KR20090019278A - Authentication system for electonic service using telephone network - Google Patents

Abstract

An authentication system for electronic service using telephone network is provided to prevent the financial accident due to hacking as well as the transactions repudiation. The first terminal(100) is the user terminal connected to the net. The network server(200) interfaces the movement to the electronic service side for the first terminal. The authentication server(300) performs the authentication of relating to the electronic service via the net server. The host server(400) is connected to the authentication server and processes the electronic service requested from the first terminal. A plurality of call servers(500) is implemented as CTI (Computer and Telephony Integration) and the called ARS (Automatic Response Service) through the telephone network. The call servers are connects with the second terminal(600) to receive the authentication of the electronic service.

Description

Authentication System for Electonic Service using Telephone Network}

The present invention relates to a telephone network authentication system for electronic services, and in particular, such as Internet banking, the electronic banking is performed only for the authenticated user, or issuing various documents only to the authenticated user or accessible only to the authenticated user. The present invention relates to a telephone network authentication system for an electronic service provided to more efficiently ensure a secure and integrity authentication.

Recently, due to the rapid development of technology, accidents in various electronic services are increasing rapidly. Therefore, in order to prevent such an electronic service accident, security measures for important resources are urgently needed in a network-based communication environment including the Internet.

As such a security measure, an authentication service using a security card, a public certificate, an OTP, etc. is generally used.

However, even when using Internet banking or other electronic services based on such authentication services, due to the keyboard hacking program, memory hacking program, etc., the security through the Internet is not 100% completely blocked and is always exposed to the risk of a security accident.

Therefore, when using the electronic service, a short message service (SMS) is sent and notified to the service owner, and when the service owner does not intend, there has been an attempt to be rectified early. There was a problem of being vulnerable to absence and social engineering attacks, and the difficulty of transmitting contents that could deceive the user (provide false information) by disguising the calling party number, and the possibility of personal information leakage by providing other information to the receiver when it was wrongly transmitted.

And, in terms of stability, there is no countermeasure to compensate for the non-receipt of the service result notification, and the short message service (SMS) not only has an incorrect acknowledgment, but also has a large number of unprocessed cases when there is a lot of transmission traffic. It is required to prepare countermeasures against overload due to mass text transmission, and there is a possibility that the reception is impossible due to the limitation of the text function of the mobile phone.

In addition, there is a possibility of causing user complaints with spam information by using the text messaging function of the mobile phone, and there is a limitation of the media using only the SMS function on the mobile phone. There is a problem in that the processing cost is high and when it is not received, the reshipment and management costs are required.

In addition, the security measures through the general authentication service as described above should be registered in advance of the user's personal information has been limited in the scope of application for use other than Internet banking.

On the other hand, Internet banking through existing banks can be applied to both large and small amounts due to the strong authentication function. However, the payment gateway (PG), which has increased utilization in the near-term, was only available for small payments. Therefore, a stronger authentication means was needed.

For this purpose, an authentication means through IP tracking has been proposed, but such an authentication means through IP tracking has not been a reliable authentication means due to problems such as IP bypass.

An object of the present invention for solving the above problems is to provide a telephone network authentication system for an electronic service to increase the integrity of the electronic service and authentication more efficiently in terms of security.

Telephone network authentication system for an electronic service according to an aspect of the present invention for achieving the above object, the first terminal which is a user terminal connected to the network; A network server that interfaces with movement to an electronic service site required by the first terminal; An authentication server that performs authentication related to the electronic service via the network server; A host server connected to the authentication server to process an electronic service requested from the first terminal; And a computer and telephony integration (CTI) and ARS, which are called through a telephone network, to access the second terminal of the first terminal user who requested the electronic service according to the instruction of the authentication server to approve the electronic service. The host server includes a plurality of call servers that receive and verify the authentication result according to the approval, so that the authentication completion information according to the verification is provided to the host server to perform authentication. Characterized in that to perform the electronic service processing.

The authentication server is characterized in that by the provided call server manager to select any call server of the plurality of call servers to instruct the telephone network authentication and receive the authentication completion information.

The call server is characterized in that it is operated by any one of the financial settlement agency, the Financial Supervisory Service, the Korea Securities Computer Center, financial institutions, credit rating agencies or call server certification authority.

