KR102392147B1 - Method for Converging Facing and Non-facing Certification - Google Patents

Abstract

The present invention relates to a convergence method of face-to-face authentication and non-face-to-face authentication. In a method executed through a server communicating with a user's terminal equipped with a camera, the user's real name authentication card is displayed through a camera provided in the user's terminal. Receive a photographed real-name authentication tag image, connect a video call for photographing a user through the camera of the user terminal, form a remote face-to-face state between a designated agent and a user, and provide the real-name authentication tag image to the agent, In a state in which a video call for photographing a user is connected through a camera of a user terminal, an authentication code generated through a designated code generation module is processed to be exposed on the screen of the user terminal in the video call, and the user terminal is processed through the camera In a state in which a video call for recording a process in which a user inputs an authentication code exposed on the screen of the user terminal is connected, the user terminal receives and receives the authentication code exposed on the screen of the user terminal through the user terminal, Check the result of authenticating the validity of the received authentication code in a state in which a video call for photographing a user through a camera is connected, and immediately before receiving the authentication code, the user through the camera of the user terminal allows the authentication code The result of verifying whether the user's gaze direction matches the input process of the authentication code by reading an image of the input process is checked, and the user's face photographed through the camera of the user terminal during the video call is The validity of the authentication code input after exposure through the screen of the user terminal during the video call is matched with the portrait of the real name authentication table image, and the user's gaze direction of the image taken through the camera of the user terminal is the above If it matches the input process of the authentication code, it is processed so that the face-to-face authentication-based service is provided to the user.

Description

Method for Converging Facing and Non-facing Certification

The present invention is a method executed through a server that communicates with a user's terminal having a camera, and receives a real name authentication card image obtained by photographing the user's own real name authentication card through a camera provided in the user terminal, and the user terminal By connecting a video call that captures the user through the camera of In the connected state, the authentication code generated through the specified code generation module is processed to be exposed on the screen of the user terminal during the video call, and the user inputs the authentication code exposed on the screen of the user terminal through the camera of the user terminal A state in which a video call is connected to receive an authentication code exposed on the screen of the user terminal through the user terminal in a state in which a video call is connected, and a video call to photograph a user through the camera of the user terminal is connected Check the result of authenticating the validity of the received authentication code, read the image captured by the user through the camera of the user terminal just before receiving the authentication code, the process of entering the authentication code by reading the user Checks the authentication result whether the gaze direction of the user matches the input process of the authentication code, and at the same time as the user's face photographed through the camera of the user terminal during the video call matches the portrait of the real name authentication table image When the validity of the input authentication code is authenticated after exposure through the screen of the user terminal during a video call, and the user's gaze direction of the image captured by the camera of the user terminal matches the input process of the authentication code, face the user It relates to a convergence method of face-to-face authentication and non-face-to-face authentication that processes to provide an authentication-based service.

Recently in Korea, research on full-time Internet banking is being discussed. However, Internet banking itself is nothing new. An Internet-only bank provides financial services that were provided through an offline store or branch of a conventional bank only through a communication network without offline stores or branches. Currently, the world's first internet-only bank is known as SFNB (Security First Network Bank), established in October 1995.

However, in the case of Korea, there have been many discussions about Internet-only banks, but due to various regulations (eg Act on Real Name Financial Transactions and Confidentiality, abbreviation “Act on Real Name Financial Transactions”), Internet banking was not started. In Korea, according to the Real Name Financial Transactions Act, at the time of initial sign-up or account opening, a real-name authentication card (eg, resident registration card, passport, driver’s license, etc.) must be used to visit an offline store or branch and authenticate in person. has a In addition, in the case of conventional banks, face-to-face authentication using a real-name authentication card must be performed at the time of initial sign-up or account opening, and then face-to-face authentication such as Internet banking must be performed. can be provided.

However, for non-face-to-face authentication, a database must first be established by first signing up. For example, for ID/PW authentication, which is the most representative non-face-to-face authentication method, you must first go through the membership registration process, register personal information, and go through the process of building a database in which an identification value (=ID) and authentication value (=PW) are issued. Non-face-to-face authentication using /PW becomes possible. Alternatively, in the case of non-face-to-face authentication using an accredited certificate, first visit an offline store or branch of a bank designated as a registration authority (RA) and apply for issuance of an accredited certificate to the certification authority (CA) with an identification value (e.g., resident registration number and name) Non-face-to-face authentication using an accredited certificate is possible only after going through the process of building a database that receives a certificate and an authentication value (=certificate). Or, in the case of non-face-to-face authentication using biometric information, even if it does not take into consideration the issue of privacy infringement due to biometric information exposure (e.g., even if an accredited certificate is exposed/thefted, it can be discarded and reissued, but biometrics cannot be discarded), first, the customer's biometric information Non-face-to-face authentication using biometrics becomes possible only after passing through the process of acquiring and building a database.

However, the first time to sign up for a full-time Internet bank was before the database for non-face-to-face authentication was established. That is, it has a technically very difficult problem to provide non-face-to-face authentication in a situation where a database is not established at the time of initial subscription before the database for non-face-to-face authentication is built. Of course, non-face-to-face authentication can be provided by anomalously visiting an offline store or branch of a conventional registration authority (RA) and registering an accredited certificate issued through a certification authority (CA) with an Internet bank. Customers who have not been issued a certificate cannot even use this, and even if they use this anomaly to pass the initial sign-up process of an Internet full-time bank, they can open an account only with an official certificate without using face-to-face authentication in the subsequent account opening process. There is no legal basis at all.

In addition, in the case of a conventional bank, only face-to-face authentication had to be provided for initial sign-up or account opening. However, for initial sign-up or account opening of an internet bank, face-to-face authentication corresponding to the Real Name Financial Transactions Act is provided, and at the same time, the Depending on the face-to-face characteristics, non-face-to-face authentication should also be provided. Currently, no one is considering that face-to-face authentication according to the Real Name Financial Transactions Act and non-face-to-face authentication according to the non-face-to-face characteristics of an internet dedicated bank should be performed at the same time for the first signup or account opening of an Internet dedicated bank. Of course, once the database for non-face-to-face authentication is established, various methods for providing non-face-to-face authentication can be derived using this. However, it is difficult to provide face-to-face authentication and non-face-to-face authentication at the same time before a database for non-face-to-face authentication is established (= the time of initial subscription). On the other hand, some are researching ways to provide non-face-to-face authentication by using a database previously established with a third party (eg, a conventional commercial bank or credit card company) under the condition that a database for non-face-to-face authentication is not established. . However, for this purpose, the customer first has to sign up for a third-party institution according to the conventional method, which causes a problem that the customer cannot use the Internet dedicated bank.

An object of the present invention for solving the above problems is a method executed through a server communicating with a user's terminal equipped with a camera, wherein the user's real name authentication card is photographed through a camera provided in the user terminal. A first step of receiving a real-name authentication tag image and a video call for photographing a user through the camera of the user terminal to form a remote face-to-face state between a designated agent and the user, and to provide the real-name authentication tag image to the agent A third step of processing the authentication code generated through a specified code generation module to be exposed on the screen of the user terminal during the video call in a state in which step 2 and the video call for photographing the user are connected through the camera of the user terminal; Through the user terminal's camera, the user terminal receives the authentication code exposed on the screen of the user terminal through the user terminal in a state in which a video call is connected to photograph the process of inputting the authentication code exposed on the screen of the user terminal. In a state in which the fourth step of receiving and video call for photographing the user through the camera of the user terminal are connected, the result of authenticating the validity of the received authentication code is checked, and immediately before receiving the authentication code, the user terminal During the video call and a fifth step of confirming the authentication result whether the gaze direction of the user matches the input process of the authentication code by reading an image captured by the process of the user entering the authentication code through the camera of The user's face photographed through the camera of the user terminal is matched with the portrait of the real name authentication table image, and the validity of the authentication code input after exposure through the screen of the user terminal during the video call is authenticated, and the user terminal A convergence method of face-to-face authentication and non-face-to-face authentication, comprising a sixth step of processing to provide a face-to-face authentication-based service to the user when the user's gaze direction of the image taken through the camera of the user matches the input process of the authentication code is in providing.

The convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention is a method executed through a server that communicates with a user's terminal equipped with a camera. A first step of receiving a real name authentication tag image and a video call for photographing a user through the camera of the user terminal to form a remote face-to-face state between a designated agent and the user, and to provide the real name authentication tag image to the agent A third step of processing the authentication code generated through a specified code generation module to be exposed on the screen of the user terminal in the video call in a state in which the second step and the video call for photographing the user through the camera of the user terminal are connected; Input the authentication code exposed on the screen of the user terminal through the user terminal in a state in which a video call is connected to photograph the process of the user inputting the authentication code exposed on the screen of the user terminal through the camera of the user terminal In the fourth step of receiving and receiving, confirming the result of authenticating the validity of the received authentication code in a state in which a video call for photographing a user is connected through the camera of the user terminal, and immediately before receiving the authentication code, the user A fifth step and the video call of reading an image captured by the user through the camera of the terminal and of the process of inputting the authentication code to confirm the authentication result whether the gaze direction of the user matches the input process of the authentication code During the video call, the user's face photographed through the camera of the user terminal matches the portrait of the real name authentication table image, and the validity of the authentication code input after exposure through the screen of the user terminal during the video call is authenticated, and the user and a sixth step of processing so that a face-to-face authentication-based service is provided to the user when the user's gaze direction of the image captured by the camera of the terminal matches the input process of the authentication code.
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, when the real name authentication table image is received, the feature structure of the user's portrait is recognized by analyzing a portrait area included in the real name authentication table image Further comprising the step of recognizing the feature structure of the user's face by analyzing the user's face region of the video call when the video call is connected, and the recognized feature structure of the user's face is included in the real name authentication table image It is characterized in that it further comprises the steps of confirming whether the feature structure of the portrait of the user is matched, and confirming the result of matching the feature structure of the user's face with the feature structure of the portrait of the user.
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, when the real name authentication table image is received, the character information printed on the real name authentication table is recognized by analyzing the character area included in the real name authentication table image Comparing the personal information of the user input received through the user terminal or previously registered through the user terminal with the text information recognized from the text area included in the real-name authentication table image to confirm the authentication result of matching It is characterized in that it further comprises the step of
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, when the real name authentication card image is provided to the agent connecting the user and the video call, the user's face of the video call and the real name authentication table image from the agent It characterized in that it further comprises the step of receiving an authentication result obtained by matching and comparing the user portrait included in the .
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, the agent is characterized in that it comprises at least one of an employee who connects the user and a video call, and a program that connects the user and a video call .
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, the authentication code includes a code value dynamically generated through a code generating module provided in the server, and a code generating module of the code generating server associated with the server. It characterized in that it comprises at least one of a code value dynamically generated through a code value and a code value dynamically generated through a code generation module provided in the user terminal.
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, the third step is to expose the authentication code to an area inside the video call area on the screen of the user terminal or to a certain area near the video call area. characterized.
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, before receiving the authentication code through the user terminal, analyzing the user's face region of the video call to confirm the user's gaze direction; When receiving and receiving the authentication code through the step of confirming whether the direction of the user's gaze is changed to the direction in which the authentication code input interface for receiving the authentication code is input, and when confirming the change of the gaze direction, the received authentication code It is characterized in that it further comprises the step of determining the valid input authentication code.
In the convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention, the third step is to analyze the user's face area of the video call and gaze at the video call area of the screen of the user terminal or the authentication code displayed on the screen Further comprising the step of confirming the gaze direction of the user, wherein the fourth step is, the step of confirming that the gaze direction of the user is changed to the direction in which an authentication code input interface for receiving the authentication code is displayed, and the gaze direction When the change is confirmed, it characterized in that it further comprises the step of determining the received authentication code as a validly input authentication code.
The convergence method of face-to-face authentication and non-face-to-face authentication according to the present invention is a method executed through a server that communicates with a user's terminal equipped with a camera. A first step of receiving an image of a real name authentication tag, and a second step of connecting a video call through a camera of the user terminal to form a remote face-to-face state between a designated agent and a user, and providing the real name authentication tag image to the agent And, a third step of processing the authentication code generated through a designated code generation module in a state in which the video call is connected between the user and the agent to be exposed on the screen of the user terminal during the video call, and the video call between the user and the agent A fourth step of receiving and receiving the authentication code exposed on the screen of the user terminal in the connected state, and the result of authenticating the validity of the received authentication code while the video call is connected between the user and the agent and a fifth step of confirming.

According to the present invention, in the convergence method of the face-to-face authentication and non-face-to-face authentication, when the real name authentication table image is received, the feature structure of the user's portrait is recognized by analyzing the portrait area included in the real name authentication table image. It may include further steps.

According to the present invention, the convergence method of the face-to-face authentication and non-face-to-face authentication recognizes the character information printed on the real name authentication table by analyzing the character area included in the real name authentication table image when receiving the real name authentication table image. It may further include the step of

According to the present invention, the convergence method of the face-to-face authentication and the non-face-to-face authentication includes the steps of receiving and receiving the personal information of the user from the user terminal, and the text area included in the real name authentication table image for the personal information of the user The method may further include verifying an authentication result verified to be matched by comparing it with text information recognized from the .

According to the present invention, the convergence method of the face-to-face authentication and non-face-to-face authentication includes the steps of recognizing the feature structure of the user's face by analyzing the user's face region of the video call when the video call is connected, and the recognized user's face Checking whether the feature structure of the user matches the feature structure of the portrait of the user included in the real-name authentication table image, and confirming the result of matching the feature structure of the user's face with the feature structure of the portrait. may include more.

According to the present invention, in the convergence method of the face-to-face authentication and non-face-to-face authentication, when the real name authentication table image is provided to the agent connecting the user and the video call, the user's face of the video call and the real name authentication table from the agent The method may further include receiving an authentication result obtained by matching and comparing the user portrait included in the image.

According to the present invention, in the third step, when it is confirmed that the user's face of the video call and the user's portrait included in the real name authentication table image are matched through the authentication result, authentication generated through a designated code generation module The code may be processed to be exposed on the screen of the user terminal.

According to the present invention, the agent may include at least one of an employee who connects the user and the video call, and a program that connects the user and the video call.

According to the present invention, the authentication code is a code value dynamically generated through a code generation module provided in the server, a code value dynamically generated through a code generation module of a code generation server associated with the server, and provided in the user terminal It may include at least one of the code values dynamically generated through the code generation module.

According to the present invention, in the third step, the authentication code may be exposed in the video call area of the screen of the user terminal.

According to the present invention, in the third step, the authentication code may be exposed in a predetermined area near the video call area of the screen of the user terminal.

According to the present invention, the third step may include processing to display an authentication code input interface for receiving the authentication code in a predetermined area near the video call area of the screen of the user terminal.

According to the present invention, the convergence method of the face-to-face authentication and the non-face-to-face authentication includes the steps of analyzing the user's face area of the video call before receiving the authentication code through the user terminal and confirming the user's gaze direction; When receiving and receiving the authentication code through the user terminal, the step of confirming whether the direction of the user's gaze is changed to the direction displayed in the authentication code input interface for receiving the authentication code input; It may further include the step of determining the authentication code as a valid input authentication code.

According to the present invention, the third step further includes the step of analyzing the user's facial area of the video call to confirm the user's gaze direction staring at the video call area of the screen of the user terminal or the authentication code displayed on the screen And, the fourth step includes the steps of confirming that the user's gaze direction is changed to the direction in which the authentication code input interface for receiving the authentication code is displayed, and when confirming the change of the gaze direction, validly input the received authentication code It may further include the step of determining the authentication code.

According to the present invention, the fifth step may further include a step of comparing the authentication code generated through the code generation module with the received authentication code and authenticating whether they match.

According to the present invention, the convergence method of the face-to-face authentication and the non-face-to-face authentication further comprises the step of providing an authentication code exposed on the screen of the user terminal to the agent, wherein the fifth step is The method may further include providing an authentication code to the agent, and receiving a result of authenticating the authentication code from the agent.

According to the present invention, in the convergence method of the face-to-face authentication and non-face-to-face authentication, the face of the user who connected the video call in a state where the video call is connected between the user and the agent matches the portrait of the real name authentication table image and at the same time The method may further include a sixth step of processing to provide a face-to-face authentication-based service to the user when the validity of the authentication code exposed and input through the screen of the user terminal during the video call is authenticated.

According to the present invention, not only when a database is established for non-face-to-face authentication, but also when a database for non-face-to-face authentication is not established, video call-based remote face-to-face authentication using a real-name authentication table and non-face-to-face authentication using a one-time authentication code By converging authentication to provide face-to-face and non-face-to-face authentication at the same time, it has the advantage of providing various face-to-face authentication-based services such as first face-to-face authentication signup, account opening, card issuance, and issuance of accredited certificates in a non-face-to-face state.

1 is a diagram showing the configuration of a face-to-face authentication and non-face-to-face authentication convergence system according to an embodiment of the present invention.
2 is a diagram showing the functional configuration of a terminal and a program according to an embodiment of the present invention.
3A to 3F are exemplary views illustrating a screen of a process of converging face-to-face authentication and non-face-to-face authentication according to an embodiment of the present invention.
4 is a diagram illustrating a process of transmitting and receiving a real name authentication card image according to an embodiment of the present invention.
5 is a diagram illustrating a process of verifying a real name authentication tag image according to an implementation method of the present invention.
6 is a diagram illustrating a video call-based remote face-to-face authentication process according to an embodiment of the present invention.
7 is a diagram illustrating a process of fusing non-face-to-face authentication with remote face-to-face authentication according to an embodiment of the present invention.

Hereinafter, the principle of operation of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. However, the drawings shown below and the description to be given below relate to a preferred implementation method among various methods for effectively explaining the characteristics of the present invention, and the present invention is not limited only to the following drawings and description.

