internet in accordance with IEEE 802.16 related standards. It should be clearly stated that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 308 . That is, the wireless network communication unit 308 is a generic term for a component that accesses a wireless communication network through a cell-based base station regardless of a frequency band of a wireless section, a type of a communication network, or a protocol.

The short-range wireless communication unit 307 connects a communication session using a radio frequency signal as a communication medium within a certain distance (eg, 10 m), and based on this, the wireless terminal 300 is connected to the communication network as a generic term for communication resources. , preferably, the wireless terminal 300 may be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to the embodiment of the present invention, the short-range wireless communication unit 307 may be implemented in an integrated or separate form with the wireless network communication unit 308 . According to the present invention, the short-range wireless communication unit 307 connects the wireless terminal 300 to a data network providing short-range wireless data communication based on packet communication through a wireless AP.

The USIM reader unit 309 is a generic term of a configuration for exchanging at least one data set with a Universal Subscriber Identity Module mounted on or detached from the wireless terminal 300 based on the ISO/IEC 7816 standard. As such, the data set is exchanged in a half-duplex communication method through an Application Protocol Data Unit (APDU).

The USIM is a SIM-type card equipped with an IC chip according to the ISO/IEC 7816 standard, and an input/output interface including at least one contact connected to the USIM reader unit 309, and at least one program code for the IC chip. and an IC chip memory for storing a data set, and a program code for the IC chip according to at least one command transmitted from the wireless terminal 300 connected to the input/output interface or extracting (or processing) the data set. and a processor that transmits to the input/output interface.

The program 315 of the present invention is downloaded from a program providing server (eg, Apple's App Store, etc.) through a data network to which the communication resource is accessible and stored in the memory unit 310 . The downloaded program 315 operates in conjunction with the designated transaction authentication system 200, and may be manually driven by a user, or may be automatically driven (or activated) after user confirmation by receiving a message or automatically. On the other hand, a separate program 315 may be running in advance to automatically drive the program 315 after user confirmation or, thereby, the present invention is not limited thereto.

Referring to FIG. 3 , the program 315 of the wireless terminal 300 accesses a designated transaction authentication system 200 through a data network to which the communication resource can be accessed and registers the user as a member or the user's membership qualification. A member signup/authentication unit 320 that authenticates the user, and an authentication procedure unit 325 that performs a procedure of authenticating the validity of the program 315 through at least one communication network accessible through the communication resource; and an identification value registration unit 330 for registering the terminal identification value provided or assigned to the wireless terminal 300 in the specified transaction authentication system 200 . Meanwhile, according to the implementation method, at least one of the member registration/authentication unit 320 , the authentication procedure unit 325 , and the identification value registration unit 330 may be omitted.

The program 315 includes communication connection macro information for accessing a designated transaction authentication system 200 through a data network to which the communication resource can be accessed, and the membership registration/authentication unit 320 includes the screen output unit 302 ) to output user information (eg, name, resident registration number, etc.) for registering a user as a member and an interface for inputting a member account, and a user input through the interface to the designated transaction authentication system 200 through the data network Send the information and member account to sign up the user as a member.

Meanwhile, the user's membership subscription may be made through a separate user's terminal 100 in addition to the wireless terminal 300 . Therefore, if the user is already registered as a member, or is registered as a member through the user's terminal 100, the member registration/authentication unit 320 outputs an interface for inputting the user's member account, The member account input through the interface is transmitted to the designated transaction authentication system 200 through the data network to authenticate whether the user is a member.

The authentication procedure unit 325 authenticates the validity of the program 315 with a designated transaction authentication system 200 through at least one of a data network and a telephone communication network to which the communication resource can be accessed. According to the implementation method of the present invention, in the process of authenticating the validity of the program 315, an encryption/decryption communication process agreed in advance between the program 315 and the specified transaction authentication system 200 is performed, and for convenience, the encryption / A detailed description of the decryption process will be omitted.

