KR102430793B1 - Method and system for adult authenticating - Google Patents

Abstract

An identity authentication method and system are provided.
The self-authentication method includes the steps of, when the user's self-authentication is successful through a predetermined self-authentication procedure through the user's mobile phone, the identity authentication system generates a security token including the user's name and date of birth; When the identification image is obtained, the identification system compares the name and date of birth displayed on the identification image with the name and date of birth in the security token. If the comparison result is successful, the identification system includes the user's photo in the identification image and registering authentication result information including confirmation information for confirming whether the user is an adult, when performing identity authentication, the identity authentication system sends the user photo and the confirmation information included in the authentication result information to the mobile phone including the step of providing

Description

Identity authentication method and system {Method and system for adult authenticating}

The present invention relates to a method for self-authentication and a system therefor, and more particularly, the same or similar effect as performing self-authentication (including adult authentication to determine whether an adult is an adult) by presenting an ID without presenting an ID card offline. It relates to a self-authentication method and system that can provide

There are many cases in which it is necessary for a user to authenticate himself/herself in various ways offline.

One such example may be a case in which it is necessary to verify that the person is an adult.

For example, there is a need for such authentication in many cases, such as purchasing items that only adults can purchase or entering a business.

Hereinafter, the identity authentication in this specification describes the case of authenticating that the individual is an adult as a main embodiment, but the scope of the present invention is various in addition to adult authentication. ), an average expert in the technical field of the present invention can easily infer that it can be used in a situation where it is necessary to authenticate what is.

Hereinafter, a case in which the user authentication of the present specification authenticates whether the user is an adult will be described as an example.

In the conventional conventional method, when the user presents the ID card to the affiliated store, the affiliate confirms that the user and the person displayed on the identification card are the same person through the actual comparison of the user's photo and the user's physical identity card, and confirms whether the user is an adult by checking the date of birth in the identification card. was confirmed.

However, in this case, there is a problem of exposure and theft of personal information through the presentation of the user ID, making it burdensome to present the ID card, and there is a problem in that the affiliated store is also burdened with requesting the ID card for this reason.

Therefore, efforts have been made to cope with the presentation of such identification cards, and there have been attempts to use the user's biometric information (fingerprints, etc.) as an example.

One example of this is Korean Patent No. 10-130887 (personal authentication device using fingerprint recognition, self-authentication system and method including the same), Korean Patent No. 10-1152084 (adult authentication device and its method), etc. have been disclosed.

However, in order to solve the problem of recognition accuracy and high cost of biometric information (fingerprints, etc.), and the side effects of personal information exposure, these conventional attempts are more powerful and more important than personal information that can be exposed when presenting identification cards. For this reason, it is not being used well in the industry.

Therefore, there is a need for a technical idea that can solve problems that may occur when presenting an ID while having the same effect as simply presenting an ID.

Korea Registered Patent 10-130887 (Personal authentication device using fingerprint recognition, self-authentication system including the same, and method thereof) Korean Patent Registration No. 10-1152084 (Adult authentication device and method for restricting access to minors and sales)

Therefore, the present invention can reduce the risk of excessive exposure of personal information (eg, address, etc.) by allowing only essential information to be presented through a mobile phone for personal authentication through the presentation of an ID card in the prior art, and the effect of non-repudiation is also It is to provide a method and a system for obtaining the same.

According to an aspect of the present invention, in the self-authentication method, when the user's first self-authentication is successful through a predetermined first self-authentication procedure through the user's mobile phone, the self-authentication system performs a first comparison including the user's name and date of birth. generating a security token including target information; when the ID image of the user is acquired through the mobile phone, the identity authentication system performs the second comparison target information displayed on the ID image and the first comparison target information in the security token comparing , and if the comparison result is successful, the self-authentication system includes a user photo in the ID image and registering authentication result information including confirmation information for confirming whether or not the user's authentication has been successful, and a predetermined affiliate store and providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store-side terminal when the identity authentication is performed in .

When the ID image of the user is obtained through the mobile phone, the step of comparing the second comparison target information displayed in the ID image with the first comparison target information in the security token by the personal authentication system,

It may include the step of the identity authentication system performing a photographing request of the user's ID card to the user through the mobile phone, and obtaining a photographed image of the identification card photographed by the mobile phone as the ID image in response to the photographing request have.

If the comparison result is successful, the step of registering, by the identity authentication system, the authentication result information including the user photo in the identity card image and confirmation information for confirming whether the user's authentication is successful, is the identity authentication system using the identity card. The method may include cropping a user photo area from an image, and storing the authentication result information including the user photo based on the cropped image in the photo area, by the identity authentication system.