That is, the following embodiment corresponds to an embodiment of a preferred union type among numerous embodiments of the present invention, and an embodiment in which a specific configuration (or step) is omitted in the following embodiment, or a specific configuration (or step) An embodiment in which a function implemented in a function is divided into a specific configuration (or step), or an embodiment in which a function implemented in two or more configurations (or step) is integrated into any one configuration (or step), a specific configuration (or step) Embodiments in which the order of operation is replaced, etc. are clearly stated to be within the scope of the present invention, even if not separately mentioned in the following embodiments. Therefore, based on the following examples, it is clearly specified that various examples corresponding to a subset or a complement can be divided retroactively from the filing date of the present invention.

In addition, in the following description of the present invention, if it is determined that a detailed description of a related well-known function or configuration may unnecessarily obscure the gist of the present invention, the detailed description thereof will be omitted. And the terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users and operators. Therefore, the definition should be made based on the content throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those of ordinary skill in the art to which the present invention belongs. only

1 is a diagram showing the configuration of a face-to-face authentication and non-face-to-face authentication convergence system according to an embodiment of the present invention.

In more detail, this drawing 1 provides face-to-face authentication and non-face-to-face authentication even before a database for non-face-to-face authentication is established by fusion of face-to-face authentication using a real-name authentication table and non-face-to-face authentication using a one-time authentication code. As a diagram showing the configuration of a system to which the present invention pertains, those of ordinary skill in the art to which the present invention pertains may refer to and/or modify this figure 1 to see various implementation methods ( For example, some components are omitted, or subdivided, or combined implementation method) may be inferred, but the present invention is made including all implementation methods inferred above, and only the implementation method shown in this figure 1 The characteristics are not limited.

The system of the present invention communicates with the user's terminal 200 having a camera unit 205 and the user's terminal 200 through a communication network, and a user photographing the camera unit 205 of the terminal 200 At the same time, a remote face-to-face authentication procedure for receiving the real name authentication table image of and connecting a video call using the camera unit 205 is performed, and at the same time exposing a one-time authentication code on the screen of the terminal 200 during a video call and inputting it An operation server 100 that performs a non-face-to-face authentication procedure for receiving and receiving authentication, and an agent for performing face-to-face authentication by connecting a video call with the user's terminal 200, The face-to-face authentication and non-face-to-face authentication It may include a service providing server 160 that provides a specified service to the user by using the authentication result fused with authentication. 1 illustrates the operation server 100 as a single physical server for convenience, but the present invention is not limited thereto. The operation server 100 of the present invention may consist of a combination of two or more servers (eg, an embodiment in which each functional component shown in FIG. 1 or a combination of two or more functional components shown in FIG. 1 is implemented as a separate server), the present invention It clearly states that the embodiment of implementing the operation server 100 as a combination of a plurality of servers is also included in the scope of rights.

The user's terminal 200 is a generic term for terminals having a camera unit 205 capable of capturing real-name authentication cards (eg, resident registration card, passport, driver's license, etc.) and video call operation among terminal devices used by the user, preferably It includes a wireless terminal such as a mobile phone, a smart phone, a tablet PC, which is provided with a camera unit 205 and is connected to a wireless communication network, or has a camera unit 205 and is connected to a wired communication network through a wired network such as a personal computer or a laptop computer. It may include a terminal or a wireless LAN terminal having a camera unit 205 .

The agent is a subject that remotely performs face-to-face authentication with the user's terminal 200. Preferably, the user's real name authentication card image is provided and the user and the video call are connected, and the user's portrait included in the real name authentication table image. It may include a call center employee (or a call center employee's terminal device) performing a remote face-to-face authentication procedure for authenticating whether it is the person, or may include a program code for performing the remote face-to-face authentication procedure. When the agent is implemented in the form of a program code, the agent may be implemented in the operation server 100 or may be implemented in the form of a separate server interworking with the operation server 100 . Hereinafter, the features of the present invention will be mainly described in the embodiment in which the agent is a call center employee (or a call center employee's terminal device) performing a remote face-to-face authentication procedure, but the present invention is limited by this No, it is clearly stated that the agent may include an agent program in the form of a program code for performing a remote face-to-face authentication procedure.

The service providing server 160 is a generic name of servers that provide the specified service to the user based on the result of convergence authentication of face-to-face authentication and non-face-to-face authentication obtained through the operation server 100, preferably of an Internet-only bank. It may include a server, a server of a conventional financial institution (eg, a bank, a card company, a securities company, etc.) that provides a service by fusion of face-to-face authentication and non-face-to-face authentication.

The operation server 100 communicates with the user's terminal 200 through a communication network and performs at least one of a face-to-face authentication procedure using a real-name authentication card and a non-face-to-face authentication procedure using a one-time authentication code. , Preferably, face-to-face authentication and non-face-to-face authentication are fused by interworking with one or more agents connecting the user and video call.

Referring to Figure 1, the operation server 100, the communication channel connection unit 105 for connecting the user's terminal 200 and the communication channel, and the user's terminal 200, the real name authentication card is photographed and transmitted, A program management unit 110 for checking and managing whether the program 210 for providing a video call is loaded is provided.

A user mounts a program 210 for convergence processing of face-to-face authentication and non-face-to-face authentication in conjunction with the operation server 100 in his/her terminal 200 having a camera unit 205, and the loaded program 210 ) is driven The program 210 of the terminal 200 connects to the operation server 100 through a communication network according to a preset communication setting, and the communication channel connection unit 105 is the terminal 200 for accessing the operation server 100 . ) and the communication channel. At this time, the user may be a user who has signed up as a customer (or member) of the operation server 100 (or the service providing server 160) and has converted personal information into a database, and according to the present invention, the user is the operation server ( 100) (or the service providing server 160), even if it is a user who does not register as a customer (or member) of personal information into a database.

When the communication channel is connected to the terminal 200, the program management unit 110 performs a procedure of generating/exchanging preset information with the program 210 of the terminal 200 through the communication channel, thereby performing the communication. It is confirmed whether the program 210 mounted on the terminal 200 to which the channel is connected is the program 210 that interworks with the operation server 100 to perform a function of convergence processing of face-to-face authentication and non-face-to-face authentication. If the terminal 200 does not connect using the designated program 210 and accesses it in another way, the program management unit 110 converges the face-to-face authentication and non-face-to-face authentication with the user's terminal 200 . A processing procedure is performed so that the program 210 that performs the processing function is loaded.

Referring to Figure 1, the operation server 100, the information receiving unit 115 for receiving the real name authentication tag image of the user through the camera unit 205 provided in the user's terminal 200, and a real name authentication table reading unit 120 that confirms the validity of the received real name authentication table image, reads the real name authentication table image, and recognizes at least one of a portrait and a character included in the real name authentication table. .

When the program 210 for convergence processing of face-to-face authentication and non-face-to-face authentication is mounted on the user's terminal 200 , the program 210 of the terminal 200 includes a camera unit 205 provided in the terminal 200 . ) to display the real-name authentication card shooting interface that induces the user to take their own real-name authentication card. Preferably, the program 210 of the terminal 200 displays the image data input through the activated camera unit 205 in a certain area on the screen in real time, while allowing the user to use his or her real name authentication card as a subject. It is possible to display a real-name authentication tag shooting interface that induces shooting. For example, the program 210 of the terminal 200 captures a real-name authentication table that displays a real-name authentication table area in which to place the real-name authentication table within a predetermined region displaying image data input through the camera unit 205 . An interface can be displayed, and when a subject identified by the real name authentication tag is located in the real name authentication table area, the real name authentication tag image can be generated by photographing the subject (= real name authentication tag) as shown in the example of FIG. 3a. .

According to the implementation method of the present invention, most of the real name authentication cards possessed by the user have a rectangular structure, and the program 210 of the terminal 200 uses the rectangular structure of the real name authentication table area to take the real name authentication table. can be displayed If the gaze direction of the camera unit 205 and the real name authentication tag form a right angle, the subject (=real name authentication table) in the real name authentication tag area will have a rectangular structure, but the gaze direction of the camera unit 205 and the real name authentication table If is taken obliquely instead of forming a right angle, the subject in the real-name authentication tag area (=real-name authentication table) will have a trapezoidal structure or a rhombus structure. If the real name authentication tag is photographed while being distorted in a trapezoidal or rhombus structure, a portrait area or text area inside the real name authentication table will also be distorted. Accordingly, the program 210 of the terminal 200 determines whether the subject (= real-name authentication table) of the real-name authentication table area has a rectangular structure outline, and the subject (= real-name authentication table) has a rectangular structure outline. In this case (or if it has a rectangular structure within an allowable error range), the real name authentication tag area may be captured to generate a real name authentication tag image.

The program 210 of the terminal 200 compresses (and/or encrypts) the generated real name authentication table image according to a specified method and transmits it through the communication channel, and the information receiving unit 115 uses the communication channel. Through the program 210 of the terminal 200, the real name authentication tag image captured through the camera unit 205 of the terminal 200 is received.

