KR20090002019A - Transaction authentication system using a wireless telecommunication device - Google Patents

Transaction authentication system using a wireless telecommunication device Download PDF

Info

Publication number
KR20090002019A
KR20090002019A KR1020070053756A KR20070053756A KR20090002019A KR 20090002019 A KR20090002019 A KR 20090002019A KR 1020070053756 A KR1020070053756 A KR 1020070053756A KR 20070053756 A KR20070053756 A KR 20070053756A KR 20090002019 A KR20090002019 A KR 20090002019A
Authority
KR
South Korea
Prior art keywords
communication terminal
information
authentication
server
authorization
Prior art date
Application number
KR1020070053756A
Other languages
Korean (ko)
Inventor
이바도
Original Assignee
이바도
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이바도 filed Critical 이바도
Priority to KR1020070053756A priority Critical patent/KR20090002019A/en
Publication of KR20090002019A publication Critical patent/KR20090002019A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

A transaction authentication system using a wireless telecommunication device is provided to output the authorization request signal immediately to the reader of the tollgate server by using the local area wireless output mean. The fingerprint recognition mode(or, the password output mode) is formed by the pressure sensitive button. The finger print recognition sensor(21) displays time sync temporary password display. The communications module, memory control part, central process unit, mobile communications terminal operating system, memory, fingerprint recognition processing unit, display and local area wireless input-output means are formed in the mobile communications terminal(20).

Description

Authorization system using wireless communication terminal {TRANSACTION AUTHENTICATION SYSTEM USING A WIRELESS TELECOMMUNICATION DEVICE}

1 is a schematic perspective view showing the appearance of a mobile phone having an infrared port used in the present invention.

Figure 2 is a schematic diagram of the network connection of the payment system of the present invention

* Description of the main reference numerals

11; Authentication server 12; Authentication request server 13; Reader 15; Infrared port of the reader

20; Cell phone 21; Fingerprint sensor 22; Mobile phone infrared port

The present invention relates to an authorization system including payment using a wireless communication terminal for directly outputting an authorization request signal to a reader of an authentication request server using a wireless communication terminal.

Wireless communication terminals, including mobile communication terminals, have not only voice communication but also information processing capability. Most of them are carried by the general public so that they are saturated in the middle and advanced countries. Attempts have been made to use this as an auxiliary device for authentication.

US Pat. No. 5,608,778 discloses a technology for authorizing the use of a mobile device, such as a credit transaction, for a commerce or secured building, or for a multi-facility payable device, as a tool for controlling the authentication process with a mobile phone. This technology pays to an account associated with a mobile phone number, and must communicate with the authentication server that manages the account through a mobile communication network, and thus there are many constraints on the subject and time.

In Korean Patent Application Nos. 1999-4871, 1999-57586, 2000-14506, etc., the authentication number is transmitted from the authentication server to the mobile phone at the request of the seller server in the authentication procedure of online commerce, and the authentication entered into the seller server by the user. There is disclosed a micropayment method in which a verification server verifies a number, approves a transaction, and charges a communication fee. The authentication number is a one-time use valid time (for example, 10 minutes).

Korean Patent Laid-Open Publication No. 1999-37751 (published on 1999, 05, 25) includes a password generation unit, which has a password generation function for generating a response value as a one-time password from a challenge value including a time received from a communication module from a server. Disclosed is a communication terminal device. Korean Patent Registration No. 412986 discloses a one-time password authentication method for synchronizing time and event values using a mobile phone. Korean Patent Registration No. 441905 discloses a time-synchronous mobile phone authentication system that can be used in multiple environments by assigning a seed value to a department member. The security of the authentication process can be further enhanced by the one-time encryption method using a mobile phone, that is, a wireless communication terminal. However, a security problem may occur when a PIN code or a password corresponding to the PIN code or personal information is leaked together with the mobile phone. Can be.

The conventional technology uses a wireless communication terminal only by means of a single-use password transmission means, so that the security aspects of the wireless communication terminal cannot be fully utilized or incompletely relied on, or the necessary signals cannot be output directly. Convenience could not be achieved.

The present invention provides an authorization system using a wireless communication terminal for directly outputting an authorization request signal to a reader of an authentication request server using a wireless communication terminal.

In addition, the present invention is to provide a payment security system that is more secure by using a wireless communication terminal that allows payment or settlement to the account associated with the user of the wireless communication terminal.