If the comparison result is successful, the step of registering, by the identity authentication system, the authentication result information including the user photo in the ID image and confirmation information for confirming whether the user's authentication is successful, includes only the information on whether the user is an adult. It may be characterized in that it is included in the authentication result information as confirmation information.

When the identity authentication is performed at the predetermined affiliated store, the process of providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store side terminal, is When the mobile phone scans the affiliated store identification code required for identity authentication, the identity authentication system may provide the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store side terminal. .

The step of providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store side terminal, when the identity authentication is performed at a predetermined affiliated store, includes the user photo and the confirmation information and affiliated store identification information identified based on the affiliated store identification code may be provided to the mobile phone.

The step of providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store side terminal, to the user through the mobile phone, when the identity authentication is performed at the predetermined affiliated store When a corresponding user identification code is displayed and the user identification code is scanned by the affiliated store side terminal, the identity authentication system provides the user photo and the confirmation information included in the authentication result information to the affiliated store side terminal. can

The step of providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store-side terminal when the identity authentication is performed at the predetermined affiliated store, includes: When an authentication request is received, the self-authentication system generates and provides one-time identification information corresponding to the user to the mobile phone; The user photo and the confirmation information included in the authentication result information may be provided to the affiliated store-side terminal.

The self-authentication method may be implemented by a computer program installed in a computer program and stored in a computer-readable recording medium.

In the self-authentication system for achieving the technical idea of the present invention, when the user's first self-authentication is successful through a predetermined first self-authentication procedure through the user's mobile phone, the self-authentication system performs the first identification including the user's name and date of birth. When the ID image of the user is obtained through a token generation module for generating a security token including comparison target information, and the mobile phone, the self-authentication system sets the second comparison target information displayed in the ID image and the second comparison target information in the security token. 1 A comparison module for comparing information to be compared, if the comparison result is successful, the self-authentication system includes a user photo in the ID image and registers authentication result information including confirmation information for confirming whether or not the user's authentication succeeded A control module, and an authentication execution module for providing the user photo and the confirmation information included in the authentication result information to the mobile phone or affiliated store-side terminal by the identity authentication system when identity authentication is performed at a predetermined affiliate store; do.

The authentication performing module, when the mobile phone scans an affiliated store identification code required for identity authentication to perform identity authentication, may provide the user photo and the confirmation information included in the authentication result information to the mobile phone.

The authentication performing module displays the user identification code corresponding to the user through the mobile phone, and when the user identification code is scanned by the affiliated store-side terminal, the user photo and the confirmation information included in the authentication result information are displayed in the authentication module. It can be provided to the terminal of the affiliated store.

When the authentication request is received from the user through the mobile phone, the authentication performing module generates one-time identification information corresponding to the user and provides the one-time identification information to the mobile phone, and the one-time identification information uses the affiliated store side terminal When received through the authentication result information, it is possible to provide the user photo and the confirmation information included in the authentication result information to the affiliated store-side terminal.

According to the technical idea of the present invention, by allowing only the information essential for authentication (a photo for face comparison and whether it is an adult) to be presented through a mobile phone compared to the conventional authentication through the presentation of an ID card offline, excessive personal information It has the effect of reducing the risk of exposure (eg, address, etc.).

In addition, when the identification code of the affiliated store is used, a third party (authentication service side) can manage authentication log information such as the time when the identity authentication was performed and the affiliated store information, so that it cannot be denied that the user did not authenticate himself on the affiliated side. It works.

In order to more fully understand the drawings recited in the Detailed Description of the Invention, a brief description of each drawing is provided.
1 is a diagram exemplarily showing a system configuration for a self-authentication method according to an embodiment of the present invention.
2 is a diagram illustrating a schematic system configuration of a self-authentication system according to an embodiment of the present invention.
3 is a flowchart exemplarily illustrating a process of registering authentication result information in a self-authentication method according to an embodiment of the present invention.
4 is a flowchart exemplarily illustrating a process of performing user authentication in a self-authentication method according to an embodiment of the present invention.

Since the present invention can apply various transformations and can have various embodiments, specific embodiments are illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the present invention to specific embodiments, and should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. In describing the present invention, if it is determined that a detailed description of a related known technology may obscure the gist of the present invention, the detailed description thereof will be omitted.

Terms such as first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

The terms used in the present application are only used to describe specific embodiments, and are not intended to limit the present invention. The singular expression includes the plural expression unless the context clearly dictates otherwise.

In the present specification, terms such as “comprise” or “have” are intended to designate that the features, numbers, steps, operations, components, parts, or combinations thereof described in the specification exist, and one or more other It is to be understood that this does not preclude the possibility of addition or presence of features or numbers, steps, operations, components, parts, or combinations thereof.

