KR102437187B1 - The convenient and safe method to authenticate real name protecting personal information - Google Patents

Abstract

The present invention is to find a method of sacrificing less 'security, privacy protection, and transaction transparency', which conflicts with this, while maintaining the simplicity of identity authentication in the conventional method in a simple non-face-to-face transaction. selecting a specific counterparty alias and searching for 'information related to the counterparty' matching the counterparty alias; The transaction application amount and master password are entered in the user terminal, and the virtual real name ID and encrypted 'WYK for personal authentication authority and WYK for user organization' and WYH for the user are searched. Decrypts the encrypted WYK for the user institution, calculates the identity authentication information for the identity authentication institution using the decrypted WYK for the identity authentication institution and the WYH for the identity authentication institution, remittance transaction identification information, the transaction application amount, the virtual real name ID, and the transmitting the information related to the counterparty and the identity authentication information for the identity authentication institution to the identity authentication server, and transmitting the transaction application amount, virtual real name ID, information about the counterparty, and WYK for the user institution to the user institution server; The user organization server searches the WYK for the user organization that matches the virtual real name ID and determines whether it matches the 'received WYK for the user organization'. transmitting the transaction application amount, virtual real name ID, and transaction counterpart information' to the identity authentication server; The identity authentication server determines whether the 'information transmitted from the user terminal and the user organization server' is matched with each other, and if the determination is positive, using the WYK for the identity authentication institution and the WYH for the identity authentication institution matched with the virtual real name ID After verifying the ‘received personal authentication information for the identity authentication institution’, the real-name ID matched with the virtual real-name ID is regarded as the sender’s real-name ID, the transaction application amount is regarded as the remittance amount, and information about the counterparty is included. After performing compliance filtering on the remittances constituted by the transaction, the balance matched to the 'settlement account ID matched with the virtual real name ID' is reduced according to the transaction request amount, and the counterparty corresponding to the 'information about the counterparty' processing a transaction in which an amount corresponding to the transaction request amount is transferred; includes

Description

{The convenient and safe method to authenticate real name protecting personal information}

The present invention relates to a technology for authenticating a person in a non-face-to-face transaction.

Recently, the number of non-face-to-face transactions has increased, and self-authentication in non-face-to-face transactions has become more frequent. Therefore, the need to simplify self-authentication in non-face-to-face transactions (hereinafter referred to as "the need for simplified authentication of non-face-to-face transactions") is also increasing. As the need for simplification of non-face-to-face transaction authentication has been pursued, simple payment methods to simplify identity authentication are spreading.

As an embodiment of the simple payment method, instead of simplifying identity authentication by removing the use of an official certificate or OTP, the security is reduced by that much, so a method of reducing the transaction limit per transaction or daily (hereinafter referred to as "simple transaction method") ) is spreading. As a result, the “necessity of facilitating non-face-to-face transaction authentication” was satisfied with the simple transaction method, but the inconvenience of reducing the transaction limit (hereinafter referred to as “the inconvenience of simplification and conflicting limits”) followed.

On the other hand, if you do not want to disclose real name identification information such as resident registration number, driver's license number or passport number, personal identification information such as address, and payment method identification information such as deposit account number or card number, to institutions that provide non-face-to-face transaction services. The necessity (hereinafter referred to as the "necessity for personal information protection") is also increasing, and the more it tries to satisfy the "need to simplify non-face-to-face transaction authentication", the real name identification information, personal identification information, or payment method identification information is registered with the institution in advance. As the necessity to do so increases, the inconvenience (hereinafter referred to as "simplification and conflict of protection inconvenient") in which the "necessity of simplification of non-face-to-face transaction authentication" and "necessity of personal information protection" conflicts is increasing.

On the other hand, recently, fintech has developed to meet the “need to simplify non-face-to-face transaction authentication”, and various non-face-to-face transaction services such as non-bank international remittance, virtual currency transaction, and mobile payment using fintech are growing. In an attempt to meet the "need to simplify non-face-to-face transaction authentication," a method was implemented to remove as much as possible the factors that complicate the process or make the user experience inconvenient. Moreover, in order to respond to the recently emphasized “necessity for protection of personal information”, a method of omitting the process of receiving real-name identification information (hereinafter referred to as “real-name ID”) from users has been implemented as much as possible. As a result, the inconvenience (hereinafter referred to as "illegal risk inconvenience") is growing that these services can be a channel for illegal money transactions, such as money laundering, remittance of blackmail/terrorism funds, and illegal money outflow. ,

In order to alleviate this "illegal risk inconvenience", the need for transparency in transactions using these services (hereinafter referred to as "necessity of transaction transparency") is increasing in government authorities. In order to meet this “necessity of transaction transparency,” government authorities are in a trend to mandate 'how to make these transactions real-name' and 'how to report these transactions suspected of being illegal to government authorities'. As a result, these services From the point of view of the business that wants to provide the service, it is facing the inconvenience of having to invest a huge amount of money to equip the system and manpower to comply with these obligations (hereinafter referred to as "transparency investment burden").

Accordingly, in order to alleviate the “inconvenience of illegal risk” and the “inconvenience of investment burden for transaction transparency,” the government authorities are providing these services to startups or small and medium-sized enterprises (SMEs) with poor financial power, 'how to make these transactions real name'. and a method of partnering with large banks that already have manpower and a system that implements 'reporting to government authorities on suspected illegal transactions' We recently proposed a method of verifying real-name verification of bank partnerships for deposits and withdrawals, etc.)

However, in the case of such a partnership method, users who want to use these services must authenticate themselves to the organization that provides the service (hereinafter referred to as the "user organization"), and verify real name and suspicious transactions in transactions of these services. Inconveniences that conflict with the “need to simplify non-face-to-face transaction authentication” (hereinafter referred to as “inconvenience of self-authentication over non-face-to-face transactions”) ) is expected.

The object of the present invention is to provide "necessity to simplify non-face-to-face transaction identity authentication" and "necessity to protect personal information" in the conventional method in various non-face-to-face transactions such as fintech remittance, virtual currency transaction, and mobile payment using a non-bank remittance company. While maintaining “necessity of transaction transparency”, “inconvenience of simplification and conflict of limits” and “inconvenience of simplification and conflict of protection” and “inconvenience of illegal risk” and “inconvenient burden of investment in transaction transparency” and “inconvenience of self-authentication due to duplication of non-face-to-face transactions” is to reduce

In one embodiment of a method for simple and safe real-name authentication while protecting personal information according to a feature of the present invention for solving these technical problems, information in which a specific counterparty alias is selected is input to a user terminal, and the selected transaction in the counterparty DB retrieving 'information related to the counterparty' matched with the counterpart's alias; The transaction application amount and master password are entered in the user terminal, the virtual real name ID for the user organization is searched in the user IDDB, the encrypted 'WYK for the user authentication institution and the WYK for the user institution' is searched in WYKDB, , decrypting the 'encrypted WYK for the self-certification authority and the encrypted WYK for the user organization' with the master password as a decryption key, and calculating the self-authentication information for the self-certification authority using the WYK for the self-certification authority and the WYH for the self-certification authority; The user terminal transmits the remittance transaction identification information, the transaction application amount, the virtual real name ID, information related to the counterparty, and the identity authentication information for the identity authentication institution to the identity authentication server, and transmits the transaction application amount, virtual real name ID, and counterparty transmitting the information and the WYK for the user organization to the user organization server; retrieving the WYK for the user organization matched to the virtual real name ID in the user DB in the user organization server, and determining whether the 'searched WYK for the user organization' and 'the received WYK for the user organization' match by the identity authentication unit; if the determination is affirmative, transmitting 'the received transaction application amount, virtual real name ID, and transaction counterpart information' to the identity authentication server by matching predetermined remittance settlement application information; In the identity authentication server, the ambassador determines whether the 'information transmitted from the user terminal and the user organization server' matches each other, and if the judgment is positive, the identity authentication institution WYK and the identity matching the virtual real name ID in the identity authentication DB Search the WYH for the certification authority, and the identity authentication unit determines whether the 'searched WYK for the identity authentication institution' matches the 'personal authentication information for the identity authentication institution received', and if the determination is positive, the virtual real name ID in the identity authentication DB retrieving a real-name ID matched to , treating the real-name ID as the real-name ID of the sender, considering the transaction request amount as the remittance amount, and performing compliance filtering on remittance actions comprising information on the counterparty; calculating, by a random value calculating unit, a new WYH at random, updating the WYH matching the virtual real name ID in the identity authentication DB to the calculated WYH, and transmitting the calculated WYH to the user terminal; updating 'WYH for identity authentication authority stored in WYHDB' with the received WYH from the user terminal; and the self-authentication server retrieves the settlement account ID matched with the virtual real name ID in the identity authentication DB, reduces the 'balance matched with the settlement account ID' in the balance DB corresponding to the transaction application amount, and 'the counterparty' processing a transaction in which an amount corresponding to the transaction request amount is remitted to a counterparty corresponding to 'information on '; includes

According to an embodiment of the present specification, when a user who wants to make a non-face-to-face transaction enters only one master password as a personal authentication means, the app automatically provides a non-face-to-face transaction service (hereinafter referred to as the "user institution") for the user organization WYK (What You Know: for example, a password for the user organization) is transmitted, and the identity verification institution (eg, affiliated large blue-chip bank) that performs real-name verification and suspicious transaction reporting (compliance filtering) on behalf of the user in cooperation with the user organization The personal authentication information for the authentication institution is transmitted by encrypting the WYK for the authentication institution (eg, the password of the settlement account registered with the large blue bank). Accordingly, while maintaining the "necessity of simplification of non-face-to-face transaction identity authentication" in the conventional method, the "inconvenience of non-face-to-face transaction duplicate identity authentication" in which a user must manually authenticate himself/herself to both institutions is reduced.

In addition, real name identification information such as resident registration number, driver's license number or passport number (hereinafter referred to as "real name ID") or payment method identification information such as deposit account number or card number ( Transactions generated by the user organization by matching the virtual real name ID assigned to the user by the user organization with the 'user's real name ID and settlement account ID stored in the identity authentication institution' without exposing the "settlement account ID") The result can finally be settled through the user's settlement account at the settlement bank, which also serves as the identity authentication institution. In other words, the user organization does not need to keep the user's real name ID or settlement account ID. Personal information protection needs" are met.

As described above, the “necessity of personal information protection” is satisfied while the “need for simplification of non-face-to-face transaction authentication” is maintained.

In addition, as an institution (such as a large blue-chip bank), the identity authentication institution already has a system and manpower that implements 'how to make these transactions real name' and 'how to report these suspected illegal transactions to government authorities'. If the user organization acts on behalf of the user to verify the real name of the transaction and to monitor and report the transaction (hereinafter referred to as "compliance filtering"), the user organization must separately provide a real name certificate such as a resident registration card and a settlement account number. It is presented face-to-face, monitors each user's transaction for any illegal elements, and reports to the government authorities when appropriate on a certain basis, eliminating the need for investment in systems and manpower, thereby reducing the "transparency of transactions."

Of course, the identity authentication authority can use the virtual real name ID to match the transaction at the user organization to a specific real name ID, and can perform necessary reports on behalf of the user, thereby maintaining the "necessity of transaction transparency" and "inconvenience of illegal risk" can also be reduced.

On the other hand, according to the embodiment of the present specification, the WYH for the identity authentication institution stored in the user terminal and the identity authentication server is updated every time the identity authentication institution succeeds in authentication, so the WYH for the identity authentication institution is valid only once, even if it is exposed. do. And the 'WYK for personal authentication authority and WYK for user organization' stored in the user terminal is encrypted and decrypted with the master password. It is difficult to hack the 'WYK for authentication institutions and WYK for user organizations'. If all passwords for user organizations (WYK for user organizations) are encrypted and stored with the master password in the app of the present invention, they can be decrypted and used at any time with the master password. From the user's point of view, there is no need to memorize one master password, and there is no need to memorize other passwords, so there is no need to record the master password somewhere. Moreover, since only the master password is used for all non-face-to-face transactions, the master password is frequently used, and the risk of forgetting it becomes negligible. Therefore, the 'WYK for the authentication authority and the WYK for the user organization', which are encrypted and decrypted with the master password, can be safely stored. The self-certification information for self-certification institutions, which is calculated by using the 'WYK for self-certification authority' and 'WYH for self-certification authority, which is a one-time variable,' stored safely as described above, is less likely to be hacked compared to the self-authentication information in the conventional simple payment method. difficult. Accordingly, it is possible to expand the transaction limit per transaction and daily compared to the conventional simple payment method, and it is also possible to reduce the "inconvenience of a conflict between simplification and limit".

1 is a block diagram of a device necessary to implement a method for simple and safe real name authentication while protecting personal information according to an embodiment of the present invention.
2 and 3 are diagrams illustrating some operations of a preferred embodiment of a method of installing an app of the present invention to a user terminal of the present invention.
The service of the present invention is an embodiment applied when joining a user organization (hereinafter referred to as "simultaneous subscription application embodiment") and an embodiment applied when a person who has already subscribed to a user organization needs to add the service of the present invention (hereinafter referred to as "the embodiment") "Example of additional application") are all possible, "Example of simultaneous subscription application" is illustrated in FIG. 2, and "Example of additional application" is illustrated in FIG.
In addition, the present invention provides an embodiment in which the WYH for the user organization is used separately from the WYH for the identity authentication institution (hereinafter referred to as the "Example of using WYH for the user institution") and an embodiment in which the WYH for the user organization is not used separately from the WYH for the identity authentication institution (hereinafter "" All of them are possible, but the app installation operation for "the WYH usage example for the user organization" is illustrated in FIG. 3, and the app installation operation for the "WYH non-use embodiment for the user organization" is exemplified.
Accordingly, FIG. 2 is a diagram for explaining the operations exemplified by "Example of simultaneous subscription application" and "Example of non-use of WYH for a user institution", and FIG. It is a diagram explaining the operation performed. Of course, the operations exemplified by "Example of concurrent subscription application" and "Example of using WYH for the user organization" and the operations illustrated by "Example of additional application" and "Example of using WYH for the user organization" are also within the scope of the present invention. , are omitted to simplify the present specification.
4 to 9 are diagrams for explaining a method of simple and safe real name authentication while protecting personal information using the app after the app of the present invention is installed in the user terminal of the present invention.
4 shows that the user uses the app of the present invention to apply for a remittance transaction to a non-bank remittance company, protecting personal information with the non-bank remittance company and 'a self-certification institution and settlement bank affiliated with the non-bank remittance company' It is a diagram for explaining the operation of an embodiment of a method for securely authenticating a real name.
Figure 5 shows that the user uses the app of the present invention to deposit into his or her account opened at the virtual currency exchange, protecting personal information from the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange' It is a diagram for explaining the operation of an embodiment of a method for simple and safe real name authentication.
6 shows that the user uses the app of the present invention to withdraw from his or her account opened at the virtual currency exchange, protecting personal information from the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange' It is a diagram for explaining the operation of an embodiment of a method for simple and safe real name authentication.
7 shows that the user uses the app of the present invention to buy and sell virtual currency at the virtual currency exchange, while protecting personal information to the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange', and It is a diagram for explaining the operation of an embodiment of a method for securely authenticating a real name.
8 shows the user using the app of the present invention to remit the funds deposited in his or her account opened in the virtual currency exchange to a specific counterparty, the virtual currency exchange and the 'person authentication institution affiliated with the virtual currency exchange. It is a diagram explaining the operation of an embodiment of a method for simple and safe real-name authentication while protecting personal information to 'cum settlement bank'.
9 shows a user using the app of the present invention to pay for a commerce transaction using the service provided by the mobile payment company, to the mobile payment company and 'a self-certification institution and settlement bank affiliated with the mobile payment company' It is a diagram explaining the operation of an embodiment of a method for simple and safe real name authentication while protecting personal information.
An embodiment of a method in which a user uses the app of the present invention for a predetermined transaction to provide personal information protection and simple and safe real-name authentication to the user organization and the 'person authentication institution affiliated with the user organization' is illustrated in FIGS. 5 to 9 Although there are various other examples, it is omitted for the sake of brevity of the present specification.
10 shows the first app after the app of the present invention (hereinafter referred to as "first app") is installed in the user terminal of the present invention for the purpose of using a specific user organization (hereinafter referred to as "first user organization") An app for the second certification authority (hereinafter referred to as the "second app") among the embodiments of simple and safe real-name authentication while protecting personal information in order to sign up for services provided by another user organization (hereinafter referred to as "second user organization") by using ) is a diagram for explaining the operation of the embodiment that does not need to be installed in the user terminal.
11 is a diagram showing a first app installed in a user terminal of the present invention for the purpose of using a first user organization, and then using the first app to protect personal information while protecting personal information simply and safely It is a diagram for explaining the operation of the embodiment in which it is necessary to install the "second app" in the user terminal among the embodiments of real-name authentication.

Hereinafter, the present invention will be described in detail through preferred embodiments described with reference to the accompanying drawings.

Embodiments of the present invention may be variously changed without departing from the spirit and scope of the present invention. The following detailed description is not intended to limit the present invention, and terms used in the detailed description are selected for readability or convenience of description.

Also, in the present invention, the term "virtual real name ID" refers to information that is independent of the real name ID as identification information matched only with a specific real name ID. A virtual account number matching only a specific real-name ID may be an embodiment of a "virtual real-name ID".

In addition, in the present invention, "personalization OO app" refers to "OO app" in which 'at least one of user identification information for personal authentication authority and user identification information for user organization' of the present invention is not yet stored in the corresponding storage unit. it means.

Also, in the present invention, the term "transaction" refers to a monetary transaction such as deposit, withdrawal, remittance, payment, purchase of virtual currency or product, and non-monetary transaction such as information retrieval.

Also, in the present invention, "exchange product" means a product traded on an exchange.

In addition, in the present invention, the term "exchange" means that when a buyer and a seller respectively present the price and quantity of a specific transaction object online, a trade between the buyer and the seller that matches the conditions is concluded, or a transaction between the buyer or the seller. It means an institution that provides services to be the counterparty and to make trade transactions concluded. Accordingly, a virtual currency exchange, a stock exchange, a foreign currency exchange, a precious metal exchange, a mineral exchange, a grain exchange, etc. may be an embodiment of the exchange.

Also, in the present invention, "transaction information" refers to 'information to apply for a specific transaction' and 'information to agree to a specific transaction application'. For example, 'information applying for a specific deposit, remittance, or payment' and 'information agreeing to a specific deposit, remittance, or payment application' may both be "transaction information" in the present invention.