According to the present invention, a radio includes a transmission / reception module for communicating voice or data, a display, data storage means, an input means, a near field wireless input / output means, a sensor for recognizing biometric information if necessary, and a computing means for controlling the elements. Communication terminal; Authentication server; An authentication request server connected to the authentication server; And a reader connected to the authentication request server, the display or the short-range wireless input / output means for transmitting an authorization request signal including data information previously stored in the wireless communication terminal or required for confidentiality generated by itself or transmitted and received by communication. An authorization system using a wireless communication terminal that outputs to a reader connected to the authentication request server and pays, settles, or confirms by an account associated with the data information required for confidentiality through an authentication process of the authentication server is provided. . If necessary, the authorization request signal is output after confirming the biometric information of the person authorized by the sensor for recognizing the biometric information. Preferably, the authorization request signal is output to the reader of the authentication request server through the short range wireless input / output means. If necessary, the authorization request signal may be composed of a primary signal indicating a linked account and a secondary signal confirming a transaction. Such secondary signals include fixed passwords, one-time passwords (OTPs), user identification information, simple confirmation signals, or URL callback signals. The secondary signal may be output directly to the reader, manually input to an authentication request server, or sent to an authentication server through a mobile communication network. In addition, the secondary signal may be transmitted to the authentication server in the URL callback format received by the authentication server to the communication terminal through the mobile communication network.

In the present invention, the wireless communication terminal preferably includes a mobile phone, a mobile phone, a PCS, a cellular phone, a smart phone, or a PDA equipped with a mobile communication module capable of two-way data communication. In the present invention, the user wireless communication terminal is most preferably in the form of a CDMA or TDMA mobile phone or mobile phone.

The short-range wireless input and output means of the wireless communication terminal in the present invention is a means for inputting and outputting sound waves, light waves or radio waves. Means. When the authorization request signal is output to the reader connected to the authentication request server by the display of the wireless communication terminal, the authorization request signal is displayed as text or a one-dimensional or two-dimensional pattern, or a color code.

The data storage means is, as is well known, RAM, ROM, HDD or flash memory and the like and can be used in combination according to the purpose of use.

The computing means consists of a central computing unit (CPU), various control units, an operating system and additional application software. The central computing unit is known a system chip for mobile phones. As operating systems, operating systems dedicated to Windows CE, Symbian or mobile phones are known for PDA.

Here, the authentication request server refers to a server on the side that provides goods or access to a user under the same authentication as the seller server. The authentication request server and the authentication server may be connected separately by wire or wireless, but may be physically integrated or share some or all of user information.

In the authorization system of the present invention, the user is given a predetermined authority by the authentication request procedure of the authentication request server and the authentication procedure of the authentication server. Permission to establish or use of a paid device in multiple facilities. This authority may be the authority to pass through the toll gate to enter and exit the highway. In addition, this authority may be the authority of access to the security building. In trading with a securities company, you are authorized to log in or establish an order. In the case of a financial institution, it is a payment or access authority such as transfer of money to a terminal, balance check, and the like. However, the predetermined authority of the user is not limited to offline. If the predetermined authority is online, the same applies if there is a separate reader.

The confidential information data information is confidential data data stored in advance in the storage means, self-generated confidential data information, and / or confidential data data transmitted and received by communication. The data information that needs to be kept secret may be, for example, a one-time password generated by itself, data information transmitted and received by communication, in particular, a one-time password, a mobile phone unique number and personal information or a fixed password of a mobile phone owner, or a hash thereof. Digital data strings obtained by the method. The data information that needs to be kept secret preferably includes a mobile phone unique number. Here, the unique mobile phone number refers to a mobile phone number, a mobile phone device number (ESN), a mobile phone assignment number (MINI), a mobile carrier assignment number and a secret key.

The data information that needs to be kept secret may include a one-time password generated by the password generator of the mobile phone. Algorithms for generating unpredictable codes can be performed in hardware or software, but are convenient in many ways. Even if implemented in software, it can be embedded or downloaded via wired or wireless. Algorithms for generating the above unpredictable codes are well known. For example, a hashing algorithm is known as a one-way function. MD4, MD5, RC4, IDEA, HS5DM, SMD and the like are used. Also known as the RSA algorithm. These algorithms can be written using the Java language and downloaded over wired or wireless. This non-predictive code is generated by the algorithm according to the user's identification code (PIN) and the time of the portable encryption generator. The user's identification code (PIN) is integrated into the user's algorithm and the computational performance of the algorithm can be activated by acceptance of the biometric sensor. Alternatively, a separate access password may be required along with the biometric information. The sequence of the random number generation procedure is installed in wired or wireless or built-in with the above algorithm.