In addition, in the present specification, when any one component 'transmits' data to another component, the component may directly transmit the data to the other component or through at least one other component. This means that the data may be transmitted to the other component. Conversely, when one component 'directly transmits' data to another component, it means that the data is transmitted from the component to the other component without passing through the other component.

Hereinafter, the present invention will be described in detail focusing on embodiments of the present invention with reference to the accompanying drawings. Like reference numerals in each figure indicate like elements.

1 is a diagram exemplarily showing a system configuration for a self-authentication method according to an embodiment of the present invention. Also, FIG. 2 is a diagram showing a schematic system configuration of a self-authentication system according to an embodiment of the present invention.

1 and 2 , a self-authentication system 100 may be provided to implement the self-authentication method according to the technical idea of the present invention.

The self-authentication system 100 communicates with the server 10 and/or the server 10 operated by the service principal servicing the self-authentication method according to the technical idea of the present invention, and is to be provided in the user's mobile phone 20. can

That is, the self-authentication system 100 according to the technical idea of the present invention may be implemented through an application provided in the server 10 and the mobile phone 20 in order to provide a service of a server-client structure, such a server - An average expert in the technical field of the present invention that, due to the characteristics of the client, the configuration of the identity authentication system 100 may be installed in the server 10, but some or all of it may be installed in the mobile phone 20 as necessary. can be easily inferred.

The server 10 may be a configuration operated by a subject of a service that performs a self-authentication method according to the technical idea of the present invention.

The mobile phone 20 may be owned by a user who needs to be authenticated, and according to an embodiment, the user succeeds in a predetermined other identity authentication (eg, mobile phone identity authentication provided by a telecommunication company) through the mobile phone 20 . Only then can the user authentication according to the technical idea of the present invention be performed.

To this end, the user may have to perform a predetermined identity authentication by performing communication with the certification authority system 30 using the mobile phone 20 .

To this end, a predetermined app or web may be installed in the mobile phone 20, and the technical idea of the present invention may be implemented through the app or web. In the present specification, an app or a web client installed in the mobile phone 20 to implement the technical idea of the present invention will be referred to as an application.

The certification authority system 30 may be a system capable of authenticating a person as a third party certification authority and transmitting the result to an application installed in the mobile phone 20 .

When the identity authentication is mobile phone identity authentication provided by a telecommunication company, the authentication authority system 30 may be a telecommunication company system, but is not limited thereto. Comparison target information including the user's name and date of birth using a predetermined identity authentication protocol A system operated by a certification authority that can confirm that the is the true user is sufficient.

The comparison target information may be predetermined according to the purpose of user authentication. For example, in the case of adult authentication, the name and date of birth may be included in the comparison target information, and information such as gender may be further included if necessary.

In some cases, when it is desired to authenticate only whether today is a birthday, only a name and a date of birth (or birthday) may be included in the comparison target information.

In some cases, when an address is a target of authentication, a name, an address, etc. may be included in the comparison target information.

The comparison target information may be selected according to the type of authentication from among information that is managed by a third-party certification authority and also commonly present in identification cards.

Hereinafter, in the present specification, the user authentication is widely used and the case of standardized mobile phone identity authentication is exemplarily described, but an average expert in the technical field of the present invention can easily infer that the scope of the present invention is not limited thereto. There will be. In addition, in the present specification, the case of adult authentication for authenticating whether or not the identity authentication is an adult, and the comparison target information is a name and date of birth (optionally, gender may be further included) will be described as an example.

According to one example, if the user performs the authentication provided by the certification authority system 30 through the mobile phone 20 and the authentication succeeds as a result, the application of the server 10 or the mobile phone 20 is The first comparison target information including the authenticated name and date of birth may be included in the security token to be generated and stored. The security token may further include a mobile phone number, gender, and the like, if necessary. The first comparison target information may be information to be compared with information included in an identification card while being authenticated by a third-party certification authority.

And when the authenticated first comparison target information is stored in the security token, the application can acquire the user's ID.

The ID of the user may mean that the application receives the ID image, and for example, the application may acquire the ID image by having the user photograph the ID through a predetermined UI.

Then, the server 10 or the application may perform a process of comparing the second comparison target information included in the ID (eg, name and date of birth in the ID) with the first comparison target information in the security token.

For example, when the user authentication is mobile phone identity authentication and mobile phone identity authentication is successful, the user is authenticated as the true owner of the mobile phone 20, and the name and date of birth of the true owner of the mobile phone 20, and the name and date of birth in the identification card If the same, it may mean that the true owner of the mobile phone 20 also carries an identification card.

In this case, it may mean that the user cannot pass the authentication according to the technical idea of the present invention unless another person has both a mobile phone in the user's name and an ID in the user's name.