The call server is characterized in that the electronic service is approved by receiving at least one or more of number information, video information, and voice information input to the second terminal.

The number information may be promised by a user in advance, a one-time password (OTP) sent from a call server, a one-time password (OTP) generated by the second terminal itself, or is presented at the first terminal.

The image information may be fingerprint information, iris information, or facial shape information.

The voice information is characterized in that the user's voice information.

The authentication completion information is provided to the host server via the authentication server, or characterized in that it is provided directly to the host server.

The host server may be any one of a financial server, a public office server, a school management server, a medical information management server, an administrative information management server, a TV home shopping server, an IPTV server, a satellite DMB server, and an information communication server.

The authentication related to the electronic service is characterized in that the authentication for the electronic service itself or the authentication medium for authenticating the electronic service.

The telephone network authentication method for an electronic service according to another aspect of the present invention for achieving the above object includes a first terminal, a network server, an authentication server, a host server, a plurality of call servers, and a second terminal. A telephone network authentication method for an electronic service in a system, the method comprising: providing an electronic service request generated from a first terminal to an authentication server through a network server; Transmitting, by the authentication server, the electronic service request information to a host server, and providing preliminary service result information corresponding thereto from the host server to the first terminal; When the authentication server receives the main service request generated from the first terminal, the authentication server selecting one of a plurality of call servers and requesting telephone network authentication for the second terminal of the first terminal user; Receiving, by the selected call server, the electronic service from the second terminal and verifying an authentication result according to the approval, so that authentication completion information according to the verification is provided to the host server; And performing the electronic service process according to the authentication completion information provided by the host server.

The authentication server is characterized in that the provided call server manager checks the consistency of the plurality of call servers, and selects the call server with the best match.

The call server is characterized in that it is operated by any one of the financial settlement agency, the Financial Supervisory Service, the Korea Securities Computer Center, financial institutions, credit rating agencies or call server certification authority.

The authentication server additionally has a step of confirming the real name from the first terminal, when the real name is confirmed, the call server manager is characterized in that for selecting the call server operated by the credit rating agency.

The authentication completion information is provided to the host server via the authentication server, or characterized in that it is provided directly to the host server.

The telephone network authentication system for an electronic service according to the present invention as described above, after inputting the information required for the electronic service application, the ARS is pre-checked, authenticated, and approved by using the ARS to increase the integrity of the authentication authentication system enhanced security As a result, the existing one-way trading system, which was processed by simply inputting authentication information and then requesting approval, supplements the limitations and vulnerabilities caused by simply notifying the transaction completion status by using SMS notification service. And by limiting the responsibilities and rights of service users, it is possible to prevent the non-repudiation of transactions and to check, authenticate, and approve the occurrence of financial accidents due to hacking in advance to provide complete accident prevention.

In addition, the telephone network authentication system for the electronic service according to the present invention enables not only authentication of the 'electronic service itself', but also authentication of the 'media for authenticating the electronic service', thereby enabling enhanced security.

In addition, the telephone network authentication system for an electronic service according to the present invention solves the problem of having a unique call server for each electronic service, and makes it possible to select an optimal one according to the consistency among a plurality of call servers, thereby increasing operational efficiency. There is this.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, in describing in detail the operating principle of the preferred embodiment of the present invention, if it is determined that the detailed description of the related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

In addition, the same reference numerals are used for parts having similar functions and functions throughout the drawings.

1 is a diagram illustrating a telephone network authentication system for an electronic service according to an embodiment of the present invention.

As shown in FIG. 1, a system for performing telephone network authentication for an electronic service includes a first terminal 100, a network server 200, an authentication server 300, a host server 400, and a plurality of call servers ( 500 and the second terminal 600.

In a system having such a configuration, a network is a general term for all systems connected by wire or wirelessly capable of exchanging information, and may be the Internet or an intranet, and includes a communication network and a telephone network.

The first terminal 100 may be a user terminal connectable to a network, and may be a personal PC, a notebook computer, a PDA, an IPTV, and the like, and the network server 200 may be an electronic service site requested from the first terminal 100. It functions to interface with the transfer to bank sites that provide electronic banking, websites that use electronic transactions, credit information verification sites, government office sites that issue various certificates, and other sites that require authentication in connection with other services. do.