The authorization request signal is output as it is or processed to the display or the short range wireless input / output means. For example, it may be processed and output according to the reader of the authentication request server. Here, processed means that the reader can be converted into a signal that can be read or encrypted for security. The authentication request server should provide a reader capable of reading such a signal or pattern.

The authorization request signal may further include other information for verifying the account of the mobile phone owner. With the authorization request signal input to the reader of the authentication request server, a seller operating the authentication request server through the account may settle a fee in exchange for confirming and authorizing the account of the mobile phone owner. Here, the account of the mobile phone owner means an account associated with the mobile phone owner by adding the above-mentioned confidential information such as a mobile phone number and, in some cases, the subscriber's information submitted during the entitlement service mentioned in the present invention. . For example, a user's telecommunications account for a telecommunications service company. Or an account authorized by the mobile phone user to pay the credit card or debit account by outputting an authorization request signal to the authentication request server on the mobile phone with a credit card or debit account associated with the mobile phone unique number (eg mobile phone number). Say. In some cases, the mobile phone owner's account may be a profile that records the mobile phone owner's information.

The authorization request signal checks the biometric information of the person authorized by the sensor for recognizing the biometric information and outputs the biometric information if necessary. The biometric information refers to a user's physical characteristics or behavioral characteristics. The physical characteristics are a face, an iris, a retina, a vein, a fingerprint, an ear, and the like, and the user's behavioral characteristics are a signature or a voice. The biometric information is preferably a face, iris, fingerprint or voice. Biometric technologies such as iris, fingerprint or voice are relatively well known, although they cannot guarantee integrity and full performance. The biometric information has at least 10 degrees of freedom and preferably at least 13 so as to correspond to three or more PIN numbers, preferably four or more PIN numbers. The iris, fingerprint or voice is a common technique with degrees of freedom of 4000, 65 and 55, respectively. In consideration of the accuracy of the algorithm or the sensor, even if the level is low, it is possible to set the false recognition rate FRR 1% or less and FAR 0.01% or less (corresponding to the 4-digit password). This is much more secure than a four-digit password scheme, given incorrect keystrokes.

In the case of facial recognition, it may be recognized as a pattern of a faceless face and / or a face of a particular expression.

For speech recognition technology, speech recognition technology or speaker recognition technology is used. In speech recognition technology, the sensor hardware is sufficient to use a conventional microphone, and the algorithm preferably uses speech dictation technology or speaker recognition technology. Speaker recognition technology is divided into voice registration process and voice recognition process. The voice registration process includes obtaining a sound signal waveform spectrum of the input voice signal, extracting a language unit by filtering and processing; Quantity adjustment step; And a storing step, wherein the voice recognition process comprises: obtaining a sound signal waveform spectrum; Comparative section harvesting step; It consists of a comparison step.

The iris recognition technology has been commercialized since 1993 by Professor Dogman, which developed an image encoding algorithm for 256 bytes of iris pattern since 1993, using image signal processing algorithm based on Gabor eblet transform. Iridian's PC Iris (a method of acquiring iris images reflected in concave mirrors) and Panasonic's BM-ET100 (camera use).

Fingerprint recognition technology consists of sensor hardware for reading a fingerprint and an algorithm to interpret it. Fingerprint sensor hardware is a wave method of obtaining an active or passive image of infrared, ultrasonic or visible light on the contact surface and measuring the contact pressure with a silicon semiconductor device. The algorithm extracts the features from the fingerprint image and recognizes them by sorting, matching, and comparing the scores. Sensor manufacturers include Veridicom, ST Micro, and Authentec. Sony's FIU-710. Optical sensors include manufacturers such as Digital persona, Identicator, and Nitgen.

The biological information mainly used in the present invention is iris, fingerprint or voice information, and most preferably fingerprint information.

The iris, fingerprint or voice is picked up by a camera or a contact pressure sensor or microphone and the sensor is integrated into the wireless communication terminal. Cameras and microphones mounted on them can be used as fingerprint and iris or voice sensors or biometric information input means.