On the other hand, the technical idea of the present invention is that when the first comparison target information in the security token and the second comparison target information in the identification card are the same, it is determined that the user is authenticated and the authentication result information can be registered. In this case, the authentication result information may include a photo and confirmation information in the ID.

That is, according to the technical idea of the present invention, identification information (eg, whether an adult, age, or date of birth) can be registered as authentication result information, and a user later Merchants that require identity authentication may use such authentication result information to perform identity authentication.

According to an example, the authentication result information may include whether the user is an adult (eg, "adult", etc.) as the user's photo and confirmation information, and when the user wants to perform self-authentication, the server 10 or the application By presenting such authentication result information to the affiliated store, it maintains the effect of presenting identification cards, but has the effect of exposing only essential information necessary for identity authentication.

That is, by using the photo in the ID card as it is and maintaining the process of comparing the user's real thing with the picture in the ID card at the affiliated store, the effect of presenting the ID card can be maintained as it is.

In addition, when the comparison result of the first comparison target information and the second comparison target information is successful, the self-authentication system 100 may generate and register a user identification code (eg, a QR code, etc.) in advance. In addition, the user identification code may be scanned by the affiliated store according to an embodiment, and then authentication result information may be provided to the affiliated store. Such a user identification code may be provided to the mobile phone 20, and the affiliate store may scan the user identification code displayed on the mobile phone 20 during user authentication.

Then, the identity authentication system 100 corresponds to the scanned user identification code and provides pre-registered confirmation information and/or authentication result information to the affiliated store side terminal, and the affiliated store can complete identity authentication by checking the authentication result information. have.

According to an embodiment, the self-authentication system 100 may receive an authentication request from the mobile phone 20 , and in this case, may generate a predetermined one-time identification code and provide it to the mobile phone 20 . The one-time identification code may be a code that is prohibited from being reused, is generated at the time of an authentication request, and can effectively identify a user only within a certain period of time. Such a one-time identification code may perform the function of OTP (One Time Password) or OTID (One Time ID), and since a specific method of generating such OTP or OTID is well known, a detailed description thereof will be omitted.

Then, when the one-time identification code is displayed on the mobile phone 20, the affiliated store can input the one-time identification code to the affiliated store's terminal. Then, the identity authentication system 100 may receive a one-time identification code from the affiliated store-side terminal. Then, the identity authentication system 100 may provide the user's confirmation information and/or authentication result information corresponding to the one-time identification code to the affiliated store side terminal.

In this way, when the confirmation information and/or authentication result information is provided to the affiliated store side terminal, the affiliate store side provides confirmation information and/or authentication result information to the user's mobile phone 20 and the affiliate store simply visually confirms it. There is an advantage that the evidence of performing the authentication procedure can be managed and verified on the affiliated side as well.

Of course, this effect can be doubled by maintaining/managing log information at the time of authentication in the identity authentication system 100 .

In addition, there is an effect that the user authentication system 100 can easily identify the affiliated store by intervening the affiliated store-side terminal. Of course, the identification information of the merchant-side terminal and/or the identification information of the application installed in the merchant-side terminal to implement the present invention may be used to identify the merchant, and the identification information of the merchant-side terminal and/or the merchant The identification information of the application installed in the side terminal and the affiliated store identification information corresponding thereto may be previously matched with the identity authentication system 100 and maintained/managed.

In addition, when the confirmation information only indicates whether the person is an adult in the process of performing authentication, unnecessary exposure of date of birth can be eliminated, and additional personal information such as address is prevented from being exposed.

Moreover, according to the technical idea of the present invention, compared to simply presenting an ID, it is indirectly authenticated that the current user is the same person as the holder of the mobile phone 20 and the person in the ID. There is an effect.

A specific configuration of the identity authentication system 100 for providing such a technical idea may be as shown in FIG. 2 .

Referring to FIG. 2 , in order to implement the technical idea of the present invention, the identity authentication system 100 includes a control module 110 , a token generation module 120 , a comparison module 130 , and an authentication execution module 140 . may include The identity authentication system 100 may further include a DB 150 .

Each component included in the identity authentication system 100 may be a component included in the server 10 as described above. Alternatively, it may be a configuration installed in the mobile phone 20 . Depending on the embodiment, some components of the identity authentication system 100 may be installed in the server 10 , and the remaining partial components may be installed in the mobile phone 20 .

In the present specification, for convenience of explanation, a case in which the components of the identity authentication system 100 are installed in the server 10 is exemplarily described, but the scope of the present invention is not limited thereto, and as described above, various implementations A person of ordinary skill in the art will readily be able to infer that examples are possible.