According to the first program authentication method of the present invention, the program 315 may be downloaded through a program providing server with a unique value for identifying that it is a program operated by a designated transaction authentication system 200 set. In this case, the authentication procedure unit 325 transmits the unique value to the specified transaction authentication system 200, or performs a key exchange procedure according to the specified key exchange protocol with the specified transaction authentication system 200 based on the unique value. By doing so, it is possible to authenticate that the program 315 is a program operated by the designated transaction authentication system 200 .

According to the second program authentication method of the present invention, after the program 315 is downloaded through the program providing server, a token value (eg, Apple's) that uniquely identifies the program 315 on a data network according to a specified procedure. A device token assigned by APNS, etc.) may be assigned. In this case, the authentication procedure unit 325 transmits the token value to the specified transaction authentication system 200 according to a specified path, thereby authenticating that the program 315 is a program operated by the specified transaction authentication system 200 . can

According to the third program authentication method of the present invention, the program 315 constructs hash information by hashing at least one file corresponding to the program 315 according to a specified hash algorithm, and uses the hash information to authenticate a specified transaction. By transmitting to the system 200 , it is possible to authenticate that the program 315 is a valid program operated by the designated transaction authentication system 200 . Meanwhile, the authentication procedure unit 325 may configure the hash information by further using a key value determined internally or exchanged with the specified transaction authentication system 200 in the process of configuring the hash information.

According to the fourth program authentication method of the present invention, the program 315 is downloaded through a program providing server in a state in which a certificate for performing a specified authentication procedure is loaded, or after being downloaded through a program providing server, a specified certificate issuance or A certificate may be loaded according to the roaming procedure. In this case, the authentication procedure unit 325 selectively uses at least one key value set in the certificate according to the authentication procedure defined in the certificate, a key exchange protocol, and an encryption/decryption rule for the transaction in which the program 315 is designated. It is possible to authenticate that the program is operated by the authentication system 200 . The certificate may include at least one of a certificate of a designated transaction authentication system 200 or a certificate of a user using the program 315 .

According to the fifth program authentication method of the present invention, when the authentication number sent from the transaction authentication system 200 specified through the message exchange protocol of the telephone communication network is received, the wireless terminal 300 inputs the received authentication number. Received and transmitted to the specified transaction authentication system 200 through the data network, it is possible to authenticate that the program 315 is a program operated by the specified transaction authentication system 200 .

According to the sixth program authentication method of the present invention, the authentication procedure unit 325 selects the program from the specified transaction authentication system 200 through an authentication method that selectively combines one or more of the first to fifth program authentication methods. It is possible to authenticate the validity of (315), and the present invention is not limited thereby.

At a designated point in time before, during, or after the process of performing the first to sixth program authentication methods, the authentication procedure unit 325 is configured to perform the authentication procedure unit 325 in the memory unit 310 or SE (Secure Element, Wireless) of the wireless terminal 300 . Unique information stored in the secure storage area of at least one of a USIM (Universal Subscriber Identify Module), an IC (Integrated Circuit) chip, and a built-in chip of an external memory (eg, SD memory, etc.) mounted or detached from the terminal 300); Alternatively, by transmitting the unique information allocated by the communication company-side resource to the designated transaction authentication system 200 in the process in which the wireless terminal 300 accesses or maintains the designated communication network through the wireless network communication unit 308, the program ( 315 ) is a program operated by the designated transaction authentication system 200 , and simultaneously authenticates that the program 315 is running in the wireless terminal 300 .

The identification value registration unit 330 includes information stored in the reading area of the wireless terminal 300 , information stored in a unique storage area of the wireless terminal 300 , and information recorded in the H/W configuration of the wireless terminal 300 . , a terminal identification value including at least one of information allocated/given by the network to which the wireless terminal 300 is connected, and/or a program authentication process or authentication performed through the first to sixth program authentication methods. As a result, a terminal identification value including at least one information among information allocated to the program 315 and information stored in the wireless terminal 300 by the program 315 is checked, and the confirmed terminal identification value is It is transmitted to the designated transaction authentication system 200 and registered.