Also, in the present invention, "one-way encryption" means encryption so that decryption is impossible or very difficult. Therefore, encrypting the encryption target information using a hash function may be an embodiment of one-way encryption.

Also, in the present invention, the term "master password" is a password selected and memorized by a user. It means a password that does not need to be exposed to anyone in the world as well as a user organization, and does not need to be stored anywhere in the world, not to mention the user organization server or user terminal.

Also, in the present invention, "encryption (or decryption) using the master password" means an act of encrypting (or decrypting) using the master password directly as an encryption key (or decryption key) (hereinafter "direct encryption/decryption key embodiment") ) and the master password as an independent variable for calculating the encryption key (or decryption key) to derive the encryption key (or decryption key), and encrypt (or decrypt) using the calculated encryption key (or decryption key). ) (hereinafter referred to as "indirect encryption/decryption keyization embodiment") is a generic term. Hereinafter, in order to simplify the description, an embodiment of the direct encryption/decryption key will be mainly described.

Also, in the present invention, "separate channel" means a channel physically and logically separated from a communication channel through which an app is downloaded in the present specification. Accordingly, in an embodiment in which the app is downloaded using a mobile data communication network, the SMS communication network may be an embodiment of a separate channel.

Also, in the present invention, the term "security area" is a specific area of the storage unit configured in the user terminal, and means an area that is impossible or very difficult to read from the outside. Keystore when the OS of the user terminal is Android, Keychain when the OS of the user terminal is iOS When a logical block' (hereinafter referred to as "Trusted Zone") is configured, the Trusted Zone may be one embodiment of the security zone.

Also, in the present invention, the term "personal authentication authority" refers to an organization that has management authority for the user authentication server.

Also, in the present invention, "user identification information for a personal authentication authority" refers to information that allows a user to be distinguished from other users in a personal authentication authority. 'Login ID, mobile phone number, e-mail address, settlement account number', etc. registered by the user with the identity authentication institution is information that cannot be duplicated by other users in the identity authentication institution. One implementation of user identification information for the identity authentication institution could be examples. Accordingly, there may be a plurality of user identification information for the identity authentication authority. In addition, if the personal authentication authority allocates a specific virtual real name ID to a specific user so that it can be used continuously, but is not repeatedly assigned to other users, the virtual real name ID will also be an embodiment of user identification information for the user authentication authority. can

Also, in the present invention, the term "personal authentication server" refers to a server that a specific user accesses in order to use the user authentication service as an embodiment of the user organization server.

Also, in the present invention, "personal authentication information" means information transmitted from a user terminal to a user organization server in order to prove that a person making a non-face-to-face transaction is a specific person. Therefore, personal authentication information defined in the Electronic Signature Act, that is, information in an electronic form attached to or logically combined with the electronic document in order to confirm the signer and indicate that the signer has signed the electronic document is the person in the present invention. It may be an embodiment of authentication information. In addition, login password and account password, 'OTP calculated by an OTP generator provided to a bank, etc.' and a certificate defined in the Digital Signature Act may be an embodiment of personal authentication information in the present invention.

In addition, in the present invention, "method of authenticating oneself" refers to methods of proving that a person making a non-face-to-face transaction is a specific person. The method of authentication is collectively referred to as

Also, in the present invention, "user terminal ID" means identification information of a user terminal for communicating with the user terminal. Accordingly, the mobile phone number may be an embodiment of the user terminal ID in the case where the user terminal is a mobile phone, and the IP address may be an embodiment of the user terminal ID in the case where the user terminal is a PC.

In the present invention, "user identification information" collectively refers to user identification information for a user authentication institution and user identification information for a user organization. 'Login ID, mobile phone number, e-mail address, settlement account number', etc. registered by the user with the identity authentication institution (or the user institution other than the identity authentication institution) are information that cannot be duplicated by other users in the institution. Examples of identification information may be. Accordingly, there may be a plurality of user identification information.

Also, in the present invention, the term "service organization" refers to the identity authentication institution and the user institution.

Also, in the present invention, the term "service server" refers to a user authentication server and a user organization server. In essence, the identity authentication service is also a kind of service, and in that respect, the identity authentication server may also be a kind of user organization server. However, for the purpose of this specification to describe the interaction between the identity authentication server and the user organization server other than the identity authentication server, this specification describes the bilateral operation by separating the identity authentication server and the user organization server other than the identity authentication server as much as possible. do. However, when describing common operations in both servers, both servers are referred to as service servers.

Also, in the present invention, "received account ID" means identification information of a means by which a counterparty can receive a remittance amount. Therefore, the bank account number, card number, prepaid payment method account number, phone number as identification information for the prepaid payment method, 'one-time remittance password that can be recognized as a beneficiary when presented to the receiving institution', etc. " may be one embodiment of.

Also, in the present invention, the term "receiving institution" means an institution that issues a means for receiving a remittance amount. Therefore, a bank that issues a bank account, a card company that issues a card, a company that issues a prepaid payment means, a telecommunication company that issues a phone number as a prepaid payment means, and a remittance company that issues the one-time remittance password are one embodiment of a recipient institution. can be

Also, in the present invention, the term "counterparty alias" refers to information given by a user to each counterparty in order to identify a specific counterparty from another counterparty. Therefore, in an embodiment of the present invention, in which the contact DB mounted on the smartphone is implemented as the counterparty DB, the name (or nickname) entered by matching while storing the phone number, etc. in the contact DB is one of the "counterparty alias" It can be an embodiment.

Also, in the present invention, "receipt identification registration information" refers to the process of processing a remittance transaction in an institution handling remittance transactions, such as a bank or remittance company, to distinguish the 'recipient corresponding to the counterparty' from other persons, corporations or organizations. collectively the information requested for

Also, in the present invention, the "method of authenticating a real name" refers to a "method of authenticating a person" that is recognized as a real name verification under the laws related to the real-name financial system as a kind of method of proving that a person making a non-face-to-face transaction is a specific person. However, in the name of the present invention, “method of authenticating real name” is only for explaining the method of real-name authentication, and in order to exclude from the scope of the present invention a method of authenticating a person that is not recognized as a method of real-name authentication. is not An expert in the industry in charge of identity authentication will easily understand that the real-name authentication method centered on the real-name authentication method in this specification can also be used as a self-authentication method that is not recognized as the real-name authentication. Accordingly, the claims of the present invention are not limited to the method of real-name authentication despite the name of the present invention, but also include a method of authenticating a person, which is not recognized as a real-name authentication method as described in the claims.

Also, in the present invention, "real name ID" means information for identifying each user's real name. Resident registration number, driver's license number, passport number, corporation number, business number, alien registration number, etc. may be an example of real-name ID.

In addition, in the present invention, "app" means an application program for the purpose of self-authentication driven by the OS of the user terminal.

Also, in the present invention, the term "linked account" refers to an account designated for withdrawing and receiving funds related to a service provided by a user organization among bank accounts of a specific user.

Also, in the present invention, the term "bank" refers to financial companies recognized as institutions capable of real-name verification under the laws related to the real-name financial system.

Also, in the present invention, the term "user organization" refers to entities operating the "user organization server". In this specification, 'a non-bank remittance company operating a remittance company server', 'a virtual currency exchange operating a virtual currency exchange server', and 'a mobile payment company operating a mobile payment server' are exemplified as "user institutions", Various embodiments will be described for each institution. Therefore, when exemplifying the "user institution" as an embodiment in the present specification, the non-bank remittance company, the virtual currency exchange, and the mobile payment company as exemplified above are collectively referred to. Also, in this specification, an operation of a user using a plurality of user organizations by using one app of the present invention is described. "Using organization" refers to them collectively.

Also, in the present invention, the term "user organization server" refers to a server that a specific user accesses to use a specific transaction. In this specification, as a "user server server", a server operated by an institution other than a bank to which a user connects to use a remittance transaction (hereinafter referred to as a "remittance company server") and a server to which a user connects for a virtual currency transaction ( Hereinafter referred to as a "virtual currency exchange server") and a server to which a user accesses for mobile payment transactions (hereinafter referred to as "mobile payment server") will be exemplified. However, a server (search server) connected to use a search transaction, a server connected to a mobile banking transaction (mobile banking server), etc. may all be an embodiment of the user organization server. Also, in this specification, an operation of a user communicating with a plurality of user organization servers using one app of the present invention is described. , even in this case, if they are referred to as "user organization servers", they are collectively referred to as these.

Also, in the present invention, "user identification information for a user organization" refers to information that enables a user organization to distinguish a specific user from other users. 'Login ID, mobile phone number, e-mail address, and account number' registered by the user with the user organization are information that cannot be duplicated by other users at the user organization, so it will be an example of user identification information for the user organization. can In addition, if the user organization allocates a specific virtual real name ID to a specific user so that it can be used continuously, but does not assign it duplicately to other users, the virtual real name ID may also be an embodiment of user identification information for the user organization. .

In the present invention, "one-time personal authentication information" refers to electronic information that retains the characteristics of personal authentication information and changes each time the user transmits personal authentication information from the user terminal to the user organization server for self-authentication. it means. Therefore, among the information having characteristics corresponding to the digital signature defined by the Digital Signature Act, electronic information, which is characterized by being changed each time it is authenticated, may be an embodiment of one-time personal authentication information. In addition, an OTP generated by an OTP generating device in the form of hardware or software issued to a customer by a bank or the like may also be an embodiment of one-time personal authentication information.

Also, in the present invention, the term "settlement account" refers to an account opened in the settlement bank of a user organization for fund settlement between a user organization and a user among bank accounts of a specific user.

Also, in the present invention, "compliance filtering" refers to the determination of whether or not a Suspicious Transaction Report is subject to a customer's When a transaction request is received from a financial institution, before the financial institution processes the transaction according to the transaction request, the act of judging whether a transaction is legally possible or a transaction subject to report to the government authorities, and reporting necessary according to the judgment result refers to the act of doing

Also, in the present invention, "WYK" means information registered in the service server as it is assumed that only a specific user knows. Accordingly, 'login password, account password, PIN, etc. registered in the service server may be examples of WYK. For the purpose of this specification, which must explain the interaction between the user authentication server and the user authentication server, not the identity authentication server, “WYK” registered in the identity authentication server is referred to as “WYK” for the identity authentication institution, and the identity authentication server "WYK" registered in the server of the user organization other than that is classified as "WYK" for the user organization, but if "WYK" is referred to as "WYK" for the user organization, "WYK" for the identity authentication organization and "WYK" for the user organization are collectively referred to.

Also, in the present invention, "WYH" means information registered in the service server as it is regarded as possessed only by a specific user. Therefore, digital signature creation information defined in the Digital Signature Act, information uniquely generated by USIM, encryption/decryption key value selected by the service server and stored in the security area of the user terminal by a predetermined method, biometric information (fingerprint, iris, vein , facial feature information, etc.) may be examples of WYH. Hereinafter, as an embodiment of WYH, an embodiment using 'WYK encryption key stored in a secure area of a user terminal' will be mainly described. For the purpose of this specification, which must explain the interaction between the user authentication server and the user authentication server other than the identity authentication server, “WYH” registered in the identity authentication server is referred to as “WYH” for the identity authentication institution, and the identity authentication server "WYH" registered on the server of the user organization other than the user organization is referred to as "WYH" for the user organization.

Also, in the present invention, "OO box" is an area in which information meaning "OO" is marked among the screen areas output to the output unit, and "OO box" is selected as 'action such as touching or clicking the area'. It means an area configured to input information.

Hereinafter, the virtual currency exchange server, the mobile payment server, and the remittance company server are examples of the user organization server, the virtual currency exchange, the mobile payment company, and the non-bank remittance company are examples of the user organization, and the virtual currency exchange and the mobile payment company A bank affiliated with each non-bank remittance company for settlement business (hereinafter referred to as "settlement bank") also serves as an embodiment of the identity authentication institution, and a server operated by the settlement bank (hereinafter referred to as "settlement bank server") also serves as an embodiment of the identity authentication server, and the settlement bank allocates a range of virtual account numbers to each of the virtual currency exchange, the mobile payment company, and the non-bank remittance company so that they do not overlap each other, and the virtual currency exchange and the mobile payment company The real name protection of the present invention while protecting personal information simply and safely focusing on the case in which each non-bank remittance company allocates a specific virtual account number among non-overlapping virtual account numbers assigned to it as a virtual real name ID to a specific user Describes how to authenticate.

1 is a block diagram of a device necessary to implement a method for simple and safe real name authentication while protecting personal information according to an embodiment of the present invention.

Referring to FIG. 1 , the devices required to implement a method for simple and safe real name authentication while protecting personal information are a user authentication server 100 , a user organization server 200 , a user terminal 300 , and an app download server 400 . Including, each of the components (100, 200, 300, 400) may be connected to a wired or wireless network.

The identity authentication server 100 can be connected to one or more of the user organization server 200, the user terminal 300, and the app download server 400, and a wired/wireless network, and has an input unit, an output unit, a storage device, an operation unit, and an OS. As a computing device, it includes a user authentication DB 110 , a function storage unit 120 , a random value calculation unit 130 , and a user authentication unit 140 .

In the self-authentication DB 110, by matching with the real name ID of each user who has signed up for the self-authentication service, the virtual real name ID for each user organization matched to one or more user organization identification information, WYK for the identity authentication institution, WYH for the identity authentication institution, and the settlement account ID can be stored.

According to an additional aspect of the present invention, the virtual real name ID for each user organization is a specific virtual account number assigned to a specific user by each user organization from a set of independently allocated virtual account numbers for each user organization.

According to an additional aspect of the present invention, the WYK for the authentication authority is stored in a one-way encrypted state.

The function storage unit 120 stores at least one of a self-authentication information calculation function and an inverse function of the self-authentication information calculation function. The self-authentication information calculation function receives at least one of 'WYK matching a specific real-name ID' and 'WYH matching the real-name ID' as input, and calculates personal authentication information. In addition, the inverse function of the self-authentication information calculation function is characterized in that it receives the personal authentication information (up to the WYH when the WYH is input during encryption) and inversely calculates the WYK.

According to an additional aspect of the present invention, the user authentication information calculation function receives the WYK and WYH together, and calculates the user authentication information by encrypting the WYK with the WYH as an encryption key. In addition, the WYH, which is the WYK encryption key, is updated in one of the user terminal and the user organization server whenever a predetermined event (eg, an event in which the personal authentication information transmitted from the user terminal is verified by the user authentication server 100) occurs, and the counterpart device The WYH transmitted to and stored in the counterpart device can be updated. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key also becomes a one-time variable, and the calculated personal authentication information becomes the one-time authentication information. Hereinafter, in the present specification, an embodiment to which the additional aspect is applied will be mainly described.

According to another additional aspect of the present invention, the identity authentication information calculating function is the same as the identity authentication information calculating function stored in the function storage unit configured in the download target app stored in the app download server (400). Accordingly, it is the same as the self-authentication information calculation function stored in the function storage unit configured in the app installed in the user terminal 300 . Of course, even if the function is the same, the actually calculated personal authentication information is changed according to 'WYK for personal authentication authority and WYH for personal authentication authority', which are independent variables input to the function.

According to an additional aspect of the present invention, the one-way encryption function may be stored in the function storage unit 120. Hereinafter, the present invention will be mainly described with respect to the case in which the one-way encryption function is stored.

The random value calculation unit 130 randomly calculates a new WYH for the user authentication institution whenever a predetermined event (eg, an event in which the user authentication information transmitted from the user terminal is verified by the user authentication server 100) occurs.

The identity authentication unit 140 compares the 'WYK for the identity authentication authority received from the user terminal 300' and the 'WYK for the identity authentication institution retrieved from the identity authentication DB 110' to determine whether or not there is a match.

According to an additional aspect of the present invention, the identity authentication unit 140 substitutes 'WYK for identity authentication authority decrypted using the inverse function of the identity authentication information calculation function' to 'one-way encryption function found in the function storage unit 120'. Thus, it is possible to determine whether the one-way encrypted value matches the 'one-way encrypted WYK for the identity authentication authority found in the identity authentication DB 110' to determine the match.

On the other hand, according to an additional aspect of the present invention in which the server of the settlement bank affiliated with the user organization also serves as the identity authentication server 100, the identity authentication server 100 includes the ambassador 150 and the balance DB 160 and virtual It may further include a balance DB (170).

The ambassador 150 compares the information transmitted from the user organization server 200 with the corresponding information transmitted from the user terminal 300 to determine whether they match each other, and uses all or part of the information for compliance filtering.

Balance information may be stored in the balance DB 160 by matching the settlement account ID.

The virtual balance DB 170 may store cash balance information and non-cash balance information by matching the virtual real name ID. The cash balance information may consist of cash balance information matched by one or more currency indications, The non-cash balance information may consist of balance information matched by one or more virtual currency indications, one or more product identification information, and one or more securities identification information.

The user organization server 200 includes a user DB 210 , a function storage unit 220 , a random value calculation unit 230 , an identity authentication unit 240 , and a virtual real name IDDB 250 .

In the user DB 210, each user matches the user identification information registered with the user organization, and includes a predetermined virtual real name ID, 'WYK for user organization registered by each user with user organization', and 'WYH for user organization assigned to each user by the user organization. ' and contact information and one or more balance information are stored.

According to an additional aspect of the present invention, the WYK for the user organization may be stored in a one-way encrypted state.

According to an additional aspect of the present invention, the virtual real name ID is a specific virtual account number allocated to a specific user from among a plurality of virtual account numbers allocated by the user organization server 200 from the identity authentication server 100 .

According to an additional aspect of the present invention, the balance information includes at least one of cash balance information in a specific currency, specific virtual currency balance information, balance information for each specific product, and specific securities balance information.

The function storage unit 220 stores at least one of a self-authentication information calculation function and an inverse function of the self-authentication information calculation function. The user authentication information calculation function receives at least one of 'WYK for a user organization matching specific user identification information' and 'WYH for a user organization matching the user identification information' to calculate the user authentication information for the user organization. . In addition, the inverse function of the user authentication information calculation function is characterized in that it receives the calculated personal authentication information for the user organization (up to the WYH when the WYH is input together during encryption) and inversely calculates the WYK.

According to an additional aspect of the present invention, the WYH for the user organization is a WYK encryption key, and whenever a predetermined event (eg, an event in which the user authentication information transmitted from the user terminal is verified) occurs, the user terminal 300 and the user organization server 200 ) can be updated in one of them and transmitted to the other party's device for synchronization. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key also becomes a one-time variable, and the calculated personal authentication information becomes the one-time authentication information.