The authorization request signal is output by acceptance of the biometric sensor in the biometric information sensing mode. Alternatively, a separate access password may be required along with the biometric information. The biometric information sensing mode for outputting the authorization request signal may be made by various methods such as voice, key manipulation or motion sensor. When the biometric sensor is a fingerprint sensor, the biometric information detection mode (or sensor input mode) for outputting the authorization request signal is conveniently performed by input of a button disposed in the vicinity of the fingerprint sensor window. The wireless communication terminal enters the biometric information sensing mode by a button or other input means, and the display of the biometric information sensing mode may be a screen, an LED, or a voice. Alternatively, the proximity sensor may recognize the proximity of the living body to enter the biometric information sensing mode. Depending on the type of sensor, a fingerprint or eyeball is placed on the sensor or a separate ciphertext is set on the microphone. If the communication terminal accepts the biometric information, it outputs an authorization request signal. The authorization request signal is automatically output to the authentication request server and reader directly to the reader connected to the authentication request server by infrared, Bluetooth or other wireless means.

The authentication request server and the authentication server may be physically integrated or operated separately from each other, and may share some or all of user information by connecting to a network. The authentication server may be directly operated by them depending on whether the linked account is of a bank, credit card company or mobile communication company, but is generally operated through a P / G (payment gateway) company. The authentication server is a secured database that stores data for authentication, authentication daemon, authentication process manager, real-time authentication monitor, management program based on strong mutual authenticaton, and logger. In addition to the security of the system itself, it is desirable to protect in a structure that can prevent intrusion on the network. It also operates as a dual server to enhance reliability.

When the authorization system of the present invention is used in the access control, the authentication request server is equivalent to the access control, the access controller is equipped with a reader and based on the information received by the wireless output of the confidential data of the wireless communication terminal By checking the user profile to control access.

Hereinafter, the present invention will be described with reference to the drawings.

1 shows a schematic appearance of a mobile phone used in the present invention. The pressure sensing button 25 enters the fingerprint recognition mode (or the password output mode), and the time synchronous disposable password is displayed on the display 23 by the fingerprint sensor 21. The mobile communication terminal 20 has a communication module 42, a memory control unit 44, a central computing unit 43, a mobile communication terminal operating system, a memory, a fingerprint recognition unit, a display 23, and a near field wireless input / output terminal 48. It consists of.

When the user presses the button 25, the user enters the biometric activation state, and when the fingerprint sensor 19 is placed on the fingerprint sensor, data information requiring confidentiality to specify an account with acceptance is output through the infrared port 22.

2 is a schematic diagram illustrating a payment system using the mobile phone of FIG. A mobile phone user who purchases a product at a shopping center places a thumb on the fingerprint sensor 21 of the mobile phone 20 with the associated account information at the infrared port 15 of the reader 13 connected to the shopping center server 12. The certificate server 11 receives the linked account related information and approves the transaction. If necessary, additional user information, fixed password, OTP or simple confirmation received by the mobile phone 20 via the mobile communication network including the relay tower 31 from the authentication server 11 to the reader again or the authentication request server Input to (12) can finally receive the transaction approval from the authentication server (11).

The present invention provides an authorization system that can safely and safely perform an authorization procedure in various fields of life including commerce with only a simple operation of a wireless communication terminal that is always carried. When the payment system using the mobile phone of the present invention requires a small and fast payment, such as a toll gate, an authorization request signal for connecting to a payment account is directly transmitted to the reader of the toll gate server by a short range wireless output means including an infrared port of the mobile phone. The output can be completed quickly. In addition, stability can be achieved by output control of the authorization request signal by the biometric information sensor of the mobile phone. In addition, when more security is required, authentication may be completed by manually or automatically inputting the fixed password, the one-time password, the password received from the authentication server into the reader.

Claims (10)