The authentication server 300 performs authentication related to the electronic service requested from the first terminal 100, and typically includes an internet banking server of a bank.

The host server 400 is connected to the authentication server 300 to process the electronic service requested from the first terminal 100, and may be classified as a financial server or a government server according to the type of electronic service. That is, the host server 400 may be a server, a financial institution, a health care department, or an administration that manages personal / history information such as academic information, medical information, and administrative information, or a server of a financial settlement agency or a securities computer or a financial institution related to a financial transaction. It may be a server of a government office such as a local government, and may also be an Internet shopping mall server, a TV home shopping server, an IPTV server, a satellite DMB server, or an information communication server.

The call server 500 is implemented with computer and telephony integration (CTI) authentication and ARS authentication, which are called through a telephone network, so as to correspond to the first terminal 100 user information requested for electronic service. 2 is connected to the terminal 600, the electronic service is approved, and receives an authentication result according to the approval and performs a function of verifying it.

On the other hand, the call server 500 may be independently operated in the authentication server, but for the efficiency of the operation, organizations that frequently require telephone network authentication, for example, the Korea Financial Services Agency, the Financial Supervisory Service, the Securities Computer Center, the financial institution, and the credit rating agency Alternatively, it may be desirable to use a call server 500 directly operated by a call server certification authority, and in particular, to selectively use a plurality of call servers.

To this end, the host server 400 is provided with a call server manager 350 to determine the consistency of the call server 500 in the vicinity, the call server that is optimally matched every time an electronic service request from the first terminal 100 ( Select 500) to instruct telephone network authentication.

The second terminal 600 is a terminal that is called from the call server 500 through a mobile wireless communication network (MWCN) or a public switched telephone network (PSTN), which uses the service of the present invention. The requesting user is a terminal that can be identified separately from the first terminal and possesses a phone number or other unique identification factor from the call server through the telephone network.

On the other hand, the authentication by the telephone network authentication system according to the present invention includes not only authentication of the 'electronic service itself' requested by the first terminal, but also authentication of 'the medium for authenticating the electronic service'.

The medium that authenticates electronic services is a concept that includes not only the tangible, intangible media, but also the human media that proves the identity when receiving electronic services in the network. For example, a certificate, a mobile chip, and a hardware security module (HSM: Hardware). Security module), digital signature means, personnel who can verify personal credit information, etc. Therefore, as a result of the certification of the electronic service itself, the certification of the medium that authenticates the electronic service is performed. The media itself is valid, and after that, the authentication is made through the media again, which enables enhanced security through two-step authentication and can be caused by tampering with the electronic service authentication media. Electronic service accidents can be prevented in advance.

As such, in more detail illustrating the certification of the medium for authenticating the electronic service, it is possible to receive pre-certification from the certificate holder through the telephone network whether the certificate itself is valid before authentication through the certificate in electronic transactions. It is possible to confirm from each owner whether the mobile chip itself is valid for electronic transactions through the terminal and whether the hardware security module (HSM) itself is valid for large electronic transactions. In addition, when you want to use personal credit information, you can pre-certify 'use' of personal credit information through personal contact information of the credit rating agency, and when you want to use digital signature alternatives such as PKI in CATV or CATV, etc. 'Pre-authentication' is possible, and pre-authentication can be performed to confirm the identity of the user when applying for the use of the service of the Internet service provider on the Internet.

Next, the operation of the telephone network authentication system for an electronic service having such a configuration will be described in detail.

FIG. 2 is a signal flow diagram illustrating a telephone network authentication method for an electronic service according to an embodiment of the present invention, and illustrates an example of a system operation for performing a bank financial transaction on the Internet.

Referring to FIG. 2, first, the first terminal 100 connected to the Internet accesses a website of a financial institution that wishes to trade through a network server 200, and uses the authentication server 300 as preliminary transaction information input from a user. Request a preliminary transaction (S101, S102).

Here, the network server 200 performs an interface function between the first terminal 100 and the authentication server 300, and as the same applies in the communication between the first terminal 100 and the authentication server 300, The description is omitted.