Referring to FIG. 3, the program 315 of the wireless terminal 300 includes an information receiving unit 335 for receiving (n'+m') pieces of information from the transaction authentication system 200 shown in FIG. , an information display unit 340 displaying the (n'+m') pieces of information received through the screen output unit 302 , and the (n'+m') pieces of information through the user input unit 303 . and an input processing unit 345 for receiving t pieces of authentication information among them, and a transmission procedure performing unit 355 for performing a procedure for transmitting the input t pieces of authentication information to the transaction authentication system 200 .

When the transaction authentication system 200 transmits (n'+m') pieces of information including at least one of n' pieces of information and m' pieces of information, the information receiving unit 335 receives (n'+ m') pieces of information are received, and the information display unit 340 displays the received (n'+m') pieces of information through the screen output unit 302 while displaying the (n'+m') pieces of information. An interface for receiving t pieces of authentication information from among the information is displayed.

When designation information designating t pieces of authentication information among the (n'+m') pieces of information is received from the transaction authentication system 200 , the information display unit 340 displays the (n'+m') pieces of information Among them, an interface for receiving t pieces of authentication information corresponding to the designated information may be displayed. Alternatively, when the designation information is designated through the program 315, the information display unit 340 determines designation information corresponding to t pieces of authentication information among the (n'+m') pieces of information, and the determined t An interface for receiving authentication information of dogs may be displayed. If information to be used as t pieces of authentication information is designated among the (n'+m') pieces of information, the information display unit 340 inputs the designated t pieces of authentication information out of the (n'+m') pieces of information. An interface for receiving can be displayed.

According to the implementation method of the present invention, the information display unit 340 allows the user at a specified point in time before, during, and after displaying t pieces of authentication information among the (n'+m') pieces of information, allowing the user to Induction information for guiding the contactless card 400 to interface with the wireless terminal 300 may be displayed.

When an interface for receiving t pieces of authentication information among the (n'+m') pieces of information is displayed, the input processing unit 345 performs a procedure for receiving the t pieces of authentication information through the user input unit 303 . and the transmission procedure performing unit 355 performs a procedure of transmitting the input t pieces of authentication information to the transaction authentication system 200 .

Referring to FIG. 3 , the program 315 of the wireless terminal 300 receives an authentication result receiving unit 360 that receives an authentication result of authenticating transaction information through the t pieces of authentication information from the transaction authentication system 200 . And, a card interfaced through NFC at any specified time before, during, or after the (n'+m') pieces of information are received and/or displayed, or at any specified time before, during, or after the authentication result is received A card linkage unit 350 that interlocks with the 400 is provided.

After the transmission procedure performing unit 355 transmits the input t pieces of authentication information to the transaction authentication system 200 , the authentication result receiving unit 360 receives the t pieces of authentication information from the transaction authentication system 200 . to receive the authentication result of authenticating the transaction information. According to an implementation method, the authentication result receiving unit 360 may receive a server-side seed value to be used as a seed by the chip 405 of the card 400 to generate a one-time code from the transaction authentication system 200 . Meanwhile, the server-side seed value may be received together with the (n'+m') pieces of information, and the present invention is not limited thereto.

Before, during, or after the (n'+m') pieces of information are received and/or displayed, or at any specified time before, during, or after the authentication result is received, the card linkage unit 350 is It is checked whether the contactless card 400 is interfaced through the NFC module 305 . If the interface of the contactless card 400 is confirmed, the card linkage unit 350 acquires at least one input value designated to be input to the chip 405 of the card 400 . Preferably, the input value includes a time value obtained through a timer of the wireless terminal 300, a terminal-side random number value generated by the card linkage unit 350 according to an implementation method, or a designated transaction authentication system It may include the server-side seed value received from (200).