According to an additional aspect of the present invention, the identity authentication information calculating function is the same as the identity authentication information calculating function stored in the function storage unit configured in the download target app stored in the app download server (400). Accordingly, it is the same as the self-authentication information calculation function stored in the function storage unit configured in the app installed in the user terminal 300 . Of course, even if the function is the same, the one-time personal authentication information actually calculated according to the independent variables 'WYK for user organization and WYH for user organization' input to the function changes.

According to an additional aspect of the present invention, the one-way encryption function may be stored in the function storage unit 220. Hereinafter, the present invention will be mainly described with respect to the case in which the one-way encryption function is stored.

The random value calculating unit 230 randomly calculates a new WYH for the user organization whenever a predetermined event (eg, an event in which the user authentication information transmitted from the user terminal is verified by the user organization server 200) occurs.

The user authentication unit 240 determines whether the user authentication information for the user organization received from the user terminal 300 matches the WYK for the user organization retrieved from the user DB 210 .

According to an additional aspect of the present invention, the identity authentication unit 240 substitutes 'WYK for a user organization, read or calculated from the received information,' into the 'one-way encryption function found in the function storage unit 220' to perform one-way encryption. It is also possible to determine whether the value matches the 'one-way encrypted WYK for user organization found in the user DB 210'.

The virtual real name IDDB 250 stores virtual real name IDs assigned by the identity authentication authority.

The user terminal 300 may be connected to a wired/wireless network and includes all computing devices having an input unit, an output unit, a storage device, an operation unit, and an OS. In this specification, the case of a smart phone will be exemplified. The app 310 in the present invention may be installed in the storage device configured in the user terminal 300 , and the app may be driven by the OS configured in the user terminal 300 .

The app 310 is a program downloaded from the app download server 400, a user IDDB 311, a WYKDB 312, a WYHDB 313, a function storage unit 314, a counterpart DB 315, and a payment method It includes a DB (316) and a service subscription code storage unit (317).

The user IDDB 311 may store 'at least one of user identification information and virtual real name ID' registered with the corresponding user organization by matching one or more user organization identification information. According to another aspect of the present invention in which the app 310 is implemented exclusively for a specific user organization, the user IDDB 311 does not match the user identification information with the user identification information and only the virtual real name ID registered with the user organization. may be stored.

The WYKDB 312 stores an encrypted WYK for a user authentication authority and an encrypted WYK for a user organization. According to an additional aspect of the present invention, an 'encrypted WYK for a user authentication institution' is stored by matching the identity authentication institution identification information, and an independent 'encrypted WYK for a user organization institution' is stored by matching one or more user institution identification information. can be saved.

The WYHDB 313 may store WYH for the identity authentication authority. According to an additional aspect of the present invention, 'WYH for personal certification authority' is stored by matching with identification information of the user's certification authority, and independent "WYH for user organization" can be stored by matching with one or more user organization identification information. . Hereinafter, in the present specification, 'WYK encryption key for personal authentication authority' is stored in WYHDB 313 as 'WYH for personal authentication authority', and 'WYK for user organization' as 'WYH for user organization' independently by matching one or more user organization identification information An embodiment in which 'encryption key' is stored will be mainly described.

According to an additional aspect of the present invention, at least one of the user IDDB 311 , the WYKDB 312 , and the WYK encryption key DB 313 may be configured in a security area (not shown) of the user terminal 300 . In the present specification, examples of such an additional aspect will be mainly described.

The function storage unit 314 stores a self-authentication information calculation function, an encryption function, and a decryption function. The user authentication information calculation function receives 'at least one of WYK and WYH' for a specific purpose and calculates the user authentication information for the purpose.

According to an additional aspect of the present invention, the WYH for the specific purpose is a key for encrypting and decrypting the WYK for the purpose (hereinafter referred to as "WYK encryption key"), and matches the user's identification information to the server for the purpose. is shared

According to another additional aspect of the present invention, the WYH for the specific purpose is a predetermined event (eg, an event in which the personal authentication information for the purpose transmitted from the user terminal to the server for the purpose is verified by the server for the purpose) Whenever an occurrence occurs, the WYH for the above purpose stored in the counterpart device may be updated after being updated in one of the user terminal and the server and transmitted to the counterpart device. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key also becomes a one-time variable, and the calculated personal authentication information becomes the one-time authentication information. Hereinafter, the present specification will be mainly described based on examples of the additional aspect.

On the other hand, the encryption function encrypts the 'encryption target information input in the input unit' using the 'master password inputted in the input unit' as the encryption key, and the decryption function uses the 'master password inputted in the input unit' as the decryption key to 'decrypt' Decrypt 'target information'.

The counterparty DB 315 may store receivable identification registration information by matching with 'at least one of a counterparty alias and a profile picture of the counterparty'.

In an embodiment of depositing money into a payee's account, the payee identification identification registration information may include a payee institution identification information and a payee account ID. Accordingly, specific bank identification information and bank account number, specific card company identification information and card number, specific prepaid payment means issuer identification information and prepaid payment means account number, etc. may be an embodiment of receivable identification registration information. And, in the embodiment in which the recipient comes to a specific recipient institution to find it, the recipient organization identification information, the recipient's name or trade name (hereinafter referred to as "recipient name"), the recipient's phone number, and the recipient's e-mail address are included as the recipient identification registration information. can

In a country that allows the remittance transaction purpose to be confirmed, remittance purpose identification information with a high frequency of remittance may be included as the remittance identification registration information when remittance to the recipient. In addition, in international remittances where various remittance prohibited subjects must be selected, the name of the country where the recipient institution is located (hereinafter referred to as the “recipient country name”), the name of the recipient, the recipient address, and the remittance purpose identification information may be included as the remittance identification registration information. .

Meanwhile, as an application installed on a smartphone, a contact app, a phone book app, and the like, in which one or more of an alias, a name, and a profile picture can be stored by matching each phone number are used. However, the name may also be an embodiment of the "counterparty alias" defined in this specification. Accordingly, such an application may also be an embodiment of the counterparty DB 315 of the present invention if the required receivable identification registration information can be stored by matching the 'at least one of an alias, a name, and a profile picture'.

The payment method DB 316 stores payment method identification information by matching one or more user organization identification information.

In the service subscription code storage unit 317, 'identification information that the app 310 is a user's app subscribed to the real name authentication service of the present invention' (hereinafter referred to as a "service subscription code") may be stored. According to an additional aspect of the present invention, when the service subscription code is retrieved from the service subscription code storage unit 317, it is estimated that 'the app is an app of the present invention provided to a user subscribed to the real name authentication service of the present invention' , if the service subscription code is not found, it is estimated that the app is not an app of the present invention, or an app that has not yet been registered with a self-certification authority even though it is an app of the present invention.

The app is stored in the app download server 400, it is characterized in that the user terminal can access and download the app.

According to an additional aspect of the present invention, the app download server 400 may serve as one of the identity authentication server 100 and the user organization server 200 . However, in the present specification, the application download server 400 will be mainly described with respect to a case in which either the identity authentication server 100 or the user organization server 200 does not serve.

2 is a diagram for explaining an example of a method of installing the app of the present invention on a user terminal of the present invention, in which "simplification of simultaneous subscription application" and "embodiment of non-use of WYH for user organizations" are exemplified.

In step 210, the user terminal 300 accesses the membership application page of the user organization server 200, and a predetermined screen for applying for membership registration to the user organization on the output of the user terminal 300 (hereinafter referred to as "user organization") signup application screen") is displayed.

According to an additional aspect of the present invention, the user organization subscription application screen does not include a field for inputting information that the user is reluctant to expose to the user organization, such as a real name ID or bank account number, or is an optional input field that is not a mandatory field. includes only

To illustrate one embodiment of the user organization subscription application screen, an area for reading the terms and conditions (hereinafter referred to as the "user organization terms and conditions") set by the user organization to provide a predetermined service (hereinafter referred to as the "Terms and Conditions view column") and a check box for indicating consent to the terms and conditions posted in the above terms and conditions reading column (hereinafter referred to as the “terms agreement input field”) and user identification information to be used as personal authentication information when accessing the user organization server 200 (hereinafter referred to as “user organization use”) Enter the field to input the user identification information (hereinafter referred to as “user identification information input field for the user organization”) and the field to input the WYK for the user organization (hereinafter referred to as the “WYK input field for the user organization”) and the user's mobile phone number. It includes a field for inputting (hereinafter referred to as "mobile phone number input field") and a field for entering an e-mail address (hereinafter referred to as "e-mail address input field").

In step 215 , when information corresponding to each required input field of the user organization subscription application screen output to the output unit of the user terminal 300 is input, the input information is transmitted to the user organization server 200 .

To illustrate one embodiment of the operation, the user reads the terms and conditions of the user organization using the input unit of the user terminal 300, selects the agreement agreement input field, and enters the user identification information for the user organization in the user identification information input field for the user organization. When the user enters the password for the user organization in the WYK input field for the user organization, and inputs their mobile phone number and e-mail address in the mobile phone number input field and the e-mail address input field, respectively, the entered information is transmitted to the user organization server (200). ) is sent to

When the 'information transmitted in step 215' is received from the user organization server 200 in step 220, the virtual real name IDDB 250 'one that is not assigned to any user among the virtual real name IDs allocated in advance from the identity authentication authority' ' is selected for the user, and 'information input by the user in step 215' is stored by matching the virtual real name ID selected in the user DB 210 .

To illustrate one embodiment of the operation, virtual account numbers assigned from a user authentication institution are stored in the virtual real name IDDB 250 configured in the user organization server 200, and user identification information among the virtual account numbers is matched. 'User identification information for a user organization inputted in the embodiment of step 215 and received in the embodiment of step 220' is stored by matching the most advanced virtual account number among the virtual account numbers that are not already in place, and the 'user DB 210' By matching the 'matched virtual account number' and 'input in the embodiment of step 215 and received in the embodiment of step 220, the user identification information for the user organization, the password for the user organization, the mobile phone number and the e-mail address' are stored, A code for identifying the fact that the user agrees to the terms of use (hereinafter referred to as the "consent code for the terms of use of the user organization") is stored.

According to another aspect of the present invention, the user identification information of the user is not separately input, and 'one of the selected virtual account number, the received mobile phone number, and the received e-mail address' is regarded as user identification information. it might be

In step 240, the user organization server 200 calls the identity authentication server 100, and the user organization identification information and 'mobile phone number and e-mail address input in step 215 and received in step 220' and 'select in step 220' When the 'virtual real name ID' is transmitted to the identity authentication server 100, the identity authentication server 100 is called and the 'transmitted information' is received.

To illustrate one embodiment of the operation, the user organization server 200 calls the settlement bank server 100, and the user organization identification information and 'input in the embodiment of step 215 and received in the embodiment of step 220, When the 'mobile phone number and e-mail address' and the 'virtual account number matched in the embodiment of step 220' are transmitted to the settlement bank server 100, the settlement bank server 100 is called and the 'transmitted information' receive

According to another aspect of the present invention, the user organization server 200 transmits the 'user organization identification information and virtual real name ID' to the user terminal 300, and the user terminal 300 transmits the information and the 'mobile phone' number and e-mail address' may be transmitted to the called identity authentication server 100 .

In step 245, the user terminal 300 is connected to a predetermined service subscription application screen (hereinafter referred to as "simple identity authentication service subscription application screen") page of the identity authentication server 100, and the output of the user terminal 300 is The field for entering user identification information for the identity authentication institution, the field for entering the WYK for the identity authentication institution (hereinafter referred to as the "WYK input field for the identity authentication institution"), and the box for requesting the opening of a new settlement account with the identity authentication institution (hereinafter referred to as the "settlement account") A simple identity authentication service subscription application screen including "open application box" is output.

When exemplifying an embodiment of the simple identity authentication service subscription application screen, an area for reading the terms and conditions (hereinafter referred to as "simple identity authentication service terms and conditions") set by the identity authentication institution to provide predetermined services (hereinafter referred to as "terms and conditions") "Reading field"), the terms and conditions agreement input field, and 'information identifying the user's account opened in the self-certification institution as an example of user identification information for the identity authentication institution' (hereinafter referred to as "settlement account ID") for the identity authentication institution The field to input as user identification information (hereinafter referred to as “settlement account ID input field”) and the field to input the password matching the settling account ID (hereinafter referred to as “settlement account password”) as WYK for the identity authentication institution (hereinafter referred to as “personal authentication”) WYK input field for institutions" or "settlement account password input field") and an application box for opening a settlement account.

On the other hand, as other embodiments of the user identification information for the identity authentication institution in the present invention, the login ID registered by the user with the identity authentication institution, 'information registered by the user with the identity authentication institution' and 'other users registered with the identity authentication institution' It can be exemplified by 'mobile phone number, e-mail address, and virtual real name ID', which have features that do not overlap with the same type of information registered by them.

If the user has the user's settlement account opened at the self-certification institution, after 'Step 250, Step 260, and Step 265' are operated, Step 270 below is operated, otherwise, Step 250-1 and Step 255 below After steps -1 and 265-1 are operated, step 270 is operated.

In step 250, when the information required for the simple identity authentication service subscription application including 'user identification information for the identity authentication authority and WYK for the identity authentication institution' is input to the user terminal 300, the entered information is sent to the identity authentication server 100 is sent

Illustrative of an embodiment of the operation, the user uses the input unit of the user terminal 300 to view the simple identity authentication service terms and conditions in the 'simple identity authentication service subscription application screen illustrated in the embodiment of step 245' , select the terms and conditions agreement field, and enter the 'settlement account number assigned by the settlement bank' and 'settlement account password registered with the settlement bank' in the 'settlement account ID input box and settlement account password input box' The 'input, settlement account number and settlement account password' and information on consent to the simple identity authentication service agreement are transmitted to the settlement bank server 100 .

According to an additional aspect of the present invention, the WYK for the identity authentication authority is encrypted in the user terminal and transmitted to the identity authentication server 100 .

According to an additional aspect of the present invention, the encryption key used when encrypting the WYK is the WYH for the identity authentication authority retrieved from the user terminal.

In step 260, when the 'information transmitted in step 250' is received from the identity authentication server 100, the real name ID matched with the 'user identification information for the identity authentication institution read from the information' in the identity authentication DB 110 and identity authentication The WYK for the institution is searched, and the identity authentication unit 140 compares the 'WYK for the identity authentication institution read from the received information' with the 'WYK for the identity authentication institution retrieved' to determine whether or not there is a match.

When exemplifying an embodiment of the above operation, the 'settlement account number and settlement account password and agreement information on the terms of service for simple identity authentication transmitted in the embodiment of step 250' is received from the settlement bank server 100, the user The real name number and 'one-way encrypted settlement account password' are searched for in the authentication DB 110, and the received settlement account password is one-way encrypted using a hash function, and the one-way encrypted settlement account It is determined whether the password matches the 'one-way encrypted settlement account password searched in the identity authentication DB (110)'.

According to an additional aspect of the present invention, the 'WYK for the self-certification authority read from the information received in step 260' is in an encrypted state, and step 260 includes an operation of decrypting the encrypted WYK for the self-certification authority.

According to an additional aspect of the present invention, the decryption key used for the decryption is WYH matched with 'user identification information for the identity authentication authority read from the information' in the identity authentication DB 110 .

If the determination in step 260 is affirmative, step 265 is operated.

In step 265, the random value calculation unit 130 in the identity authentication server 100 randomly calculates a new WYH for the identity authentication authority, and in the identity authentication DB 110, 'User for the identity authentication institution read from the information received in step 260' 'Identification information' and 'the calculated WYH for the authentication institution' and 'user organization identification information, mobile phone number, e-mail address, and virtual real name ID read from the information received in step 240' are stored.

To illustrate one embodiment of the operation, the random value calculation unit 130 randomly calculates a new settling account password encryption key as WYH for the identity authentication institution, and receives in the embodiment of 'step 260 in the identity authentication DB 110 . 'The calculated settlement account password encryption key' and 'mobile phone number and e-mail address received in the embodiment of step 240' are stored by matching the 'settlement account number read from the The 'virtual account number received in the embodiment of step 240' is stored in the virtual account number field matched with the matched 'user organization identification information received in the embodiment of step 240'.

In step 250-1, when the information for selecting the application box for opening a settlement account included in the 'Simple identity authentication service subscription application screen in step 245' is input to the user terminal 300, 'information necessary for the application for opening a new regulation account is provided. A simple identity authentication service subscription application screen that can be entered (hereinafter referred to as "combined simple identity authentication service subscription application screen") is output to the user terminal 300, and the screen is a field for inputting a real name ID (hereinafter referred to as "real name"). ID input field") and WYK input field for self-certification authority.

To illustrate one embodiment of the operation, when the user selects the 'settlement account opening application box configured on the simple identity authentication service subscription application screen output in the embodiment of step 245' using the input unit of the user terminal 300, A predetermined settling account opening application information is transmitted from the user terminal 300 to the identity authentication server 100, and information about the application screen for applying for a simple identity authentication service is transmitted from the identity authentication server 100 to the user terminal 300. In the output unit of the user terminal 300, 'real name number input column, real name certificate shooting column, third-party identification information input column, third-party account number input column, third-party account authentication information input column, and account password input column as WYK input column for self-certification institution A predetermined combined-use simple identity authentication service subscription application screen' is output, including a field for reading terms and conditions, and an input field for agreement to terms and conditions.

In step 255-1, when the information necessary for the application for opening a settlement account including 'real name ID and WYK for the identity authentication institution' and the information necessary for the simple identity authentication service subscription application are input to the user terminal 300, the input information is It is transmitted to the identity authentication server (100).

To illustrate one embodiment of the operation, the user inputs the user's real name number in the real name number input field using the input unit of the user terminal 300, selects the other row identification information input field, and selects ' Enter the identification information of the other bank by selecting the identification information of the bank that is not the self-certifying institution where your account was opened (hereinafter referred to as “other bank”) ' (hereinafter referred to as "other bank account number"), the 'other bank identification information and other bank account number' is transmitted to the identity authentication server 100, and a predetermined random value is calculated from the identity authentication server 100 The 'random value matched with the other bank account number' is transmitted to the computer system corresponding to the other bank identification information. At this time, the user accesses the computer system corresponding to the third-party identification information using the input unit of the user terminal 300 and searches for the random value, then inputs the searched random value in the third-party account authentication information input field, Select the input field and match the real name card input field activated as the camera image output field to the resident registration card (or driver's license or passport) with your real name number. In the input field, input the account password of your choice in the account password input field, and input a sign of agreement to the Terms of Service for Simple Identity Verification. 'This photographed image' and information on consent to the simple identity authentication service agreement are transmitted to the identity authentication server 100 .