After all, the identity authentication system 100 may mean a logical configuration having hardware resources and/or software necessary to implement the technical idea of the present invention, and necessarily means one physical component or It is not meant to be a single device. That is, the self-authentication system 100 may mean a logical combination of hardware and/or software provided to implement the technical idea of the present invention, and if necessary, installed in devices spaced apart from each other to perform each function By performing it, it may be implemented as a set of logical configurations for implementing the technical idea of the present invention. In addition, the identity authentication system 100 may mean a set of components separately implemented for each function or role for implementing the technical idea of the present invention. For example, each of the control module 110 , the token generation module 120 , the comparison module 130 , and the authentication performing module 140 and/or the DB 150 may be located in a different physical device, or the same It may be located on a physical device. In addition, depending on the embodiment, the control module 110 , the token generation module 120 , the comparison module 130 , and the authentication performing module 140 and/or the software constituting the DB 150 , respectively, and/or Combination of hardware is also located in different physical devices, and components located in different physical devices may be organically coupled to each other to implement each of the modules.

In addition, in the present specification, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean physically connected code or one type of hardware. can be easily inferred to an average expert in the technical field of the present invention.

The control module 110 may control functions and/or resources of other components of the self-authentication system 100 in order to implement the technical idea of the present invention.

When the user's identity authentication is successful through a predetermined identity authentication procedure through the user's mobile phone 20, the token generating module 120 includes the user's first comparison target information (eg, name and date of birth, etc.) You can create tokens. To this end, the token generating module 120 may receive a third-party identity authentication result through an application installed in the mobile phone 20 . The application may perform a self-authentication procedure through communication with the certification authority system 30 . The user authentication result may be received from the certification authority system 30 and transmitted to the token generation module 120 . In addition, at this time, the application may transmit the first comparison target information authenticated through identity authentication together with the identity authentication result to the token generation module 120 .

The identity authentication may be mobile phone identity authentication as described above, but is not limited thereto. It may be preferable that the identity authentication can check the authenticity of information required for identity authentication through a predetermined protocol.

The token generation module 120 may generate a security token including the user's first comparison target information (eg, name and date of birth) and store it in the DB 150, and if necessary, secure it through encryption or encoding, etc. can elevate the According to an embodiment, the user's gender, mobile phone number, etc. may be further included in the security token.

The comparison module 130 may acquire the ID image of the user through the mobile phone 20 .

According to an embodiment, the comparison module 130 may request the user to input an image of an ID card that already exists, but may allow the user to take a picture of the ID for higher security.

To this end, a predetermined UI (a grid or a grid, etc.) may be provided to easily specify the location of the identification card, and this UI may be provided through the application.

Then, the comparison module 130 may acquire the ID image taken through the application.

Then, the comparison module 130 may extract the user's second comparison target information (eg, name and date of birth, etc.) from the ID image. The extraction of the user's second comparative information (eg, name and date of birth, etc.) from the ID image may be manually performed by a person at the service side, but it will be automatically performed by OCR (Optical Character Recognition) of the location where the name and date of birth are displayed. may be

Then, the comparison module 130 may compare the second comparison target information displayed on the ID image with the first comparison target information in the security token.

For example, it is possible to check whether the verified name and date of birth are the same as the name and date of birth displayed on the identification card.

And if the comparison result is successful, that is, if the first comparison target information and the second comparison target information are the same, the control module 110 may register the authentication result information including the user's photo and confirmation information in the ID image. have.

In addition, the control module 110 may scan the affiliated store side, and may generate a user identification code (eg, QR code, etc.) that can identify the user in advance. This user identification code may be used as information for identifying the user when the affiliate store directly receives the user's authentication result to the affiliate store side terminal.

That is, registering the authentication result information may mean that the user has been authenticated as an adult, and registering the information so that the authentication result can be easily and conveniently performed at the affiliate store later.

The confirmation information means information for confirming whether the user is an adult, and may be age and date of birth itself, or may be adult information indicating whether the user is an adult (eg, an adult, a symbol such as O).

The control module 110 may crop the user photo area in the ID card from the ID image, and register it in the DB 150 as the authentication result information.

To this end, the control module 110 may receive a photo in the ID manually cropped by the person on the service side, but automatically detects the photo area in a predetermined method (eg, deep learning object detection, etc.) You can also crop from the ID image.

Also, the confirmation information may be registered by matching with the DB 150 as authentication result information.

In this way, the authentication result information including the photo and verification information in the ID card is presented to the affiliated store through the application of the mobile phone 20 without the user presenting the ID card later, so that only the information necessary for self-authentication is presented. It can have the same effect as when authentication was performed while presenting

It goes without saying that the affiliate store may be any on/offline subject in which identity authentication according to the technical idea of the present invention can be performed.