The card linkage unit 350 checks the state in which the chip 405 of the card 400 is interfaced, and provides the obtained input value to the chip 405 of the interfaced card 400 . The chip 405 of the card 400 dynamically generates a disposable code using the input value and the value stored in the chip 405 of the card 400 as a seed, and then the wireless terminal 300 through NFC. provided with

Referring to FIG. 3 , the program 315 of the wireless terminal 300 includes a code receiving unit 365 for receiving the one-time code dynamically generated by the chip 405 of the interfaced card 400 and the receiving and a code output unit 370 for outputting a single-use code, and a code transmission unit 375 for transmitting the checked code to a designated authentication server.

When the disposable code is dynamically generated through the chip 405 of the card 400 interfaced through NFC, the code receiving unit 365 is dynamically generated in the chip 405 of the card 400 interfaced through NFC Upon receiving one single-use code, the code output unit 370 outputs the one-time code received from the chip 405 of the card 400 through the screen output unit 302 . It is input as one of the (Nn) pieces of transaction information input through the output terminal 100 of the user. If the user's terminal 100 and the wireless terminal 300 are the same, the code transmission unit 375 transmits the identified one-time code to the transaction authentication system 200 designated as one of (Nn) transaction information. can If the information received from the chip 405 of the card 400 through the card linkage unit 350 includes other information to be displayed through the wireless terminal 300, the code output unit 370 outputs the In connection with the one-time code, the other information can be output to the screen.

4 is a diagram showing the configuration of a contactless card 400 for generating a disposable code according to an embodiment of the present invention.

In more detail, FIG. 4 shows the functional configuration of the card 400 having an NFC function and a one-time code generation function. Those of ordinary skill in the art to which the present invention pertains, refer to FIG. 4 and Various implementation methods for the configuration of the card 400 (eg, some components are omitted, subdivided, or combined) may be inferred with / or modified, but the present invention provides all the inferred implementation methods. It is made including, and the technical characteristics are not limited only to the implementation method shown in FIG. 4 .

The card 400 of the present invention is a generic name for a card having an NFC function and a one-time code generation function, and is preferably in the form of a card having a chip 405 and an antenna 450 for the NFC. For example, the card 400 of the present invention may include a financial IC card 400 having an NFC function and a one-time code generation function, an NFC card 400 , an RF card 400 , and the like.

Referring to FIG. 4 , the card 400 receives an input value for generating a disposable code from a wireless communication unit 435 providing an NFC function and a wireless terminal 300 through the NFC, and the input value At least one program code required for the control of the control unit 410 and the control unit 410 that controls the process of dynamically generating a one-time code using as one of the seed values and outputting it through the wireless terminal 300, or A chip 405 having an integrated configuration corresponding to the memory unit 440 for storing the data set is mounted. When the card 400 is a combination type financial IC card 400, the chip 405 further includes an interface unit 445 forming a contact interface with the wireless terminal 300, and the card 400 ), a contact point 455 (eg, a Chip On Board (COB)) electrically connected to the interface unit 445 is provided at a designated position on the outer surface.

The wireless communication unit 435 is a generic name of a component that performs wireless communication with the wireless terminal 300 at a close distance (eg, around 10 cm) using a radio frequency signal of a designated frequency band (eg, 13.56 MHz). Preferably, the NFC function is provided according to the NFC standard.

The memory unit 440 is a generic term for non-volatile memories corresponding to the storage resources of the chip 405 , and preferably ROM (Read Only Memory), EEPROM (Electrically Erasable and Programmable Read Only Memory), and FM (Flash Memory). and memory devices such as Preferably, the memory unit 440 includes both a NAND-based memory and a NOR-based memory. According to an implementation method, a random access memory (RAM) provided in the chip 405 may be included in the category of the memory unit 440 . According to the embodiment of the present invention, the memory unit 440 records a program code corresponding to a Chip Operating System (COS), and stores a program code corresponding to an applet corresponding to a service to be provided through the card 400 . It is recorded.