In step 265-1, when the 'information transmitted in step 255-1' is received from the identity authentication server 100, one of the transaction account IDs for the identity authentication institution that is not assigned to another user is selected, and the random value calculation unit 130 ) randomly calculates a new WYH for the self-certification authority, the 'WYK for the self-certification authority read from the received information' is one-way encrypted, and the 'real name ID read from the received information' in the self-authentication DB 110 By matching, the 'transaction account ID for the selected authentication institution', 'the one-way encrypted WYK for the identity authentication institution', 'the calculated WYH for the identity authentication institution' and 'the user institution identification information and the mobile phone number received in step 240, E-mail address and virtual real name ID' are stored.

To illustrate one embodiment of the operation, when 'information transmitted in the embodiment of step 255-1' is received from the settlement bank server 100, 'a specific settlement account ID that has not yet been assigned to any user' is It is assigned as the user's settlement account ID, and the random value calculation unit 130 randomly calculates a new settlement account password encryption key as WYH for the identity authentication institution, and 'settlement account password read from the received information' is a hash function One-way encryption using the 'one-way encrypted settlement account password' and 'the one-way encrypted settlement account password' and 'the assigned settlement account ID' and 'the calculated Settlement account password encryption key' and 'user organization identification information, mobile phone number, e-mail address, and virtual account number received in the embodiment of step 240' are stored.

In step 270, the app is downloaded from the app download server 400 to the user terminal 300, the user authentication information registration screen is output to the output unit of the user terminal 300, and the identity authentication server ( 100), 'information to apply for WYH' is transmitted by matching the user terminal ID.

To illustrate an embodiment of the operation, the url for downloading the app from the identity authentication server 100 is transmitted to the user terminal 300, and when the user terminal 300 receives the url, the url is output to the output unit. output, and when the user selects the url using the input unit of the user terminal 300, the app is downloaded from the app download server 400 to the user terminal 300, and a 'virtual A personal authentication information registration screen including an account number input field, WYK encryption key input field, settlement account password input field, user organization password input field, master password input field, and confirmation box is output, and the user terminal mobile phone 300 is sent to the settlement bank server 'Information to apply for WYK encryption key for personal authentication authority' is transmitted to (100) along with the mobile phone number that is the ID of the user terminal.

In step 275, when the 'information transmitted in step 270' is received from the identity authentication server 100, the virtual real name ID matched with the user terminal ID read from the information in the identity authentication DB 110 and WYH for the identity authentication authority are searched do.

To illustrate one embodiment of the operation, when the 'information transmitted in the embodiment of step 270' is received from the settlement bank server 100, the identity authentication DB 110 matches the mobile phone number read from the information. The virtual account number and WYK encryption key for the authentication authority are searched.

In step 280, as a reply to the 'information received in step 275' from the identity authentication server 100 to the user terminal 300, the 'virtual real name ID and WYH for the identity authentication authority found in step 275' are transmitted through a separate channel.

Illustrative of an embodiment of the operation, as a reply to 'information received in the embodiment of step 275' from the settlement bank server 100 to the user terminal 300, 'the virtual account number retrieved in the embodiment of step 275' and the WYK encryption key for the authentication authority' is sent in the form of SMS.

In step 285, when the user terminal 300 receives the 'virtual real name ID and WYH for the identity authentication authority transmitted in step 280', the information is output to the output unit.

According to an additional aspect of the present invention, the 'person authentication information registration screen output in step 270' includes a virtual real name ID input field and a WYH input field for the identity authentication authority, and the virtual real name ID read from the 'information transmitted in step 280'. and WYH for the authentication authority are respectively output in the corresponding input fields.

To illustrate an embodiment of the operation, when the 'information transmitted in step 280' is received from the user terminal 300, the 'virtual account number input field and settlement included in the 'person authentication information registration screen output in step 270' The transmitted 'virtual account number and WYK encryption key for identity authentication institution' are inputted in the 'WYK encryption key input field for bank', respectively.

Meanwhile, according to another aspect of the present invention, in step 285, the 'operation in which the virtual real name ID and the WYH for the authentication authority are respectively input in the corresponding input fields' is replaced in step 285, and the 'the virtual real name ID and the WYH for the identity authentication authority are displayed on a separate screen. operation output to 'and the user using the input unit of the user terminal 300, in the 'Virtual real name ID input field and WYH input field for self-certification institution' included in the personal authentication information registration screen An operation of inputting each ' may be included.

In step 290, the WYK for the identity authentication authority, the WYK for the user organization, and the master password are input to the user terminal 300 .

Illustrative of an embodiment of the operation, the user uses the input unit of the user terminal 300 to 'settlement account' included in the personal authentication information registration screen, respectively, in the 'settlement account password input field, the user organization password input field, and the master password input field'. Enter the 'Account Password, User Organization Password and Master Password'.

In step 295, in the user terminal 300, as the 'master password input in step 290 (or step 290-1)', input the WYK for the identity authentication authority and the WYK for the user organization input in step 290 (or step 290-1). Each is encrypted, and the encrypted 'WYK for authentication authority and WYK for user organization' is stored in the WYKDB 312, and the 'virtual real name ID input in step 285 (or step 285-1)' is stored in the user IDDB 311. and 'WYH for the authentication authority input in step 285 (or step 285-1)' is stored in the WYHDB 313 .

To illustrate an embodiment of the operation, in the embodiment of 'step 290 (or step 290-1), as the 'master password input in the embodiment of step 290 (or step 290-1)' in the user terminal 300 Encrypt the input settling account password and user organization password, respectively, and match the 'settlement bank identification information and user organization identification information' in the WYKDB 312 configured in the security area to match the 'encrypted, settlement account password and use 'Institutional password' is stored, 'virtual account number input in the embodiment of step 285 (or step 285-1)' is stored in the user IDDB 311, and 'the embodiment of step 285 (or step 285-1)' The 'WYK encryption key for the identity authentication authority input' is stored in the WYHDB 313 .

On the other hand, according to another aspect of the present invention, step 210-1, step 280-1, step 285-1, and step 290- 1 can work.

In step 210-1, the 'app of the present invention before personalization' is downloaded from the app download server 400 to the user terminal 300, and a user organization subscription application screen is outputted to the output unit of the user terminal 300.

An embodiment of the user organization subscription application screen is the same as in step 210 .

In step 280-1, the 'virtual real name ID and WYH for the identity authentication authority stored in step 265' are transmitted from the identity authentication server 100 to the user terminal 300 through a separate channel.

To illustrate one embodiment of the operation, the 'virtual account number and WYK encryption key for the identity authentication institution stored in step 265' is transmitted from the settlement bank server 100 to the user terminal 300 in the form of SMS.

In step 285-1, when the user terminal 300 receives the 'virtual real name ID and WYH for the authentication authority transmitted in step 280-1,' in the output section, 'virtual real name ID input field, the WYH input field for the user authentication authority and the user organization A predetermined personal authentication information registration screen including 'WYK input field and master password input field' and 'Virtual real name ID and WYH for personal authentication authority' are output.

To illustrate one embodiment of the operation, when the user terminal 300 receives the 'information transmitted in step 280-1', the 'virtual account number input field, the WYK encryption key input field for the settlement bank, the password input field for the user institution, and the master A predetermined personal authentication information registration screen including a 'password input field' is output. and is output

Meanwhile, according to another aspect of the present invention, in step 285-1, the 'operation in which the virtual real name ID and WYH for the authentication authority are respectively input in the corresponding input fields' is replaced, and 'the virtual real name ID and the WYH for the authentication authority are 'Operation output on a separate screen' and the user uses the input unit of the user terminal 300 to enter the 'Virtual real name ID and identity authentication An operation of inputting each WYH' for an institution may be included.

In step 290-1, the WYK for the user organization and the master password are input to the user terminal 300.

To exemplify an embodiment of the operation, the user uses the input unit of the user terminal 300 to enter the 'user organization password and master password, respectively, in the 'user organization password input field and master password input field' included in the personal authentication information registration screen. Enter '.

3 is a diagram for explaining an example of an example of a method for installing an app of the present invention to a user terminal of the present invention, in which "an embodiment of additional application" and "an embodiment of using WYH for a user organization" are exemplified.

When 'information for selecting mobile payment service identification information provided by the user organization of the present invention as payment method identification information' is input to the user terminal 300 of the present invention in step 305, the service subscription code of the user terminal 300 is stored In the unit 317, 'a predetermined service subscription code that can be matched with the payment method identification information' is searched.

To illustrate one embodiment of the operation, the user has already subscribed to a specific mobile payment service provided by a specific user organization and has installed a predetermined app for the mobile payment service in his/her user terminal 300 during the subscription process. After a user accesses a server (not shown, hereinafter referred to as an “online commerce server”) that operates a predetermined online commerce site using the user terminal 300 , the user pays for the purchase of a predetermined product through the mobile payment In order to pay using the service, as information for selecting a payment method of the price, when the logo of the mobile payment service is selected using the input unit of the user terminal 300, the service subscription code of the user terminal 300 A 'predetermined service subscription code matching the mobile payment service' is searched for in the storage unit 317 .

If the service subscription code is not found in step 305, steps 310 and below are operated.

In step 310, the user terminal 300 accesses the service addition application page of the user organization server 200, and a predetermined screen for requesting service addition to the user organization on the output of the user terminal 300 (hereinafter referred to as "user organization") service addition application screen") is output, and the user organization service addition application screen includes a user identification information input field for the user organization, a WYK input field for the user organization, and a WYH application box for the user organization.

According to an additional aspect of the present invention, the user organization service addition application screen may include 'one of a mobile phone number input field and an e-mail address input field' as the user identification information input field for the user organization.

In step 315, when the user identification information for the user organization and the WYK for the user organization are input to the user terminal 300 and information for selecting the WYH application box for the user organization is input, the input WYK for the user organization is calculated as the user authentication information, The 'user identification information for the user organization and personal authentication information for the user organization' and predetermined WYH application information are transmitted to the user organization server 200 .

Illustrative of one embodiment of the operation, the user uses the input unit of the user terminal 300 to read the terms and conditions of the user organization, select the agreement agreement input field, and enter 'I am the user organization' in the user identification information input field for the user organization. User identification information to be registered in ', enter 'password to be registered with the user organization' in the WYK input box for the user organization, and select the WYH application box for the user organization. is recognized, and the input user identification information for the user organization, personal authentication information for the user organization, and predetermined WYH application information are transmitted to the user organization server 200 .

According to an additional aspect of the present invention, the user identification information of the user is not separately input, and information input in 'one of the mobile phone number input field and the e-mail address input field' may be regarded as user identification information.

In step 320, when 'user identification information for the user organization, personal authentication information for the user organization, and predetermined WYH application information transmitted in step 315 is received from the user organization server 200' in step 320, the user DB 210 receives the 'received use The WYK for the user organization matched to the 'user identification information for the institution' is searched, and the identity authentication unit 240 determines whether or not a match is made between the 'received user authentication information for the user organization' and 'the searched WYK for the user institution'.

To illustrate one embodiment of the operation, when the 'user identification information for the user organization, the password for the user organization, and the predetermined WYH application information transmitted in step 315,' is received from the user organization server 200, the user DB 210 The 'one-way encrypted password for the user organization' matched with the 'received user identification information for the user organization' is searched, and the identity authentication unit 240 one-way encrypts the "received WYK for the user organization" using a hash function, The "???邱H??" password for the user organization is compared with the "searched one-way encrypted password for the user organization" to determine whether the password matches.

If the determination in step 320 is affirmative, step 325 is operated.

In step 325, in the virtual real name IDDB 250 of the user organization server 200, 'one virtual real name ID not assigned to any user among the virtual real name IDs allocated in advance by the identity authentication authority' is selected for the user, and , the random value calculating unit 230 randomly calculates the WYH for the user organization, matches the 'received user identification information for the user organization' in the user DB 210, and the virtual real name ID and the WYH for the user organization are stored, The WYH for the user organization is transmitted to the user terminal 300 .

To illustrate an embodiment of the operation, in the virtual real name IDDB 250 in the user organization server 200, 'Virtual account numbers that do not match user identification information among virtual account numbers allocated in advance by the identity authentication authority The received user identification information is stored by matching with the most advanced virtual account number among By matching, the allocated virtual account number, the calculated WYK encryption key for the user organization, and a code for identifying 'the fact of agreeing to the additional service terms of use' (hereinafter referred to as the "additional terms of service agreement code") are stored, and the The WYK encryption key for the user organization is transmitted to the user terminal 300 as a reply to 'transmission in step 315'.

In step 330, when the 'WYH for the user organization transmitted in step 325' is received from the user terminal 300 in step 330, the 'WYH input field for the user organization in which the WYH for the user organization is inputted', the WYK input field for the user organization, and the master password input field are output to the output unit do.

To illustrate one embodiment of the operation, when the 'WYK encryption key for the user organization transmitted in the embodiment of step 325' is received as a reply to the 'transmission in step 315' from the user terminal 300, ' The WYK encryption key input field for the user organization, in which the WYK encryption key for the user organization is input, the password input field for the user organization and the master password input field are output.

According to another aspect of the present invention, in step 330, instead of 'the operation of outputting the WYH input box for the user organization in which the WYH for the user organization is inputted on the output unit,' the WYH input field for the user organization and the received WYH for the user organization are output to the output unit It may include an operation' and an 'operation in which the user inputs the output WYH for the user organization' into the output WYH input field for the user organization by using the input unit of the user terminal 300 .

In step 335, when the WYK for the user organization and the master password are input to the user terminal 300, the WYK for the user organization is encrypted using the master password as an encryption key, and the encrypted WYK for the user organization is stored in the WYKDB 312, and the 'Step WYH' for the user organization input at 330 is stored in the WYHDB 313 .

To illustrate one embodiment of the operation, the user uses the input unit of the user terminal 300 to input the 'password for the user organization and the master password, respectively, to the password input field and the master password input field outputted in the embodiment of step 330'. If ' is input, the password for the user organization is encrypted using the master password as an encryption key, the encrypted password for the user organization is stored in the WYKDB 312, and 'WYK encryption key for the user organization inputted in the embodiment of step 330' is stored in WYHDB 313 .

In step 340, the 'mobile phone number and e-mail address' matched with the 'user identification information for the user organization received in step 320' is searched in the user DB 210 in the user organization server 200, and the identity authentication server 100 and transmits the user organization identification information, the 'mobile phone number and e-mail address' and the 'virtual real name ID selected in step 325' to the identity authentication server 100, the identity authentication server 100 is called and 'the transmitted information' is received.

To illustrate one embodiment of the operation, the 'mobile phone number and e-mail address' matching the 'user identification information for the user organization received in step 320' is searched in the user DB 210 in the user organization server 200, , the user organization server 200 calls the settlement bank server 100, the user organization identification information and the searched 'mobile phone number and e-mail address' and 'virtual account number assigned to the user in the embodiment of step 325' is transmitted to the settlement bank server 100, the settlement bank server 100 is called and receives the 'transmitted information'.

According to another aspect of the present invention, the user organization server 200 transmits the 'user organization identification information and virtual real name ID' to the user terminal 300, and the user terminal 300 transmits the information and the 'mobile phone' number and e-mail address' may be transmitted to the called identity authentication server 100 .

Step 245 in FIG. 2 is operated.

After step 245 is operated, if the user holds the user's settlement account opened in the identity authentication institution, the determination in step 260 is positive after steps 250 and 260 in FIG. 2 are operated. In the case 'step 265 in FIG. 2' is operated, then 'step 270 to step 295 in FIG. 2' is operated, and in other cases 'step 250-1, step 255-1, and step 265-1 in FIG. After ' is operated, the 'steps 270 to 295' are operated.

4 shows that the user uses the app of the present invention to apply for a remittance transaction to a non-bank remittance company, protecting personal information with the non-bank remittance company and 'a self-certification institution and settlement bank affiliated with the non-bank remittance company' It is a diagram for explaining the operation of an embodiment of a method for securely authenticating a real name.

In step 405, information for selecting an app is input to the user terminal 300 .

To illustrate one embodiment of the operation, the user selects an icon on which identification information of a user organization is marked by using the user terminal 300 .

In step 420 , 'at least one of the counterparty aliases and profile pictures' is searched for from the counterparty DB 315 in the user terminal 300 and outputted to the output unit in a predetermined order.

To illustrate one embodiment of the operation, information stored in the counterparty alias field in the counterparty DB 315 in the user terminal 300 is searched with a matching 'recent remittance date and profile picture', and the matched remittance From the counterparty alias whose date is the latest date, 'n counterparty aliases' are output to the output unit together with the 'matched profile picture', respectively, and then the remaining counterparty aliases are displayed with 'matched profile pictures' and 'matched profile pictures' in alphabetical and alphabetical order. output together with the output unit.

In step 425 , information in which 'one of a specific counterparty alias and a specific profile picture' is selected is input to the user terminal 300 .

To illustrate one embodiment of the operation, the user selects 'one of the counterparty aliases output in the embodiment of step 420 and the matched profile pictures' using the input unit of the user terminal 300 .

In step 430, the user terminal 300 searches for receivable identification registration information matched to 'one of the counterparty alias and profile picture selected in step 425' from the counterparty DB 315, and the retrieved information is matched It is entered in the input field and output to the output unit, and the transaction application amount input field and the master password input field are output.

To illustrate an embodiment of the operation, 'the counterparty alias, the payee name, and the recipient institution identification information and The recipient account ID, recipient country name, recipient phone number, recipient e-mail address, and remittance purpose identification information’ are searched, and “information identifying the transaction type” (hereinafter referred to as “transaction identification information”) is searched for in the output section. ) is output, and 'the counterparty alias input field, the payee name input field, the recipient institution identification information input field, the recipient account number input field, the recipient country name input field, the recipient phone number input field, the recipient's e-mail address input field, and the remittance purpose identification information input field' match The searched information is output in an input state, respectively, and a remittance amount input column and a master password input column are output.

According to an additional aspect of the present invention, information not found among the 'transaction party alias, payee name, recipient institution identification information, recipient account ID, recipient country name, recipient phone number, recipient e-mail address, and remittance purpose identification information' If there is, an input field matching the unsearched information is output as blank.

According to another additional aspect of the present invention, step 430 includes 'in the input field output as blank as described above, the user inputs the corresponding information by using the input field of the user terminal 300'. .

According to another additional aspect of the present invention, when the user inputs the corresponding information using the input field of the user terminal 300 in the input field outputted as blank as described above, in the counterparty DB 315 ' Receiving identification registration information matched to 'one of the counterparty alias and the profile picture' selected in step 425 is updated with the inputted corresponding information.