Next, when the preliminary transaction is requested from the first terminal 100, the authentication server 300 transmits the preliminary transaction request information to the host server 400 (S103), and the host server 400 transmits the preliminary transaction request information. After inquiring the deposit account number from (S104), and transmits the preliminary transaction result information including the user information corresponding to the inquired deposit account number to the authentication server 300 (S105).

The authentication server 300 transmits the preliminary transaction result information transmitted from the host server 400 to the first terminal 100 again (S106), and the main transaction request generated from the user who has confirmed this from the first terminal 100. It is provided (S107).

When the main transaction is requested from the first terminal 100, the authentication server 300 requests the first terminal 100 for authentication information for user authentication (S108), and the first terminal 100 requests authentication information input from the user. It is provided from (S109). Here, the authentication information is a password of the authentication means issued by the authentication server 300, and may be representatively a public certificate password.

And the authentication server 300 instructs the telephone network authentication through the call server, the authentication at this time may be authentication of the validity of the requested main transaction, may be authentication of the validity of the used official certificate. That is, the call server manager 350 of the authentication server 300 selects the call server 500 having the best match among the available call servers 500 and requests the telephone network authentication (S110).

The authentication server 300 notifies the host server 400 of the phone authentication request state (S111).

If the call server 500 is requested to authenticate the telephone network from the authentication server 300, the transaction to the second terminal 600 which is a telephone number separately registered on the call server side with the consent of the user corresponding to the first terminal 100, Request the approval of selection (S112).

That is, the call server 500 allows the approval, rejection or withholding of the transaction to be selected through the second terminal 600, and when the transaction is selected for approval (S113), the call server 500 performs authentication information input for user authentication (S114). ).

However, if the user of the second terminal 600 selects the hold, the call server 500 notifies the host server 400 of the authentication result failure information if the second retry count is two or more times, and if the second terminal 600 user selects the hold, Wait for a while and ask for permission again. In addition, when the second terminal 600 is determined to be in a call state, the call server 500 notifies the host server 400 of the authentication result failure information when the number of retries during the call is two or more times and is less than two times. After waiting for a certain time, it asks for approval of telephone call again.

On the other hand, the second terminal 600 received the authentication information from the call server 500 transmits the authentication information input from the user to the call server 500 (S115), the authentication information as the number information, video information, voice At least one or more of the information can be used.

That is, the call server 500 may include number information corresponding to the second terminal 600, image information such as a fingerprint, iris, and facial shape of a user, or voice of a user's voiceprint. By retaining the information and comparing it with the information input through the keypad, camera, and microphone of the second terminal 600, the authentication of the second terminal 600 is completed when the two authentication information matches.

In the financial transaction, the number information may be registered by the user at the time of the prior use contract with the service provider offline, but is sent out from the call server or is a one-time password (OTP) generated by the second terminal itself with a promise in advance. For example, the number may be linked to the call server and presented to the user by the first terminal.

On the other hand, if any word promised with the user is input through the microphone as voice information, the voice information may be compared and judged to be matched only when the accuracy of the voice text is more than a certain probability, in particular, from 1 to 9 The user's voice of each number is stored in advance, and after presenting a random random number, the voice information input to the microphone may be compared for each number to determine whether it matches.

The call server 500 transmits the authentication completion information to the authentication server 300 through the call server manager 350 when the authentication is completed (S116), and the authentication server transmits it to the host server 400 again (S117). .

From this, the host server 400 processes the main transaction (S118), and transmits the processed main transaction completion information to the authentication server 300 (S119), and the authentication server 300 transmits the transmitted main transaction completion information. The first terminal 100 or the previously registered transaction completion message transmission terminal is transmitted (S120).

3 is a diagram illustrating selection of a call server according to various electronic services requested from a first terminal.

The authentication server 300 of the present invention selects the call server 500 having the best consistency among the plurality of call servers 500 through the call server manager 350, which is a kind of program, and requests the telephone network authentication. For example, whether the call server should be selected within a closed call server group for security purposes or if any call server is irrelevant if valid, whether the call server 500 is allowed in advance, and the call server 500 It is determined comprehensively by considering various things such as whether the user has valid personal information and whether the access speed is sufficient.