The control unit 410 is a generic name of a configuration for controlling the operation of the chip 405, and preferably performs arithmetic processing with one or more processors among a CPU (Central Process Unit), MPU (Micro Process Unit), and a coprocessor. It consists of a combination of execution memory for According to the implementation method of the present invention, the state in which the program code corresponding to the COS written in the memory unit 440 is loaded into the execution memory and calculated by the processor may be defined as the control unit 410, and for convenience, the COS A configuration of a function implemented through the program code providing a one-time code generation function according to the present invention among the program codes corresponding to the applet operating on the above will be described with reference to FIG. 4 .

Referring to FIG. 4 , the chip 405 of the card 400 includes an information receiving unit 415 for receiving a specified input value from the wireless terminal 300 interfaced through NFC, and a disposable code using the input value. A code generating unit 420 for dynamically generating a code providing unit 425 for providing the generated one-time code to the wireless terminal 300 interfaced through the NFC, An authentication processing unit 430 for processing authentication is provided.

When the card 400 is interfaced with the wireless terminal 300 in the proximity through the NFC of the wireless communication unit 435, the information receiving unit 415 receives a specified input value from the interfaced wireless terminal 300. . The input value is a value designated to be input from the wireless terminal 300 to dynamically generate a one-time code as a generic name, and a time value matching the international standard time obtained through the timer of the wireless terminal 300, the wireless terminal 300 ) may further include a unique ID. Depending on the implementation method, the input value may include a server-side seed value provided by the transaction authentication system 200 . Meanwhile, the input value is not limited to the exemplified value, and any value may be further included as long as it is a value input from the wireless terminal 300 to generate a one-time code.

The code generation unit 420 includes the code generation algorithm, and includes the input value received through the information receiving unit 415 in the seed value of the code generation algorithm to dynamically generate a one-time code of a specified code system. Preferably, the code generator 420 dynamically generates a one-time code by using the input value as one of the seeds. If the input value further includes a time value or unique ID, the code generator 420 may dynamically generate the one-time code by further including the time value or unique ID in the seed value.

According to the embodiment of the present invention, the seed for generating the one-time code may further include a seed value stored in the memory unit 440. In this case, the code generation unit 420 uses the stored value as the seed. By further including in the one-time code can be dynamically generated.

On the other hand, the authentication processing unit 430 receives the input value from the wireless terminal 300 from the time of interface with the wireless terminal 300 through the NFC at a designated time during the process of generating the one-time code, the one-time code can process the specified authentication to dynamically create Preferably, the designated authentication may include PIN (Personal Identification Number) authentication. The authentication processing unit 430 may store a PIN authentication value for PIN authentication, receive a PIN value from the interfaced wireless terminal 300, and use the PIN authentication value to authenticate the received PIN value. . For example, the PIN value may be received and authenticated before the time value is received, or may be received and authenticated together with the time value. Depending on the implementation method, the time when the authentication is processed may be performed before the one-time code is provided from the chip 405 of the card 400 to the wireless terminal 300, and the present invention is not limited thereto. According to the intention of those skilled in the art, the authentication process may be omitted.

The code providing unit 425 provides the generated one-time code to the wireless terminal 300 interfaced through the NFC. The wireless terminal 300 outputs the received one-time code so that the user is using it for non-face-to-face financial transactions other than the designated user's terminal 100 (eg, the wireless terminal 300 or the wireless terminal 300). It is input through a separate terminal, etc.) and can be used as an authentication means of a transaction requested through the user's terminal 100 .

5 is a diagram illustrating a process of transmitting and receiving n pieces of transaction information according to an embodiment of the present invention.

In more detail, FIG. 5 shows that n pieces of transaction information including specified information among N pieces of transaction information to be input for non-face-to-face transactions are transmitted and received, and m transactions are performed through the ledger system 120 corresponding to the n pieces of transaction information. After inquiring information, (n') including at least one designated information among n pieces of transaction information input or selected by the user to the user's wireless terminal 300 and m pieces of transaction information inquired through the ledger system 120 (n') +m') information is provided, and t pieces of authentication information are received and authenticated from the user's wireless terminal 300. If a person skilled in the art to which the present invention pertains, this By referring to and/or modifying FIG. 5, various implementation methods (eg, an implementation method in which some steps are omitted or the order is changed) for the transmission/reception process of the transaction information can be inferred, but the present invention provides all the inferred It is made including an implementation method, and the technical characteristics are not limited only to the implementation method shown in FIG. 5 .