In step 435 , the transaction application amount and the master password are input to the user terminal 300 .

To illustrate one embodiment of the operation, the user uses the input unit of the user terminal 300 to enter the 'transaction amount input field and the master password input field' output in the embodiment of step 430, respectively, the 'remittance amount as a transaction request amount' and the master password. Enter

In step 440, the user terminal 300 retrieves the virtual real name ID for the user organization from the user IDDB 311, the encrypted 'WYK for the identity authentication authority and the WYK for the user organization' is retrieved from the WYKDB 313, and the WYHDB 313 The WYH for the identity authentication authority is searched.

To illustrate one embodiment of the operation, the virtual account number matching the user organization identification information is retrieved from the user IDDB 311 configured in the security area in the user terminal 300, and the ' The encrypted settlement account password matching the settlement bank identification information and the encrypted user organization password matching the user organization identification information are searched, and matching the settlement bank identification information in the WYHDB 313 configured in the security area. The WYK encryption key is retrieved.

In step 445, in the user terminal 300, the 'master password input to the user terminal 300 in step 435 (or step 935)' is a decryption key, 'in step 440 (or step 940), the WYKDB 312 retrieved, encryption Decrypts the encrypted WYK for the authentication authority and the encrypted WYK for the user organization.

To illustrate one embodiment of the operation, the 'master password input in the user terminal 300 in the embodiment of step 435 (or step 935)' is a decryption key, 'the encrypted settlement account password retrieved from the WYKDB (312). and 'Encrypted User Organization Password' respectively.

In step 450, the user terminal 300 uses the 'WYK for the self-certification authority decrypted in step 445 (or step 545)' and the 'WYH for the self-certification authority retrieved from the WYHDB 313 in step 440 (or step 540)' in the user terminal 300. Personal authentication information for the certification authority is calculated.

To illustrate an embodiment of the operation, the 'settlement account password decrypted in the embodiment of step 445 (or step 545)' is encrypted with 'the WYK encryption key for the settlement bank found in the step 440 (or step 540)' to calculate the identity authentication information for the settlement bank.

However, if the WYK encryption key is a one-time WYK encryption key that is updated every time a person authenticates himself by a user authentication institution, the encrypted settlement account password becomes a one-time encrypted WYK for the identity authentication institution. In addition, since the WYK encryption key itself is an embodiment of WYH, the encrypted settlement account password is information verifying WYK as well as information verifying WYH.

Hereinafter, the present specification will be mainly described with respect to an embodiment in which 'one-time user authentication information proving WYK and WYH' is calculated by encrypting WYK for a user authentication institution with a one-time WYK encryption key.

In step 455, the user terminal 300 receives remittance transaction identification information, 'transaction application amount input in step 435', 'virtual real name ID retrieved in step 440' and 'in step 430, the transaction counterpart DB (315) retrieved or entered, Send the 'receipt identification registration information' and 'personal authentication information for the identity authentication institution calculated in step 450' to the identity authentication server 100, and match the 'transaction application amount, virtual real name ID, and receipt identification registration information' In step 445, the decrypted WYK' for the user organization transmits it to the user organization server 200 as personal authentication information for the user organization.

To illustrate one embodiment of the operation, the user terminal 300 provides a remittance application code, 'remittance amount input in the embodiment of step 435 ', 'virtual account number found in the embodiment of step 440 ' and 'implementation of step 430 . In the example, the 'receipt identification registration information' and 'personal authentication information for the settlement bank calculated in the embodiment of step 450', retrieved or entered in the counterparty DB 315, are transmitted to the settlement bank server 100, and the 'remittance amount And, at least one of the virtual account number, the payee name, the recipient institution identification information, the recipient account ID, the recipient country name, the recipient phone number, the recipient e-mail address, and the remittance purpose identification information. 'Password for the user organization' is transmitted to the user organization server 200 .

When the 'information transmitted to the user organization server 200 in step 455' is received from the user organization server 200 in step 456, the user DB 210 matches the 'virtual real name ID read from the received information' The WYK for the user organization is searched, and the identity authentication unit 240 determines whether the 'searched WYK for the user organization' and 'personal authentication information for the user organization read from the received information' match.

To illustrate an embodiment of the operation, when the 'information transmitted to the user organization server 200 in the embodiment of step 455' is received from the user organization server 200, the user DB 210 'the received information' Search for 'one-way encrypted password for user organization with a hash function' matched to the virtual account number read in One-way encryption of 'password' is performed using a hash function, and matching is determined by comparing 'the one-way encrypted password for user organization' and 'the searched one-way encrypted password for user organization'.

If the determination at step 456 is affirmative, step 457 is actuated.

In step 457, the user organization server 200 generates a predetermined transaction ID, matches the transaction ID with the predetermined remittance settlement application information, 'the transaction application amount read from the information received in step 456, the virtual real name ID, , receivable identification registration information' is transmitted to the identity authentication server 100 .

To illustrate an embodiment of the operation, a predetermined transaction ID is generated in the user organization server 200, and the transaction ID and predetermined remittance settlement application information are matched to read 'from the information received in the embodiment of step 456 . At least one of the remittance amount, virtual account number, recipient name, recipient institution identification information, recipient account ID, recipient country name, recipient phone number, recipient email address, and purpose of remittance identification information is transmitted to the identity authentication server 100 do.

In step 458, when the 'information transmitted to the identity authentication server 100 in step 455' and 'information transmitted in step 457' are received from the identity authentication server 100, the ambassador 150 returns the received amount information. It is determined whether they match each other.

When exemplifying an embodiment of the operation, when receiving 'information transmitted to the identity authentication server 100 in the embodiment of step 455' and 'information transmitted in the embodiment of step 457' from the identity authentication server 100 , the ambassador 150 reads from the information transmitted in the embodiment of step 455, the remittance amount, the virtual account number, the recipient name, the recipient institution identification information, the recipient account ID, the recipient country name, the recipient phone number, and the recipient e-mail At least one of the address and the remittance purpose identification information' is the remittance amount, the virtual account number, the recipient name, the recipient organization identification information, the recipient account ID, the recipient country name, and the recipient phone number read from the information transmitted in the embodiment of step 457, respectively. It is determined whether the number, the recipient's e-mail address, and at least one of the remittance purpose identification information match each other.

If the determination at step 458 is affirmative, step 460 is actuated.

In step 460, the person who matches the 'virtual real name ID read from the information transmitted to the user authentication server 100 in step 455 (or step 457-1)' in the identity authentication DB 110 in the identity authentication server 100 The WYK for the certification authority and the WYH for the self-certification authority are searched, and the self-authentication unit 140 matches the 'WYK for the self-certification authority and WYH for the self-certification authority found above' and the 'personal authentication information for the self-certification authority read from the transmitted information'. decide whether

To illustrate one embodiment of the operation, one-way encryption with a 'hash function' matched to 'the virtual account number read from the information transmitted in the embodiment of step 455' in the identity authentication DB 110 in the settlement bank server 100 'Settlement account password' and the WYK encryption key for the settlement bank are searched, and the identity authentication unit 140 is 'Settlement encrypted with the WYK encryption key for the settlement bank,' which is 'the personal authentication information for the settlement bank read from the received information' Decrypt 'account password' with the 'WYK encryption key for settlement bank', one-way encryption of the decrypted settlement account password with a hash function, and the one-way encrypted settlement account password and 'the searched one-way encrypted settlement account password' Contrast to determine whether they match.

If the determination in step 460 is affirmative, step 465 is operated.

In step 465, the user authentication server 100 searches for the real name ID matched to the 'virtual real name ID determined to be matched in step 458' in the identity authentication DB 110, and considers the real name ID as the real name ID of the sender, , the 'transaction application amount read from the information received in step 460' is regarded as the remittance amount, and 'recipient name and recipient identification information determined to match in step 458, recipient account opening bank identification information, recipient account number, and remittance Purpose-identifying information' is considered as information about the recipient, and the remittance is subject to compliance filtering.

If the compliance filtering result in step 465 is determined to be a normal transaction, step 475 is operated.

In step 475, the random value calculation unit 130 in the identity authentication server 100 randomly calculates a new WYH for the identity authentication institution, and in the identity authentication DB 110, it is determined that 'matched in step 458 (or step 560 or The WYH for the identity authentication authority matched with the 'Virtual Real Name ID' (read from the information received in step 955) is updated with the calculated WYH for the identity authentication institution, and the calculated WYH for the identity authentication institution is transmitted to the user terminal 300 .

To illustrate one embodiment of the operation, the random value calculation unit 130 randomly calculates the WYK encryption key for the identity authentication authority, and the identity authentication DB 110 determines that it is 'matched in step 458 (or step 560). Alternatively, the WYK encryption key for the self-certification authority matched to the 'virtual account number (read from the information received in the embodiment of step 955)' is updated with the 'calculated WYK encryption key for the self-certification authority', and ' The calculated WYK encryption key for the authentication authority is transmitted.

When the 'information transmitted to the user terminal in step 475' is received from the user terminal 300 in step 480, the 'WYH for the identity authentication institution' stored in the WYHDB 313 as 'the WYH for the identity authentication authority read from the received information' update

To illustrate an embodiment of the operation, when receiving 'information transmitted to the user terminal in the embodiment of step 475' from the user terminal 300, the WYK encryption key is used as the 'WYK encryption key read from the received information'. The 'WYK encryption key for settlement bank' stored in the DB 313 is updated.

In step 485, the identity authentication server 100 searches for the settlement account ID matching the 'virtual real name ID determined to be matched in step 458' in the identity authentication DB 110, and in the balance DB 160, 'the settlement account The 'balance matched with the ID' is reduced corresponding to the 'transaction application amount determined to be matched in step 458', The transaction of remittance of the amount corresponding to the transaction request amount to the recipient corresponding to 'at least one of the recipient account number and the remittance purpose identification information' is processed.

To exemplify an embodiment of the operation, the settlement account number matching the 'virtual account number determined to be matched in the embodiment of step 458' is retrieved from the identity authentication DB 110 in the settlement bank server 100, In the balance DB 160, the 'balance matched to the settlement account number' is reduced by the amount obtained by adding a predetermined remittance fee to the 'remittance amount determined to be matched in step 458', , process the remittance of the remittance amount to the remittee corresponding to one or more of the recipient name, recipient country identification information, recipient account opening bank identification information, recipient account number, and remittance purpose identification information.

According to another aspect of the present invention, the following steps 455-1 and 457-1 may be operated in place of steps 455, 457, and 458.

In step 455-1, the user terminal 300 searches or inputs remittance transaction identification information, 'the transaction application amount entered in step 435', 'virtual real name ID retrieved in step 440' and 'the counterparty DB (315) in step 430. 'WYK for user organization decrypted in step 445' by matching the received, receivable identification registration information' and 'personal authentication information for identity authentication institutions calculated in step 450' and 'transaction application amount, virtual real name ID, and receivable identification registration information' is transmitted to the user organization server 200 as personal authentication information for the user organization.

In step 457-1, the user organization server 200 generates a predetermined transaction ID, matches the transaction ID with the predetermined remittance settlement application information, and performs a transaction with the remittance transaction identification information read from the information received in step 456. The application amount, virtual real name ID, receipt identification registration information, and identity authentication information for the identity authentication institution' are transmitted to the identity authentication server 100 .

As in step 455, the 'personal authentication information for personal authentication authority' is not transmitted directly from the user terminal 300 to the user authentication server 100, but as in steps 455-1 and 457-1, the user organization server 200 relays The reason why it is safe to do is that as in steps 475 and 485, the 'WYH for the authentication authority' is updated every time the user is authenticated, and as a result, the personal authentication information for the identity authentication authority calculated in step 450 becomes the one-time information, and thus the relay process in the user organization server This is because even if the information is improperly stored in the company, the information will become unusable for the next self-authentication.

Figure 5 shows that the user uses the app of the present invention to deposit into his or her account opened at the virtual currency exchange, protecting personal information from the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange' It is a diagram for explaining the operation of an embodiment of a method for simple and safe real name authentication.

Step 405 in FIG. 4 is operated.

In step 510, boxes in which transaction identification information is marked are output to the output unit of the user terminal 300, respectively.

Illustrative of an embodiment of the operation, a deposit box marked with transaction identification information of “deposit” on the output of the user terminal 300, a withdrawal box marked with transaction identification information of “withdrawal”, and transaction identification information of “sale” A trading box marked with and a remittance box marked with transaction identification information of “remittance” are output.

To illustrate another aspect of the embodiment, a buy box marked with transaction identification information “buy” and a sell box marked with transaction identification information “sell” may be output instead of the sale box.

In step 515, information (hereinafter referred to as "deposit transaction identification information") identifying the 'transaction requesting deposit to the user's account opened at the user's institution' (hereinafter referred to as "deposit transaction") is transmitted to the user terminal 300 in step 515 Information for selecting the marked box (hereinafter referred to as "deposit box") (hereinafter referred to as "deposit transaction selection information") is input.

To illustrate one embodiment of the operation, the user selects a deposit box using the input unit of the user terminal 300 to apply for a transaction for depositing funds into his or her account opened at the user institution.

In step 530, the deposit transaction identification information, the transaction application amount input column, and the master password input column are output to the output unit of the user terminal 300 .

To illustrate one embodiment of the operation, a predetermined deposit transaction application screen including a mark “deposit application” and a deposit amount input field and a master password input field is output to the output unit of the user terminal 300 .

Step 435 in FIG. 4 is operated.

To illustrate one embodiment of the operation, the user inputs the deposit application amount and the master password in the 'deposit amount input field and the master password input field' output in the embodiment of step 530 using the input unit of the user terminal 300, respectively.

In step 540, the virtual real name ID for the user organization is retrieved from the user IDDB 311 in the user terminal 300, the encrypted WYK for the authentication institution is retrieved from the WYKDB 312, and WYH for the identity authentication institution is retrieved from the WYHDB 313. do.

To illustrate one embodiment of the operation, the 'virtual account number matching the user organization identification information' is searched for in the user IDDB 311 configured in the security area in the user terminal 300, and WYKDB 312 configured in the security area 'Encrypted settlement account password matching the settlement bank identification information' is searched in , and 'WYK encryption key matched to the settlement bank identification information' is searched in the WYHDB 313 configured in the secure area.

In step 545, in the user terminal 300, the 'master password input in the user terminal 300 in step 435 (or step 735)' as a decryption key, 'searched in WYKDB (312) in step 540, encrypted WYK for authentication authority' to decrypt

Illustrative of an embodiment of the operation, the encrypted settlement account password retrieved from the WYKDB 312 in the embodiment of step 540 by using the 'master password inputted to the user terminal 300 in the embodiment of step 435' as the decryption key. ' is decoded.

Step 450 in FIG. 4 is operated.

In step 555, the user terminal 300 receives a transaction identification code matching the 'transaction identification information displayed in the box selected in step 515 (or step 615)', 'virtual real name ID retrieved in step 540', and 'transaction input in step 435' The 'application amount' and 'personal authentication information for a self-certification institution calculated in step 450' are transmitted to the self-authentication server 100 .

To illustrate one embodiment of the operation, the user terminal 300 performs the 'deposit application code corresponding to the transaction identification information selected in the embodiment of step 515 (or step 615)' and 'the virtual account found in the embodiment of step 540 . 'No.', 'the deposit application amount input in the embodiment of step 435', and 'personal authentication information for the settlement bank calculated in the embodiment of step 450' are transmitted to the settlement bank server 100 .

In step 560, the 'information transmitted in step 555 (or step 755)' is received from the identity authentication server 100, and the 'virtual real name ID read from the received information' is matched in the identity authentication DB 110. WYK for self-certification authority and WYH for self-certification authority are searched, and the self-authentication unit 140 searches 'WYK for self-certification authority and WYH for self-certification authority searched above' and 'personal authentication information for self-certification authority read from the received information. ' is matched.

To illustrate one embodiment of the operation, when the 'information transmitted in the embodiment of step 555 (or step 755)' is received from the settlement bank server 100, the 'in the received information' from the identity authentication DB 110 The 'one-way encrypted settlement account password with a hash function' matched with the read virtual account number' and the WYK encryption key for the settlement bank are searched, and the identity authentication unit 140 is 'read from the received information, for the settlement bank Decrypt the 'settlement account password encrypted with the WYK encryption key for the settlement bank', which is the personal authentication information, with the 'WYK encryption key for the settlement bank', and one-way encrypt the decrypted settlement account password with a hash function, and the one-way encrypted It is determined whether the settlement account password matches the 'one-way encrypted settlement account password searched for'.

If the determination in step 560 is affirmative, step 565 is operated.

In step 565, the user authentication server 100 searches for the 'real name ID and settlement account ID' matching the 'virtual real name ID read from the information received in step 560' in the identity authentication DB 110, and enters the real name ID A transaction in which the corresponding person withdraws the amount corresponding to the 'transaction application amount read from the information received in step 560' from the 'own account corresponding to the settlement account ID' and deposits it into the 'own account opened at the user organization' for compliance filtering.

To illustrate one embodiment of the operation, the real name number and the settlement account number matched to the 'virtual account number read from the information received in the embodiment of step 560' in the identity authentication DB 110 in the identity authentication server 100 search, 'a person corresponding to the real name number' withdraws the 'deposit application amount received in the embodiment of step 560' from 'his own account corresponding to the settlement account number' Transactions deposited into the 'account' are subject to compliance filtering.

If the result of the compliance filtering in step 565 is determined to be a processable transaction, step 570 is operated.

In step 570, the balance matching the 'settlement account ID found in step 565' is reduced by an amount corresponding to the 'transaction application amount read from the information received in step 560' in the balance DB 160 in the identity authentication server 100 in step 570, Increase the balance matched to the settlement account ID of the user organization, and increase the balance matching the 'virtual real name ID read from the information received in step 560' in the virtual balance DB 170 by the amount corresponding to the transaction application amount, Predetermined deposit transaction identification information, the virtual real name ID, 'amount corresponding to the transaction application amount read from the information received in step 560', and information on which compliance filtering has been completed (hereinafter referred to as "compliance filtering information"); Information on which the user authentication has been completed (hereinafter referred to as "personal authentication completion information") is transmitted to the user organization server 200 .

To illustrate one embodiment of the operation, the balance matching the 'settlement account number found in the embodiment of step 565' in the balance DB 160 in the identity authentication server 100 is 'information received in the embodiment of step 560' Decreases the amount of deposit application read from ', and increases the balance matched to the settlement account of the user organization by 'the amount obtained by deducting a predetermined settlement fee from the deposit application amount', and in the virtual balance DB 170, 'Example of step 560 Increases the balance matched to the virtual account number read from the information received from the above by the amount of the deposit application, and uses the server 200 to identify a deposit transaction that has completed 'prescribed compliance filtering and identity verification' ', the virtual account number, the deposit application amount, and 'the amount deducting the settlement fee from the deposit application amount'.