On the other hand, when the user is not signed up as a customer (or member) of the operation server 100 (or service providing server 160) before providing a fusion of face-to-face authentication and non-face-to-face authentication according to the present invention (or operating server (100) (or when the user's personal information is requested from the service providing server 160), the program 210 of the terminal 200 is the user's personal information matching the characters printed on the real name authentication table (for example, , name, date of birth, etc.) may be prompted to display a personal information input interface that receives input, and the personal information input interface receives the user's personal information. The program 210 of the terminal 200 may display the real-name authentication card photographing interface and the personal information input interface on one screen, or sequentially according to a specified order, depending on the method of displaying each interface. The present invention is not limited by

When the user's personal information is input through the personal information input interface, the program 210 of the terminal 200 may transmit the inputted user's personal information through the communication channel, and the information receiving unit 115 may receive the user's personal information input through the program 210 of the terminal 200 through the communication channel.

When the real name authentication table image is received through the information receiving unit 115, the real name authentication table reading unit 120 reads the real name authentication table image, and the real name authentication table image includes a portrait area and a text area. identify whether If the real name authentication table image does not include an identifiable portrait area and text area, the real name authentication table reading unit 120 provides a real name authentication table image error to the program 210 of the terminal 200, , the program 210 of the terminal 200 may perform a procedure of re-photographing and transmitting the user's real name authentication table. Meanwhile, the process of identifying whether the real name authentication table image includes a portrait area and a text area according to an implementation method may also be performed through the program 210 of the terminal 200 .

When the real-name authentication table image is received and/or when an identifiable portrait area is identified in the real-name authentication table image, the real-name authentication table reading unit 120 interprets the portrait region included in the real-name authentication table image. Thus, the feature structure of the user portrait can be recognized. If the face of the user connected to the video call is recognized through the program code and matching with the portrait is authenticated, the real name authentication table reading unit 120 recognizes the facial recognition and authentication feature structure from the user portrait. desirable. However, in the case of authenticating whether the user is the user through the call center employee, it is okay to not recognize the facial recognition and the feature structure that can be authenticated (however, it is desirable to recognize that it is a portrait of a person). If the feature structure of the person picture included in the real name authentication table image is to be recognized but is not recognized, the real name authentication table reading unit 120 uses the program 210 of the terminal 200 to detect a real name authentication table image error. may be provided, and the program 210 of the terminal 200 may perform a procedure of re-photographing and transmitting the user's own real name authentication card. Meanwhile, the process of recognizing the characteristic structure of the portrait according to the implementation method may also be performed through the program 210 of the terminal 200 .

When the real name authentication table image is received and/or an identifiable character area is identified in the real name authentication table image, the real name authentication table reading unit 120 interprets the character area included in the real name authentication table image and Character information printed on the real name authentication table can be recognized. If the information corresponding to the text area can be delivered through voice during a video call between the agent and the user, or if the agent can visually check the text area included in the real name authentication table image and input the text information, the text information Recognition of can be omitted. If the character information included in the real-name authentication table image should be recognized but not recognized, the real-name authentication table reading unit 120 may provide a real-name authentication table image error to the program 210 of the terminal 200. In addition, the program 210 of the terminal 200 may perform a procedure of re-photographing and transmitting the user's own real name authentication table. Meanwhile, the process of recognizing the text information according to the implementation method may also be performed through the program 210 of the terminal 200 .

The text information is recognized through the real-name authentication table reading unit 120, the user's personal information is received through the information receiving unit 115, or the database is stored in the operation server 100 (or the service providing server 160). When the user's personal information is verified, the real name authentication table reading unit 120 may compare the recognized text information with the user's personal information to authenticate whether they match.

Referring to FIG. 1, the operation server 100 uses a camera unit 205 provided in the user's terminal 200 to connect a video call connection unit 125 to the user's terminal 200 and a video call. And, a remote face-to-face forming unit 130 that forms a remote face-to-face state between the user and the agent by transferring the video call connection to a designated agent, and the person whose face of the user who connected the video call is included in the real name authentication table image and a face-to-face authentication procedure unit 135 that performs a face-to-face authentication procedure for authenticating whether the photo matches.

When the user's real name authentication tag image taken through the camera unit 205 of the terminal 200 is received, the video call connection unit 125 interworks with the program 210 of the terminal 200 to the user's terminal A procedure for connecting a video call using the camera unit 205 provided in the 200 is performed.

Before, during, and after the video call is connected to the user's terminal 200 through the video call connection unit 125, the remote face-to-face forming unit 130 performs a video call with the user among a plurality of agents. Select (or determine) an agent to connect to and form a face-to-face state with the user remotely. If the agent is a program code, the agent selection (or determination) process may be omitted.

If an agent to form a remote face-to-face state with the user is selected (or determined), the remote face-to-face forming unit 130 performs a video call connected to the user's terminal 200 through the video call connection unit 125 to the agent. to form a remote face-to-face state between the user and the agent, and the program 210 of the terminal 200 displays a video call area on the screen of the terminal 200 as shown in the example of FIG. 3b.

At the same time as the remote face-to-face state between the user and the agent is formed, the remote face-to-face forming unit 130 provides the real name authentication card image received through the information receiving unit 115 to the agent and outputs it as shown in the example of FIG. 3C . . In addition, the remote face-to-face forming unit 130 recognizes the user's personal information received from the program 210 of the terminal 200 through the information receiving unit 115 or the text area of the real name authentication tag image of the user obtained The customer information corresponding to the personal information is provided to the agent and output as shown in the example of FIG. 3C.

3b and 3c, in a state in which the video call between the user and the agent is connected, the face-to-face authentication procedure unit 135 authenticates whether the face of the user who connected the video call matches the portrait included in the real name authentication table image face-to-face authentication process.

According to the first face-to-face authentication procedure of the present invention, the face-to-face authentication procedure unit 135 matches the face of the user who connected the video call through the example of FIG. 3d and the agent to the portrait included in the real name authentication table image It is possible to perform a procedure to receive the result of authentication (eg, “verification” or “suitability” for identity verification).

According to the second face-to-face authentication procedure of the present invention, the face-to-face authentication procedure unit 135 interprets the user face region of the video call to recognize the feature structure of the user's face, and the recognized feature structure of the user's face is the It is possible to perform a procedure of authenticating whether or not it matches the feature structure of the portrait included in the portrait area of the real-name authentication table image recognized through the real-name authentication table reading unit 120 . If the feature structure of the user's face matches the feature structure of the portrait of the real name authentication table image, at least one of the authentication results of the example of FIG. 3d (eg, "verify") may be automatically set.

According to the third face-to-face authentication procedure of the present invention, the face-to-face authentication procedure unit 135 includes the face of the user who connected the video call in the form of a combination of the first and second face-to-face authentication procedures in the real name authentication table image It is possible to perform a procedure for verifying whether or not it matches the person picture, and the present invention is not limited thereto.

Referring to Figure 1, the operation server 100, in a state in which the video call between the user and the agent is connected, the authentication code generated through the specified code generation module is exposed on the screen of the user terminal 200 during the video call. It includes a code exposure processing unit 140 for processing, and the code exposure processing unit 140 can process the generated authentication code to be output even through an agent that has formed a remote face-to-face state with the user.

When the face of the user who connected the video call through the face-to-face authentication procedure unit 135 matches the person picture included in the real-name authentication table image (for example, “verification” and “identity confirmation” in the example of Fig. 3d) When all of the “suitable” is set), the code exposure processing unit 140 displays the authentication code generated through the designated code generation module in a state in which the video call is connected between the user and the agent on the screen of the user terminal 200 in the video call. treated to be exposed. Preferably, when the “Send” button is clicked in the example of FIG. 3d, the code exposure processing unit 140 maintains the video call between the user and the agent, and the authentication code generated through the specified code generation module is in the video call. It may be processed to be exposed on the screen of the user terminal 200 .

According to the first code exposure embodiment of the present invention, the code exposure processing unit 140 may include a designated code generation module. In this case, the code exposure processing unit 140 generates a one-time authentication code through the code generation module. By dynamically generating and providing the generated authentication code to the program 210 of the terminal 200 in the video call, as in the example of FIG. 3e, to expose the generated authentication code through the screen of the terminal 200 can be processed

According to the second code exposure embodiment of the present invention, the code exposure processing unit 140 is dynamically configured to be exposed on the screen of the terminal 200 in the video call from a code generation server (not shown) having a designated code generation module. By receiving the generated authentication code, and providing the authentication code to the program 210 of the terminal 200 in the video call, the generated authentication code is transmitted through the screen of the terminal 200 as shown in the example of FIG. 3e. It can be processed to expose.

According to the third code exposure embodiment of the present invention, the code generation module for generating a one-time authentication code may be implemented distributed to the program 210 of the terminal 200 and the operation server 100 side, and the code The exposure processing unit 140 processes the program 210 of the terminal 200 and the operation server 100 to dynamically generate a one-time authentication code through real-time agreement through the distributed code generation module, as shown in FIG. 3e As such, it is possible to process the generated authentication code to be exposed on the screen of the terminal 200 through the program 210 of the terminal 200 during the video call.