In addition, the authentication performing module 140 may transmit authentication result information to the application of the mobile phone 20 or to the affiliated store's terminal when necessary. If necessary, only the confirmation information may be transmitted.

When the confirmation information and/or the authentication result information is provided to the mobile phone 20, the affiliate store compares the ID photo presented by the user through the application with the real thing, and also receives the existing identification card by confirming the confirmation information. You can achieve substantially the same effect as confirming that you are an adult.

However, there is an effect that it is not necessary to present an actual identification card, and in particular, other important personal information (eg, address, etc.) written on the identification card is not exposed. In addition, of course, this effect may be further increased when the confirmation information is adult information as described above, rather than a date of birth.

Also, as described above, the confirmation information and/or the authentication result information may be provided to the affiliate store side terminal (not shown).

For example, when the user identification code is displayed on the mobile phone 20, the affiliated store side terminal can scan it, then the authentication performing module 140 can receive the user identification code or user identification information corresponding to the user identification code, , confirmation information and/or authentication result information corresponding to user identification information may be provided to the affiliated store side terminal.

According to another embodiment, the authentication performing module 140 may receive an authentication request through the mobile phone 20, and then the authentication performing module 140 may generate a predetermined one-time identification code. This one-time identification code may be generated depending on the user and the authentication request time, and may be generated so that it can be effectively used only for a certain period of time from the creation time.

The authentication performing module 140 may transmit the generated one-time identification code to the mobile phone 20, and the user may check the transmitted one-time identification code and inform the affiliated store. Then, the affiliated store-side terminal may transmit the one-time identification code to the authentication performing module 140 to request the user's identity authentication result, and the authentication performing module 140 may include the user's confirmation information corresponding to the one-time identification code and / or the authentication result information may be transmitted to the terminal of the affiliated store.

On the other hand, when the authentication result information including the ID photo is transmitted to the affiliate store-side terminal, the user photo is not stored and a predetermined security means that is not captured may be further installed in the affiliate store-side terminal.

The affiliated store compares the ID photo and the real thing included in the authentication result information received through the application installed in the user's mobile phone 20 or the affiliated store's terminal, and in addition, confirms the identity of an adult by presenting the ID by checking the confirmation information. substantially the same effect can be obtained.

On the other hand, when the authentication performing module 140 provides confirmation information and/or authentication result information to the mobile phone 20, the authentication performing module 140 simply provides confirmation information and/or authentication result information when performing self-authentication. In addition to presenting only the information on the affiliated store that has requested authentication and/or information on the authentication time, the presented information is authenticated by the identity authentication system 100 in real time at the request of the affiliated store. The information provided by the system 100 may be verified, and reuse of authentication result information may be prevented. According to an embodiment, the remaining effective time may be displayed on a predetermined UI on which authentication result information is displayed to further reduce the risk of such reuse.

According to an example, when there is a request for identity verification from the affiliated store, the application installed on the mobile phone 20 is installed at a predetermined location (eg, on a table, or at an entrance, counter, etc.) of the affiliated store identification code (eg, QR code, etc.) ), the authentication performing module 140 interprets the affiliated store identification code to confirm affiliated store identification information (eg, affiliated store name, etc.). The affiliated store identification information may be stored in advance in the DB 150 to correspond to the affiliated store identification code, and the affiliated store identification information may be included in the QR code, and various embodiments are possible.

That is, when a predetermined affiliate store identification code is scanned, the authentication performing module 140 may recognize it as a request for the authentication result information from the application, and in response to the authentication result information, that is, the user photo and the confirmation information. can be provided as the application.

In addition, at this time, by presenting the affiliated store identification information together, it is possible to confirm the authentication by the request of the current affiliated store. Of course, in this case, the authentication performing module 140 may further display the authentication time information together with the authentication result information corresponding to the authentication request on the screen of the application.

And the authentication performing module 140 stores the authentication log information including the time corresponding to the identity authentication request and the affiliated store identification information in the DB 150, log information corresponding to the history of later identity authentication can be maintained.

And through this, it is possible to provide the effect of preventing the denial of the authentication because the identity authentication has not been performed in the future.

In another embodiment, when the merchant-side terminal scans a user identification code displayed on the mobile phone 20 or inputs a one-time identification code provided through the mobile phone 20, the authentication performing module 140 generates a user identification code Alternatively, a user corresponding to the one-time identification code may be specified, and the user's confirmation information and/or authentication result information may be provided to the affiliated store side terminal.

3 is a flowchart exemplarily illustrating a process of registering authentication result information in a self-authentication method according to an embodiment of the present invention.

Referring to FIG. 3 , the self-authentication method according to the technical idea of the present invention may include a procedure for registering authentication result information and a procedure for performing self-authentication using the registered authentication result information.