Steps 475 and 480 in FIG. 4 are operated.

When the 'information transmitted in step 570' is received from the user organization server 200 in step 590, the user DB 210 returns the balance matching the 'virtual real name ID read from the received information' to the 'received information' It is increased by the amount corresponding to the transaction application amount read from

As an example of the operation, when the 'information transmitted in the embodiment of step 570' is received from the user organization server 200, the cash balance matched to the 'virtual account number read from the received information' is displayed. Increase by 'the amount of deposit application read from the received information'.

6 shows that the user uses the app of the present invention to withdraw from his or her account opened at the virtual currency exchange, protecting personal information from the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange' It is a diagram for explaining the operation of an embodiment of a method for simple and safe real name authentication.

Steps 405 and 510 in FIG. 5 are operated.

In step 615, information (hereinafter referred to as "withdrawal transaction identification information") identifying a 'transaction requesting withdrawal from one's account opened at the user's institution' (hereinafter referred to as "withdrawal transaction") is transmitted to the user terminal 300 in step 615 Information for selecting the marked box (hereinafter referred to as "withdrawal box") (hereinafter referred to as "withdrawal transaction selection information") is input.

To illustrate one embodiment of the operation, the user selects a withdrawal box using the input unit of the user terminal 300 to apply for a transaction for withdrawing funds from his/her account opened at the user institution.

In step 630, information identifying a withdrawal transaction, a transaction application amount input column, and a master password input column are output to the output unit of the user terminal 300 .

To illustrate one embodiment of the operation, a predetermined withdrawal transaction application screen including a mark “withdrawal request” and a withdrawal amount input field and a master password input field is output to the output unit of the user terminal 300 .

Steps 435 to 560 in FIG. 5 are operated.

To illustrate an embodiment of the operation in step 435, the user inputs the withdrawal request amount and the master password in the 'withdrawal amount input field and the master password input field' output in the embodiment of step 630 using the input unit of the user terminal 300, respectively. do.

In step 665, the user authentication server 100 searches for the real name ID and settlement account ID matching the 'virtual real name ID read from the information received in step 560' in the identity authentication DB 110, and Compliance is filtered on transactions that the user withdraws the 'transaction application amount read from the information received in step 560' from the 'own account opened at the user organization' and deposits it into the 'own account corresponding to the settlement account ID'.

If the result of the compliance filtering in step 665 is determined to be a processable transaction, step 670 is operated.

In step 670, the balance matched to the 'virtual real name ID read from the information received in step 560' from the virtual balance DB 170 in the identity authentication server 100 is added to the 'transaction application amount read from the information received in step 560' Decrease by a corresponding amount, decrease the balance matching the settlement account ID of the user organization by an amount corresponding to the transaction request amount in the balance DB 160, and increase the balance matching the 'settlement account ID found in step 565' , transmits predetermined withdrawal transaction identification information, the virtual real name ID, 'amount corresponding to the transaction application amount', predetermined compliance filtering completion information, and identity authentication completion information to the user organization server 200 .

To exemplify an embodiment of the operation, the balance matching the 'virtual account number read from the information received in the embodiment of step 560' in the virtual balance DB 170 in the identity authentication server 100 is 'step 560' In the embodiment, the amount of the withdrawal request read from the received information is reduced by the increased amount of the prescribed settlement fee, and the balance matched to the settlement account number of the user organization is reduced by the amount of the withdrawal request in the balance DB 160, In the embodiment of 565, the balance matched to the 'settlement account number' is incremented, and the prescribed identity authentication and 'special code for identifying a withdrawal transaction that has completed prescribed compliance filtering and identity authentication', and the virtual account number and The withdrawal request amount and 'the amount obtained by subtracting a predetermined settlement fee from the withdrawal request amount' are transmitted to the user organization server 200 .

Steps 475 and 480 in FIG. 4 are operated.

When the 'information transmitted in step 670' is received from the user organization server 200 in step 690, the user DB 210 returns the balance matching the 'virtual real name ID read from the received information' to the 'received information' It will be reduced by the amount corresponding to the ‘transaction request amount read from’.

As an example of the operation, when the 'information transmitted in the embodiment of step 670' is received from the user organization server 200, the cash balance matched to the 'virtual account number read from the received information' is displayed. It is reduced by 'the amount obtained by adding a predetermined settlement fee to the withdrawal request amount read from the received information'.

7 shows that the user uses the app of the present invention to buy and sell virtual currency at the virtual currency exchange, while protecting personal information to the virtual currency exchange and 'personal authentication institution and settlement bank affiliated with the virtual currency exchange', and It is a diagram for explaining the operation of an embodiment of a method for securely authenticating a real name.

Steps 405 and 510 in FIG. 5 are operated.

In step 715 , information (hereinafter referred to as "trading transaction identification information") for identifying 'transactions applying for trading from one's own account opened at the user's institution' (hereinafter referred to as "trading transaction") is transmitted to the user terminal 300 in step 715. Information for selecting the marked box (hereinafter referred to as "trading box") (hereinafter referred to as "trading selection information") is input.

Illustrative of one embodiment of the operation, the user terminal ( 300) to select the trading box.

According to another aspect of the present invention, a 'transaction requesting purchase in exchange for cash deposited in one's own account opened at a user organization' (hereinafter referred to as "purchase transaction") is performed by replacing the trading selection information. Information for selecting a box (hereinafter referred to as "buy box") in which identifying information (hereinafter referred to as "purchase transaction identification information") is marked (hereinafter referred to as "purchase transaction selection information") and 'one A box marked with information (hereinafter referred to as "sell transaction identification information") identifying a transaction requesting the sale of virtual currency or securities deposited in the account (hereinafter referred to as "sell transaction") (hereinafter referred to as "sell box") One of the information (hereinafter referred to as "sales transaction selection information") for selecting "") may be input.

In step 730, in the output unit of the user terminal 300, a field for inputting information for identifying a trading transaction and identification information for a transaction (hereinafter referred to as a "object for sale identification information input field"), a quantity input field, a price input field, and a master password input field are is output

According to an additional aspect of the present invention, the information for identifying the trading transaction may be one of information identifying a buy transaction and information identifying a sell transaction, and a box (hereinafter referred to as “buy”) in which information identifying a purchase transaction is marked. It may be a set of a box (hereinafter referred to as "application box") and a box in which information identifying a sale transaction is marked (hereinafter referred to as "sale request box").

Illustrative of an embodiment of the above operation, a predetermined box including a purchase application box, a sale application box, a field for inputting transaction target virtual currency identification information, a field for entering a transaction request quantity, a field for entering an application unit price, and a master password input field The transaction request screen of

In step 735, information in which 'one of the purchase transaction identification information and the sell transaction identification information' is selected as transaction identification information in the user terminal 300 (hereinafter referred to as "buy transaction selection information" and "sale transaction selection information", respectively) is input, specific transaction object identification information, quantity, price, and master password are input.

To illustrate one embodiment of the operation, the user selects 'a purchase request box among the purchase request box and the sell request box output in the embodiment of step 730' using the input unit of the user terminal 300, and ' In the embodiment of step 730, select the 'in the virtual currency identification information input field outputted', select the bitcoin identification code from the output virtual currency identification information list, enter the purchase request quantity in the quantity input field, and input the purchase request unit price in the price input field and enter the master password in the master password input field.

Steps 540 to 450 in FIG. 5 are operated.

In step 755, the user terminal 300 sets the 'transaction identification code matching the transaction selection information input in step 735', 'the transaction object identification information input in step 735, the requested quantity and the application price', and the 'virtual searched in step 540 The 'real name ID' and 'personal authentication information for the self-certification institution calculated in step 450' are transmitted to the self-authentication server 100 .

Illustrative of an embodiment of the operation, the user terminal 300 displays 'the purchase application code matching the purchase request box selected in the embodiment of step 735' and 'the bitcoin identification code and the number of purchases input in the embodiment of step 735' It transmits the 'application quantity and purchase request unit price', 'virtual account number retrieved in the embodiment of step 540' and 'settlement account password encrypted in the embodiment of step 450' to the settlement bank server 100 .

Step 560 in FIG. 5 is operated.

If the determination in step 560 is affirmative, step 770 is operated.

In step 770, the identity authentication server 100 matches the 'transaction identification code, transaction object identification information, application quantity, application price, and virtual real name ID read from the information received in step 560' to obtain predetermined compliance filtering completion information and The user authentication completion information is transmitted to the user organization server 200 .

To illustrate one embodiment of the above operation, 'a professional code for identifying a trading transaction that has completed predetermined compliance filtering and self-authentication' and 'a purchase application code read from the information received in the embodiment of step 560 and Bitcoin identification code, purchase request quantity, purchase request unit price, and virtual account number' are transmitted to the user organization server 200 .

Steps 475 and 480 in FIG. 4 are operated.

Upon receiving the 'information transmitted in step 770' from the user organization server 200 in step 790, the tradable quantity and the tradable price are calculated by a predetermined method, and the transaction application amount is multiplied by the tradable quantity by the tradable price. , and the balance matching the 'virtual real name ID and trading target identification information read from the received information' in the user DB 210 is added to the 'transaction identification code read from the received information by the tradeable quantity' Add (in case of purchase application code) and deduct (in case of sale application code), and transfer the balance matching 'virtual real name ID read from the received information' and price display currency in the user DB 210 to the transaction Decrease (in case of purchase application code) and increase (in case of sale application code) 'according to the transaction identification code read from the received information' by the amount corresponding to the application amount, and send the 'virtual real name ID, transaction identification code, transaction object identification information, amount corresponding to the transaction request amount, and display currency identification information' are transmitted.

As an example of the above operation, upon receiving the 'information transmitted in the embodiment of step 770' from the user organization server 200, the tradable quantity and the tradable price are calculated by a predetermined method, and the tradable The amount is multiplied by the tradable price to calculate the payment application amount, and the balance matching the 'virtual account number and bitcoin identification code read from the received information' in the user DB 210 is 'referred to as the tradable quantity' It is added according to the 'purchase application code, which is the transaction identification code read from the received information', and the balance matching the 'virtual account number read from the received information' and the price display currency in the user DB 210 is 'the payment application amount' The amount is reduced according to the 'purchase application code that is the transaction identification code read from the received information' by the amount added by a predetermined fee in the It transmits the application code, the bitcoin identification code, the amount corresponding to the payment application amount, and the identification information (KRW) of the display currency, KRW.

In step 791, when the identity authentication server 100 receives the 'information transmitted in step 790', the virtual balance DB 170 matches the 'virtual real name ID and display currency identification information read from the received information' Decrease or increase the balance by 'amount corresponding to the transaction application amount read from the received information' (if the transaction identification code is a purchase application code) or increase (if the transaction identification code is a sell application code), 110), the real-name ID matched with the virtual real-name ID is searched, and the ambassador 150 'the person corresponding to the real-name ID sets the object corresponding to the object identification information read from the received information to the transaction identification code As the price for a transaction corresponding to Filter compliance for 'transactions'.

Illustrative of an embodiment of the operation, when the identity authentication server 100 receives 'information transmitted in the embodiment of step 790 ,' the virtual account read from the received information in the virtual balance DB 170 . Number and display currency identification information' is reduced by 'amount obtained by adding a predetermined transaction fee to the payment application amount read from the received information' (since the transaction identification code is a purchase application code), and In 110), the real name number matching the virtual account number is searched, and the ambassador 150 is 'a person corresponding to the real name number purchases a virtual currency corresponding to the Bitcoin identification code read from the received information. As the transaction price, the amount corresponding to the payment application amount read from the received information is subjected to compliance filtering for 'transactions to be paid (because the transaction identification code is a purchase application code)'.

According to another aspect of the present invention, 'steps 440 and 445' in FIG. 4 and steps 755-1 to 770-1 below are replaced by steps 540 and 545 and 'steps 755 to 770 and 790'. This may work.

In step 755-1, the user terminal 300 receives the 'transaction identification code matching the transaction selection information input in step 735', 'the transaction object identification information input in step 735, the requested quantity and the application price', and the 'in step 440 'WYK for user organization decrypted in step 445' by matching one or more of the searched virtual real name ID' and user identification information for the user organization with the 'personal authentication information for the identity authentication institution calculated in step 450' as the identity authentication information for the user organization It is transmitted to the server 200 .

In step 760-1, the user organization server 200 receives the 'information transmitted in step 755-1,' and in the user DB 210, 'of the virtual real name ID read from the received information and user identification information for the user organization,' The WYK for the user organization matched to one or more' is searched, and the identity authentication unit 140 determines whether the searched WYK for the user organization and 'personal authentication information for the user organization read from the received information' matches.

If the determination in step 760-1 is affirmative, step 765-1 is operated.

In step 765-1, the user organization server 200 calculates the tradable quantity and the tradable price by a predetermined method, calculates the transaction request amount by multiplying the tradable quantity by the tradable price, and in the user DB 210 The balance matching the 'virtual real name ID and target identification information read from the received information' is added to the tradable amount 'according to the transaction identification code read from the received information' (in case of purchase application code) and (in the case of a sale application code), the balance matching the 'virtual real name ID read from the received information' and the price display currency in the user DB 210 is 'received by the amount corresponding to the transaction application amount' Decrease (in case of purchase application code) and increase (in case of sale application code) according to the transaction identification code read from the information, and send the 'virtual real name ID, transaction identification code, and object Identification information, the amount corresponding to the transaction request amount, and display currency identification information' are transmitted.

In step 770-1, the identity authentication server 100 receives the 'information transmitted in step 765-1, A certain amount of money is matched to perform a prescribed compliance filter.

8 shows the user using the app of the present invention to remit the funds deposited in his or her account opened at the virtual currency exchange to a specific recipient, It is a diagram explaining the operation of an embodiment of a method for simple and safe real-name authentication while protecting personal information to 'settlement bank'.

Steps 405 and 510 in FIG. 5 operate identically.

In step 815, information identifying the 'transaction requesting remittance from one's own account opened at the user's institution' (hereinafter referred to as "remittance transaction") to the user terminal 300 (hereinafter referred to as "remittance transaction identification information") Information (hereinafter referred to as "remittance transaction selection information") for selecting the box marked with (hereinafter referred to as "remittance box") is input.

To illustrate one embodiment of the operation, the user selects a remittance box using the input unit of the user terminal 300 to apply for a transaction for remittance from his or her account opened at the user institution.

Steps 420 to 435 in FIG. 4 are operated.

Steps 540 to 450 in FIG. 5 are operated.

In step 855, the user terminal 300 receives remittance transaction identification information, 'transaction application amount input in step 435', 'virtual real name ID retrieved in step 540', and 'in step 430, the transaction counterpart DB (315) retrieved or entered, The 'receipt identification registration information' and 'personal authentication information for the identity authentication institution calculated in step 450' are transmitted to the identity authentication server 100 .

To illustrate one embodiment of the operation, the user terminal 300 transmits the remittance application code, 'remittance amount input in the embodiment of step 435', 'virtual account number found in step 540' and 'the counterparty DB in step 430 ( 315), the recipient name, recipient institution identification information, recipient account ID, recipient country name, recipient phone number, recipient e-mail address, and remittance purpose identification information at least one of 'and 'settlement calculated in the embodiment of step 450 'Bank identity authentication information' is transmitted to the settlement bank server 100 .

In step 860, the 'information transmitted in step 855' is received from the identity authentication server 100, and WYK for the identity authentication institution matched with the 'virtual real name ID read from the received information' is received from the identity authentication DB 110 The WYH for the self-certification authority is searched, and the self-certification unit 140 determines whether 'the searched WYK for the self-certification authority and the WYH for the self-certification authority' and the 'personal authentication information for the self-certification authority read from the received information' match.

To illustrate one embodiment of the operation, when the 'information transmitted in the embodiment of step 855' is received from the settlement bank server 100, the 'virtual account number read from the received information' in the identity authentication DB 110 Search for the 'one-way encrypted settlement account password with a hash function' and the WYK encryption key for the settlement bank matching ', and the identity authentication unit 140 is 'the personal authentication information for the settlement bank, read from the received information' Decrypt the 'settlement account password encrypted with the WYK encryption key for the settlement bank' with the 'WYK encryption key for the settlement bank', and unidirectionally encrypt the decrypted settlement account password with a hash function, and the one-way encrypted settlement account password and ' The searched one-way encrypted settlement account password' is compared to determine whether they match.

If the determination in step 860 is affirmative, step 865 is operated.

In step 865, the identity authentication server 100 searches for a real name ID matching the 'virtual real name ID read from the information received in step 860' in the identity authentication DB 110, and considers the real name ID as the sender's real name ID. Compliance filtering on remittance behavior consisting of the 'transaction application amount read from the received information' as the remittance amount, and the 'receipt identification registration information read from the information received in step 860' as information about the payee do.

If it is determined as a normal transaction as a result of the compliance filtering in step 865, step 870 is operated.

In step 870, the identity authentication server 100 matches the 'remittance transaction identification information, virtual real name ID, and transaction application amount read from the information received in step 860' to provide predetermined compliance filtering completion information and identity authentication completion information to the user organization It is transmitted to the server 200 .

To exemplify an embodiment of the above operation, in the information received in the embodiment of step 860, the 'professional code for identifying a remittance transaction that has completed predetermined compliance filtering and self-authentication' and 'in the information received in the embodiment of step 860, The read remittance application code, virtual account number and remittance amount' is transmitted to the user organization server 200 .

Steps 475 and 480 in FIG. 4 are operated.

When the 'information transmitted in step 870' is received from the user organization server 200 in step 885, the user DB 210 searches for a balance matching the 'virtual real name ID read from the received information', and the balance It is determined whether there is more than an amount corresponding to the 'transaction request amount read from the received information'.

To illustrate an embodiment of the operation, when the 'information transmitted in the embodiment of step 870' is received from the user organization server 200, the cash balance matched to the 'virtual account number read from the received information' is displayed. search, and determine whether the balance is equal to or greater than 'amount obtained by adding a predetermined fee to the remittance amount read from the received information'.

If the determination in step 885 is affirmative, step 890 is operated.

In step 890, the balance matching the 'virtual real name ID read from the received information' in the user DB 210 in the user organization server 200 is reduced by an amount corresponding to the 'transaction application amount read from the received information' and transmits predetermined consent information as a reply to 'the received information' to the identity authentication server 100 .