As an example of an electronic service, when a first terminal accesses a bank site and requests a financial transaction, the bank holds personal information of a user in advance, and when the bank has a call server 540, the bank uses the call server 540. If this is not the case, the call server operated by the credit bureau 550 or the call server certification authority 560 or by using the call server of the KFTC 510 or 520 using the interbank payment system or Other call servers can be used, and the telephone network authentication is performed when the user applies for financial transactions.

Similarly, when accessing a securities site and requesting a securities transaction, a call operated by a credit bureau call server 530 or a credit rating agency 550 or a call server certification authority 560 using a securities integration system. You can use a server or other call server, and perform the telephone network authentication when you log in to the brokerage firm's site.

On the other hand, when requesting an electronic service by accessing public office sites such as the Ministry of Education, Health and Welfare, and the Ministry of Government Administration and Home Affairs, which manages and issues personal information / history information, if the user has personal information through membership registration, etc. When the service is automatically applied, otherwise, when the user's real name is confirmed, the telephone network authentication is requested to a call server or other call server operated by the credit rating agency 550 or the call server certification authority 560.

In addition, even when requesting an electronic service by accessing a shopping site such as Internet shopping, TV home shopping, IPTV shopping, or satellite DMB shopping, if the user's personal information is retained through membership registration, etc. If not, the telephone network authentication is requested to a call server or other call server operated by the credit rating agency 550 or the call server certification authority 560 at the time when the user's real name is confirmed.

4 is a conceptual diagram of a transaction history post notification method using an SMS method according to the prior art, and FIG. 5 is illustrated for comparison with a conceptual diagram of a telephone network authentication method for an electronic service according to an embodiment of the present invention.

As shown in FIG. 4, in the conventional Internet banking, when a request for the transfer of funds is received in a preliminary transaction by a client connected to the Internet, the server requests confirmation of the transfer history, and when the confirmation is made, the client returns to the transaction again by the client. There is a request for the execution of the money transfer, and when the transfer is completed, notification of only the transfer details is sent to the client or a picture-applied telephone number.

On the other hand, the present invention, as shown in the financial transaction in Figure 5, not only to notify the result of the transfer, payment, etc., but to approve it in advance, mobile radio in the preliminary transaction A new feature is a new step of re-validating the depositor's telephone receiver whether to notify and approve the client's transfer requirements via a telecommunication network or a general telephone switch network. The transaction is made, and the result of the transfer is sent selectively or individually to the Internet banking user or the recipient who performed the authentication.

6 is a flow chart illustrating the operation of the authentication server according to an embodiment of the present invention taking a financial transaction as an example.

Referring to FIG. 6, when the preliminary transaction is requested from the first terminal 100 (S401), the preliminary transaction corresponding to the preliminary transaction request information is transmitted to the host server 400 (S402). The result information is provided from the host server 400 (S403).

In addition, the authentication server 300 transmits the preliminary transaction result information transmitted from the host server 400 to the first terminal 100 again (S404), and transmits the main transaction request input from the user who confirmed this to the first terminal 100. It is provided from (S405).

When the main transaction is requested from the first terminal 100, the authentication server 300 requests the first terminal 100 for authentication information for user authentication (S406), and generates a verification flag (S407). The flag value is increased to '1' (S408).

Next, when the authentication server 300 is provided with the authentication information input from the user from the first terminal (100) (S409), by comparing the authentication information provided from the first terminal 100 with the previously issued authentication information ( S410), if the two authentication information is the same, and selects the call server 500 having the best match among the plurality of call server 500 to request the phone authentication (S412).

However, the authentication server 300 checks the verification flag if the two authentication information does not match (S411), and if the verification flag value is not 2 or more, the authentication information re-request for the first terminal 100 from this The above step of verifying the provided authentication information is performed (S406 to S410).

Here, when the verified flag value is 2 or more, the authentication server 300 transmits the authentication failure message to the first terminal 100 (S413) and ends all operations.

 The authentication server 300 requests a phone authentication to the call server 500 having the optimal consistency, and then notifies the host server 400 of the phone authentication request status (S414) and the notified host server 400. Receive the main transaction completion information processed from (S415), and transmits it again to the first terminal 100 or a registered transaction completion message transmission terminal (S416).