According to the fourth code exposure embodiment of the present invention, the code generation module may be implemented on the terminal 200 side. In this case, the code exposure processing unit 140 is configured to perform the program 210 of the terminal 200 . By sending request information requesting to generate an authentication code and expose it through the screen of the terminal 200, a one-time authentication code is generated through the code generation module implemented on the terminal 200 side, as shown in the example of FIG. 3e and Similarly, it can be processed to be exposed through the screen of the terminal 200 .

According to the embodiment of the present invention, the code exposure processing unit 140 may process the authentication code to be exposed in the video call area of the screen of the terminal 200 during the video call as shown in the example of FIG. 3e . Alternatively, the code exposure processing unit 140 may process the authentication code to be exposed in a predetermined area near the video call area of the screen of the terminal 200 during the video call. That is, the present invention outputs the authentication code on the screen of the terminal 200 without interrupting the video call during the video call.

According to the embodiment of the present invention, the code exposure processing unit 140 displays an authentication code input interface for receiving the authentication code in a certain area near the video call area of the screen of the terminal 200 as shown in FIG. 3e. can be processed

On the other hand, when a one-time authentication code is exposed through the screen of the terminal 200 during a video call as in the example of FIG. 3e , the code exposure processing unit 140 is a one-time authentication code exposed through the screen of the terminal 200 . can be processed to be output by providing it as an agent.

Referring to Figure 1, the operation server 100, the authentication code receiving unit ( 145) and an authentication code authentication unit 150 that performs a procedure for authenticating the validity of the received authentication code in a state in which the video call is connected between the user and the agent and confirms the authentication result of the authentication code, , an authentication result processing unit 155 for processing the authentication result of the authentication code confirmed in the state in which the video call is connected between the user and the agent as an authentication result for the user.

When a one-time authentication code is exposed through the screen of the terminal 200 during a video call as in the example of FIG. 3e, the user inputs the authentication code exposed through the screen of the terminal 200 while maintaining the video call, , the program 210 of the terminal 200 receives the authentication code while maintaining the video call and transmits it to the operation server 100, and the authentication code receiving unit 145 is a video call between the user and the agent In the connected state, the exposed and input authentication code is received through the program 210 of the terminal 200 during a video call.

When the authentication code exposed and inputted through the program 210 of the terminal 200 is received through the authentication code receiving unit 145 in the state in which the video call is connected between the user and the agent, the authentication code authentication unit 150 ) performs a procedure for authenticating the validity of the received authentication code and confirms the authentication result of the authentication code.

According to the first authentication code authentication method of the present invention, the authentication code authentication unit 150 checks the authentication code exposed through the program 210 of the terminal 200, and through the authentication code receiving unit 145 It can be authenticated whether the received authentication code matches the authentication code exposed through the program 210 of the terminal 200 .

According to the second authentication code authentication method of the present invention, the authentication code exposed through the program 210 of the terminal 200 may be provided to the agent and output, in this case, the authentication code authentication unit 150 By providing the authentication code received from the program 210 of the terminal 200 to the agent, the agent determines whether the authentication code received from the program 210 of the terminal 200 matches the output authentication code. You can be prompted to input the verified authentication result.

According to the third authentication code authentication method of the present invention, the authentication code authentication unit 150 combines the first and second authentication code authentication methods of the authentication code received from the program 210 of the terminal 200 validity can be verified.

According to the implementation method of the present invention, the authentication code authentication unit 150 before receiving the authentication code input through the program 210 of the terminal 200 (eg, video call connection or authentication code exposure process), the By analyzing the user's facial area of the video call, the user's gaze direction can be recognized and confirmed before entering the authentication code. Preferably, the user looks at the lens direction of the camera unit 205 or stares at the authentication code displayed on the screen of the terminal 200 before entering the authentication code, and the authentication code authentication unit 150 is the lens of the camera unit 205 . It can be confirmed by recognizing the direction of the user's gaze looking at the direction or staring at the authentication code. Then, when receiving an authentication code through the program 210 of the terminal 200, the authentication code authentication unit 150 is the direction in which the user's gaze direction is displayed in the authentication code input interface for receiving the authentication code input It can be confirmed by recognizing whether it is changed to . When the user's gaze direction is changed, the authentication code authentication unit 150 may determine the received authentication code as a validly input authentication code. When it is determined that the received authentication code is a validly input authentication code, the authentication code authentication unit 150 authenticates the validity of the authentication code through at least one authentication method among the first to third authentication code authentication methods The video call state between the user and the agent should be continuously maintained until the procedure is performed and the authentication result is confirmed.

The authentication result processing unit 155 is configured to match the face of the user who connected the video call with the person picture of the real name authentication table image in a state in which the video call is connected between the user and the agent, and at the same time as the video call of the terminal 200 during the video call. Check whether the validity of the exposed and input verification code is verified through the screen. If the face of the user who connected the video call matches the person picture of the real name authentication table image and at the same time the validity of the authentication code exposed and input through the screen of the terminal 200 during the video call is authenticated, the authentication result processing unit Reference numeral 155 processes to provide services that can be provided based on face-to-face authentication (eg, initial face-to-face authentication subscription, account opening, issuance of an accredited certificate, etc.) as shown in the example of FIG. 3f . Depending on the implementation method, the face-to-face authentication result-based service may be provided through a separate service providing server 160 .

2 is a diagram showing the functional configuration of the terminal 200 and the program 210 according to an embodiment of the present invention.

In more detail, FIG. 2 shows the configuration of a program 210 that converges face-to-face authentication using a real-name authentication table and non-face-to-face authentication using a disposable authentication code and the configuration of a terminal 200 equipped with it, Those of ordinary skill in the art to which the present invention pertains will be able to infer various implementation methods for the function of the terminal 200 by referring to and/or modifying this figure 2, but the present invention provides all the inferred It is made including an implementation method, and the technical characteristics are not limited only to the implementation method shown in FIG. 2 . 2, for convenience, the terminal 200 is provided with a camera and will be described by illustrating a wireless terminal such as a mobile phone, a smart phone, a tablet PC, etc. connected to a wireless communication network as an embodiment, but the terminal 200 of the present invention It is by no means limited to wireless terminals.

Referring to FIG. 2 , the terminal 200 includes a control unit 201 , a memory unit 209 , a screen output unit 202 , a user input unit 203 , a sound processing unit 204 , and a camera unit 205 and a short range. It includes a wireless communication unit 206, a wireless network communication unit 207, a USIM reader unit 208, and a USIM, and includes a battery for supplying power.

The control unit 201 is a generic term for components that control the operation of the terminal 200, and includes at least one processor and an execution memory, and includes each component provided in the terminal 200 and a bus (BUS). connected through According to the present invention, the control unit 201 loads at least one program code provided in the terminal 200 through the processor into the execution memory for operation, and transmits the result to at least one component unit through the bus. to control the operation of the terminal 200 . Hereinafter, for convenience, the configuration of the program 210 of the present invention implemented in the form of a program code will be described by showing it in the control unit 201 .

The memory unit 209 is a generic term for non-volatile memories corresponding to the storage resources of the terminal 200 , and includes at least one program code executed through the control unit 201 and at least one data used by the program code. Save and maintain the set. The memory unit 209 basically includes a system program code and system data set corresponding to the operating system of the terminal 200 , a communication program code and a communication data set for processing wireless communication connection of the terminal 200 , and at least one The application program code and application data set are stored, and the program code and data set corresponding to the program 210 of the present invention are also stored in the memory unit 209 .

The screen output unit 202 includes a screen output device (eg, a liquid crystal display (LCD), etc.) and a driving module for driving the same, and is interlocked with the control unit 201 to display a screen among various calculation results of the control unit 201 . An operation result corresponding to the output is output to the screen output device.

The user input unit 203 includes one or more user input devices (eg, a button, a keypad, a touch pad, a touch screen interlocking with the screen output unit 202, etc.) and a driving module for driving the same, and the control unit 201 and A command for instructing various operations of the control unit 201 is interlocked, or data necessary for the operation of the control unit 201 is input.

The sound processing unit 204 is composed of a speaker, a microphone, and a driving module for driving the same, and decodes sound data corresponding to sound output among various calculation results of the control unit 201 and outputs it through the speaker or , or a sound signal input through the microphone is encoded and transmitted to the control unit 201 .

The camera unit 205 includes an optical unit corresponding to the camera, a CCD (Charge Coupled Device), and a driving module for driving the same, and acquires image data or image data in the form of bitmaps input to the CCD through the optical unit. . The data acquired through the camera unit 205 may include image data in the form of a still image or moving image data in the form of a moving picture.

According to the embodiment of the present invention, the camera unit 205 may acquire image data by photographing the user's real name authentication card, and may acquire image data for a video call.

The wireless network communication unit 207 and the short-range wireless communication unit 206 are generic names of communication resources for connecting the terminal 200 to a designated communication network. Preferably, the terminal 200 may include a wireless network communication unit 207 as a basic communication resource, and may include one or more short-range wireless communication units 206 .