Referring to FIG. 5 , the user's terminal 100 performs a non-face-to-face authentication procedure designated for a non-face-to-face transaction ( 500 ), and receives a selection of a transaction type from the user ( 505 ). The user's terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type (510). When transaction information is input through the interface, the user's terminal 100 transmits n pieces of transaction information including specified information among n pieces of transaction information for the non-face-to-face transaction through a specified path, that is, the first channel. (515). The process of transmitting and receiving the -n pieces of transaction information may be sequentially performed according to an order corresponding to the non-face-to-face transaction procedure, or may be batch-processed.

The transaction authentication system 200 receives n pieces of transaction information through a designated path (first channel) (520), and retrieves m pieces of transaction information through the ledger system 120 corresponding to the n pieces of transaction information. Confirm (525). If the m pieces of transaction information are confirmed, the transaction authentication system 200 determines n' pieces of information among n pieces of transaction information and m' pieces of information out of m pieces of transaction information (530), and the n' pieces of information and (n'+m') pieces of information each including at least one m' pieces of information are configured (535). The transaction authentication system 200 identifies the user's wireless terminal 300 corresponding to the second channel through which the (n'+m') pieces of information are to be transmitted ( 540 ). The user's wireless terminal 300 may be identified based on information stored in a designated database, or may be identified through information received from the user's terminal 100 . If the user's wireless terminal 300 corresponding to the second channel to be transmitted is identified, the transaction authentication system 200 sends the (n'+m) to the program 315 provided in the user's wireless terminal 300. ') information is transmitted (545).

The user's wireless terminal 300 receives (n'+m') pieces of information through the second channel (550), outputs the received (n'+m') pieces of information, and at the same time ( An interface for receiving the specified t pieces of authentication information among n'+m') pieces of information is displayed ( 555 ). Depending on the implementation method, the interface may include guidance information for inducing the user to interface the chip 405 of the card 400 to the wireless terminal 300 .

When the designated authentication information is input among the (n'+m') pieces of information through the interface, the program 315 provided in the user's wireless terminal 300 checks the input t pieces of authentication information (560) ), and transmits the checked t pieces of authentication information through the second channel (565).

The transaction authentication system 200 receives t pieces of authentication information through the second channel ( 570 ), and n transactions corresponding to (n'+m') pieces of information transmitted to the user's wireless terminal 300 . The validity of the t pieces of authentication information is authenticated through information and/or m pieces of transaction information ( 575 ). If the validity authentication for the t pieces of authentication information fails, or if a transaction report or information corresponding to a transaction report is received instead of the t pieces of authentication information from the user's wireless terminal 300, the transaction authentication system ( 200) generates an authentication error for the transaction information without having to perform the process shown in FIG. 6 and transmits it to the user's wireless terminal 300 (580), and the user's wireless terminal 300 performs the authentication An error is received and output (585). If the validity of the t pieces of authentication information is verified, a procedure for allowing (Nn) pieces of transaction information to be input or selected and received through the user's terminal 100 is controlled to be performed ( 590 ). According to the implementation method of the present invention, at least one of the processes shown in FIGS. 6 to 8 as one of the procedures for allowing (Nn) pieces of transaction information to be input or selected and received through the user's terminal 100 can be performed.

6 is a diagram illustrating a process of dynamically generating a one-time code using the chip 405 of the card 400 interfaced with the user's wireless terminal 300 according to an embodiment of the present invention.

In more detail, FIG. 6 shows a process of dynamically generating a disposable code through the chip 405 of the card 400 interfaced with the wireless terminal 300 through NFC, which is commonly used in the art to which the present invention pertains. Those skilled in the art may infer various implementation methods (eg, an implementation method in which some steps are omitted or the order is changed) for the one-time code generation process by referring and/or modifying this figure 6, The invention is made including all the implementation methods inferred above, and the technical characteristics are not limited only to the implementation method shown in FIG. 6 .