To illustrate one embodiment of the operation, the user agency server 200 adds a predetermined fee to the remittance amount read from the received information with the cash balance matched to the 'virtual account number read from the received information' One amount is reduced, and a predetermined consent code is transmitted to the settlement bank server 100 as a reply to the 'received information'.

In step 895, when the 'information transmitted in step 890' is received from the self-authentication server 100, the account ID matching the 'virtual real name ID read from the information received in step 860' is obtained from the identity authentication DB 110. Search, reduce the 'balance matched to the settlement account ID of the user institution' in the balance DB 160 corresponding to the 'transaction application amount read from the information received in step 860', and in the virtual balance DB 170, 'step' The balance matched to the virtual real name ID read from the information received in step 860 is reduced by an amount corresponding to the transaction application amount, and the transaction in front of the payee corresponding to the 'receipt identification registration information read from the information received in step 860' The remittance transaction corresponding to the application amount is processed.

To illustrate one embodiment of the operation, when the 'information transmitted in the embodiment of step 890' is received from the settlement bank server 100, the 'virtual information read from the information received in step 860' is received in the identity authentication DB 110 'Account number' is searched for the matching account number, and the 'balance matched to the settlement account number of the user organization' is added to the remittance amount read from the information received in step 860 in the balance DB 160 and a predetermined fee is added. amount', and the balance matching the 'virtual account number read from the information received in step 860' in the virtual balance DB 170 is reduced by 'the amount obtained by adding the fee to the remittance amount', and 'step 860 Transaction of remittance of the remittance amount to the recipient corresponding to at least one of the recipient name, recipient institution identification information, recipient account ID, recipient country name, recipient phone number, recipient e-mail address, and remittance purpose identification information read from the information received from to process

9 shows a user using the app of the present invention to pay for a commerce transaction using the service provided by the mobile payment company, to the mobile payment company and 'a self-certification institution and settlement bank affiliated with the mobile payment company' It is a diagram explaining the operation of an embodiment of a method for simple and safe real name authentication while protecting personal information.

In step 905, after the user connects the user terminal 300 to a predetermined transaction server (not shown), the user selects a purchase of predetermined details using the input unit of the user terminal 300, and the user organization of the present invention as a payment means Select the identification information of the payment method to be provided.

To illustrate one embodiment of the operation, after the user connects the user terminal 300 to a specific online commerce server (not shown) abroad, using the input unit of the user terminal 300, the user terminal 300 of the present invention is a specific domestic Select the box marked with the identification information of the payment method provided by the mobile payment company.

In step 910, from the transaction server (not shown), 'payment information including a predetermined transaction application amount, predetermined transaction counterparty type information, and information on predetermined transaction details' is transmitted to the user organization server 200, and the user organization server 200 receives the information.

To illustrate one embodiment of the operation, the payment window page of the mobile payment server 200 is called from an overseas server (not shown) operating the overseas online store site, and a predetermined payment application amount, seller ID, and 'purchase' are called. 'Payment information including the name and quantity of the product' is transmitted to the mobile payment server 200, which is a user organization server operated by the mobile payment company.

In step 915, the user terminal 300 searches for user organization identification information matching the 'payment method identification information selected in step 905' in the payment method DB 316, and matches the user organization identification information in the user IDDB 311 'at least one of user identification information and virtual real name ID' is searched for, and the 'at least one of user identification information and virtual real name ID for the user organization' is transmitted to the user organization server 200 matching the user organization identification information. .

To illustrate an embodiment of the operation, the user terminal 300 is connected to the payment window page of the mobile payment server 200 by the call in the embodiment of step 910 , and the user IDDB 311 in the user terminal 300 is ), 'account ID of a user registered with a mobile payment company operating the payment method', which is user identification information matching the 'payment method identification information selected in step 905', is searched, and the account ID is set to the mobile payment server ( 200) is sent.

According to another aspect of the present invention, in the state in which the user has previously registered 'at least one of user identification information for a user organization and virtual real name ID' given to him in a server (not shown) operating the online commerce site. , steps 910 and 915 may be replaced with steps 905-1 and 910-1 below.

In step 910-1, in the transaction server (not shown), 'at least one of the user identification information for the user organization and the virtual real name ID' registered by the user is searched for by a predetermined method, and the 'user identification information for the user organization and the virtual By matching one or more of the real name IDs, 'payment information including a predetermined transaction application amount, predetermined transaction counterparty type information, and information on predetermined transaction details' is transmitted to the user organization server 200 and sent to the user organization server ( 200) receives the information.

When 'information transmitted in step 910' and 'information transmitted in step 915' are received from the user organization server 200 in step 920, user identification read from the information transmitted in step 915 in the user DB 210 Information and one or more of the virtual real name ID' is searched for predetermined balance information, and it is determined whether the 'transaction request amount read from the information transmitted in step 910' is within the limit amount corresponding to the balance information.

To illustrate one embodiment of the operation, the balance matched with 'user identification information read from the information transmitted in the embodiment of step 915' is searched in the user DB 210 in the mobile payment server 200, and the 'step In the embodiment of 910, it is determined whether the payment application amount read from the transmitted information is within the balance.

To illustrate another embodiment of the operation, payment method issuer identification information matched with 'user identification information read from the information transmitted in the embodiment of step 915' in the user DB 210 in the mobile payment server 200 is A payment method issuer corresponding to the payment method issuer identification information while matching with the user identification information and the user identification information (for example, One or more of the payment method ID (eg, card number or account number) given by the credit card company, bank, or prepaid payment method issuer) and the payment application amount, and a predetermined consent to the information transmitted from the payment method issuer server When the information is received, it is judged that it is within the limit amount.

If the determination in step 920 is affirmative, the following step 925 is operated.

In step 925, from the user organization server 200 to the user terminal 300 matching 'at least one of the user identification information and the virtual real name ID, transmitted in step 915 and read from the information received in step 920,' in step 910 'Payment information' including information on the transaction request amount, transaction counterparty method, and transaction details, which is transmitted and read from the information received in step 920 is transmitted.

On the other hand, according to another aspect of the present invention that prefers the settlement bank's preliminary verification of the remittance possibility prior to the operation of step 925 rather than shortening the process, if the determination in step 920 is positive, the step 925 is replaced by the following steps Steps 921-1, 922-1, and 923-1 and 925-1 may be operated.

In step 921-1, the virtual real name ID matched with the 'user identification information read from the information transmitted in step 915' is retrieved from the user DB 210 in the user organization server 200, and the virtual real name ID and the 'step' The received payment information' transmitted from 910 is transmitted to the identity authentication server 100 .

To illustrate one embodiment of the operation, a virtual account number matching 'user identification information read from the information transmitted in the case of step 915' is searched in the user DB 210 in the mobile payment server 200, and the The virtual account number and 'payment information including the payment application amount transmitted and received in the case of step 910, the seller ID, and the name and quantity of the purchased product' are transmitted to the settlement bank server 100 .

Meanwhile, according to another aspect of the present invention, the 'virtual real name ID read from the information transmitted in step 915' and the 'payment information transmitted and received in step 910' in the user organization server 200 in step 921-1 It may be transmitted to the authentication server 100 .

Meanwhile, according to another aspect of the present invention, the user identification information may be transmitted in place of the virtual real name ID.

When 'information transmitted in step 921-1' is received from the identity authentication server 100 in step 922-1, the identity authentication DB 110 receives 'the user identification information and the virtual real name ID read from the received information' in step 922-1. Search for a real-name ID matching one or more', consider the real-name ID as the payer's real-name ID, consider the 'transaction application amount read from the received information' as an amount corresponding to the payment amount, and consider the 'received The 'information by counterparty method read from the information' is regarded as identification information for the payee, and 'information on the prescribed transaction details read from the received information' is regarded as 'the reason for the payer to pay to the payee' Information on 'information related to

To illustrate an embodiment of the operation, when 'information transmitted in the embodiment of step 921-1' is received from the settlement bank server 100, the 'virtual information read from the received information' is received in the identity authentication DB 110 Search for the real name number matching the 'account number', consider the real name number as the payer's real name number, consider the 'payment application amount read from the received information' as an amount corresponding to the payment amount, and consider the 'received Seller ID read from information is regarded as receivable identification information, and 'name and quantity of purchased product read from the received information' is regarded as information on the reason for remittance, and compliance is filtered.

If it is determined as a normal transaction as a result of the compliance filtering in step 922-1, step 923-1 is operated.

In step 923-1, as a reply to the 'information transmitted in step 921-1' from the identity authentication server 100, 'information identifying that a transaction is possible' (hereinafter referred to as a "tradeable code") is transmitted to the user organization server 200 ) is sent to

When the 'information transmitted in step 923-1' is received from the user organization server 200 in step 925-1, the user identification information and the virtual real name ID read from the information transmitted in step 915 and received in step 920 'Payment information including transaction application amount, transaction counterparty type information, and transaction details, transmitted in step 910 and read from the information received in step 920,' is transmitted to the user terminal 300 matching one or more .

As an example of the operation, when 'information transmitted in the embodiment of step 923-1' is received from the user organization server 200, 'user identification information read from the information transmitted in the embodiment of step 915' 'Payment information including the payment application amount read from the information transmitted in the embodiment of step 910, the seller ID, and the name and quantity of the purchased product' is transmitted to the user terminal 300 matched to '.

After step 925 (or step 925-1) is operated, the following step 930 is operated.

In step 930, when 'information transmitted in step 925 (or step 925-1)' is received from the user terminal 300, the output unit 'the amount of transaction application read from the received information, information per transaction counterparty type, and transaction details' Information about ', the master password input field and a confirmation box are displayed.

To illustrate an embodiment of the operation, when 'information transmitted in the embodiment of step 925 (or step 925-1)' is received from the user terminal 300, 'read from the received information, Payment information including the amount of application for payment, seller ID, and the name and quantity of the purchased product', a master password input field, and a confirmation box are output.

If the user agrees to the output payment information, step 935 is operated.

In step 935, the master password is input to the user terminal 300.

To illustrate one embodiment of the operation, if the user selects 'the confirmation box output in the embodiment of step 930' using the input unit of the user terminal 300, a master password input field and another confirmation box are output, and the user Enters the master password in the master password input field using the input unit of the user terminal 300 and selects the confirmation box.

In step 940, the user terminal 300 retrieves the virtual real name ID for the user organization from the user IDDB 311, the encrypted 'WYK for the identity authentication authority and the WYK for the user organization' is searched from the WYKDB 312, and the WYHDB 313 'WYH for personal authentication institution and WYH for user institution' is searched.

To illustrate one embodiment of the operation, a virtual account number matching 'the user organization identification information found in the embodiment of step 915' is searched in the user IDDB 311 configured in the security area of the user terminal 300, and the security In WYKDB 312 configured in the area, 'encrypted settlement account password matching the settlement bank identification information' and 'encrypted user organization password matching the user organization identification information' are searched, and WYHDB ( 313), 'WYK encryption key for settlement bank matching the identification information of the settlement bank' and 'WYK encryption key for user organization matching the identification information of the user organization' are searched.

According to another aspect of the present invention, in the case where the virtual real name ID is searched in step 915, in step 940, the virtual real name ID matching the 'user organization identification information found in step 915 is searched in the 'user IDDB 311'. operation' may be omitted.

Step 445 in FIG. 4 is operated.

To illustrate one embodiment of the operation, 'the master password input in the embodiment of step 935' is the decryption key, and 'the encrypted settlement account password and the encrypted user organization password retrieved from the WYKDB 312 in the embodiment of step 940' ' is decoded.

In step 950, the user terminal 300 uses the 'WYK for the self-certification authority decrypted at step 445' and the 'WYH for the self-certification authority retrieved from the WYHDB (313) at step 940' to calculate the self-authentication information for the self-certification authority, and ' The user authentication information for the user organization is calculated using the 'WYK for the user organization decrypted in step 445 and the WYH for the user organization retrieved from the WYHDB 313 in the step 940'.

To illustrate an embodiment of the operation, the 'settlement account password decrypted in the embodiment of step 445' is encrypted with 'the WYK encryption key for the settlement bank found in the WYHDB 313 in the embodiment of step 940', and the settlement bank The user authentication information for the user is calculated, and the 'password for the user organization decrypted in the embodiment of step 445' is encrypted with the 'WYK encryption key for the user organization found in the WYHDB 313 in the embodiment of step 940'. to calculate

In step 955, the user terminal 300 matches the 'information transmitted in step 925 (or step 925-1) and received in step 930' to provide predetermined transaction confirmation information and 'personal authentication information for the user organization calculated in step 950 ' ' to the user organization server 200, remittance transaction identification information, 'transaction application amount read from information received in step 930', 'virtual real name ID retrieved in step 940 (or step 915)' and 'in step 930 'Information by counterparty method read from the received information', 'information about transaction details read from the information received in step 930' and 'personal authentication information for identity authentication institution calculated in step 950' to the identity authentication server 100 send.

To illustrate an embodiment of the operation, the user terminal 300 confirms a predetermined transaction by matching 'information transmitted in the embodiment of step 925 (or step 925-1) and received in the embodiment of step 930'. The information and 'personal authentication information for the user organization calculated in the embodiment of step 950' are transmitted to the user organization server 200, remittance transaction identification information and 'payment application amount read from the information received in the embodiment of step 930' 'Virtual account number retrieved in the embodiment of step 940 (or step 915)', 'seller ID read from the information received in the embodiment of step 930', and 'purchase, read from the information received in the embodiment of step 930 The name and quantity of the product' and 'person authentication information for the settlement bank calculated in the embodiment of step 950' are transmitted to the settlement bank server 100 .

According to another aspect of the present invention, the settlement account ID read from a predetermined memory may be transmitted to the identity authentication server 100 by replacing the virtual real name ID in step 955.

When the 'information transmitted to the user organization server in step 955' is received from the user organization server 200 in step 956, the user DB 210 receives the user identification information transmitted in step 925 (or step 925-1) and 'WYK for user organization and WYH for user organization' are searched for matching one or more of the virtual real name IDs, and the identity authentication unit 240 searches for 'WYK for user organization and WYH for user organization found above' and 'WYK for user organization and WYH for user organization' , it is determined whether the 'person authentication information for the user organization' is matched.

To illustrate an embodiment of the operation, when the 'information transmitted to the user organization server in the embodiment of step 955' is received from the user organization server 200, the user DB 210 performs a 'step 925 (or step 925-) Searches for 'one-way encrypted password for user organization' and 'WYK encryption key for user organization' that match at least one of account ID and virtual account number transmitted in the embodiment of 1), and the identity authentication unit 240 returns ' The encrypted user organization password, which is the user authentication information for the user organization, read from the received information, is decrypted by the WYK encryption key for the user organization as a decryption key, and the decrypted user organization password is one-way encrypted using a hash function, and the It is determined whether the one-way encrypted password for the user organization matches the searched 'one-way encrypted password for the user organization'.

If the determination in step 956 is affirmative, step 957 is actuated.

In step 957, the user organization server 200 generates a predetermined transaction ID, and the user DB 210 includes 'at least one of user identification information and virtual real name ID transmitted in step 925 (or step 925-1)' The matched balance is reduced by an amount corresponding to the 'transaction application amount included in the information transmitted in step 925 (or step 925-1)', and is matched with the transaction ID and transmitted in step 925 (or step 925-1) Authenticating the 'virtual real name ID included in one piece of information' and 'payment information sent in step 910 and received in step 920, including a predetermined transaction application amount, predetermined transaction counterparty type information, and predetermined transaction details' transmitted to the server 100, the random value calculating unit 230 randomly calculates a new WYH for the user organization, and the user DB 210 converts the WYH for the user organization matched to the virtual real name ID as the calculated WYH for the user organization and transmits the calculated WYH for the user organization to the user terminal 300 .

To illustrate an embodiment of the operation, a predetermined transaction ID is generated by the user organization server 200, and the account ID transmitted in the embodiment of 'step 925 (or step 925-1) from the user DB 210 and the balance matching one or more of the virtual account number' is reduced by the 'payment application amount included in the information transmitted in the embodiment of step 925 (or step 925-1)', and matched with the transaction ID to 'the virtual account number' and 'payment information including the predetermined payment application amount, the seller ID, and the name and quantity of the purchased product, transmitted in the embodiment of step 910 and received in the embodiment of step 920' to the settlement bank server 100 and the random value calculating unit 230 randomly calculates a new WYK encryption key for the user organization, and sets the WYK encryption key for the user organization matched to the virtual real name ID in the user DB 210 as the calculated WYK encryption key for the user organization and transmits the calculated WYK encryption key for the user organization to the user terminal 300 .

In step 958, when the 'information transmitted to the identity authentication server 100 in step 955' and 'information transmitted in step 957 (or step 957-1)' are received from the identity authentication server 100, the ambassador 150 It is determined whether the received amount information matches each other.

To illustrate an embodiment of the above operation, when receiving 'information transmitted to the identity authentication server 100 in the embodiment of step 955' and 'information transmitted in the embodiment of step 957' from the identity authentication server 100 , the ambassador 150 'read from the information transmitted in the embodiment of step 955, the virtual account number, the payment application amount, the seller ID, and the name and quantity of the purchased product' are respectively 'transmitted in the embodiment of step 957 It is determined whether the virtual account number, the payment application amount, the seller ID, and the name and quantity of the purchased product' read from the information match each other.

If the determination in step 958 is affirmative, step 960 is operated.

In step 960, the identity authentication DB 110 in the identity authentication server 100 matches the 'virtual real name ID (or settlement account ID) read from the information transmitted to the identity authentication server 100 in step 955'. Search WYK and WYH for self-certification institutions, and determine whether the self-certification unit 140 matches 'the searched WYK for self-certification institutions and WYH for self-certification institutions' and 'personal authentication information for self-certification institutions read from the received information' do.

To illustrate one embodiment of the operation, the identity authentication DB 110 in the settlement bank server 100 matches 'the virtual account number read from the information transmitted to the identity authentication server 100 in the embodiment of step 955' The 'one-way encrypted settlement account password with a hash function' and the WYK encryption key for the settlement bank are searched, and the identity authentication unit 140 is 'settling bank Decrypts the 'settlement account password encrypted with the WYK encryption key for the settlement bank' with the 'WYK encryption key for the settlement bank', unidirectionally encrypts the decrypted settlement account password with a hash function, and the one-way encrypted settlement account password and 'the searched one-way Encrypted settlement account password' is checked to determine whether they match.

If the determination in step 960 is affirmative, step 965 is operated.