7 is a flowchart illustrating an example of a financial transaction in a call server operation according to an embodiment of the present invention.

As shown in FIG. 7, when the call server 500 receives a phone authentication request from the authentication server 300 (S501), the call server 500 is registered separately on the call server side with the consent of the user corresponding to the first terminal 100. The second terminal 600, which is a number, requests approval of the electronic transaction requested by the first terminal 100 through a communication server (not shown) connected through a mobile wireless communication network or a general telephone switching network (S502). .

When the call server 500 receives the electronic transaction approval from the second terminal 600 (S503), the call server 500 requests the second terminal 600 for authentication information for user authentication (S504), and responds to the request. The authentication information is received from the second terminal 600 (S505).

However, when the transaction suspension is transmitted from the second terminal 600 in response to the selection of the approval of the requested electronic transaction (S506), after increasing the transaction suspension value '1' (S507), the increased transaction If the value is not a preset value, for example, not more than 2 (S508), the second terminal 600 re-requests the approval selection of the electronic transaction according to the preset period (S502).

Here, when the transaction suspension is transmitted from the second terminal 600 again in response to the re-requested electronic transaction approval selection (S506), the call server 500 re-requests the increase of the transaction suspension value and the approval selection of the electronic transaction. Repeatedly, if the transaction hold value is 2 or more (S508), after transmitting the authentication failure message to the authentication server 300 or the host server 400 (S509), a series of authentication process is terminated.

In addition, the call server 500 also transmits an authentication failure message to the authentication server 300 or the host server even when the transaction rejection is received from the second terminal 600 in response to the selection of the approval of the requested electronic transaction (S510). After sending to 400 (S509), a series of authentication process is terminated.

In addition, the call server 500 may transmit an authentication failure message to the authentication server 300 or the host server even when a busy state is detected from the second terminal 600 in response to the selection of the approval of the requested electronic transaction (S511). After sending to 400 (S509), a series of authentication process is terminated.

Next, the call server 500 requests the authentication information for the second terminal 600 approved for the transaction (S512), generates a verification flag (S513), and increases the generated verification flag value by '1'. (S514).

When the call server 500 receives the authentication number from the second terminal 600 (S515), the call server 500 compares the authentication information with the authentication information held in correspondence with the second terminal 600 (S516). If the two authentication information is the same, the authentication completion information for the second terminal 600 is transmitted to the authentication server 300 or to the host server 400 (S518).

However, if the two authentication information is inconsistent, the call server 500 checks the verification flag (S517), and if the verification flag value is not 2 or more, re-request the authentication information from the second terminal 600 from this. The above step of verifying the provided authentication information is performed (S513 to S516).

Here, if the checked flag value is 2 or more, the call server 500 transmits an authentication failure message to the authentication server 300 or the host server 400 (S519), and terminates all operations.

The present invention described above is not limited to the above-described embodiments and the accompanying drawings, and it is common in the art that various substitutions, modifications, and changes can be made without departing from the technical spirit of the present invention. It will be apparent to those skilled in the art.

In particular, the Internet banking funds transfer pre-verification system by the communication network-based authentication service according to the present invention, when the verification is performed by the ARS or CTI system, transmits the result to the authentication server, and sends a notification to the client to the result and transfers the result. Although it is preferable to design whether to continue the progress of, in some cases, it is also an applicable feature of the present invention to simplify the procedure of the step by transmitting directly to the host server instead of the Internet banking server.

As an example of an electronic service, when the present invention is applied to a financial transaction on the Internet, the financial transaction itself or an authentication medium can be pre-approved through a personal terminal to secure and integrity the financial transaction.

In addition, if the present invention is applied to a task of directly reading or issuing various information on the Internet, the person or a specific approver can confirm securely and integrityly whether or not he / she is an appropriate issue application subject through prior approval through a personal terminal if necessary. have.

 As another example, when the present invention is applied to the administrative field, pre-authentication through a personal terminal is required to designate a head of household or a specific approver if necessary in the issuance of a copy of a resident registration that restricts reading or issuance for the protection of personal information. Through this, it is possible to confirm whether the applicant is qualified for the proper issuance application safely and integrity.