The wireless network communication unit 207 is a generic term for communication resources that connect the terminal 200 to a wireless communication network via a base station. It is configured to include at least one module, and is connected to the control unit 201 to transmit an operation result corresponding to wireless communication among various operation results of the control unit 201 through a wireless communication network or to receive data through a wireless communication network. At the same time as transmitting to the control unit 201, the wireless communication access, registration, communication, and handoff procedures are performed. According to the present invention, the wireless network communication unit 207 can connect the terminal 200 to a communication network including a communication channel and a data channel via a switch. It can be connected to a data network that provides wireless network data communication (eg, the Internet) of

According to the embodiment of the present invention, the wireless network communication unit 207 performs at least one of accessing, location registration, call processing, call connection, data communication, and handoff to a mobile communication network according to the CDMA/WCDMA/LTE standard. includes configuration. Meanwhile, according to the intention of those skilled in the art, the wireless network communication unit 207 may further include a portable Internet communication configuration for performing at least one of accessing, location registration, data communication, and handoff to the portable Internet according to IEEE 802.16 related standards, It should be clearly stated that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 207 . That is, the wireless network communication unit 207 is a generic term for a component that accesses a wireless communication network through a cell-based base station regardless of a frequency band of a wireless section, a type of a communication network, or a protocol.

The short-range wireless communication unit 206 connects a communication session using a radio frequency signal as a communication medium within a certain distance (eg, 10 m), and based on this, as a generic name of communication resources for connecting the terminal 200 to a communication network, Preferably, the terminal 200 may be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to the embodiment of the present invention, the short-range wireless communication unit 206 may be implemented in an integrated or separate form with the wireless network communication unit 207 . According to the present invention, the short-range wireless communication unit 206 connects the terminal 200 to a data network that provides short-range wireless data communication based on packet communication through a wireless AP.

The USIM reader unit 208 is a generic name of a configuration for exchanging at least one data set with a Universal Subscriber Identity Module mounted or detached from the terminal 200 based on the ISO/IEC 7816 standard. , the data set is exchanged in a half-duplex communication method through an Application Protocol Data Unit (APDU).

The USIM is a SIM-type card equipped with an IC chip according to the ISO/IEC 7816 standard, an input/output interface including at least one contact point connected to the USIM reader unit 208, and at least one program code for the IC chip. and an IC chip memory for storing a data set, and a program code for the IC chip according to at least one command transmitted from the terminal 200 connected to the input/output interface, or by extracting (or processing) the data set. It consists of a processor that passes to the input/output interface.

According to the implementation method of the present invention, the terminal 200 performs face-to-face authentication using a real-name authentication card from a designated program providing server (eg, Apple's App Store, etc.) through a data network to which the communication resource is accessible and a one-time authentication code. It is possible to download and load the program 210 that converges and processes non-face-to-face authentication using .

Referring to FIG. 2 , the program 210 of the terminal 200 includes a communication connection unit 215 that connects a communication channel with the operation server 100 through at least one communication network accessible through a communication resource, and the communication A procedure for certifying that the program running in the terminal 200 is a program that converges face-to-face authentication using a real-name authentication card and non-face-to-face authentication using a one-time authentication code through at least one communication network accessible through a resource. and a program authentication unit 220 to perform.

The communication connection unit 215 includes communication connection macro information for accessing the operation server 100 via a data network accessible through the communication resource, and using the communication connection macro information, the operation server 100 and connect the communication channel.

The program authentication unit 220 authenticates the validity of the program 210 with the operation server 100 through at least one of a data network and a communication network to which the communication resource can be accessed. According to the implementation method of the present invention, in the process of authenticating the validity of the program 210, an encryption/decryption communication process agreed in advance between the program 210 and the operation server 100 is performed, and for convenience, the encryption/decryption A detailed description of the process will be omitted.

According to the first program authentication method of the present invention, the program 210 is downloaded through the program providing server in a state in which a unique key value capable of identifying that it is a program operated by the operation server 100 is set, and this In this case, the program authentication unit 220 may authenticate that the program 210 is a program operated by the operation server 100 by transmitting the unique key value to the operation server 100 . On the other hand, the program authentication unit 220 transmits the unique key value to the operation server 100, at least one piece of unique information stored in the terminal 200 or allocated to the communication network together with the unique key value. By transmitting, it is possible to simultaneously authenticate that the program 210 is a program operated by the operation server 100 and that the program 210 is running in the terminal 200 .

According to the second program authentication method of the present invention, after the program 210 is downloaded through the program providing server, an app identification value (eg, A device token assigned by Apple's APNS, etc.) may be allocated, and in this case, the program authenticator 220 transmits the app identification value to the operation server 100, so that the program 210 is the It can be authenticated that the program is operated by the operation server (100). On the other hand, the program authentication unit 220, in the process of transmitting the app identification value to the operation server 100, at least one unique information stored in the terminal 200 or allocated to the communication network together with the app identification value By transmitting, it is possible to simultaneously authenticate that the program 210 is a program operated by the operation server 100 and that the program 210 is running in the terminal 200 .

According to the third program authentication method of the present invention, in the program 210, at least one key value, a key exchange protocol, and encryption/decryption rules are set, and an authentication procedure for authenticating the program 210 using these is defined. The certificate may be downloaded through the program providing server in a loaded state, and in this case, the program authenticator 220 uses at least one key value and a key exchange protocol set in the certificate according to the authentication procedure defined in the certificate. and selectively using encryption/decryption rules to authenticate that the program 210 is a program operated by the operation server 100 . On the other hand, the program authentication unit 220 further uses at least one unique information stored in the terminal 200 or allocated to the communication network in the process of using the certificate for the authentication procedure, so that the program 210 is operated It is possible to simultaneously authenticate that the program is operated by the server 100 and that the program 210 is running in the terminal 200 .

According to the fourth program authentication method of the present invention, when the authentication number sent from the operation server 100 is received through the message exchange protocol of the communication network, the terminal 200 receives the received authentication number as the input. By transmitting to the operation server 100 through the data network, it is possible to authenticate that the program 210 is a program operated by the operation server 100 . On the other hand, the program authentication unit 220 transmits at least one unique information stored in the terminal 200 or allocated to the communication network together with the authentication number in the process of transmitting the authentication number to the operation server 100 . , it is possible to simultaneously authenticate that the program 210 is a program operated by the operation server 100 and that the program 210 is running in the terminal 200 .

According to the fifth program authentication method of the present invention, the program authentication unit 220 receives the program ( 210) is possible, and the present invention is not limited thereby.

Referring to FIG. 2 , the program 210 of the terminal 200 takes a real name authentication card of the user through the camera unit 205 and generates a real name authentication card image by a real name authentication card photographing unit 225 . and an information transmitting unit 235 for transmitting the generated real name authentication table image to the operation server 100, an information input unit receiving personal information of a user matching the characters printed on the real name authentication table ( 230) may be provided.

The real-name authentication tag photographing unit 225 activates the camera unit 205 provided in the terminal 200 to display a real-name authentication card photographing interface that induces the user to photograph the user's own real-name authentication card. Preferably, the real-name authentication tag photographing unit 225 displays the image data input through the activated camera unit 205 in a certain area on the screen in real time, while allowing the user to take a photograph with the user's real-name authentication tag as a subject. It is possible to display a real-name authentication card shooting interface that induces to do so. For example, the real-name authentication tag photographing unit 225 displays a real-name authentication table photographing interface that displays a real-name authentication table area in which to place the real-name authentication table within a predetermined area displaying image data input through the camera unit 205 . can be displayed, and when a subject identified by the real name authentication tag is located in the real name authentication table area, the real name authentication tag image can be generated by photographing the subject (= real name authentication tag) as shown in the example of FIG.

According to the implementation method of the present invention, most of the real-name authentication cards possessed by the user have a rectangular structure, and the real-name authentication tag photographing unit 225 displays a rectangular real-name authentication table area for photographing the real-name authentication table. can do. If the gaze direction of the camera unit 205 and the real name authentication tag form a right angle, the subject (=real name authentication table) in the real name authentication tag area will have a rectangular structure, but the gaze direction of the camera unit 205 and the real name authentication table If is taken obliquely instead of forming a right angle, the subject in the real-name authentication tag area (=real-name authentication table) will have a trapezoidal structure or a rhombus structure. If the real name authentication tag is photographed while being distorted in a trapezoidal or rhombus structure, a portrait area or text area inside the real name authentication table will also be distorted. Accordingly, the real-name authentication tag photographing unit 225 determines whether the subject (= real-name authentication table) of the real-name authentication table area has a rectangular outline. (or, if it has a rectangular structure within an allowable error range), the real name authentication tag area may be captured to generate a real name authentication tag image.

The information transmission unit 235 compresses (and/or encrypts) the generated real name authentication table image according to a specified method and transmits the compressed (and/or encrypted) image through the communication channel.

On the other hand, when the user is not signed up as a customer (or member) of the operation server 100 (or service providing server 160) before providing a fusion of face-to-face authentication and non-face-to-face authentication according to the present invention (or operating server (100) (or when the user's personal information is requested from the service providing server 160), the information input unit 230 is the user's personal information matching the characters printed on the real name authentication table (eg, name, date of birth) etc.) to display a personal information input interface for receiving input, and the personal information input interface receives the user's personal information. The information input unit 230 may display the real name authentication card photographing interface and the personal information input interface on one screen or sequentially according to a specified order, and the present invention can be achieved by displaying the respective interfaces. Not limited.