And the former case may be as shown in FIG. 3 .

That is, the user can perform a predetermined identity authentication through his or her mobile phone 20 (S100). For example, mobile phone user authentication may be performed through the authentication authority system 30 .

Then, when the identity authentication is successful, the identity authentication system 100 may generate and store a security token including the first comparison target information (eg, name and date of birth) (S110).

And the identity authentication system 100 may acquire an ID image through the application (S120).

Then, the identity authentication system 100 may compare the second comparison target information (eg, name and date of birth) in the obtained identification image with the first comparison target information (eg, name and date of birth) in the security token (S130) .

If the comparison result is successful, that is, if the first comparison target information and the second comparison target information are the same, the self-authentication system 100 identifies the user's authentication result information, that is, the user's photo and verification information in the ID card, and, if necessary, the user identification The code can be registered (S140).

In addition, the user whose authentication result information is registered in this way may be later requested to authenticate whether he or she is an adult at a predetermined affiliated store.

Then, through the process shown in FIG. 4, user authentication can be performed simply and safely.

4 is a flowchart exemplarily illustrating a process of performing self-authentication in a self-authentication method according to an embodiment of the present invention.

Referring to FIG. 4 , the user is installed in the mobile phone 20 and can execute an application according to an embodiment of the present invention ( S200 ).

Then, the user may simply request identity authentication through the application, and then the identity authentication system 100 may display authentication result information through the application so that the affiliated store can confirm it.

However, according to another embodiment, as described above, the user may scan a predetermined affiliate store identification code provided in the affiliate store through the application (S210).

Then, the identity authentication system 100 may check the affiliated store identification information based on the scanned affiliated store identification code. Then, the identity authentication system 100 may display the authentication result information, that is, the user's ID photo, confirmation information, and affiliate store identification information, on the application so that the affiliate store can confirm it (S220. S230).

Also, according to another example, when user authentication is required, the user may present the user identification code to the affiliated store through the mobile phone 20 . Such a user identification code may be previously stored in the application of the mobile phone 20, or may be transmitted from the user authentication system 100 upon request.

Then, the merchant-side terminal scans the user identification code and can request the user's identity authentication corresponding to the user identification code with the identity authentication system 100, and the identity authentication system 100 sends the user's confirmation information to the affiliate store-side terminal. and/or authentication result information may be provided.

According to another embodiment, when user authentication is required, the user may request authentication through the mobile phone 20 , and then the identity authentication system 100 generates a one-time identification code and transmits it to the application of the mobile phone 20 . can

Then, the merchant-side terminal can input the one-time identification code into the application installed in the merchant-side terminal, and then the identity authentication system 100 can provide the user's confirmation information and/or authentication result information to the merchant-side terminal. have.

After all, according to the technical idea of the present invention, there is an effect of providing a secure identity authentication method that does not present an identity card and does not expose unnecessary personal information while having the same effect as identity authentication using an identity card.

Although the present invention has been described with reference to one embodiment shown in the drawings, this is merely exemplary, and those of ordinary skill in the art will understand that various modifications and equivalent other embodiments are possible therefrom. Accordingly, the true technical protection scope of the present invention should be determined by the technical spirit of the appended claims.

On the other hand, the method for providing a chart reflecting the activity of each trading entity according to an embodiment of the present invention may be implemented in the form of a computer readable program command and stored in a computer readable recording medium, and in the embodiment of the present invention The control program and the target program may also be stored in a computer-readable recording medium. The computer-readable recording medium includes all types of recording devices in which data readable by a computer system is stored.

The program instructions recorded on the recording medium may be specially designed and configured for the present invention, or may be known and available to those skilled in the software field.

Examples of the computer-readable recording medium include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and floppy disks. hardware devices specially configured to store and execute program instructions, such as magneto-optical media and ROM, RAM, flash memory, and the like. In addition, the computer-readable recording medium is distributed in a computer system connected to a network, so that the computer-readable code can be stored and executed in a distributed manner.

Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a device for electronically processing information using an interpreter or the like, for example, a computer.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

The above description of the present invention is for illustration, and those of ordinary skill in the art to which the present invention pertains can understand that it can be easily modified into other specific forms without changing the technical spirit or essential features of the present invention. will be. Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a dispersed form, and likewise components described as distributed may be implemented in a combined form.

The scope of the present invention is indicated by the following claims rather than the above detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. .