As another example, if the present invention is applied to the medical field, it is appropriate to apply for proper issuance through pre-certification through a personal terminal to designate a guardian or a specific approver when viewing and issuing personal information in the issuance of a hospital certificate. It can be checked safely and integrity.

As another example of electronic services, if the present invention is applied when issuing a transcript in the field of education and academia, it is necessary to designate a person or a specific approver, if necessary, through pre-authentication through a personal terminal. By verifying the integrity and issuing it with integrity, it is possible to prevent the possibility of illegal access and leakage of personal information.

As another example, when the present invention is applied to public affairs, by designating an owner or a specific approver if necessary when issuing a certified copy of the register, it is necessary to confirm whether the applicant is eligible for proper issuance through pre-certification through a personal terminal. Efficient work can be promoted through theft or illegal forgery, forgery and restriction of issuance.

As another example, when the present invention is applied to a one-way medium such as TV home shopping in a general static place, a proper payment can be made through pre-certification through a personal terminal to designate a payment right holder or a specific approval right holder when purchasing home shopping items. By verifying and approving whether or not it is a subject, it can support secure and integrity services.

As another example, when the present invention is applied to an interactive medium such as an IPTV service in a general static place, pre-authentication through a personal terminal is required to designate a settlement right holder or a specific approval right holder in the purchase of various services and items of IPTV. Through this, it is possible to support safe and integrity service by confirming whether approval is the proper payment target and approving it.

As another example, when the present invention is generally applied to interactive media such as satellite DMB service in a dynamic place, it is necessary to designate a billing authority or a specific approval authority in the purchase of various services and goods of the DMB, and then through a personal terminal. Authentication can be used to support secure and integrity services by verifying and approving whether or not it is the proper payer.

As another example, if the present invention is applied to the telecommunication service provider's subscription and use of the Euro service using various terminals and wired / wireless devices, it is a proper settlement through pre-certification through a personal terminal to designate a settlement right holder or a specific approval right holder if necessary. By verifying and approving the system, you can support secure and integrity services.

As another example, when the present invention is applied to the subscription and use of a service that is automatically converted to a fee after a period of free service after a certain period of use, a settlement authority or a specific approval authority may be designated, if necessary, through pre-authentication through a personal terminal. By confirming and approving whether the payment is made or not, the service can support secure and integrity services.

As another example, when the present invention is applied to the issuance / reissue of an accredited certificate, it is possible to restrict the theft or illegal issuance of the accredited certificate, thereby providing safety and reliability in the use of the accredited certificate as a digital signature means.

As another example, pre-authentication at the time of membership registration for the use of the service of the Internet operator can block the membership registration using illegal information such as leaked personal information or resident registration generator, thereby preventing the spread of damage caused by the leakage of personal information. Due to this, it is possible to provide service support of sound and reliable internet operators.

As another example, when the card is used, the certificate registrar is validated, and the telephone certificate for the certificate holder is added before the card is used for final approval. In the case of can also provide a service that can block illegal use.

As another example, even when PG payment is used, telephone pre-authentication is used, or by adding pre-authentication to an existing authentication payment process, illegal use can be blocked, thereby enhancing security of payment and payment service of e-commerce.

As another example, in a ubiquitous environment, when various terminal medias are converged and authenticated using only an authorized certificate in a specific medium by an illegal method, all the converged media information and personal information may be exposed to security vulnerabilities. In the use of portable Internet or cable TV, IPTV, DBM using various wireless terminal media in the ubiquitous environment, when using an electronic certificate or an accredited certificate by an internal or external input device when using various internet services or payment settlement By providing a final approval service for the use of certificates, it is possible to provide enhanced security approval services.

On the other hand, in the case of viewing or issuing a variety of information in the form of electronic financial services, electronic transactions as described above, even if the user is connected through a PKI (certificate certificate) authentication, in addition to the person or if necessary according to the present invention By allowing the approver to go through the pre-certification process through a personal terminal, two-way mutual pre-validation is possible beyond the one-way approval limit of the existing accredited certificate.

1 is a diagram illustrating a telephone network authentication system for an electronic service according to an embodiment of the present invention.

2 is a signal flow diagram illustrating a telephone network authentication method for an electronic service according to an embodiment of the present invention.