Referring to FIG. 6 , when the process shown in FIG. 5 is validated for the transaction information input or selected through the user's terminal 100 through t pieces of authentication information in the transaction authentication system 200 , the The program 315 of the wireless terminal 300 receives a one-time code generation request (approval) through the chip 405 of the card 400 interfaced with the wireless terminal 300 through NFC from the transaction authentication system 200 Receive (600).

The wireless terminal 300 checks whether the interface with the designated card 400 through NFC (605). If interfaced with the card 400, the wireless terminal 300 provides a specified input value through NFC to the chip 405 of the interfaced card 400 (610), and the chip of the card 400 (405) receives an input value to be used as a seed for dynamically generating a one-time code through NFC (615).

The chip 405 of the card 400 dynamically generates a one-time code using the input value provided from the wireless terminal 300 and the seed value stored in the chip 405 of the card 400 as a seed (620). ), and transmits the dynamically generated disposable code to the wireless terminal 300 through the NFC (625).

The wireless terminal 300 receives the one-time code dynamically generated from the chip 405 of the card 400 by using the seed value and the input value as a seed through the NFC (630), and the received disposable code is output to the screen (635).

7 is a diagram illustrating a process of processing non-face-to-face transactions by transmitting and receiving (Nn) pieces of transaction information according to an embodiment of the present invention.

In more detail, FIG. 7 is an interface through NFC with the user's wireless terminal 300 through the process shown in FIG. 6 in connection with the process of authenticating n pieces of transaction information transmitted and received through the process shown in FIG. When generating and outputting a one-time code using the chip 405 of the card 400 is performed, the process shown in FIG. 6 is performed with (Nn) pieces including the disposable code displayed on the screen of the wireless terminal 300 . As a diagram illustrating a process of processing non-face-to-face transactions by transmitting and receiving transaction information, those of ordinary skill in the art to which the present invention pertains may refer to and/or modify this figure 7 to transmit and receive transaction information and non-face-to-face transactions. Various implementation methods for the transaction processing process (for example, implementation methods in which some steps are omitted or the order is changed) may be inferred, but the present invention includes all of the inferred implementation methods, and is shown in FIG. The technical features are not limited only to the illustrated implementation method.

Referring to FIG. 7 , the user's terminal 100 is displayed on the screen of the wireless terminal 300 through the process shown in FIG. 6 among N pieces of transaction information for non-face-to-face transactions through an interface displayed to receive transaction information. It is checked whether (Nn) pieces of transaction information including the displayed one-time code are input or selected (700).

If (Nn) pieces of transaction information including the one-time code are input or selected, the user's terminal 100 transmits (Nn) pieces of transaction information including the one-time code through the first channel (705) , the transaction authentication system 200 receives the (Nn) pieces of transaction information through the first channel (S715). The process of transmitting and receiving the (Nn) pieces of transaction information may be sequentially performed according to an order corresponding to the non-face-to-face transaction procedure, or may be batch-processed.

The transaction authentication system 200 performs an authentication procedure corresponding to a one-time code among the (Nn) pieces of transaction information (715). If the validity of the one-time code is not authenticated, the transaction authentication system 200 transmits an authentication error for the one-time code to the user's terminal 100 (720), and the user's terminal 100 The authentication error is received and output (725). On the other hand, when the validity of the one-time code is verified, the transaction authentication system 200 receives N pieces of transaction information (eg, n pieces of transaction information and A non-face-to-face transaction procedure using (Nn) combinations of transaction information is controlled to be performed ( 730 ). If the non-face-to-face transaction procedure is performed, the transaction authentication system 200 transmits the non-face-to-face transaction result for the non-face-to-face transaction to the user's terminal 100 (735), and the user's terminal 100 receives and outputs the non-face-to-face transaction result ( 740 ).