In step 965, the real name ID matching the 'virtual real name ID read from the information transmitted to the user authentication server 100 in step 955' is retrieved from the identity authentication DB 110 in the identity authentication server 100, and the real name ID is regarded as the real name ID of the payer, the 'transaction application amount determined to be matched in step 958' is regarded as the amount corresponding to the payment amount, and the 'information by counterparty method determined to be matched in step 958' is the receipt identification information , and 'information on the predetermined transaction details determined to be matched in step 958' is regarded as 'information on the reason for payment to the payee, the payee,' for compliance filtering.

To illustrate one embodiment of the operation, the settlement bank server 100 searches for a real name number matching 'the virtual account number read from the information transmitted to the identity authentication server 100 in the embodiment of step 955', The real name number is regarded as the payer's real name number, and the amount obtained by deducting a predetermined fee from the 'payment application amount determined to be matched in the embodiment of step 958' is regarded as an amount corresponding to the payment amount, and 'step 958' 'Seller ID determined to be matched in the embodiment' is regarded as receipt identification information, and 'name and quantity of purchased goods determined to be matched in the embodiment of step 958' as information on the reason for remittance Filter.

If it is determined as a normal transaction as a result of the compliance filtering in step 965, steps 475 and 480 in FIG. 4 are operated.

In step 995, the identity authentication DB 110 in the identity authentication server 100 searches for the settlement account ID matching the 'virtual real name ID read from the information transmitted to the identity authentication server 100 in step 955', and the balance DB In step 160, the balance matched to the user organization identification information is reduced by an amount corresponding to the 'transaction application amount determined to be matched in step 958', and the 'balance matched to the settlement account ID' by an amount corresponding to the transaction application amount Receiving account matching the 'information by counterparty method read from the information transmitted in step 955 and received in step 958' by decreasing the 'balance matched with the settlement account ID' again according to the transaction application amount to process a transaction that remits an amount corresponding to the transaction request amount.

To exemplify one embodiment of the operation, the identity authentication DB 110 in the settlement bank server 100 matches 'the virtual account number read from the information transmitted to the settlement bank server 100 in the embodiment of step 955' Search for the settled settlement account number, and reduce the balance matched to the settlement account number of the user organization by the amount obtained by adding a predetermined fee to the 'payment application amount determined to be matched in the embodiment of step 958' in the balance DB 160 and increase the balance matched to the settlement account number, and decrease the balance matched to the settlement account number by 'the amount obtained by adding a predetermined remittance fee to the payment application amount', and 'transmitted in the embodiment of step 955 In the embodiment of step 958, a transaction of remitting the payment application amount to a receiving account matching the 'seller ID read from the received information is processed.

According to an additional aspect of the present invention, the receiving account matching the seller ID may be 'one of an account in the seller's name and an account in the name of a mobile payment company for collection business settlement'.

On the other hand, according to another aspect of the present invention, 'replacing the virtual real name ID in step 955 and transmitting the settlement account ID read from a predetermined memory to the identity authentication server 100', in step 995, the 'step 955 The operation of searching for the settlement account ID matched with the 'virtual real name ID read from the information transmitted to the identity authentication server 100 in ' may be omitted.

FIG. 10 is a view showing a first app installed on a user terminal of the present invention for the purpose of using the first user organization, and then using the first app to protect personal information while protecting personal information simply and safely It is a diagram explaining the operation of the embodiment in which the second app does not need to be installed on the user terminal among the embodiments of real-name authentication.

In step 210-2, the user terminal 300 accesses the membership application page of the second user organization server (not shown), and in the output of the user terminal 300, 'User identification information input field for user organization and WYK input field for user organization A predetermined user organization subscription application screen including ' is output.

Illustrative of an embodiment of the user organization subscription application screen, it includes a terms and conditions reading field, a terms and conditions agreement input field, a user identification information input field for the user organization, a WYK input field for the user organization, a mobile phone number input field, and an e-mail address input field.

In step 215-2, when the user identification information for the second user organization and the WYK for the second user organization are input to the user terminal 300, the input information is used as personal authentication information for the second user organization server (not shown) is sent to

To illustrate one embodiment of the operation, the user reads the terms and conditions of the user organization using the input unit of the user terminal 300, selects the agreement agreement field, and enters the user identification information input field for the user organization. Enter identification information, enter the password for the second user organization in the WYK input field for the user organization, and enter your 'mobile phone number and e-mail address' in the 'mobile phone number input column and e-mail address input column' respectively. information is transmitted to the user organization server 200 .

In step 220-2, when the 'information transmitted in step 215-2' is received from the second user organization server (not shown), the 'virtual real name IDs allocated in advance from the identity authentication authority' in the virtual real name IDDB (not shown) 'one not assigned to any user' is selected, and 'information read from the information' is stored by matching the selected virtual real name ID in the user DB (not shown).

To illustrate one embodiment of the operation, in the second user organization server (not shown), virtual account numbers assigned from the identity authentication institution are stored in the virtual real name IDDB (not shown), and 'step 215-2 is performed' When the 'information transmitted in the example' is received, it matches 'the most advanced virtual account number among the virtual account numbers to which user identification information is not matched among the virtual account numbers' to match the 'user for the second user read from the information. 'Identification information' is stored, and by matching 'the matched virtual account number' in the user DB 210, the 'user identification information for the second user organization read from the information, the password for the second user organization, the mobile phone number, and the electronic 'Email address' and the agreement code of the user organization agreement are stored.

According to another aspect of the present invention, the 'user identification information for the second user organization' is not separately input to the user terminal 300, but 'the assigned virtual real name ID, the received mobile phone number, and the received input One of the e-mail addresses' may be regarded as 'user identification information for the second user organization' of the user.

In step 240-2, the second user organization server (not shown) calls the identity authentication server 100, and the second user organization identification information, predetermined real name authentication application information, and 'virtual real name ID selected in step 220-2' is transmitted to the identity authentication server 100 , the identity authentication server 100 is called and the 'transmitted information' is received.

To illustrate an embodiment of the operation, the second using institution server (not shown) calls the settlement bank server 100, the second using institution identification information, predetermined real name authentication application information, and 'step 220-2' When the 'virtual account number matched in the embodiment' is transmitted to the settlement bank server 100, the settlement bank server 100 is called and receives the 'transmitted information'.

According to another aspect of the present invention, the second using organization server (not shown) transmits the 'second using organization identification information, predetermined real name authentication application information and virtual real name ID' to the user terminal 300, and the user The terminal 300 may transmit the information to the called identity authentication server 100 .

In step 245-2, the user terminal 300 is connected to a predetermined real name authentication application screen page of the identity authentication server 100, and in the output of the user terminal 300, 'in step 240-2, the identity authentication server 200 A predetermined real name authentication application screen including 'second user organization identification information read from the information received by ', 'box for applying for real name authentication of the present invention' (hereinafter referred to as "real name authentication application box") and a master password input field This is output.

To illustrate an embodiment of the operation, the user terminal 300 is connected to a predetermined real name authentication application screen page of the identity authentication server 100 by the call in the embodiment 240-2, and the identity authentication server 100 ) to the user terminal 300, 'Second user organization identification information received by the settlement bank server 100 in the embodiment of step 240-2' and 'Real name authentication to the user organization corresponding to the second user organization identification information Transmits information about a predetermined real-name authentication application screen including a 'phrase to apply for' and a 'confirmation box for the phrase' as a real-name authentication application box, and transmits the real-name authentication application to the output of the user terminal 300 The screen is output.

In step 250-2, information for selecting the 'real name authentication application box output in step 245-2' and a master password are input to the user terminal 300 .

To illustrate one embodiment of the operation, when the user selects the check box in the embodiment of step 245-2 using the input unit of the user terminal 300, the master password input field is output to the output unit, and the user selects the user terminal Using the input unit of 300, the master password is input in the master password input field.

In step 255-2, in the user terminal 300, the 'master password input in step 250-2' is encrypted as an encryption key, and the 'WYK for the second user input in step 215-2' is encrypted in the WYKDB (312). The 'encrypted WYK for the second using organization' is stored by matching with the 'second user identification information' output in 245-2 (or step 245-3), and the 'encrypted WYK for the user authentication institution' is stored in the WYKDB 312 . is searched, 'user identification information for identity authentication authority' is searched in user IDDB 311, WYH for identity authentication authority is searched in WYHDB 313, and the 'encrypted WYK for identity authentication authority' is searched with the master password as a decryption key. is decrypted, and using the 'decrypted WYK for self-certification authority' and the searched 'WYH for self-certification authority', 'personal authentication information for self-certification authority' is calculated, The authentication application information and the 'personal authentication information for an identity authentication institution' are transmitted to the identity authentication server 100 .

To illustrate one embodiment of the operation, the 'master password input in the embodiment of step 250-2' in the user terminal 300 is used as an encryption key and the 'password for the second user organization input in the embodiment of step 215-2' is encrypted, and the 'encrypted password for the second user organization' is stored in the WYKDB 312 by matching it with the 'second user organization identification information output in the embodiment of step 245-2 (or step 245-3)' , 'Encrypted settlement account password matching the settlement bank identification information' is searched in the WYKDB 312 configured in the security area, and 'in the user IDDB (311), as an embodiment of the user identification information for the authentication authority, login ID and the settlement account number and one of the virtual real name ID for the first certification authority and the virtual real name ID for the Nth (however, N≠2) certification authority' are searched, and matching the settlement bank identification information in the WYHDB 313 configured in the security area. The WYK encryption key is retrieved, the 'encrypted settlement account password' is decrypted with the master password as a decryption key, the 'decrypted settlement account password' is encrypted with the WYK encryption key to calculate the identity authentication information for the settlement bank, ' The searched login ID and settlement account number, one of the virtual real name ID for the first authentication institution and the virtual real name ID for the Nth (however, N≠2) authentication institution', the real name authentication application code, and the identity authentication information for the settlement bank are settled It is transmitted to the bank server 100 .

When the 'information transmitted in step 255-2' is received from the identity authentication server 100 in step 260-2, the real name matched with 'user identification information for the identity authentication institution read from the information' in the identity authentication DB 110 Search ID and 'WYK for self-certification authority' and 'WYH for self-certification authority', and the self-authentication unit 140 reads 'at least one of the searched WYK for self-certification authority and WYH for self-certification authority' and 'read from the received information. It is judged whether the 'personal authentication information for the registered identity authentication institution' is matched.

To illustrate one embodiment of the operation, when 'information transmitted in the embodiment of step 255-2' is received from the settlement bank server 100, the 'Login ID read from the information' in the identity authentication DB 110 The real name ID matched to the settlement account number, one of the virtual real name ID for the first certification authority and the virtual real name ID for the Nth (however, N≠2) certification authority, and the 'one-way encrypted settlement account password with a hash function' and the settlement bank Search for the WYK encryption key for the WYK encryption key, and the self-authentication unit 140 inserts the 'settlement account password encrypted with the WYK encryption key for the settlement bank', which is the 'personal authentication information for the settlement bank read from the received information', to the 'settlement bank' WYK encryption key' for decryption, one-way encryption of the decrypted settlement account password with a hash function, and comparing the one-way encrypted settlement account password with 'the searched one-way encrypted settlement account password' to determine whether they match.

If the determination in step 260-2 is affirmative, step 265-2 is operated.

In step 265-2, the identity authentication DB 110 in the identity authentication server 100 matches the 'user identification information for the identity authentication institution read from the information received in step 260-2' to 'information received in step 240-2 The second user organization identification information and virtual real name ID' read from are stored to match each other, and the random value calculation unit 130 randomly calculates a new WYH for the identity authentication institution, and in the identity authentication DB 110 ' Update 'WYH for personal authentication authority' matched with 'user identification information for user authentication authority' to the calculated WYH for user authentication authority, and send to the user terminal 300 as a reply to the 'information received in step 260-2' 'Second user organization identification information and virtual real name ID' and 'WYH for the user authentication authority calculated above' are transmitted, and as a reply to 'reception in step 240-2', predetermined real name verification completion information is transmitted to the second user organization It is transmitted to a server (not shown).

To illustrate one embodiment of the operation, the login ID, the settlement account number, the virtual account number for the first authentication institution, and the Nth read from the information received in the embodiment of step 260-2 in the identity authentication DB 110 (However, N≠2) In the virtual account number field matched to the 'second user identification information received in the embodiment of step 240-2' matched with one of the virtual account numbers for the certification authority, 'step 240-2' In the embodiment, the received virtual account number' is stored, the random value calculation unit 130 randomly calculates a new WYK encryption key for the identity authentication institution, and the 'login ID and settlement account number and Update the WYK encryption key for the self-certification authority that matches the first virtual account number for the first certification authority and one of the Nth (however, N≠2) virtual account number for the certification authority' with the calculated WYK encryption key for the self-certification authority, and in the above step As a reply to the 'information received in the embodiment of step 260-2', the 'second user organization identification information and virtual account number' and 'the calculated WYK encryption key for the identity authentication institution' are transmitted to the user terminal 300, As a reply to the 'reception in step 240-2', predetermined real name verification completion information is transmitted to the second user organization server (not shown).

When the 'information transmitted to the second user organization server (not shown) in step 265-2' is received from the second using organization server (not shown) in step 270-2, the user DB (not shown) receives the 'step 240- 2, by matching with the 'virtual real name ID transmitted to the user authentication server 100', predetermined real name authentication completion identification information is stored.

When the 'information transmitted to the user terminal in step 265-2' is received from the user terminal 300 in step 280-2, the first app 310 is activated, and in the user IDDB 311, 'in the received information The read, second user identification information and virtual real name ID' are matched with each other and stored, and the 'WYH for the authentication authority' stored in the WYHDB 313 is updated to the 'WYH for the identity authentication institution read from the received information' do.

11 is a diagram showing a first app installed in a user terminal of the present invention for the purpose of using a first user organization, and then using the first app to protect personal information while protecting personal information simply and safely It is a diagram for explaining the operation of the embodiment in which it is necessary to install the "second app" in the user terminal among the embodiments of real-name authentication.

In step 210-3, the 'personalization second app' is downloaded from the app download server 400 to the user terminal 300, and the 'user identification information input field for the user organization and the WYK input field for the user organization' is downloaded to the output of the user terminal 300 in step 210-3. A predetermined user organization subscription application screen including

Illustrative of an embodiment of the user organization subscription application screen, it includes a terms and conditions reading field, a terms and conditions agreement input field, a user identification information input field for the user organization, a WYK input field for the user organization, a mobile phone number input field, and an e-mail address input field.

Steps 215-2 to 240-2 in FIG. 10 are operated.

In step 245-3, the user terminal 300 is connected to a predetermined real name authentication application screen page of the identity authentication server 100, the first app of the user terminal 300 is started, and the output section 'Step 240-2 A predetermined real name authentication application screen including 'second user organization identification information read from the information received by the identity authentication server 200', a real name authentication application box, and a master password input field is output.

To illustrate an embodiment of the operation, the user terminal 300 is connected to a predetermined real name authentication application screen page of the identity authentication server 100 by the call in the embodiment 240-2, and the identity authentication server 100 ), the first app of the user terminal 300 is started by the call, and the identity authentication server 100 is the user terminal 300 'in the step 240-2 embodiment, the settlement bank server 100 received the second Real name authentication application screen including 'user organization identification information' and 'phrase of the gist of applying for real name authentication to a user organization corresponding to the second user organization identification information' and 'confirmation box for the above phrase' as a real name authentication application box information is transmitted to the user terminal 300 and the real name authentication application screen is output to the output unit of the user terminal 300 .

Steps 250-2 to 280-2 in FIG. 10 are operated.

In the detailed description of the present specification so far, specific examples have been described, but these are used only for the purpose of describing the present invention and are not used to limit the meaning or scope of the present specification described in the claims. Therefore, the scope of the present specification should not be limited to the above-described embodiments, but should be defined by the claims and equivalents thereof to be described later.

100: self-authentication server
110: identity authentication DB
120: function storage unit
130: random value calculation unit
140: identity authentication unit
150: Ambassador
160: Balance DB
170: virtual balance DB
200: user organization server
210: user DB
220: function storage unit
230: random value calculator
240: identity authentication unit
300: user terminal
310: app
311: User IDDB
312: WYKDB
313: WYHDB
314: function storage unit
315: counterparty DB
316: payment method DB
317: service subscription code storage unit
400: app download server

Claims (24)

As a method for simple and safe real-name authentication while protecting personal information,
In the authentication server,
Step A of receiving a virtual real name ID matched with the user organization identification information from at least one of the user organization server and the user terminal;
Step B of receiving personal authentication information for a user authentication institution matched with user identification information from a user terminal;
a step D of determining whether the information matches the 'personal authentication information received in step B' using 'one or more pieces of information matched with the user identification information in the internal DB'; and
Step E of storing the user identification information and the virtual real name ID by matching the user identification information in a DB configured therein, if it is determined that the matching is performed in the step D; including,

After steps A to E are operated
G receiving transaction application information by matching the virtual real name ID from a user organization server; and
Step K of searching for a real name ID matching the 'virtual real name ID received in step G' in the internally configured DB; including,

Without exposing the user's real name ID or 'user information that the user is reluctant to expose to the user organization',
Without receiving the user's real name ID from the user organization server,
A method characterized in that 'the user's real name ID' can be matched if necessary for 'transaction information that does not match the user's real name ID at the user organization'
delete delete delete delete delete delete delete delete As a method of simple and safe self-authentication while protecting personal information,
In the user terminal,
Step E of inputting 'a password memorized by the user, characterized in that it is a password that does not need to be exposed to anyone in the world as well as to the user organization, and is a password that does not need to be stored anywhere in the world as well as the user organization server or user terminal';
Step F in which the virtual real name ID used in one service organization is retrieved from the internally configured DB;
Step G in which the target identification information and quantity and price are input;
Transmitting the 'at least one of the target identification information, quantity, price, and transaction price' and 'personal authentication information for a self-certification institution, characterized in that it can be calculated using the master password entered in step E', to the user authentication server Step H; and
Matching with the virtual real name ID, 'personal authentication information for user organizations, characterized in that it can be calculated using the master password entered in step E' and ''purchase transaction identification information and sell transaction identification information, characterized in that it is one of and step I of transmitting 'transaction identification information to

Without exposing the user's real name ID or 'user information that the user is reluctant to expose to the user organization',
The user organization generates 'one transaction information matched with the virtual real name ID' using the 'virtual real name ID, transaction identification information, transaction object identification information, quantity and price' transmitted in step I, but the generated transaction information cannot match the user's real name ID,
For 'the transaction information matched with the virtual real name ID while failing to match the user's real name ID at the user institution', if necessary, the 'real name ID stored by the authentication authority matching the user's virtual real name ID' to be matched. A method characterized by being able
delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images