Claims (13)

When the user's first identity authentication is successful through a predetermined first identity authentication procedure through the user's mobile phone, the identity authentication system sets the first comparison target information including the user's name and date of birth - the first comparison target information is stored in the identification card. generating a security token that includes - information of only a selected portion of the included personal information;
comparing, by the identity authentication system, second comparison target information displayed on the ID card image with the first comparison target information in the security token when the ID image of the user is acquired through the mobile phone;
if the comparison result is successful, registering, by the self-authentication system, authentication result information including a user photo in the ID image and confirmation information for confirming whether or not the user's authentication has been successful;
and providing, by the identity authentication system, the registered authentication result information to the mobile phone or the affiliated store-side terminal when identity authentication is performed at a predetermined affiliated store.
The method of claim 1, wherein when the ID image of the user is obtained through the mobile phone, the comparing of the second comparison target information displayed in the ID image with the first comparison target information in the security token by the identity authentication system comprises:
A person comprising the step of, by the identity authentication system, performing a photographing request of the user's ID card to the user through the mobile phone, and acquiring a photographed image of the identification card photographed by the mobile phone as the ID image in response to the photographing request authentication method.
The method of claim 1, wherein if the comparison result is successful, the step of registering, by the identity authentication system, authentication result information including a user photo in the ID image and confirmation information for confirming whether the user's authentication succeeded,
cropping, by the identity authentication system, a user photo area in the ID image;
and storing, by the identity authentication system, the authentication result information including the user photo based on the cropped image in the photo area.
The method of claim 1, wherein if the comparison result is successful, the step of registering, by the identity authentication system, authentication result information including a user photo in the ID image and confirmation information for confirming whether the user's authentication succeeded,
Identity authentication method, characterized in that only the information on whether the adult is included in the authentication result information as the confirmation information.
The method of claim 1, wherein when the identity authentication is performed at the predetermined affiliated store, providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or affiliated store side terminal,
When the mobile phone scans an affiliated store identification code required for identity authentication to perform identity authentication, the identity authentication system provides the user photo and the confirmation information included in the authentication result information to the mobile phone or the affiliated store side terminal Identity authentication method, characterized in that.
The method according to claim 5, wherein when identity authentication is performed at a predetermined affiliate store, the step of providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or affiliate store side terminal,
The user authentication method, characterized in that providing the identification information of the affiliated store identified based on the user photo, the confirmation information, and the affiliated store identification code to the mobile phone.
The method of claim 1, wherein when the identity authentication is performed at the predetermined affiliated store, providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or affiliated store side terminal,
When the user identification code corresponding to the user is displayed through the mobile phone and the user identification code is scanned by the terminal of the affiliated store, the self-authentication system returns the user picture and the confirmation information included in the authentication result information. Identity authentication method comprising the step of providing to the merchant side terminal.
The method of claim 1, wherein when the identity authentication is performed at the predetermined affiliated store, providing, by the identity authentication system, the user photo and the confirmation information included in the authentication result information to the mobile phone or affiliated store side terminal,
generating, by the identity authentication system, one-time identification information corresponding to the user when an authentication request is received from the user through the mobile phone, and providing it to the mobile phone;
When the one-time identification information is received through the affiliated store-side terminal, the identity authentication system provides the user photo and the confirmation information included in the authentication result information to the affiliated store-side terminal.
A computer program installed in a computer program and stored in a computer-readable recording medium for performing the method according to any one of claims 1 to 8.
When the user's first identity authentication is successful through a predetermined first identity authentication procedure through the user's mobile phone, the identity authentication system sets the first comparison target information including the user's name and date of birth - the first comparison target information is stored in the identification card. a token generation module for generating a security token that includes - information of only a portion selected from among the included personal information;
a comparison module configured to, when the identification image of the user is obtained through the mobile phone, the identification system compares the second comparison target information displayed on the ID image with the first comparison target information in the security token;
if the comparison result is successful, the self-authentication system includes a user photo in the ID image and a control module for registering authentication result information including confirmation information for confirming whether or not the user's authentication has been successful; and
and an authentication execution module for providing the authentication result information registered by the identity authentication system to the mobile phone or affiliated store side terminal when identity authentication is performed at a predetermined affiliate store.
The method of claim 10, wherein the authentication performing module,
When the mobile phone scans an affiliated store identification code required for identity authentication to perform identity authentication, the identity authentication system provides the user photo and the confirmation information included in the authentication result information to the mobile phone.
The method of claim 10, wherein the authentication performing module,
When the user identification code corresponding to the user is displayed through the mobile phone and the user identification code is scanned by the affiliated store-side terminal, the user photo and the confirmation information included in the authentication result information are provided to the affiliated store-side terminal self-authentication system.
The method of claim 10, wherein the authentication performing module,
When an authentication request is received from a user through the mobile phone, the identity authentication system generates and provides one-time identification information corresponding to the user to the mobile phone, and when the one-time identification information is received through the affiliated store side terminal, the A self-authentication system for providing the user photo and the confirmation information included in the authentication result information to the affiliated store-side terminal.

Images