100: user's terminal 105: transaction server
110: code server 115: control server
120: ledger system 200: transaction authentication system
205: transaction information receiving unit 210: transaction information confirmation unit
215: information selection unit 220: information transmission unit
225: authentication information receiving unit 230: transaction information authentication unit
235: transaction information control unit 240: non-face-to-face transaction control unit
245: code authentication processing unit 300: wireless terminal
305: NFC module 315: program
400: card 405: chip

Claims (14)

A method executed by a server communicating with a user's terminal through a first channel including a designated communication path and communicating with a user's wireless terminal through a heterogeneous second channel differentiated from the first channel,
A first step of receiving n (1≤n<N) pieces of transaction information input or selected by the user from among N (N≥2) pieces of transaction information to be input for non-face-to-face transaction from the user's terminal;
a second step of confirming m (m≥1) pieces of transaction information queried through the ledger system corresponding to the received n pieces of transaction information;
At least one of n'(1≤n'≤n) pieces of information selected from the n pieces of transaction information and m'(1≤m'≤m) pieces of information selected from the inquired m pieces of transaction information ( a third step of transmitting n'+m') pieces of information to the user's wireless terminal;
Among the (n'+m') pieces of information transmitted to the user's wireless terminal, t(1≤t≤(n'+m')) pieces of authentication information corresponding to preset designated information are transmitted through the user's wireless terminal. a fourth step of receiving and receiving an input;
a fifth step of confirming an authentication result by performing an authentication procedure on the n pieces of transaction information or t pieces of authentication information received in response to the designated information among the m pieces of transaction information; and
a sixth step of transmitting information for authorizing generation of a one-time code using a chip of a card interfaced through NFC (Near Field Communication) to the wireless terminal of the user when the t pieces of authentication information are authenticated;
a seventh step of receiving and receiving (Nn) pieces of transaction information including one-time codes generated through the chip of the card from the user's terminal;
an eighth step of confirming an authentication result by performing an authentication procedure on the received one-time code included in the (Nn) pieces of transaction information; and
When the one-time code is authenticated, a transaction using N pieces of transaction information including n pieces of transaction information received before authenticating the t pieces of authentication information and (Nn) pieces of transaction information received after authenticating the t pieces of authentication information A transaction authentication method using transaction information and a server-side random number code, including a ninth step of controlling to perform a procedure for processing.
The method of claim 1,
The n transaction information includes a deposit bank, a deposit account number, and a deposit amount,
The ledger system includes a deposit bank-side ledger system,
The m number of transaction information, transaction authentication method using transaction information and NFCP card, characterized in that it includes the name of the account holder of the deposit account.
delete delete According to claim 1, wherein the n' pieces of information,
Transaction authentication method using transaction information and NFCP card, characterized in that it includes n' pieces of information among each individual transaction information or partial information of each individual transaction information included in the n pieces of transaction information.
According to claim 1, wherein the m' pieces of information,
Transaction authentication method using transaction information and NFCP card, characterized in that it includes m' pieces of information among each individual transaction information or partial information of each individual transaction information included in the m pieces of transaction information.
According to claim 1, wherein the third step,
designating t pieces of authentication information to be input by a user among the (n'+m') pieces of information;
Transmitting the designation information specifying the t pieces of authentication information to the user's wireless terminal; transaction authentication method using transaction information and NFCP card, characterized in that it further comprises.
According to claim 1, wherein the fourth step,
When t pieces of authentication information among the (n'+m') pieces of information are designated through the user's wireless terminal,
Transaction authentication method using transaction information and NFCP card, characterized in that it further comprises the step of receiving, from the user's wireless terminal, designation information specifying t pieces of authentication information among the (n'+m') pieces of information .
According to claim 1, wherein the disposable code,
A code generated through the chip of the card using at least two of the card-side seed value stored in the chip of the card, the time value provided from the wireless terminal to the chip of the card, and the server-side seed value provided by the server as a seed Transaction authentication method using transaction information and NFCP card, characterized in that it includes.
delete delete delete delete delete

Images