3 is a diagram illustrating a selection of a call server according to various electronic services requested from a first terminal.

Figure 4 is a conceptual diagram of a transaction history post notification method by the SMS method according to the prior art.

5 is a conceptual diagram of a telephone network authentication method for an electronic service according to an embodiment of the present invention.

6 is a flow chart showing the operation of the authentication server according to an embodiment of the present invention.

7 is a flowchart illustrating a call server operation according to an embodiment of the present invention.

* Description of the symbols for the main parts of the drawings *

100: first terminal 200: network server

300: authentication server 400: host server

500: call server 600: second terminal

Claims (15)

A first terminal which is a user terminal connected to a network; A network server that interfaces with movement to an electronic service site required by the first terminal; An authentication server that performs authentication related to the electronic service via the network server; A host server connected to the authentication server to process an electronic service requested from the first terminal; And Implemented by computer and telephony integration (CTI) and ARS, which are called through a telephone network, the second terminal of the first terminal user who requested the electronic service by the authentication server is authorized to receive the electronic service. Including a plurality of call servers for verifying the authentication result according to the approval, so that the authentication completion information according to the verification is provided to the host server to perform authentication, And the host server performs the electronic service process according to the authentication completion information provided. The method of claim 1, The authentication server is a telephone network authentication system for an electronic service, characterized in that by the provided call server manager to select any call server of the plurality of call servers to instruct the telephone network authentication and receive authentication completion information. The method of claim 2, The call server is a telephone network authentication system for an electronic service, characterized in that operated by any one of the financial settlement agency, the Financial Supervisory Service, the Securities Computer Center, financial institutions, credit rating agencies or call server certification authority. The method of claim 1, The call server is a telephone network authentication system for an electronic service, characterized in that the electronic service is approved by receiving at least one or more of number information, video information, and voice information input to the second terminal. The method of claim 4, wherein The number information is promised by the user in advance, or a one-time password (OTP) sent from the call server, or a one-time password (OTP) generated by the second terminal itself, or an electronic service characterized in that presented in the first terminal Phone network authentication system. The method of claim 4, wherein And the image information is fingerprint information, iris information, or facial shape information. The method of claim 4, wherein And the voice information is voiceprint information of the user. The method of claim 1, The authentication completion information is provided to the host server via the authentication server, telephone network authentication system for an electronic service, characterized in that provided directly to the host server. The method of claim 1, The host server may be any one of a financial server, a public office server, a school management server, a medical information management server, an administrative information management server, a TV home shopping server, an IPTV server, a satellite DMB server, and an information communication server. Telephone network authentication system. The method according to any one of claims 1 to 9, The authentication associated with the electronic service is an authentication for the electronic service itself or an authentication for a medium for authenticating the electronic service. A telephone network authentication method for an electronic service in a system including a first terminal, a network server, an authentication server, a host server, a plurality of call servers, and a second terminal, Providing an electronic service request generated from a first terminal to an authentication server through a network server; Transmitting, by the authentication server, the electronic service request information to a host server, and providing preliminary service result information corresponding thereto from the host server to the first terminal; When the authentication server receives the main service request generated from the first terminal, the authentication server selecting one of a plurality of call servers and requesting telephone network authentication for the second terminal of the first terminal user; Receiving, by the selected call server, the electronic service from the second terminal and verifying an authentication result according to the approval, so that authentication completion information according to the verification is provided to the host server; And And performing the electronic service processing according to the authentication completion information provided by the host server. The method of claim 11, The authentication server is a telephone network manager for the electronic service, characterized in that the provided call server manager checks the consistency of the plurality of call servers, and selects the optimal call server. The method of claim 12, The call server is a telephone network authentication method for an electronic service, characterized in that operated by any one of the financial settlement agency, the Financial Supervisory Service, the Securities Computer Center, financial institutions, credit rating agencies or call server certification authority. The method of claim 13, The authentication server further includes a step of confirming a real name from a first terminal, and when receiving a real name, the call server manager selects a call server operated by a credit rating agency. Way. The method of claim 11, The authentication completion information is provided to the host server via the authentication server, telephone network authentication method for an electronic service, characterized in that provided directly to the host server.

Images