When the user's personal information is input through the personal information input interface, the information transmitter 235 may transmit the inputted user's personal information through the communication channel.

Referring to FIG. 2 , the program 210 of the terminal 200 includes a video call processing unit 240 that connects a video call through the camera unit 205 and a screen of the terminal 200 during the video call. An authentication code display unit 245 for displaying a one-time authentication code, an authentication code input unit 250 for receiving the authentication code during the video call, and transmitting the input authentication code during the video call to the operation server 100 and an authentication code transmission unit 255 that matches the face of the user who connected the video call through the operation server 100 with the person picture of the real name authentication table image, and at the same time the terminal 200 of the terminal 200 during the video call. When the validity of the authentication code exposed and input through the screen is authenticated, the service processing unit 260 is provided to perform a procedure for providing a face-to-face authentication-based service.

After the real name authentication tag image photographed through the real name authentication tag photographing unit 225 is transmitted to the operation server 100 , the video call processing unit 240 operates the server 100 and the camera unit 205 . A procedure of linking the video call using the image data captured through the and sound data input through the sound processing unit 204 is performed. Preferably, the video call processing unit 240 may perform a video call procedure by using a video call function provided in the terminal 200 or by implementing a separate video call function.

If the video call is connected, the authentication code display unit 245 checks (or generates) a one-time authentication code to be displayed through the screen of the terminal 200 during the video call, and the confirmed (or generated) disposable The authentication code is displayed on the screen of the terminal 200 . Preferably, the authentication code display unit 245 may display the authentication code in the video call area of the screen of the terminal 200 during the video call as shown in the example of FIG. 3e . Alternatively, the authentication code display unit 245 may display the authentication code in a certain area near the video call area of the screen of the terminal 200 during the video call. That is, the present invention outputs the authentication code on the screen of the terminal 200 without interrupting the video call during the video call.

The authentication code input unit 250 displays an authentication code input interface for receiving the authentication code input in a certain area near the video call area of the screen of the terminal 200 as shown in the example of FIG. 3e during the video call, and during the video call, the The authentication code is input through the authentication code input interface.

The authentication code transmission unit 255 transmits the authentication code input through the authentication code input unit 250 to the operation server 100 during a video call, and the operation server 100 receives the authentication code during a video call. to validate validity.

The face of the user who connected the video call through the operation server 100 matches the person picture of the real name authentication table image, and at the same time, the validity of the authentication code exposed and input through the screen of the terminal 200 during the video call Upon authentication, the service processing unit 260 displays an interface for providing a face-to-face authentication-based service as shown in the example of FIG. 3f and performs a procedure for providing a face-to-face authentication-based service.

3a to 3f are exemplary views illustrating a screen of a process of merging face-to-face authentication and non-face-to-face authentication according to an embodiment of the present invention.

In more detail, Fig. 3a illustrates a screen in which the user's real name authentication card is photographed through a camera provided in the user's terminal 200, and Fig. 3b is a screen of the terminal 200 connected to the agent and video call. 3c illustrates the screen of the agent connecting the user and the video call, FIG. 3d illustrates the screen of the agent that processed face-to-face authentication, and FIG. 3e is a one-time authentication code during the video call. The screen of the exposed terminal 200 is exemplified, and FIG. 3f is a terminal 200 that provides a face-to-face authentication-based service by simultaneously performing remote face-to-face authentication using a real-name authentication table and non-face-to-face authentication using a one-time authentication code. screen is illustrated.

4 is a diagram illustrating a process of transmitting and receiving a real name authentication card image according to an embodiment of the present invention.

In more detail, FIG. 4 shows a process of transmitting a real name authentication card image obtained by photographing the user's own real name authentication card to the operation server 100 through the camera unit 205 provided in the user's terminal 200. , those of ordinary skill in the art to which the present invention pertains, refer to and/or modify this figure 4 to perform various implementation methods (for example, some steps are omitted, or the order is Changed implementation method) can be inferred, but the present invention includes all of the inferred implementation methods, and the technical characteristics are not limited only to the implementation method illustrated in FIG. 4 .

4, the user's terminal 200 drives the program 210 to access the operation server 100 (400), and the operation server 100 connects the terminal 200 and the communication channel (405). ), performing a procedure for authenticating whether the program 210 provided in the terminal 200 is a program 210 that converges face-to-face authentication and non-face-to-face authentication (410), and the program 210 of the terminal 200 Also, in conjunction with the operation server 100, a procedure for authenticating the validity of the program 210 is performed (410).

If the validity of the program 210 is not authenticated, the operation server 100 requests the user's terminal 200 to load the program 210 (415), and the terminal 200 sends the program A procedure for mounting 210 is performed ( 420 ).

On the other hand, when the validity of the program 210 is authenticated, the operation server 100 requests the real name authentication table image to the program 210 of the terminal 200 (425), and the program 210 of the terminal 200 ) performs a procedure of photographing the user's own real name authentication card through the camera unit 205 (430). If the real name authentication table is taken, the program 210 of the terminal 200 generates a real name authentication table image (435), transmits it to the operation server 100 (440), and the operation server 100 receives the real name authentication table image from the program 210 of the terminal 200 (445).

5 is a diagram illustrating a process of verifying an image of a real name authentication tag according to an implementation method of the present invention.

In more detail, FIG. 5 shows a process of confirming whether the real name authentication tag image received from the program 210 of the terminal 200 is valid through the process of FIG. A person with will be able to infer various implementation methods (eg, an implementation method in which some steps are omitted or the order is changed) for the real name authentication table verification process by referring and/or modifying this figure 5, but this The invention is made including all the implementation methods inferred above, and the technical characteristics are not limited only to the implementation method shown in FIG. 5 .

Referring to FIG. 5, when a user's real name authentication table image is received from the program 210 of the terminal 200 through the process of FIG. It is possible to recognize the characteristic structure of the portrait by analyzing (500). If the portrait feature structure is not recognized, the operation server 100 provides a real name authentication table error from the program 210 of the terminal 200 (540), and the program 210 of the terminal 200 After receiving and outputting the real name authentication table error (545), the process of re-photographing and transmitting the real name authentication table image may be performed.

On the other hand, the operation server 100 may recognize the text information printed on the real name authentication table by interpreting the text area of the real name authentication table image (505). If the text information is not recognized, the operation server 100 provides a real name authentication table error from the program 210 of the terminal 200 (540), and the program 210 of the terminal 200 displays the real name After receiving and outputting the authentication table error ( 545 ), the process of re-photographing and transmitting the real name authentication table image may be performed.

On the other hand, when the text information is recognized, the operation server 100 may request the user's personal information from the program 210 of the terminal 200 (515), and the program 210 of the terminal 200 may receive the user's personal information (520) and transmit it to the operation server 100 (525). In this case, after receiving the user's personal information from the program 210 of the terminal 200 (530), the operation server 100 may confirm that the recognized text information and the personal information match (535). ). On the other hand, when the user is a registered customer (member), the operation server 100 may check whether the recognized text information matches the user's personal information registered in the database (535). If the recognized text information does not match the personal information, the operation server 100 provides a real name authentication table error from the program 210 of the terminal 200 (540), and the program of the terminal 200 After receiving and outputting the error of the real name authentication table ( 210 ) ( 545 ), the process of re-photographing and transmitting the real name authentication table image may be performed.

6 is a diagram illustrating a video call-based remote face-to-face authentication process according to an embodiment of the present invention.

In more detail, FIG. 6 shows a process of connecting a video call between a user and an agent and authenticating whether the face of the user connected to the video call matches the portrait of the real name authentication table image received through the process of FIG. 4, For those of ordinary skill in the art to which the present invention pertains, various implementation methods for the face-to-face authentication process (eg, an implementation method in which some steps are omitted or the order is changed) with reference to and/or modification of this figure 6 can be inferred, but the present invention is made including all of the inferred implementation methods, and the technical characteristics are not limited only to the implementation method illustrated in FIG. 6 .

Referring to FIG. 6 , a user's real name authentication tag image is received from the program 210 of the terminal 200 through the process of FIG. 4 , and/or the validity of the real name authentication tag image through the process of FIG. 5 . When this is confirmed, the operation server 100 performs a procedure for connecting the terminal 200 and the video call (600), and the program 210 of the terminal 200 also interworks with the operation server 100 to perform a video call (600). A procedure for connecting a call is performed (600).

At a designated time point before, during, or after the video call is connected, the operation server 100 selects (or determines) an agent to connect the video call with the user (605), and as the video call is connected, the user and a video call between the agent and the user to form a remote face-to-face state (610), and the program 210 of the terminal 200 forms a remote face-to-face state with the agent through the operation server 100, (610), the agent also forms a remote face-to-face state with the user through the operation server 100 (610).

If the remote face-to-face state between the user and the agent is formed, the operation server 100 provides the real name authentication card image received through the process of FIG. 4 (or verified through the process of FIG. 5) to the agent. (615). The agent outputs the real name authentication table image (620), and receives a remote face-to-face authentication result confirming that the face of the user using the video call matches the portrait of the real name authentication table image (625). If the remote face-to-face authentication result is not input, the operation server 100 provides a face-to-face authentication error to the program 210 of the terminal 200 (640), and the program 210 of the terminal 200 performs face-to-face authentication After receiving and outputting an error (645). The process of re-photographing and transmitting the real-name authentication tag image may be performed.

On the other hand, when the feature structure of the portrait of the real name authentication tag image is recognized through the process of FIG. 5, the operation server 100 recognizes the features of the user's facial structure of the video call (630), and the recognized It can be authenticated whether the user's face matches the portrait of the real-name authentication table image (635). If the face of the user connected to the video call does not match the person picture of the real name authentication table, the operation server 100 provides a face-to-face authentication error to the program 210 of the terminal 200 (640), and the terminal 200 ) after the program 210 receives and outputs the face-to-face authentication error (645). The process of re-photographing and transmitting the real-name authentication tag image may be performed.

7 is a diagram illustrating a process of fusing non-face-to-face authentication with remote face-to-face authentication according to an embodiment of the present invention.

In more detail, FIG. 7 shows a one-time authentication code on the screen of the terminal 200 during a video call between the user and the agent through the process of FIG. 6 and receives and authenticates the exposed authentication code through the terminal 200. Even in a state where a database for face-to-face authentication is not established, the process of convergence of non-face-to-face authentication with remote face-to-face authentication performed through Fig. 6 is shown. Those of ordinary skill in the art to which the present invention belongs, this Various implementation methods (eg, an implementation method in which some steps are omitted or the order is changed) for the process of fusing non-face-to-face authentication with the remote face-to-face authentication can be inferred by referring to and/or modifying FIG. The invention is made including all the implementation methods inferred above, and the technical characteristics are not limited only to the implementation method shown in FIG. 7 .

Referring to FIG. 7, through the process of FIG. 6, a video call between the user and the agent is connected to form a remote face-to-face state, and it is authenticated that the face of the user connected to the video call matches the person picture of the real name authentication table image When (that is, when remote face-to-face authentication is confirmed), the operation server 100 performs a procedure of exposing a one-time authentication code through the screen of the terminal 200 in the video call during a video call between the user and the agent. And (700a), the program 210 of the terminal 200 displays a one-time authentication code on the screen of the terminal 200 during a video call in connection with the operation server 100 (705).

Meanwhile, the operation server 100 may provide the authentication code exposed through the screen of the terminal 200 to the agent (700b). In this case, the agent receives and outputs the authentication code during a video call with the user. can (700c).

The program 210 of the terminal 200 that displays the authentication code on the screen of the terminal 200 during the video call checks whether the displayed authentication code is input during the video call (710), and the authentication code is input during the video call If it is, it transmits the input authentication code to the operation server 100 (715).

The operation server 100 receives the authentication code input through the program 210 of the terminal 200 during the video call during the video call (720), and checks the validity of the authentication code in a state in which the video call is connected. An authentication procedure is performed (725a). Preferably, the operation server 100 may compare and authenticate the authentication code exposed on the screen of the terminal 200 and the received authentication code. On the other hand, when the operation server 100 provides the authentication code exposed on the screen of the terminal 200 to the agent, the operation server 100 is inputted through the program 210 of the terminal 200 and received The authenticated authentication code may be provided to the agent (725a), and the agent may check the authentication code input from the terminal 200 (725b), and receive an authentication result of authenticating the validity of the authentication code. (725c).

The operation server 100 checks the validation result of the authentication code (730). If the validity of the authentication code is not authenticated, the operation server 100 provides a face-to-face/non-face-to-face fusion error to the program 210 of the terminal 200 (735). The program 210 of the terminal 200 receives and outputs the face-to-face/non-face-to-face fusion error (S740). On the other hand, when the validity of the authentication code is authenticated, the operation server 100 provides a non-face-to-face authentication-based service (eg, first face-to-face authentication subscription, account opening, issuance of an accredited certificate, etc.) to be provided based on the actual face-to-face authentication result. Perform a procedure for providing from the state (745). The program 210 of the terminal 200 performs a procedure for processing the face-to-face authentication-based service (750).

100: operation server 105: communication channel connection unit
110: program management unit 115: information receiving unit
120: real name authentication table reading unit 125: video call connection unit
130: remote face-to-face forming unit 135: face-to-face authentication procedure unit
140: code exposure processing unit 145: authentication code receiving unit
150: authentication code authentication unit 155: authentication result processing unit
160: service providing server 200: terminal
205: camera unit 210: program

Claims (17)

In the method executed through a server that communicates with a user's terminal equipped with a camera,
A first step of receiving a real name authentication tag image obtained by photographing the user's own real name authentication card through a camera provided in the user terminal;
a second step of establishing a remote face-to-face state between a designated agent and a user by connecting a video call for photographing a user through the camera of the user terminal, and providing the real name authentication card image to the agent;
a third step of processing an authentication code generated through a designated code generation module to be exposed on the screen of the user terminal in the video call while a video call for photographing a user is connected through the camera of the user terminal;
Input the authentication code exposed on the screen of the user terminal through the user terminal in a state in which a video call is connected to record a process in which the user inputs the authentication code exposed on the screen of the user terminal through the camera of the user terminal a fourth step of receiving and receiving;
Check the result of authenticating the validity of the received authentication code in a state in which a video call for photographing a user is connected through the camera of the user terminal, and immediately before receiving the authentication code, the user through the camera of the user terminal a fifth step of reading an image photographed of the process of inputting the authentication code and confirming the authentication result whether the gaze direction of the user matches the input process of the authentication code; and
During the video call, the user's face photographed through the camera of the user terminal matches the person picture of the real name authentication table image, and the validity of the authentication code input after exposure through the screen of the user terminal during the video call is authenticated Face-to-face authentication and non-face-to-face authentication including; and a sixth step of processing to provide a face-to-face authentication-based service to the user when the user's gaze direction of the image captured by the camera of the user terminal matches the authentication code input process A fusion method of authentication.
The method of claim 1,
When you receive the real-name authentication tag image,
The method further comprises the step of recognizing a characteristic structure of the user's portrait by interpreting the portrait area included in the real name authentication table image,
When connecting the video call,
recognizing a feature structure of the user's face by analyzing the user's face area of the video call;
checking whether the recognized feature structure of the user's face matches the feature structure of the portrait of the user's portrait area included in the real-name authentication table image; and
A convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it further comprises; confirming the result of matching authentication of the feature structure of the user's face and the feature structure of the portrait.
◈Claim 3 has been abandoned at the time of payment of the registration fee.◈ The method of claim 1,
When you receive the real name authentication tag image,
Further comprising the step of recognizing the text information printed on the real name authentication table by analyzing the character area included in the real name authentication table image,
Comparing the received or previously registered personal information of the user input through the user terminal with the text information recognized from the text area included in the real name authentication table image and confirming whether the authentication result is matched Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that.
delete delete ◈Claim 6 was abandoned when paying the registration fee.◈ The method of claim 1,
When providing the real name authentication card image to the agent who connected the video call with the user,
Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it further comprises the step of receiving an authentication result obtained by matching and comparing the user's face of the video call and the user's portrait included in the real name authentication table image from the agent.
delete ◈Claim 8 was abandoned at the time of payment of the registration fee.◈ The method of claim 1, wherein the agent comprises:
The employee who connected the video call with the user;
Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it comprises at least one of a program connecting the user and the video call.
◈Claim 9 was abandoned when paying the registration fee.◈ According to claim 1, wherein the authentication code,
A code value dynamically generated through a code generation module provided in the server;
A code value dynamically generated through the code generation module of the code generation server linked to the server,
Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it comprises at least one of the code values dynamically generated through the code generation module provided in the user terminal.
According to claim 1, wherein the third step,
Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that the authentication code is exposed to an area inside the video call area on the screen of the user terminal or to a certain area near the video call area
delete delete The method of claim 1,
analyzing the user's face area of the video call before receiving the authentication code through the user terminal to confirm the user's gaze direction;
checking whether the user's gaze direction is changed to a direction in which an authentication code input interface for receiving the authentication code is displayed when receiving and receiving the authentication code through the user terminal; and
When confirming the change of the gaze direction, determining the received authentication code as a validly input authentication code; Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it further comprises.
◈Claim 14 was abandoned when paying the registration fee.◈ The method of claim 1,
The third step further comprises the step of interpreting the user's face area of the video call to confirm the gaze direction of the user staring at the video call area of the screen of the user terminal or the authentication code displayed on the screen,
The fourth step is
checking whether the user's gaze direction is changed to a direction in which an authentication code input interface for receiving the authentication code is displayed; and
When confirming the change of the gaze direction, determining the received authentication code as a validly input authentication code; Convergence method of face-to-face authentication and non-face-to-face authentication, characterized in that it further comprises.
delete delete delete

Images