A wireless communication terminal including a transmission / reception module for communicating voice or data, a display, data storage means, input means, short-range wireless input / output means, a sensor for recognizing biometric information when necessary, and computing means for controlling the elements; Authentication server; An authentication request server connected to the authentication server; And a reader connected to the authentication request server, the display or the short-range wireless input / output means for transmitting an authorization request signal including data information previously stored in the wireless communication terminal or required for confidentiality generated by itself or transmitted and received by communication. Authorization system for outputting to the reader connected to the authentication request server through a wireless communication terminal for payment, settlement or confirmation by the account associated with the data information that requires confidentiality through the authentication process of the authentication server. The authorization system of claim 1, wherein the authorization system is a payment system. The system of claim 2, wherein the short range wireless input / output means of the wireless communication terminal is a sound wave, a light wave, or a radio wave.  The authorization system according to claim 3, wherein the short range wireless input / output means of the wireless communication terminal is an infrared input / output means. The authorization system of claim 4, wherein the authorization request signal confirms and outputs biometric information of an authorized person by a sensor that recognizes the biometric information of the wireless communication terminal. The authorization system of claim 5, wherein the biometric information is face, iris, fingerprint, or voice information. The system of claim 6, wherein the authorization request signal includes all or part of information for verifying the account of the mobile phone owner. 8. The system of claim 7, wherein the biometric information is a fingerprint. The authorization system of claim 8, wherein the confidentiality data information is converted into a biometric information sensing mode for outputting the confidentiality data information when the confidentiality data information is received by a communication terminal. The authorization system of claim 9, wherein the confidential information is displayed on a reader connected to the authentication request server in a one-dimensional or two-dimensional pattern or a color pattern.
KR1020070053756A 2007-06-01 2007-06-01 Transaction authentication system using a wireless telecommunication device KR20090002019A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020070053756A KR20090002019A (en) 2007-06-01 2007-06-01 Transaction authentication system using a wireless telecommunication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020070053756A KR20090002019A (en) 2007-06-01 2007-06-01 Transaction authentication system using a wireless telecommunication device

Publications (1)

Publication Number Publication Date
KR20090002019A true KR20090002019A (en) 2009-01-09

Family

ID=40485056

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020070053756A KR20090002019A (en) 2007-06-01 2007-06-01 Transaction authentication system using a wireless telecommunication device

Country Status (1)

Country Link
KR (1) KR20090002019A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101707614B1 (en) * 2015-09-04 2017-02-27 주식회사 인포소닉 Method and system for providing mobile payment service using sonic signal
WO2019124788A1 (en) * 2017-12-20 2019-06-27 주식회사 기업서비스연구소 System and method for processing sound recognition between terminals

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101707614B1 (en) * 2015-09-04 2017-02-27 주식회사 인포소닉 Method and system for providing mobile payment service using sonic signal
WO2019124788A1 (en) * 2017-12-20 2019-06-27 주식회사 기업서비스연구소 System and method for processing sound recognition between terminals

Similar Documents

Publication Publication Date Title
KR100643720B1 (en) Individual authentication device and cellular terminal apparatus
US7310042B2 (en) System and method for biometric-based fraud protection
US20080148059A1 (en) Universal, Biometric, Self-Authenticating Identity Computer Having Multiple Communication Ports
WO2003007125A2 (en) Secure network and networked devices using biometrics
JP2006146914A (en) Identification card with biosensor, and user authentication method
US20100131414A1 (en) Personal identification device for secure transactions
US20130036017A1 (en) Financial card for online fund transfer and method therefor
US20140330727A1 (en) ID Authentication
KR20140097467A (en) Method for authentication using biometric data for mobile device e-commerce transactions
MX2015000169A (en) Biometric validation method and biometric terminal.
WO2017122055A1 (en) A system for proximate and/or remote electronic transaction authorization based on user authentication and/or biometric identification
KR101935817B1 (en) System for dealing a digital currency with block chain with preventing security and hacking
KR100866839B1 (en) Transaction authentication system using a wireless telecommunication device
EP2365477A1 (en) Personal identification device for secure transactions
KR100720316B1 (en) wireless telecommunication device with output control function
CN101443722A (en) Wireless telecommunication device with output control function and transaction authentication system using the same
KR101812637B1 (en) Method, institution card, and system for verifing identity using identification code
KR20090052833A (en) A wireless telecommunication device with output control function and transaction authentication system using the same
RU143577U1 (en) DEVICE FOR PAYING GOODS AND SERVICES USING CUSTOMER'S BIOMETRIC PARAMETERS
KR20090002019A (en) Transaction authentication system using a wireless telecommunication device
ES2631002B1 (en) Device to facilitate corresponding financial transactions, procedure and installation
KR20060102121A (en) User authentification method and apparatus by rfid chip and smart card
KR20060057369A (en) Electronic payment system with mobile communication terminal using a living body informations and its operating method
WO2007133037A1 (en) A wireless telecommunication device with output control function and transaction authentication system using the same
KR20090013659A (en) Transaction authentication system using a wireless telecommunication device

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination