KR20090036043A

KR20090036043A - Method for displaying one-time authenticate interface

Info

Publication number: KR20090036043A
Application number: KR1020070101139A
Authority: KR
Inventors: 정종필
Original assignee: 주식회사 신한은행
Priority date: 2007-10-08
Filing date: 2007-10-08
Publication date: 2009-04-13

Abstract

A method for displaying a disposable authentication interface is provided to supply a disposable authentication key to a wireless service and each kind of financial transaction, which uses a wireless communication network, by displaying a disposable authentication interface and an output region of a terminal on a wireless terminal screen after classifying those two regions. When processing wireless security authentication based on a disposable authentication key, an output region of a terminal and a disposable authentication region are outputted to a screen of a wireless terminal separately(S1220). The output region of a terminal outputs a screen of the terminal. The disposable authentication regions processes the wireless security authentication based on the disposable authentication key. A start screen of disposable authentication is outputted to a certain region in the disposable authentication region. When the disposable authentication begins on the start screen, a secret input screen is outputted on a certain region of the disposable authentication region(S1265). When a disposable authentication key is generated by authenticating a secret code, a screen which outputs a disposable authentication key is outputted on a certain region of the disposable authentication region.

Description

Method for Displaying One-time Authenticate Interface}

1 is a diagram illustrating a system configuration for processing a one-time authentication key-based wireless security authentication through a one-time authentication region output separately from a terminal-side output region according to an embodiment of the present invention.

2 is a diagram illustrating a program providing system for downloading and remotely mounting a one-time authentication program for dividing a terminal-side output area and a one-time authentication area and outputting them on a screen by a wireless terminal according to an embodiment of the present invention.

3 is a diagram illustrating a configuration of wireless terminal information having a one-time authentication program according to an embodiment of the present invention.

4 is a diagram illustrating one-time authentication management information provided to a wireless terminal according to an embodiment of the present invention.

5 is a diagram illustrating one-time authentication management information provided to a wireless terminal according to another embodiment of the present invention.

FIG. 6 is a diagram illustrating a process of downloading and remotely mounting a one-time authentication program for dividing the terminal-side output area and one-time authentication area and outputting them on a screen by a wireless terminal according to an embodiment of the present invention.

7 is a diagram illustrating a wireless terminal function configuration having a one-time authentication key based wireless security authentication processing function according to an embodiment of the present invention.

8 is a diagram illustrating outputting a one-time authentication area according to an embodiment of the present invention.

9 is a diagram illustrating outputting a one-time authentication screen (or interface) according to an embodiment of the present invention.

10 is a diagram illustrating outputting a one-time authentication screen (or interface) according to another embodiment of the present invention.

11 is a diagram illustrating a configuration of a one-time authentication key-based wireless security authentication processing system according to an embodiment of the present invention.

12 is a diagram illustrating an interface output process of generating a time synchronization-based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

13 is a diagram illustrating an interface output process of generating a time synchronization-based one-time authentication key for wireless security authentication processing according to another embodiment of the present invention.

14 is a diagram illustrating an interface output process for generating a time synchronization-based one-time authentication key for wireless security authentication processing according to another embodiment of the present invention.

15 is a diagram illustrating a process of generating a time synchronization-based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

FIG. 16 illustrates an interface output process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

FIG. 17 is a diagram illustrating an interface output process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to another embodiment of the present invention.

18 is a diagram illustrating an interface output process for generating a challenge-response based one-time authentication key for wireless security authentication processing according to another embodiment of the present invention.

19 is a diagram illustrating a process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

20 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to one embodiment of the present invention.

21 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to another embodiment of the present invention.

22 is a diagram illustrating a one-time authentication key-based wireless security authentication process according to an embodiment of the present invention.

23 is a diagram illustrating a one-time authentication key-based wireless security authentication process according to an embodiment of the present invention.

100: program providing server 105: authentication server

110: financial server 115: payment server

120: wireless web server 125: wireless server

130: network operation system 135: wireless terminal

The present invention provides a wireless terminal interface output method for outputting a terminal screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen. And dividing the terminal side output area for outputting the terminal side screen on the wireless terminal screen into a one time authentication area for processing the one time authentication key-based wireless security authentication, and outputting the terminal side output area. Outputting a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area that is divided and outputted; and when one-time authentication is started through the one-time authentication start screen (or interface), a certain area on the one-time authentication area Outputting a password input screen (or interface) to the; A one-time authentication key generation screen (or interface) for authenticating a password input through a number input screen (or interface), and outputting a one-time authentication key to a predetermined area on the one-time authentication area when the password is authenticated to generate a one-time authentication key. ) And outputting a one-time authentication key input screen (or interface) for inputting the one-time authentication key in a predetermined area on the one-time authentication area and the one-time authentication key input screen (or interface). When wireless security authentication is processed through a one-time authentication key, the present invention relates to a one-time authentication interface output method comprising the step of outputting a one-time authentication key end screen (or an interface) on a predetermined area on the one-time authentication area.

As the rapid development of information and communication technology has been applied to the financial industry, most financial transactions (or payments) and various service industries that have been conventionally face-to-face have been made online through non-face-to-face financial transactions (or payments) and online services. Developed into an industry.

As the non-face-to-face financial transactions (or payments) and online service industries are gradually activated, cases of security problems such as online anonymity and security shortcomings in communication protocols are increasing rapidly. The non-face-to-face financial transactions (or payments) and online services are based on a method of using an encryption / decryption-based security protocol to solve anonymity, compensate for shortcomings in communication protocols through real name verification.

Recently, various non-face-to-face financial transactions (or payments) and online services that have been activated online have been transferred to the wireless field using the wireless network due to the opening of the wireless network and the expansion of the wireless communication infrastructure. Most wireless terminals are not only more constrained to MMI (Man Machine Interface) than the wired terminals used online, but also have low computing power, and the communication speed of the wireless network is lower than on-line. Since the security defects are different, it includes a problem that is difficult to apply the security function applied online, the security function applied to the wireless field is to minimize the user input, and to prevent high-level encryption / decryption operation It is preferably made in the form.

On the other hand, as a means for solving the online security problem, a one-time authentication key method called a one-time password (OTP) is commercially available, so-called OTP generator for the security function of the one-time authentication key method Although a module called a wireless terminal is used recently, an example of using the wireless terminal as an OTP generator for an online security function (for example, inputting an OTP generated by a wireless terminal to an online wired terminal) has been commercialized. National policies (eg, a two-factor policy in which the OTP generator must be logically separated from the communication terminal), or security, to apply the OTP commercially available online for transactions (or payments) and wireless services. This includes problems on elements (eg, lost wireless terminals, or changes in wireless carriers, etc.).

An object of the present invention for solving the above problems is, in the interface output method of a wireless terminal for outputting a terminal screen including at least one of a desktop screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, etc. When the one-time authentication key-based wireless security authentication processing, the terminal-side output area for outputting the terminal screen on the wireless terminal screen, and processing to be divided into one-time authentication area for processing the one-time authentication key-based wireless security authentication And outputting a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area that is divided and output from the terminal side output area, and one-time authentication is started through the one-time authentication start screen (or interface). A password input screen (or printing) Face) and authenticating a password input through the password input screen (or interface), and outputting a one-time authentication key in a predetermined area on the one-time authentication area when the password is authenticated to generate a one-time authentication key. Outputting a one-time authentication key generation screen (or interface), outputting a one-time authentication key input screen (or interface) for inputting the one-time authentication key in a predetermined area on the one-time authentication area, and inputting the one-time authentication key When wireless security authentication is processed through a one-time authentication key input through a screen (or an interface), outputting a one-time authentication interface including a step of outputting a one-time authentication key end screen (or interface) in a predetermined area on the one-time authentication area. In providing a method.

In the one-time authentication interface output method according to the present invention, in the interface output method of the wireless terminal for outputting a terminal side screen including at least one of a desktop screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, etc., When the one-time authentication key-based wireless security authentication processing, the terminal side output area for outputting the terminal-side screen on the wireless terminal screen, and processing to be divided into a one-time authentication area for processing the one-time authentication key-based wireless security authentication And outputting a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area that is divided and output from the terminal side output area, and when one-time authentication is started through the one-time authentication start screen (or interface). Password input screen (also in a certain area on the one-time authentication area) Interface) and authenticating a password input through the password input screen (or interface), and outputting a one-time authentication key in a predetermined area on the one-time authentication area when the password is authenticated to generate a one-time authentication key. Outputting a one-time authentication key generation screen (or interface), outputting a one-time authentication key input screen (or interface) for inputting the one-time authentication key in a predetermined area on the one-time authentication area, and inputting the one-time authentication key When the wireless security authentication is processed through the one-time authentication key input through the screen (or interface), characterized in that it comprises a step of outputting a one-time authentication key end screen (or interface) in a predetermined area on the one-time authentication area .

The method for outputting a one-time authentication interface according to the present invention is characterized in that it comprises a step of moving a caret (Caret) between the terminal-side output area and the one-time authentication area in association with the key input means provided in the wireless terminal.

It includes a recording medium recording a program for executing the above-described one-time authentication interface output method.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify, integrate, or separate the terminology so that those skilled in the art to which the present invention pertains may clearly understand the present invention. The present invention is by no means limited thereto.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating a system configuration for processing a one-time authentication key based wireless security authentication through a one-time authentication region output separately from a terminal-side output region according to an embodiment of the present invention.

In more detail, FIG. 1 illustrates a state in which a terminal screen including at least one of a desktop, a content using screen, a web access screen, a financial transaction screen, and a payment screen is output on a screen of a wireless terminal 135 used by a customer. When the one-time authentication key-based wireless security authentication processing is required, the terminal outputting the screen of the terminal 135 (eg, the desktop screen, content use screen, web access screen, financial transaction screen, payment screen, etc.) A system for processing a side output area and a one-time authentication area for one-time authentication key-based wireless security authentication processing to be outputted after being divided into a one-time authentication area and then processing a one-time authentication key-based wireless security authentication through the one-time authentication area. As for the configuration, those of ordinary skill in the art to which the present invention pertains, reference and / or modification of this figure 1 By using the one-time authentication area outputted separately from the terminal-side output area, it is possible to infer various implementation methods for the system configuration for processing the one-time authentication key-based wireless security authentication, the present invention provides all the inferred implementation method It is made, including, and the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 1, a system for processing a one-time authentication key-based wireless security authentication through a one-time authentication region output separately from the terminal-side output region, outputs the terminal side to at least one wireless terminal 135 through a wireless communication network. A program providing server 100 for providing a one-time authentication program for dividing an area and a one-time authentication area on a screen, and accessing the program providing server 100 through a wireless communication network to the terminal output area and a one-time authentication area. After downloading the one-time authentication program to separate and output the screen on the recording medium, the desktop, content using screen, web access screen, financial transaction screen, payment screen on the wireless terminal 135 screen through the one-time authentication program Based on the one-time authentication key in a state in which the terminal screen including at least one, etc. is output in advance A terminal side output area for outputting the terminal screen (eg, a desktop screen, a content usage screen, a web access screen, a financial transaction screen, a payment screen, etc.) when the wireless security authentication process is required; After processing to separate the one-time authentication screen for the one-time authentication key-based wireless security authentication process to output the output, and generates a one-time authentication key for the one-time authentication key-based wireless security authentication through the one-time authentication area Checking the validity of the wireless terminal 135 and the one-time authentication key generated by the wireless terminal 135 to the authentication server 105 for processing the wireless security authentication based on the one-time authentication key, and the one-time authentication key At least one or more non-financial services that provide various financial transactions (or payments) or authentication-based additional services based on the validation results It characterized in that it comprises a server 125, wherein the wireless server 125 is a financial server 110 having at least one or more financial transaction functions according to the one-time authentication key-based wireless security authentication, and the one-time authentication key Payment server 115 having at least one payment function based on wireless security authentication, and wireless web server 120 having various member authentication / service authentication / terminal authentication functions according to the one-time authentication-based wireless security authentication It is preferable that it comprises at least one or more).

Here, the wireless communication network includes at least one base station, a control station for controlling the base station and at least one server (or device) for controlling and operating a wireless communication network including the base station and the control station ( 130), characterized in that made.

2 is a diagram showing a configuration of a program providing system for downloading and remotely mounting a one-time authentication program for outputting on a screen by dividing a terminal-side output area and a one-time authentication area by a wireless terminal 135 according to an embodiment of the present invention. .

More specifically, Figure 2 is a desktop, content using screen, web access screen, financial transaction on the screen of the wireless terminal 135 used by the customer through the wireless communication network in the wireless security authentication processing system for one-time authentication key-based wireless security authentication processing When a one-time authentication key-based wireless security authentication process is required in a state in which a terminal-side screen including at least one screen, a payment screen, or the like is previously outputted, the screen of the terminal 135 (eg, a background screen, Process to output the terminal side output area for outputting content usage screen, web access screen, financial transaction screen, payment screen, etc.) and one-time authentication area for outputting one-time authentication screen for wireless security authentication processing based on one-time authentication key. By doing so, the one-time authentication key-based wireless security authentication using the wireless terminal 135 to process The system configuration for downloading and remotely loading the certification program to the wireless terminal 135, and those skilled in the art to which the present invention pertains, refer to and / or modify the present Figure 2 to the wireless terminal ( It will be able to infer various implementation methods to download and remotely mount the one-time authentication program to separate the terminal-side output area and the one-time authentication area to output on the screen, 135, but the present invention includes all the inferred implementation method It is not limited by the implementation method shown in FIG.

For example, the one-time authentication program is downloaded to a wired terminal (for example, a wired terminal used by a customer or a wired terminal used by a teller employee) through a wired communication network in the program providing system, and then the wired terminal and the wireless terminal 135. It is possible to be mounted on the wireless terminal 135 through a cable communication connecting), or it is possible to manufacture so that the one-time authentication program is mounted on the wireless terminal 135 from the manufacturer of the wireless terminal 135 The present invention is characterized in that it comprises all the possible inference methods.

Hereinafter, the components on the wireless security authentication processing system for remotely installing and downloading the one-time authentication program for dividing the terminal-side output area and the one-time authentication area into the wireless terminal 135 and outputting them on the screen for convenience " Program providing server 100 ", the program providing server 100 is implemented in the form of a server (or device) provided on the wireless security authentication processing system, as shown in Figure 2, or the wireless terminal Functional component form provided in the authentication server 105 on the wireless security authentication processing system to download and remotely mount the one-time authentication program for distinguishing the terminal-side output area and the one-time authentication area and outputting it on the screen. It is possible to be implemented in, it will be apparent that the present invention is not limited thereto.

Referring to FIG. 2 according to an embodiment of the present invention, a program providing system for dividing the terminal-side output area and a one-time authentication area and outputting them on a screen is connected to the program providing server 100 through a wireless communication network. A wireless terminal 135 which downloads a one-time authentication program for dividing a terminal side output area and a one-time authentication area and outputs it on a screen, and records the recording on a recording medium, and is connected to the wireless terminal 135 through a wireless communication network. And a program providing server 100 for providing a one-time authentication program that distinguishes the terminal-side output area from the one-time authentication area and outputs it on the screen, and the one-time authentication program provided to the wireless terminal 135. Including at least one or more function configuration for the one-time authentication key-based wireless security authentication processing through It characterized in that it further comprises a certificate server 105 provided in the wireless security authentication processing system.

The wireless terminal 135 is a mobile communication terminal connected to a Code Division Multiple Access (CDMA) / Wide-CDMA (WCDMA) based mobile communication network, a wireless communication terminal connected to an HSDPA based wireless communication network, or an IEEE 802.16x based communication. And at least one or more wireless terminals 135 including at least one portable Internet terminal connected to the high-speed wireless Internet, wherein the wireless terminal 135 is provided at least by the program providing server 100. A function for outputting one or more program providing interface screens, inputting (or selecting) program request information for downloading and remotely mounting the one-time authentication program through the program providing interface screen, and transmitting the program request information to the program providing server 100. Configuration (e.g., browser program and communication functions) Preferable.

Those skilled in the art to which the present invention pertains will be able to easily infer the features of the wireless terminal 135, a detailed description thereof will be omitted for convenience.

According to an embodiment of the present invention, the wireless communication network to which the wireless terminal 135 connects may include at least one of the CDMA based mobile communication network, the HSDPA based wireless communication network, or the IEEE 802.16x based high speed wireless Internet. Do.

The wireless communication network to which the wireless terminal 135 connects includes at least one or more base stations, a control station for controlling the base station, and at least one server (or apparatus) for controlling and operating a wireless communication network including the base station and the control station. Characterized in that it comprises a network operation system (130) including.

The base station is located at an end of the wireless communication network connecting a wireless section with at least one wireless terminal 135 located in a cell (eg, frequency reach) according to a wireless communication protocol defined in the wireless communication network. As a component, it is characterized in that the network operation system 130 to control and operate the radio terminal 135 through the control station.

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the base station connects at least one radio terminal 135 with a radio section based on the CDMA / WCDMA / GSM wireless protocol stack. It is desirable to.

According to another embodiment of the present invention, when the wireless communication network is an HSDPA-based wireless communication network, the base station preferably connects a wireless section with at least one or more radio terminals 135 based on the HSDPA radio protocol stack.

According to another embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the base station includes at least one based on a wireless physical (PHY) layer and a media access control (MAC) layer of the IEEE 802.16x protocol. It is preferable to connect the wireless terminal 135 and the wireless section.

The control station controls at least one or more base stations, and is a component on a wireless communication network connecting the base station and the network operation system 130 by wired section. When the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, Preferably, the control station includes a base station controller (BSC). When the wireless communication network is an IEEE 802.16x based wireless communication network, the control station includes a packet access router (PAR). desirable.

The network operation system 130 controls at least one or more radio terminals 135 connectable to the radio communication network through at least one or more base stations in association with the control station, and at least one other radio with the radio terminal 135. A communication channel (or a call channel) is connected to a terminal 135 or a server on a communication network, and the various communication charges and additional service use charges corresponding to the communication plan subscribed to the wireless terminal 135 are calculated. .

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the network operation system 130 may include a mobile switching center (MSC) and a HLR (Mobile Switching Center) for processing circuit switching. Interworking function that provides circuit data service and / or packet data service for wireless data communication and connection with other networks in the network infrastructure for voice call and home location register (VLR). IWF), various message centers (e.g., short message center (SMC), multimedia message center (MMC), etc.) and various additional service server farms, and SGSN for processing packet exchange. (Serving GPRS Support Node), GGSN (Gateway GPRS Support Node) and RNC (Radio Network Controller) are preferably included.

According to another exemplary embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the network operation system 130 may include a home agent (HA) for mobility of IP to the wireless terminal 135, and Authentication, Authorization and Accounting (AAA) server for user authentication, Network Management Server (Network Management System), FA (Foreign Agent) interworking with the wireless network and at least one external wireless network, and the wireless terminal ( It is preferable to include a Dynamic Host Configuration Protocol (DHCP) server and DNS for allocating and registering Mobile IP (MIP).

According to the present invention, the program providing server 100 connects and manages a communication channel with the wireless terminal 135 through the wireless communication network to provide a web interface corresponding to the wireless terminal 135 and a wireless communication network. It characterized in that it comprises an interface unit 200, whereby the program providing server 100 has a function of a web server that is connected to the wireless terminal 135 and the communication via a wireless communication network.

According to an exemplary embodiment of the present invention, when the wireless terminal 135 is a mobile communication terminal to which a communication channel is connected through a CDMA / WCDMA based wireless communication network, the interface unit 200 is connected to the wireless terminal 135 and the WAP. (Wireless Markup Language) or WML (Wireless Markup Language) or the like to connect a communication channel based on (Wireless Application Protocol) or ME (Mobile Explorer) protocol (or full-browsing based wireless Internet based), and through the communication channel to the wireless terminal 135 It is preferable to perform a function of transmitting and outputting a program providing interface screen in the form of an HTML compatible document and receiving and processing program request information corresponding to the program providing interface screen from the wireless terminal 135.

According to an embodiment of the present invention, when the wireless terminal 135 is a wireless communication terminal to which a communication channel is connected through an HSDPA-based wireless communication network, the interface unit 200 is connected to the wireless terminal 135 and the HSDPA. A communication channel is connected based on a corresponding wireless protocol, a program providing interface screen in the form of an HTML-compatible document is transmitted to the wireless terminal 135 through the communication channel, and outputted, and the program is provided from the wireless terminal 135. It is preferable to perform a function of receiving and processing program request information corresponding to an interface screen.

According to another exemplary embodiment of the present invention, when the wireless terminal 135 is a wireless terminal 135 to which a communication channel is connected through an IEEE 802.16x based wireless communication network, the interface unit 200 may include the wireless terminal ( 135) and a communication channel based on a wireless protocol corresponding to the IEEE 802.16 standard, and transmits and outputs a program providing interface screen to the wireless terminal 135 through the communication channel, and outputs from the wireless terminal 135. It is preferable to perform a function of receiving and processing predetermined program request information corresponding to the program providing interface screen.

According to the present invention, the program providing server 100 when the wireless terminal 135 is connected to the program providing server 100 through the interface unit 200, in conjunction with the interface unit 200, the wireless terminal And an interface providing unit 205 for generating (or extracting) a program providing interface screen for inputting (or selecting) and transmitting program request information at 135.

The interface providing unit 205 is provided in the wireless terminal 135 when the wireless terminal 135 is connected to the program providing server 100 (or a one-time authentication program providing request) through the interface unit 200. A program providing interface screen for inputting (or selecting) program request information corresponding to a function configuration (for example, a browser program provided in the wireless terminal 135) and transmitting the program request information to the program providing server 100 through the wireless communication network. Or generating from the database (not shown) and providing the generated (or extracted) program providing interface screen to the wireless terminal 135 through the wireless communication network in association with the interface unit 200. It features.

Thereafter, the wireless terminal 135 inputs (or selects) program request information based on the program providing interface screen, and transmits the input (or selected) program request information to the program providing server 100 through the wireless communication network. To send).

Here, the program request information is customer information requesting to provide the one-time authentication program to the wireless terminal 135 (for example, customer member information including member ID information and password information of the customer, or the name of the customer, Customer personal information including at least one of a social security number, an address, a contact number, etc.) and operating system (or platform) information provided in the wireless terminal 135 on which the one-time authentication program is mounted. , At least one mobile identification number (MIN), a serial number (Electronic Serial Number; ESN), USIM (Universal Subscriber Identity Module) information) and at least one or more carrier information and terminal model information. ) Information is preferably included.

According to the present invention, the program providing server 100 is a program D / B (225) for storing at least one or more program source or program file corresponding to the one-time authentication program to be provided to the wireless terminal 135, and the wireless When the program request information is received from the terminal 135, the single-use authentication program corresponding to the program request information is extracted or dynamically generated from the program D / B 225, and the wireless terminal is connected through the interface unit 200. Characterized in that it comprises a program providing unit 210 provided to (135).

According to one embodiment of the invention, the program D / B 225 is characterized in that for storing a one-time authentication program file that can operate in the operating system (or terminal platform) provided in the wireless terminal 135, When the program request information is received from the wireless terminal 135, the program providing unit 210 extracts a one-time authentication program file matching the program request information from the program D / B 225. do.

According to another exemplary embodiment of the present invention, the program D / B 225 stores a one-time authentication program source capable of operating in an operating system (or terminal platform) provided in the wireless terminal 135. When the program request information is received from the wireless terminal 135, the program provider 210 extracts a one-time authentication program source matching the program request information from the program D / B 225, and Compile the extracted one-time authentication program source (Compile), characterized in that for dynamically generating a one-time authentication program to be provided to the wireless terminal (135).

Thereafter, the program providing unit 210 provides the extracted (or dynamically generated) one-time authentication program through the wireless communication network to the wireless terminal 135 through the interface unit 200 and remotely mounts the present invention. Those skilled in the art will be familiar with the method of remotely mounting the one-time authentication program (for example, the method of remotely mounting the wireless terminal 135 by attaching a program provider certificate). Detailed description thereof will be omitted for convenience.

The one-time authentication program provided to the wireless terminal 135 by the program providing unit 210 is a terminal side for outputting the terminal-side screen on the wireless terminal 135 screen during the one-time authentication-based wireless security authentication process. A function of processing the output to be divided into a one-time authentication area for processing the wireless security authentication based on the one-time authentication key; and a one-time authentication start screen in a predetermined area on the one-time authentication area divided and outputted from the terminal-side output area (Or an interface) and a function of outputting a password input screen (or interface) to a predetermined area on the one-time authentication area when one-time authentication is started through the one-time authentication start screen (or interface); Authenticate the password entered through the password input screen (or interface), the password Is authenticated and a one-time authentication key is generated, a function of outputting a one-time authentication key generation screen (or interface) that outputs a one-time authentication key to a certain area on the one-time authentication area, and the one-time authentication to a certain area on the one-time authentication area. When wireless security authentication is processed through a function of outputting a one-time authentication key input screen (or interface) for inputting a key and a one-time authentication key input through the one-time authentication key input screen (or interface), And a function of outputting a one-time authentication key end screen (or an interface) in a predetermined area, and between the terminal-side output area and the one-time authentication area in association with a key input means provided in the wireless terminal 135. Characterized in that it further comprises a function to move the caret (Caret).

When the one-time authentication program is downloaded and remotely mounted to the wireless terminal 135 through the program providing unit 210, the wireless terminal 135 first executes the one-time authentication program to validate the one-time authentication program. Initiate the program diagnostic mode for authenticating, for this purpose, the program providing server 100 is connected to the one-time authentication program provided in the wireless terminal 135 to diagnose the validity of the one-time authentication program ( 215) characterized by comprising.

According to an exemplary embodiment of the present invention, the program diagnostic mode generates and transmits a one-time authentication key according to a one-time authentication key-based wireless security authentication procedure in the one-time authentication program provided in the wireless terminal 135, and the one-time authentication. It is desirable to include verifying that the key is valid.

Here, the one-time authentication key-based wireless security authentication, it is preferable that at least one or more of the one-time authentication key generation method of the time-sync (Challenge-Response) method (Time-Synchoronous).

According to the present invention, the program providing server 100 is downloaded to the wireless terminal 135 and the one-time authentication management information corresponding to the remote-mounted one-time authentication program and the one-time authentication program to request the wireless terminal 135 Characterized in that it comprises the information storage unit 220 for storing the information stored in the one-time authentication management D / B 230 by linking the customer information and the wireless terminal 135 information requested to be mounted on.

According to an embodiment of the present invention, the information storage unit 220 is downloaded to the wireless terminal 135, the remote-use one-time authentication when the validity of the one-time authentication program is confirmed as a result of the diagnosis of the diagnosis unit 215 Preferably, the management information, the customer information corresponding to the customer who has transmitted the program request information, and the wireless terminal 135 information are cooperatively processed and stored in a cooperative process with a predetermined one-time authentication management D / B 230. The one-time authentication management information, the customer information and the wireless terminal 135 information stored in the one-time authentication management D / B 230 is used for the one-time authentication key-based wireless security authentication processing in a wireless security authentication processing system do.

3 is a diagram showing the configuration of the information of the wireless terminal 135 having a one-time authentication program according to the embodiment of the present invention.

In more detail, FIG. 3 illustrates that when the wireless terminal 135 illustrated in the program providing system illustrated in FIG. 2 is a mobile communication terminal, the wireless terminal 135 is processed in connection with the one-time authentication management information for the one-time authentication-based wireless security authentication processing. Regarding the configuration of the wireless terminal 135 information provided in the one-time authentication management D / B 230, those of ordinary skill in the art to which the present invention pertains, refer to and / or modified the present figure 3 for the disposable Various implementation methods for the configuration of the information of the wireless terminal 135 having the authentication program may be inferred, but the present invention includes all the implementation methods inferred above, and the technical description is given only by the implementation method shown in FIG. Features are not limited.

For example, those skilled in the art to which the present invention pertains may refer to, and / or modify, the wireless terminal 135 in addition to the mobile communication terminal by referring to and / or modifying the drawing 3, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the configuration of the one-time authentication management information stored in the one-time authentication management D / B 230, and also omitted for convenience in the configuration of the wireless terminal 135 shown in FIG. Inferred information items will be inferred, and it will be apparent that the present invention includes all such inferred methods of implementation.

Referring to FIG. 3, the wireless terminal information includes at least one wireless terminal 135 of a telephone number (MIN), a serial number (ESN), and USIM information (USIM) of the wireless terminal 135 on which the one-time authentication program is mounted. And unique information, and may further include platform information about the wireless terminal 135, carrier information, and terminal model information.

4 is a diagram illustrating one-time authentication management information provided to a wireless terminal 135 according to an embodiment of the present invention.

In more detail, FIG. 4 shows a wireless terminal 135 shown in the program providing system shown in FIG. 2 as a mobile communication terminal, and uses a one-time authentication key in a time-synchoronous manner with the wireless terminal 135. When providing and mounting a one-time authentication program to generate, showing the configuration of the one-time authentication management information stored in the one-time authentication management D / B 230 shown in the program providing system shown in Figure 2, this invention belongs Those skilled in the art will be able to infer various implementation methods for constructing the one-time authentication management information provided to the wireless terminal 135 by referring to and / or modifying the present invention. It is made to include all the implementation methods inferred, the technical features are not limited only to the implementation method shown in FIG.

For example, those skilled in the art to which the present invention pertains may refer to, and / or modify, the wireless terminal 135 in addition to the mobile communication terminal HSDPA based wireless communication terminal, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the one-time authentication management information configuration stored in the one-time authentication management D / B 230, and also the information omitted for convenience in the one-time authentication management information configuration shown in FIG. It will be apparent that the items will be inferred and the present invention includes all such inferred methods of implementation.

According to the present invention, the one-time authentication program mounted on the wireless terminal 135 through the program providing system shown in FIG. 2 is mounted on the wireless terminal 135 owned by the customer to generate a one-time authentication key. By doing so, the one-time authentication program is characterized in that it comprises a program code that can be driven or operated in the customer wireless terminal 135 platform. For example, if the wireless terminal 135 is equipped with a WIPI (Wireless Internet Platform for Interoperability) platform, the one-time authentication program comprises a program code that operates on a WIPI basis, and other platforms (eg, GVM / SK- If VM / BREW is installed), it includes program code that runs on the platform.

In FIG. 4, the one-time authentication program is provided in the program D / B 225 shown in FIG. 2 in the form of a precompiled program, or the program shown in FIG. 2 in the form of source code to be compiled. It is characterized in that stored in the D / B (225).

When the one-time authentication program is provided in the program D / B 225 in the form of a precompiled program according to an embodiment of the present invention, the wireless terminal 135 through the wireless communication network in the program providing server 100 At the time of providing and mounting the one-time authentication program, at least one or more one-time authentication key generation information corresponding to the one-time authentication program (for example, a secret key value corresponding to a randomly generated number in the program providing server 100) ) Together with the wireless terminal 135 to be stored in a storage device (eg, a memory unit of the wireless terminal 135, or a chip memory unit provided in an IC chip mounted or detached from the wireless terminal 135). It is preferable to process, and when the one-time authentication program mounted on the wireless terminal 135 generates a one-time authentication key, the disposable in Program, it is preferable to extract at least one one-time authentication key generation information from the storage device, and generating a one-time authentication key to the one-time authentication key generation information group in half.

According to another embodiment of the present invention, when the one-time authentication program is stored in the program D / B 225 in the form of source code to be compiled, the program providing server 100 transmits the wireless terminal 135 to the wireless terminal 135. At the time of providing the one-time authentication program, the one-time use of at least one or more one-time authentication key generation information corresponding to the one-time authentication program (for example, a secret key value corresponding to a number randomly generated by the program providing server 100) It is assigned to the one-time authentication key generation information variable included in the authentication program source code, and the one-time authentication program is compiled by compiling the one-time authentication program source code in which at least one or more one-time authentication key generation information is assigned to the one-time authentication key generation information variable. A one-time authentication program generated dynamically as described above. Preferably, a RAM is provided to the wireless terminal 135 through a wireless communication network and mounted thereon. Then, when the one-time authentication program mounted on the wireless terminal 135 generates a one-time authentication key, the one-time authentication program is It is preferable to generate a one-time authentication key based on the one-time authentication key generation information substituted in the one-time authentication program internal variable.

According to another exemplary embodiment of the present invention, even when at least one or more one-time authentication key generation information is substituted into the one-time authentication program as described above, the dynamically generated one-time authentication program to the wireless terminal 135 according to the intention of the person skilled in the art. At the time of providing the device, at least one or more other disposable authentication key generation information is provided together with the wireless terminal 135 to be stored in a storage device, and then the one-time authentication program mounted on the wireless terminal 135 is stored. At the time of generating the one-time authentication key, it is possible to generate a one-time authentication key by using both the one-time authentication key generation information provided in the one-time authentication program and the one-time authentication key generation information provided in the storage device, The present invention is not limited by this.

Referring to FIG. 4, the one-time authentication management information provided to the wireless terminal 135 through the program providing system shown in FIG. 2 is an operating system (or platform) for the wireless terminal 135 on which the one-time authentication program is mounted. Information), a version of the one-time authentication program, an authentication key generation algorithm, at least one or more one-time authentication key generation information, or a one-time authentication key update period. It may be further included, but the present invention is not limited by the information item.

The operating system (or platform) information included in the one-time authentication management information includes a type of operating system (or platform) included in the wireless terminal 135 equipped with the one-time authentication program through the program providing system shown in FIG. Preferably, the operating system (or platform) information is used to identify an operating system (or platform) of the one-time authentication program to be provided to the wireless terminal 135 when the one-time authentication program is upgraded.

The version included in the one-time authentication management information includes version information of the one-time authentication program for each platform to be provided to the wireless terminal 135.

According to the embodiment of the present invention, even if the same type of one-time authentication program (for example, one-time authentication program operating on the same platform), the type or version of the authentication key generation algorithm applied according to the version of the one-time authentication program may be different. As a result, since the one-time authentication key generated by the one-time authentication program will also vary, the version information provides information for accurately determining the one-time authentication program mounted on the wireless terminal 135. It is possible to minimize the one-time authentication key authentication error that may occur in the process of authenticating the one-time authentication key generated in the wireless terminal 135 by the version information of the one-time authentication key agent program.

The authentication key generation algorithm included in the one-time authentication management information includes hashing algorithm information applied to the one-time authentication program or detailed attribute information of the hashing algorithm. Currently, the most commonly used hashing algorithms for generating authentication keys are MD4, MD5, SHA, and the like, and a hashing algorithm modified from the hashing algorithm according to an application field (for example, SHA-1 hashing algorithm modified from SHA). This is being used.

The one-time authentication key generation information included in the one-time authentication management information is information for generating a one-time authentication key of the time synchronization method, referring to FIG. 4, the one-time authentication key generation information is a time when the one-time authentication key is generated ( Or time) as first generation information, and is unique to the wireless terminal 135 on which the secret key value corresponding to the value randomly generated by the program providing server 100 or the one-time authentication program is mounted according to the implementation method. It is preferable to use the given MIN / ESN as the second generation information or the third generation information.

Referring to an embodiment of the present invention, when the one-time authentication program uses the MIN / ESN of the wireless terminal 135 as the one-time authentication key generation information for generating the one-time authentication key, the MIN / ESN is a one-time authentication as it is. The MIN / ESN may be used as key generation information, and the MIN / ESN has an excessively large value to prevent the one-time authentication program from overflowing in the process of generating the one-time authentication key. It is possible to convert the data to a value within a certain size by applying a hash function to the device, which is determined by the intention of a person skilled in the art or the computing power of the wireless platform.

The one-time authentication key update period of the one-time authentication management information is a time interval in which the one-time authentication key generated by the one-time authentication program is volatilized and invalidated in time when the authentication key generation algorithm follows the time synchronization scheme. If it is difficult to transmit the time (or time) information when the one-time authentication key is generated with the one-time authentication key in the process of transmitting the one-time authentication key to the authentication server 105 in step (135), the wireless terminal ( It is used to synchronize the one-time authentication key generation time (or time) information between the 135 and the authentication server 105 for a predetermined time. That is, the one-time authentication key generated by the one-time authentication program is transmitted to the authentication server 105 within the one-time authentication key update period, the authentication server 105 is a one-time authentication key authentication code corresponding to the one-time authentication key Should be created. That is, after the one-time authentication key is generated in the one-time authentication program provided in the wireless terminal 135, when the one-time authentication key authentication code is generated within the one-time authentication key update period in the authentication server 105, the one-time authentication The validity of the key is authenticated. Therefore, the one-time authentication key update period is a time required to provide the one-time authentication key generated in the wireless terminal 135 to the wireless terminal 135, and to transmit the one-time authentication key to the authentication server 105 It is preferable to consider the time required and the time required to generate a one-time authentication key authentication code in the authentication server 105, and the like.

According to another exemplary embodiment of the present invention, the authentication key generation algorithm follows a time synchronization scheme and transmits time (or time) information on which the one-time authentication key is generated in the one-time authentication program to the authentication server 105. If it is easy, the one-time authentication key renewal cycle may be omitted, or may be set at very short time intervals.

5 is a diagram illustrating one-time authentication management information provided to the wireless terminal 135 according to another embodiment of the present invention.

In more detail, Figure 5 is a wireless terminal 135 shown in the program providing system shown in Figure 2 is a mobile communication terminal, a one-time authentication key in the challenge-response (Challenge-Response) method to the wireless terminal 135 When providing and equipped with a one-time authentication program for generating a, showing the configuration of the one-time authentication management information stored in the one-time authentication management D / B 230 shown in the program providing system shown in Figure 2, the present invention Those skilled in the art can infer various implementation methods for constructing one-time authentication management information provided to the wireless terminal 135 by referring to and / or modifying the present invention. Is made including all the inferred implementation method, the technical features are not limited only to the implementation method shown in FIG.

For example, those of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 5 so that the wireless terminal 135 is an HSDPA based wireless communication terminal in addition to the mobile communication terminal, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the one-time authentication management information configuration stored in the one-time authentication management D / B 230, and also omitted for convenience in the one-time authentication management information configuration shown in FIG. Information items may be inferred, and it is apparent that the present invention includes all such inferred methods of implementation.

In FIG. 5, the one-time authentication program is provided in the program D / B 225 shown in FIG. 2 in the form of a precompiled program, or the program shown in FIG. 2 in the form of source code to be compiled. It is characterized in that stored in the D / B (225).

According to an embodiment of the present invention, the one-time authentication program is provided in the program D / B 225 in the form of a pre-compiled program, and the one-time authentication program is for generating the one-time authentication key from the authentication server 105. And a challenge value as one-time authentication key generation information, wherein the program providing server 100 provides the one-time authentication program to the customer wireless terminal 135 via a wireless communication network and mounts the challenge value thereafter. At the time when the one-time authentication program mounted on the wireless terminal 135 generates the one-time authentication key, the one-time authentication program may generate the one-time authentication key based on the challenge value received from the authentication server 105. Do.

According to another embodiment of the present invention, when the one-time authentication program is provided in the program D / B 225 in the form of a precompiled program, the wireless terminal 135 through the wireless communication network in the program providing server 100. At the time when the one-time authentication program is provided and mounted, at least one one-time authentication key generation information corresponding to the one-time authentication program (eg, a secret key corresponding to a random number generated by the program providing server 100) Value) together with the wireless terminal 135 and stored in a storage device (for example, a memory unit of the wireless terminal 135, or a chip memory unit provided in the IC chip mounted or detached from the wireless terminal 135). Preferably, when the one-time authentication program mounted on the wireless terminal 135 generates a one-time authentication key, the one-time authentication program To extract one or more one-time authentication key generation information from the challenge value and the storage device is received from the authentication server 105, and generates a one-time authentication key based on the one-time authentication key generation information are preferred.

According to another embodiment of the present invention, when the one-time authentication program is stored in the one-time authentication management D / B 230 in the form of source code to be compiled, the wireless terminal 135 in the program providing server 100. At the time of providing the one-time authentication program with a), at least one or more one-time authentication key generation information corresponding to the one-time authentication program (for example, a secret key value corresponding to a number randomly generated by the program providing server 100) Is substituted into the one-time authentication key generation information variable included in the one-time authentication program source code, and the one-time authentication program source code in which at least one or more one-time authentication key generation information is substituted into the one-time authentication key generation information variable Create a one-time authentication program, dynamically generated one-time as described above It is preferable to provide an authentication program to the wireless terminal 135 through a wireless communication network, and to mount the authentication program. At this time, the one-time authentication program mounted on the wireless terminal 135 generates a one-time authentication key. It is preferable to generate a one-time authentication key based on the challenge value received from the authentication server 105 and the one-time authentication key generation information substituted in the one-time authentication program internal variable.

According to another exemplary embodiment of the present invention, even when at least one or more one-time authentication key generation information is substituted into the one-time authentication program as described above, the dynamically generated one-time authentication program to the wireless terminal 135 according to the intention of the person skilled in the art. At the time of providing and mounting, at least one or more other disposable authentication key generation information is provided together with the wireless terminal 135 and stored in a storage device, and the one-time authentication program mounted on the wireless terminal 135 is a one-time authentication. At the time of generating the key, the one-time authentication program is a challenge value received from the authentication server 105, the one-time authentication key generation information provided in the one-time authentication program and the one-time authentication key generation information provided in the storage device It is possible to generate a one-time authentication key, etc., whereby the present invention It does not specified.

Referring to FIG. 5, the one-time authentication management information provided to the wireless terminal 135 through the program providing system illustrated in FIG. 2 is an operating system (or platform) for the wireless terminal 135 on which the one-time authentication program is mounted. Information, a version of the one-time authentication program, an authentication key generation algorithm, and at least one or more one-time authentication key generation information, which may further include at least one or more information items according to the intention of a person skilled in the art. The present invention is in no way limited by the terms.

The operating system (or platform) information included in the one-time authentication management information includes a type of operating system (or platform) included in the wireless terminal 135 equipped with the one-time authentication program through the program providing system shown in FIG. Preferably, the operating system (or platform) information is used to identify the operating system (or platform) of the one-time authentication program to be provided to the wireless terminal 135 at the time of upgrading the one-time authentication program.

The authentication key generation algorithm included in the one-time authentication management information includes hashing algorithm information applied to the one-time authentication program or detailed attribute information of the hashing algorithm. Currently, the most commonly used hashing algorithms for generating authentication keys are MD4, MD5, SHA, and the like, and a hashing algorithm modified from the hashing algorithm according to an application field (for example, SHA-1 hashing algorithm modified from SHA). Is being used.

The one-time authentication key generation information included in the one-time authentication management information is information for generating a one-time authentication key of the time synchronization method, referring to FIG. 5, the one-time authentication key generation information is provided in the wireless terminal 135. At the time when the one-time authentication program generates the one-time authentication key, the challenge value provided to the wireless terminal 135 through the authentication server 105 is used as first generation information. The program providing server 100 Secret key value corresponding to the randomly generated value) or MIN / ESN uniquely assigned to the wireless terminal 135 on which the one-time authentication program is mounted, is used as the second generation information or the third generation information. Do.

According to the exemplary embodiment of the present invention, the challenge value is an arbitrary value randomly generated by the authentication server 105 at the time when the one-time authentication program included in the wireless terminal 135 generates the one-time authentication key. The challenge server 105 transmits the challenge to the wireless terminal 135 until a one-time authentication key (for example, a response corresponding to the challenge) generated based on the challenge value is received from the wireless terminal 135. It is preferable to maintain a value, and when the one-time authentication key is received, it is preferable to generate the one-time authentication key authentication code based on the challenge value to authenticate the received one-time authentication key.

6 is a diagram illustrating a process of downloading and remotely mounting a one-time authentication program for dividing the terminal-side output area and one-time authentication area into a wireless terminal 135 and outputting them on a screen.

In more detail, FIG. 6 illustrates a process of dividing the terminal-side output area and the one-time authentication area from the program providing server 100 to the wireless terminal 135 through the program providing system shown in FIG. As a process of downloading a one-time authentication program and remotely mounting it, a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify the drawing 6 and the terminal to the wireless terminal 135. Although it is possible to infer various implementation methods of downloading and remotely mounting the one-time authentication program that separates the side output area and the one-time authentication area and outputs it on the screen, the present invention includes all the inferred implementation methods, and FIG. 6 It is not limited by the implementation method shown in FIG.

Hereinafter, in FIG. 6, the wireless terminal 135 illustrated in FIG. 2 is referred to as a “terminal” for convenience, and the program providing server 100 illustrated in FIG. 2 is referred to as a “server” for convenience.

Referring to FIG. 6, the terminal accesses the server through a wireless communication network, requests the server to download and remotely mount a one-time authentication program that distinguishes the terminal-side output area and the one-time authentication area and outputs it on the screen. In response, the server extracts (or generates) a program providing interface screen for providing the one-time authentication program to the wireless terminal 135 and provides the terminal to the terminal (605).

Thereafter, the terminal inputs (or selects) program request information through the program providing interface screen (610), and transmits the input (or selected) program request information to the server through the wireless communication network (615). In response, the server extracts (or dynamically generates) a one-time authentication program matching the program request information from the program D / B 225 (620), and extracts (or dynamically generates) the one-time authentication program. It is provided to the terminal via the wireless communication network to be mounted remotely (625).

If the one-time authentication program is remotely mounted to the terminal (630), the terminal executes the one-time authentication program to initiate a diagnostic mode for the one-time authentication program (635), and the terminal correspondingly the one-time authentication Generate a validity diagnostic information through a program and transmit it to the server through the wireless communication network (640), the server receives and read the received validity diagnostic information to confirm the validity of the one-time authentication program (645)

According to an embodiment of the present invention, if the diagnostic mode for the one-time authentication program is generated and transmitted according to the one-time authentication key-based wireless security authentication procedure in the one-time authentication program provided in the wireless terminal 135, It is preferable that the one-time authentication key comprises a check that is valid.

If the validity of the one-time authentication program is not confirmed (650), the server generates program diagnostic error information and transmits the terminal to the terminal through the wireless communication network (655), and then the program providing interface screen to the terminal. And receiving program request information, and extracting (or dynamically generating) a one-time authentication program corresponding to the received program request information and remotely mounting the terminal to the terminal.

On the other hand, if the validity of the one-time authentication program is confirmed (650), the server is a one-time authentication management information corresponding to the one-time authentication program mounted on the terminal, and the customer information and wireless corresponding to the customer who transmitted the program request information Process the terminal 135 in association with the information stored in the one-time authentication management D / B 230 (660), and then the one-time authentication management information and customer information stored in the one-time authentication management D / B 230 and the wireless terminal ( 135) The information may be used for the one-time authentication key-based wireless security authentication processing in a wireless security authentication processing system.

7 is a diagram illustrating a function of a wireless terminal 799 having a one-time authentication key-based wireless security authentication processing function according to an embodiment of the present invention.

In more detail, in FIG. 7, when the wireless terminal 799 illustrated in the program providing system illustrated in FIG. 2 is a mobile communication terminal, the desktop, content use screen, and web connection are displayed on a wireless terminal 799 screen used by a customer. If a one-time authentication key-based wireless security authentication process is required in a state in which a terminal-side screen including at least one screen, a financial transaction screen, a payment screen, and the like is previously outputted, the wireless terminal 799 screen is displayed on the terminal-side screen (eg, , Desktop, content usage screen, web access screen, financial transaction screen, payment screen, etc.) and the one-time authentication area that outputs a one-time authentication screen for wireless security authentication processing based on one-time authentication key. By processing the output so that, the one-time authentication program to process the one-time authentication key-based wireless security authentication using the wireless terminal (799) Figure 7 illustrates a wireless terminal 799 function configuration having a gram, and a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify the drawing 7 to process the one-time authentication key based wireless security authentication. Various implementation methods for the functional configuration of the wireless terminal 799 having a function may be inferred, but the present invention includes all the implementation methods inferred from the above, and the technical features only by the implementation method shown in FIG. This is not limited.

For example, those of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 3 so that the wireless terminal 799 is an HSDPA based wireless communication terminal in addition to the mobile communication terminal, or IEEE 802.16.x. In the case of a portable Internet terminal, it is possible to infer the configuration of a wireless terminal 799 function having the one-time authentication key-based wireless security authentication processing function, and the present invention is apparent that the present invention includes all possible inference methods. It is a bar.

The wireless terminal 799 for providing a mobile communication service according to an embodiment of the present invention, in terms of hardware, an external body, a speaker, a microphone, a keypad, a liquid crystal display (LCD), an antenna and a battery ( 790), and internally, a predetermined modem chip (e.g., US Qualcomm) having functions such as a code division multiple access (CDMA) modem, a central processing unit / micro processing unit (CPU / MPU), a vocoder, etc. (Qualcomm's MSM series modem chip), a variety of memory elements, a duplexer filter that separates transmission and reception signals from one antenna, a power amplifier that amplifies a transmission signal, a high power amplifier (HPA), and a high output transmission signal. On the other hand, the isolator prevents the return phenomenon, the RF / IF SAW filter to remove the unwanted out-of-band unwanted signal, the frequency up circuit of the transmission path, and the frequency down the reception path. Including a circuit circuit, a Voltage Controlled Temperature Compensated X-tal Oscillator (VCTCXO) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal for frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal. The internal components are gradually integrated in the modem chip, and the modem chip provides various multimedia services and / or additional services in addition to the core components for the mobile communication service. Various functions are being integrated together.

Referring to FIG. 7, the wireless terminal 799 having the one-time authentication key-based wireless security authentication processing function structurally outputs a control unit 700 corresponding to the modem chip and a liquid crystal display (LCD). Section 755, a sound processing section 760 corresponding to a microphone / speaker, a key input section 763 corresponding to a keypad, a wireless processing section 797 corresponding to an antenna and various RF modules, and a nonvolatile memory. The memory unit 793 and a battery 790 for supplying a predetermined power are provided.

In addition, the wireless terminal 799 is an IC chip 770 mounted on or detached from the wireless terminal 799 to provide various financial (or payment) services and / or various additional services corresponding thereto (eg, USIM ( Universal Subscriber Identity Module or financial IC chip 770) and an IC chip reader 765 for reading / writing at least one or more information (or data) on the IC chip 770. Do.

In addition, the wireless terminal 799 further includes a camera unit (not shown) that reads predetermined image information to provide various multimedia services and / or various additional services corresponding thereto, and / or a predetermined short range device. And a near field communication unit (not shown) for connecting a near field communication channel with each other.

The control unit 700 includes a processor and an execution memory including a CPU / MPU provided in the modem chip in hardware, and provides a predetermined program routine for providing a function specific to the radio terminal 799 from a predetermined memory device. (Routine) and / or a bus (BUS) for inputting and outputting program data and a predetermined electronic circuit (or integrated circuit) provided for this, characterized in that the memory unit 793 and / in software Or a generic term for program routines and / or program data loaded from the memory device (or chipset) into the execution memory and processed by the processor to perform a specific function (hence, the one-time authentication key based wireless security authentication processing function). For convenience, a predetermined program routine recorded on the recording medium of the wireless terminal 799 may be stored in the control unit 700 for convenience. The program routine included in the controller 700 is basically an operating system routine (not shown) and at least one system management routine (eg, a power management routine, a channel (forward / reverse) management). Routine, handoff routine, etc.), and various functional configurations intended to be implemented in the wireless terminal 799 by the control unit 700 are realized.

According to the exemplary embodiment of the present invention, after power is supplied to the wireless terminal 799, the operating system routine (not shown), at least one system management routine (not shown), and various system variables corresponding thereto are stored in the controller ( By loading into the execution memory included in the 700 and arithmetic processing by the processor, the wireless terminal 799 converts the system setting detailed state, the pilot channel acquisition detailed state, the sync channel acquisition detailed state, and the timing change according to a predetermined booting procedure. The operation mode corresponding to the "mobile station initialization state" including the detailed state is set.

After performing the booting procedure, the operating system routine (not shown), one or more system management routines (not shown), and various system variables corresponding thereto are loaded into the execution memory included in the controller 700 and loaded into the processor. By the arithmetic processing, the radio terminal 799 is set to an operation mode corresponding to a "mobile station call waiting state", "system access state", "call channel state", etc., thereby enabling mobile communication-based radio connection and call processing ( Call Processing) procedure.

The screen output unit 755 is a function configuration unit for confirming operation of each operation mode of the wireless terminal 799 and a corresponding operation state, and at least one including an LCD provided in the wireless terminal 799. A screen output device and a driver for driving the screen output device, and output at least one key data input through the key input unit 763 in association with the control unit 700, and / Or outputs a menu screen, a function processing screen, and a function processing result screen corresponding to at least one or more functions (or programs) included in the wireless terminal 799, and / or provided in the wireless terminal 799 (or At least one content (eg, text content, image content, multimedia content) to be downloaded is output.

According to the exemplary embodiment of the present invention, the screen output unit 755 performs functions of screen output means for outputting various function processing screens and function processing result screens corresponding to the one-time authentication key-based wireless security authentication processing functions. It is preferable.

The sound processor 760 is a functional component that processes input and output of sound in each operation mode of the wireless terminal 799. The sound processor 760 decodes at least one or more encoded sound data and is provided in the wireless terminal 799. And a vocoder and a codec for encoding and encoding a sound signal inputted through a microphone provided in the wireless terminal 799 and / or the microphone provided in the wireless terminal 799. .

According to an exemplary embodiment of the present invention, the sound processor 760 may include a sound corresponding to a predetermined ring back tone through the speaker in an operation mode corresponding to the “system access state” among the operation modes of the wireless terminal 799. It is preferable to decode and output data, and / or to encode and input a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state", or to decode and output a predetermined voice signal through a speaker. .

In addition, the sound processor 760 may play at least one sound content and / or multimedia content provided (or downloaded) by the wireless terminal 799 in at least one operation mode including the "mobile station call waiting state." In this case, it is preferable to decode and output sound data corresponding to the reproduced content.

According to the exemplary embodiment of the present invention, the sound processor 760 preferably performs a function of sound output means for decoding and outputting sound data corresponding to the one-time authentication key-based wireless security authentication processing function.

The key input unit 763 includes a predetermined key having at least one key button including a predetermined number key and / or a character key and / or a function key. And a driver for driving the key input device, thereby detecting at least one key input signal generated by clicking (or entering) the key button in the key input device. It is characterized by.

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode and / or at least one or more operation modes controlled by the control unit 700, the key. The input unit 763 may generate a predetermined key event (eg, MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provide the generated key event to the controller 700. The controller 700 reads predetermined key data corresponding to the key event in the current input mode and / or operation mode of the wireless terminal 799 (eg, a specific key event in each input mode and / or operation mode). Read key data from the key table that stores (manages) at least one key data corresponding to the key event; and / or And a command for executing a predetermined function matched with the vent.

According to the method of the present invention, the key input unit 763 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call waiting state" of each operation mode of the wireless terminal 799, and enters a predetermined " By inputting a "call" button, it is preferable to change the operation mode of the radio terminal 799 to an operation mode corresponding to the "system access state".

In addition, the key input unit 763 inputs a predetermined function key (for example, a menu key) in an operation mode corresponding to the "mobile station call waiting state" among the operation modes of the radio terminal 799, thereby providing the radio terminal. It is preferable to execute the various functions provided in 799.

According to an embodiment of the present invention, the key input unit 763 preferably performs a function of key input means for inputting at least one or more key data corresponding to the one-time authentication key-based wireless security authentication processing function.

The wireless processor 797 is a functional component that connects a wireless channel with a base station on a mobile communication network in which the wireless terminal 799 operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (eg, duplexer filter, power). Amplifiers, High Power Amplifiers (HPAs), Isolators, RF / IF SAW Filters, Frequency Up-Circuits, Frequency Down-Conversion Circuits, VCTCXOs, UHF Frequency Synthesizers, etc. for Reference Clock Sources) and Antennas And a location registration and / or slot mode and / or power control corresponding to each operation mode of the wireless terminal 799 in connection with the control unit 700. Control and / or hand-off and / or call processing procedures.

According to an embodiment of the present invention, the wireless processing unit 797 is a radio frequency signal transmission / reception function corresponding to the one-time authentication key based wireless security authentication processing function (eg, antenna control, modulation, synthesis, amplification and / or radio frequency signal). Or performing filtering or the like).

In particular, the wireless processing unit 797 processes or processes information or signals transmitted from the wireless terminal 799 to the base station in the CDMA stack or receives the CDMA stack from the base station for the one-time authentication-based wireless security authentication processing. It is preferable to include a function for reading a predetermined information or signal from the.

The IC chip reader 765 may be mounted on or detached from the wireless terminal 799 through an IC chip 770 standard including ISO / IEC 7816 and / or ISO / IEC 14443. , A functional component for exchanging at least one or more information (or data, or command) with the financial IC chip 770 or USIM), the contact IC card reader corresponding to the ISO / IEC 7816 standard, and / or And a contactless IC card reader corresponding to the ISO / IEC 14443 standard, wherein the IC card reader has at least one or more information (or data) with the IC chip 770 through an application protocol data unit (APDU). , Or command).

Referring to the standards including ISO / IEC 7816 and / or ISO / IEC 14443, the IC chip 770 mounted or detached from the customer wireless terminal may include a power supply (VCC), a reset signal (RST), and a clock signal. I / O to communicate with IC chip reader 765 (e.g. command or data exchange) via contact points such as CLK, ground GND, programming power supply (VPP), and / or input / output (I / O), etc. A processor unit 775 including an interface 773, at least one computing element including a central process unit (CPU), a micro process unit (MPU), a coprocessor (coprocessor), and the like, and a ROM (Read Only). And a chip memory unit 777 including at least one memory element including a memory, a random access memory (RAM), an electrically erasable and programmable read only memory (EEPROM), a flash memory (FM), and the like. At least one memory device (eg, ROM) ) Is a chip operating system (COS) for managing and operating internal resources of the IC card, which is determined from the IC chip reader unit 765 through a power supply (VCC) contact point of the input / output interface 773. When the power is supplied, the COS stored in the chip memory unit 777 is loaded into a predetermined execution memory to control the overall operation of the IC chip 770, and the clock frequency of the contact point of the clock signal CLK (for example, 3.57). Control information or data exchange between the IC chip 770 and the IC chip reader 765 through an Application Protocol Data Unit (APDU) based on MHz or 4.9 MHz.

According to the present invention, at least one IC chip storage information 780 corresponding to a card application for providing the USIM function (or the financial IC chip 770 function) is provided in the chip memory unit 777 of the IC chip 770. Is stored, and the IC chip storage information 780 is stored to store a data set corresponding to predetermined information or data that is read and / or used by a processor provided in a customer wireless terminal. A program routine (for example, a Java card) that is driven or executed by the processor 787 and the operation function of the processor unit 775 and an instruction set provided by the COS, and used by a processor included in the customer wireless terminal. (Javacard) is a Java Applet) that includes an instruction call code that interacts with the instruction set of the COS and execution code that is processed by the processor unit 775. It is characterized in that comprises a processing unit (783) for the application made.

Here, in particular, the processing unit 783 reads an instruction provided from a processor included in the customer wireless terminal via the input / output interface 773 through an APDU, and then, based on the read command, reads the instruction from the processor 787. Read or record at least one or more information or data stored, and provide the result or read information or data to the processor provided in the customer wireless terminal via the input and output interface 773 through the APDU. do.

According to an embodiment of the present invention, the storage unit 787 stores at least one unique information of the wireless terminal 799 for the one-time authentication key based wireless security authentication processing function, wherein the storage unit ( The unique information of the wireless terminal 799 stored in the 787 may include a telephone number, a USIM information, an IC chip 770 unique information, a dynamic (or fixed) IP address, and the like assigned to the wireless terminal 799. It is preferable to include at least one.

According to a preferred embodiment of the present invention, the chip memory unit 777 of the IC chip 770 includes a security structure based on ISO / IEC 10202. Accordingly, the chip memory unit 777 may include a CSN ( And a protection area in which secret information such as a chip serial number) is stored, a COS control area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area. IC chip storage information 780 is preferably stored in an area excluding the protection area and the COS control area.

In addition, according to ISO / IEC 7816 and / or ISO / IEC 14443 ICC standard, the chip memory unit 777 may include one master file (MF) corresponding to a root file, and the master file. ATR (Answer To Reset) including function information on at least one stored information at a lower portion, at least one dedicated file (DF) corresponding to each ICC stored information, and disposed below the dedicated file. And a file structure including an element file (EF) including substantial information and / or data for a smart card service. The IC chip storage information 780 for the present invention also includes the file structure as described above. It is made to include.

According to an embodiment of the present invention, if the IC chip 770 is a financial IC chip (or USIM having financial information), the IC chip storage information 780 includes an electronic bankbook and a financial common network. It is preferable to include a financial account (or financial product) means, and / or credit card payment method, debit card payment method, check card payment method, prepaid card ( Prepaid Card) It is preferable to include at least one payment means, electronic wallet (Electronic Wallet) payment means.

The memory unit 793 corresponds to a storage medium for storing at least one or more information (or data) in the wireless terminal 799, and / or a recording medium for recording a program code corresponding to at least one or more program routines. The generic term for volatile memory includes read only memory (ROM) corresponding to the read-only memory, flash memory (FM), electrically erasable and programmable read only memory (EEPROM), and the like. It is characterized by.

According to an embodiment of the present invention, the ROM information of the nonvolatile memory is not to be stored, and the flash memory is provided through an operating system routine, a call processing program routine, and / or the wireless terminal 799. Various application program routines and information or data for the same are stored, and the EEPROM is extracted and / or generated during the execution of the application provided in the terminal registration-related parameters and phone number (eg, address book) or the wireless terminal 799. Preferably at least one or more information (or data) is stored.

According to the exemplary embodiment of the present invention, the memory unit 793 stores at least one unique information of the wireless terminal 799 for the one-time authentication key based wireless security authentication processing function. The wireless terminal 799 The unique information may include at least one of a radio terminal 799 telephone number assigned to the radio terminal 799, an electronic serial number (ESN), a dynamic (or fixed) IP address, and the like.

Referring to FIG. 7, the wireless terminal 799 includes a terminal side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen on the screen of the wireless terminal 799. And a terminal-side screen processing unit 705 corresponding to various programs to be output. The terminal-side screen processing unit 705 is connected to the screen output unit 755 on the screen of the wireless terminal 799. Contents corresponding to a content use program that outputs a content use screen to a screen of the wireless terminal 799 in association with the screen output unit 755 and a background image processor 710 corresponding to a background program that outputs a background screen. A browser processing unit (not shown) corresponding to a browser program for outputting a web access screen to the screen of the wireless terminal 799 in association with a screen processing unit 715 and the screen output unit 755. A financial transaction screen processing unit (not shown) corresponding to a financial transaction program (or a browser program) for outputting a financial transaction screen on the screen of the wireless terminal 799 in association with the screen output unit 755; It is preferable to include at least one payment screen processing unit (not shown) corresponding to a payment program (or a browser program) for outputting a payment screen on the screen of the wireless terminal 799 in association with the screen output unit 755.

Those skilled in the art will be familiar with the various features corresponding to the terminal-side screen processing unit 705 and the technical features of the functional components corresponding to the programs. Detailed description thereof will be omitted for convenience.

Referring to FIG. 7, for the one-time authentication key-based wireless security authentication processing, the wireless terminal 799 includes a one-time authentication processing unit 720 corresponding to the one-time authentication program provided through the program providing system shown in FIG. 2. And a one-time authentication processing unit 720, a security authentication confirmation unit 730 for confirming whether the one-time authentication key-based wireless security authentication using the wireless terminal 799 is processed, and the security. When confirming the authentication, the terminal side output area for outputting the terminal side screen and the one-time authentication area for outputting the one-time authentication screen for the wireless authentication process based on the one-time authentication key are processed to be output on the screen of the wireless terminal 799. Or the one-time authentication key based wireless security in a predetermined area on the terminal-side output area for outputting the terminal-side screen. By overlapping (Overlap) a one-time authentication area, and outputting a one-time authentication screen for the authentication process is characterized in that formed by an output processing unit 735 for processing to output to said wireless terminal (799) screen.

According to the exemplary embodiment of the present invention, the one-time authentication processor 720 is preferably driven (or activated) in association with the key input unit 763.

For example, when the wireless terminal 799 is provided with a key button for driving (or activating) the one-time authentication processor 720, the one-time authentication processor 720 is driven (or activated) by the key button input. It is preferable.

Alternatively, the one-time authentication processor 720 is driven on a terminal screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen output on the screen of the wireless terminal 799. When the menu (or activation) is provided, it is preferable that the one-time authentication processor 720 is driven (or activated) by menu selection through the key input unit 763.

According to another exemplary embodiment of the present invention, the terminal screen displayed on the screen of the wireless terminal 799 may include a content use screen, a web access screen, a financial transaction in the form of a wireless web document including at least one tag string (or a script). At least one screen, a payment screen, and the like, and when the tag string (or script) includes a tag string (or script) for driving (or activating) the one-time authentication processor 720, the disposable The authentication processor 720 is preferably driven (or activated) by the tag string (or script).

For example, when a terminal (or a script) for automatically driving (or activating) the one-time authentication program is included in the terminal screen displayed on the screen of the wireless terminal 799, the one-time authentication processor 720 generates the tag string ( Or a script).

Alternatively, when a terminal (or a script) corresponding to a user interface for driving the one-time authentication program is included in the terminal-side screen output on the screen of the wireless terminal 799, the one-time authentication processor 720 may include the tag string ( Or via a user interface and a key input unit 763 corresponding to a script).

According to another exemplary embodiment of the present invention, program driving information corresponding to the one-time authentication program is received through a wireless communication network, or a desktop, content use screen, web access screen, and financial transaction are displayed on the screen of the wireless terminal 799. When the program operation information corresponding to the one-time authentication program is included in the terminal-side screen processing unit 705 corresponding to various programs for outputting a terminal-side screen including at least one screen, a payment screen, and the like, the one-time authentication processor ( 720 is preferably driven (or activated) by the program driving information.

According to one embodiment of the invention, when the one-time authentication processing unit 720 is driven (or activated), the security authentication confirmation unit 730 is the one-time authentication processing unit 720 in response to the driving (or activation) The wireless terminal 799 is characterized in that the one-time authentication key-based wireless security authentication confirms that the processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication processor 720 is driven (or activated), a desktop, a content using screen, a web access screen, a financial transaction screen, and a payment screen are displayed on the screen of the wireless terminal 799. Wireless security for using the content corresponding to the terminal screen, web access, financial transactions, or payment processing by the terminal screen processing unit 705 corresponding to various programs for outputting a terminal screen including at least one screen or the like. When requesting authentication, the security authentication check unit 730 is characterized in that the wireless terminal 799 confirms that the one-time authentication key-based wireless security authentication processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication processor 720 is driven (or activated), the content input corresponding to the terminal-side screen is used through the key input unit 763, web access, and financial transactions. Or, when an authentication command (or key data) for wireless security authentication for payment processing is input, the security authentication verification unit 730 requests the one-time authentication key-based wireless security authentication processing from the wireless terminal 799. Characterized in that it is confirmed.

When confirming the one-time authentication key-based wireless security authentication using the wireless terminal 799 through the security authentication confirmation unit 730, the output processing unit 735 is a one-time authentication key-based wireless security authentication using the wireless terminal 799. The one-time authentication screen for processing is characterized in that the processing to be output to the screen of the wireless terminal (799) through a separate one-time authentication area separated from the terminal side output area for outputting the terminal side screen.

According to an exemplary embodiment of the present invention, the output processing unit 735 sets the terminal-side output area by reducing the terminal-side screen area output on the entire area of the screen of the wireless terminal 799 in a predetermined direction. It is preferable to set the one-time authentication area in the remaining area that has been reduced.

For example, if the entire area of the screen of the wireless terminal 799 includes the coordinates of (X, Y) at (0, 0), the output processing unit 735 may display the terminal side screen area at (0, 0). Setting the terminal-side output area by reducing to (Xx, Yy) and setting the one-time authentication area at the coordinates of (X, Y) in the reduced and remaining (X-x + 1, Y-y + 1) desirable.

According to another exemplary embodiment of the present invention, the output processing unit 735 sets the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area that is output on the entire area of the screen of the wireless terminal 799. It is desirable to.

For example, if the entire area of the screen of the wireless terminal 799 includes coordinates of (X, Y) in (0,0), the output processing unit 735 is in (Xx, Yy) of the terminal side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal-side screen area corresponding to the coordinate of (X, Y).

According to another exemplary embodiment of the present invention, the output processing unit 735 overlaps (or pops up) a predetermined area on the terminal screen area that is output to the entire area of the screen of the wireless terminal 799. Pop-up method) is preferably set to the one-time authentication area.

For example, if the entire area of the screen of the wireless terminal 799 includes coordinates of (X, Y) in (0,0), the output processing unit 735 is in (Xx, Yy) of the terminal side screen area. It is preferable to set a one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in a terminal-side screen area upper layer (Layer) corresponding to the coordinate of (X, Y).

According to another exemplary embodiment of the present invention, the wireless terminal 799 is divided into a terminal-side output area for outputting the terminal-side screen and a one-time authentication area for outputting a one-time authentication screen for the one-time authentication-based wireless security authentication process. The output processing unit 735 for processing to be output on the screen is not provided in the one-time authentication processing unit 720, may be provided in the program manager (not shown) associated with the one-time authentication program in the wireless terminal 799, Therefore, it will be apparent that the present invention is not limited.

Referring to FIG. 7, for the one-time authentication key-based wireless security authentication process, the one-time authentication processor 720 provided in the wireless terminal 799 is provided in the memory unit 793 (or the IC chip 770). A check unit 750 for confirming at least one or more single-use authentication key generation information necessary for generating the one-time authentication key from the chip memory unit 777, and an authentication key generation algorithm based on the one-time authentication key generation information. And a generation unit 745 for generating a one-time authentication key for the one-time authentication-based wireless security authentication process. When the authentication key generation method includes a challenge-response method, the wireless processing unit 797 And a communication processing unit 753 receiving the one-time authentication key generation information corresponding to the challenge.

The terminal-side screen area and the one-time authentication area are divided and output to a predetermined area on the screen of the wireless terminal 799 by the output processor 735, and the one-time authentication key generation screen (or interface) included in the one-time authentication area. When the one-time authentication key generation for the one-time authentication key-based wireless security authentication processing using the wireless terminal 799 is requested, the verification unit 750 is provided in the memory unit 793 (or the IC chip 770). The at least one disposable authentication key generation information necessary for generating the one-time authentication key is generated from the chip memory unit 777.

When the authentication key generation method includes a challenge-response method according to an embodiment of the present invention, the communication processing unit 753 is a single-use corresponding to the challenge to the authentication server 105 in association with the wireless processing unit 797. The method may further include requesting authentication key generation information and receiving at least one or more one-time authentication key generation information required for generating the one-time authentication key from the authentication server 105.

When generating a one-time authentication key of the time synchronization method according to an embodiment of the present invention, the confirmation unit 750 is the memory unit 793 (or chip memory unit 777 provided in the IC chip 770). It is preferable to check at least one or more one-time authentication key generation information required for generating the one-time authentication key from, and to check the time information for generating the one-time authentication key from the timer provided in the wireless terminal (799).

According to another embodiment of the present invention, when generating a challenge-response single-use authentication key, the verification unit 750 is the memory unit 793 (or the chip memory unit 777 provided in the IC chip 770). Confirm at least one or more one-time authentication key generation information required for generating the one-time authentication key from the)), and at least one or more one-time authentication key required for generating the one-time authentication key from the authentication server 105 in association with the communication processing unit (753) It is desirable to receive the generation information.

When at least one or more one-time authentication key generation information required for generating a one-time authentication key is confirmed as described above, the generation unit 745 uses an authentication key generation algorithm based on the at least one or more one-time authentication key generation information. Characterized by generating a one-time authentication key for the one-time authentication key-based wireless security authentication process, wherein the one-time authentication key preferably comprises a data block of a predetermined length.

Those skilled in the art to which the present invention pertains, one-time corresponding to the time synchronization method (or challenge-response method) using an authentication key generation algorithm based on the at least one or more disposable authentication key generation information identified. Since you will be familiar with the technical features for generating the authentication key, a detailed description thereof will be omitted for convenience.

Referring to FIG. 7, for the one-time authentication key-based wireless security authentication processing, the one-time authentication processing unit 720 provided in the wireless terminal 799 may display a one-time authentication start screen (or interface) on a predetermined area on the one-time authentication area. ), And when one-time authentication is started through the one-time authentication start screen (or interface), a password input screen (or interface) is output to a certain area on the one-time authentication area, and the password input screen (or interface) is displayed. When the password entered through the authentication, and outputs a one-time authentication key generation screen (or interface) for outputting the one-time authentication key generated by requesting the one-time authentication key generation to the verification unit 750 and the generation unit 745, The one-time authentication key input screen (or interface) through which the customer enters the one-time authentication key is displayed on the one-time authentication area. When the one-time authentication key-based wireless security authentication is output to the area, characterized in that the authentication key processing unit 740 for outputting the one-time authentication key end screen (or interface) to a predetermined area on the one-time authentication area, characterized in that the made .

When the terminal-side output area and the one-time authentication area are separated and output on the screen of the wireless terminal 799 through the output processing unit 735, the authentication key processing unit 740 is disposable for a certain area on the one-time authentication area. Characterized in that it outputs an authentication start screen (or interface), and when the one-time authentication is started through the one-time authentication start screen (or interface), outputting a password input screen (or interface) to a predetermined area on the one-time authentication area It is characterized by.

When a password is input through the password input screen (or interface), the authentication key processing unit 740 authenticates the input password. When the input password is authenticated, the authentication unit 750 and A one-time authentication key generation screen (or interface) for outputting the one-time authentication key generated by requesting generation of the one-time authentication key to the generation unit 745 may be output.

In addition, the authentication key processing unit 740 outputs a one-time authentication key input screen (or interface) for the customer to input a one-time authentication key to a predetermined area on the one-time authentication area, the one-time authentication key input screen (or interface) When the one-time authentication key is input through, the security authentication request information including the one-time authentication key in connection with the communication processing unit 753 is processed to be transmitted to the authentication server 105 on the communication network based on the one-time authentication key-based wireless security authentication This is characterized in that the processing.

If the one-time authentication key-based wireless security authentication is processed, the authentication key processing unit 740 is characterized in that for outputting a one-time authentication key end screen (or interface) in a predetermined area on the one-time authentication area, the one-time authentication key When the one-time authentication key-based wireless security authentication is terminated through an end screen (or an interface), the output processor 735 deletes the one-time authentication area on the screen of the wireless terminal 799, and displays the terminal-side output area. The wireless terminal 799 may return to the entire area of the screen.

Referring to FIG. 7, for the one-time authentication key-based wireless security authentication processing, the one-time authentication processing unit 720 provided in the wireless terminal 799 is connected to the key input unit 763 and the wireless terminal 799. And a caret processor 725 for processing a caret between the terminal output area and the disposable authentication area on the screen to move.

According to another embodiment of the present invention, when the one-time authentication key input screen (or interface) is output in a certain area on the terminal-side output area, the caret processing unit 725 is connected to the key input unit 763 in the By processing the caret assigned to the one-time authentication area on the screen of the wireless terminal 799 to move to the terminal-side output area, through the one-time authentication key input screen (or interface) provided in the terminal-side output area, the one-time authentication key It characterized in that the processing to be input.

In addition, when the one-time authentication key-based wireless security authentication is processed by inputting the one-time authentication key through a one-time authentication key input screen (or an interface) provided in the terminal output area, the caret processing unit 725 may display the key. The caret assigned to the terminal-side output area on the screen of the wireless terminal 799 moves to the one-time authentication area in association with the input unit 763, thereby ending the one-time authentication key ending screen (or interface) provided in the one-time authentication area. Through) to process the one-time authentication key based wireless security authentication is terminated.

8 illustrates outputting a one-time authentication area according to an embodiment of the present invention.

In more detail, FIG. 8 illustrates a terminal side including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen as shown in FIG. 8A on a screen of the wireless terminal 799 shown in FIG. When the one-time authentication key-based wireless security authentication processing is required in the state that the screen is already output, as shown in FIG. 8B, the wireless terminal 799 screen is displayed on the terminal-side screen (eg, a desktop screen, a content usage screen, a web access screen, and a finance). And a terminal-side output area for outputting a transaction screen, a payment screen, etc.) and a one-time authentication area for outputting a one-time authentication screen for wireless security authentication processing based on a one-time authentication key.

Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing 8 to display terminal-side screens (eg, desktop screen, content usage screen, web access screen, financial transaction screen, payment screen, etc.). In this output state, it is possible to infer various implementation methods of dividing the screen of the wireless terminal 799 into a terminal-side output area for outputting the terminal-side screen and a one-time authentication area for the wireless security authentication process. The present invention includes all the implementation methods inferred, and the technical features are not limited only to the implementation method shown in FIG.

In more detail, in FIG. 9, after the terminal-side output area and the one-time authentication area are divided and output as shown in FIG. 8 on the screen of the wireless terminal 799 shown in FIG. 7, the one-time authentication through the one-time authentication area is performed. As an example of outputting a screen (or interface), a person having ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing to output the one-time authentication screen (or interface). Various implementation methods may be inferred, but the present invention includes all the implementation methods inferred, and the technical features are not limited to the implementation method shown in FIG.

FIG. 9A shows the terminal-side output area and the one-time authentication area divided into the terminal-side output area and the one-time output area divided as shown in FIG. 8 on the screen of the wireless terminal 799 shown in FIG. An example of outputting a one-time authentication start screen (or interface) to a certain area on the authentication area, Figure 9b is a one-time authentication start through the one-time authentication start screen (or interface), a certain area on the one-time authentication area Figure 9c is an example of outputting a password input screen (or interface), Figure 9c authenticates the password entered through the password input screen (or interface), and if the password is authenticated to generate a one-time authentication key, the one-time authentication A one-time authentication key generation screen (or an interleaver that outputs a one-time authentication key to a certain area on the area) 9d shows outputting a one-time authentication key input screen (or an interface) for inputting the one-time authentication key in a predetermined area on the one-time authentication area, and FIG. 9e shows the one-time output. FIG. 9F illustrates wireless security authentication through a one-time authentication key input through an authentication key input screen (or an interface), and FIG. 9F illustrates a process of wireless security authentication through the one-time authentication key. The output of the one-time authentication key end screen (or interface) is shown in a certain area.

In more detail, in FIG. 10, after the terminal-side output area and the one-time authentication area are divided and output as shown in FIG. 8 on the screen of the wireless terminal 799 shown in FIG. 7, the terminal-side output area and the one-time authentication are output. As an example of outputting a one-time authentication screen (or interface) through caret movement between regions, a person having ordinary knowledge in the art to which the present invention pertains will refer to and / or modify the drawing 10 and the one-time authentication screen. Various implementation methods for outputting (or an interface) may be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited to the implementation method illustrated in FIG.

FIG. 10A shows the single-sided output area and the one-time authentication area divided into the terminal-side output area and the single-sided output area, as shown in FIG. 8 on the screen of the wireless terminal 799 shown in FIG. An example of outputting a one-time authentication start screen (or interface) to a predetermined area on an authentication area is illustrated, and FIG. 10B illustrates a certain area on the one-time authentication area when one-time authentication is started through the one-time authentication start screen (or interface). Figure 10c is an example of outputting a password input screen (or interface), Figure 10c authenticates the password entered through the password input screen (or interface), and if the password is authenticated to generate a one-time authentication key, the one-time Create one-time authentication key screen (or print a one-time authentication key to a certain area on the authentication area) Face), and FIG. 10D illustrates moving a caret to a one-time authentication key input screen (or interface) output to the terminal-side output area, and FIG. 10E shows the one-time authentication key input screen ( Or wireless security authentication through the one-time authentication key input through the interface), and FIG. 10F illustrates a one-time authentication key in a predetermined area on the one-time authentication area when wireless security authentication through the one-time authentication key is processed. The output of the end screen (or interface) is shown.

11 is a diagram illustrating a configuration of a one-time authentication key based wireless security authentication processing system according to an embodiment of the present invention.

More specifically, FIG. 11 processes the one-time authentication key-based wireless security authentication through the wireless terminal 135 having a functional configuration corresponding to the one-time authentication program shown in FIG. 7 through the program providing system shown in FIG. As a system configuration, in detail, when the wireless terminal 135 shown in FIG. 7 generates a one-time authentication key for wireless security authentication processing and transmits it to the authentication server 105 through a wireless communication network, the authentication server ( 105 is a diagram illustrating a system configuration for processing wireless security authentication using the one-time authentication key by generating a one-time authentication key authentication code matching the one-time authentication key and comparing with the one-time authentication key.

Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing 11 to infer various implementation methods for the one-time authentication key-based wireless security authentication processing system configuration. Is made including all the inferred implementation methods, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 11, the one-time authentication key-based wireless security authentication system includes at least one wireless terminal 135 having a functional configuration corresponding to the one-time authentication program shown in FIG. 7, and the wireless terminal 135. And at least one base station connecting the wireless section, and a control station controlling the base station and at least one server (or device) controlling and operating a wireless communication network including the base station and the control station. Characterized in that it comprises a 130, in connection with the network operation system 130 receives the one-time authentication key information generated and transmitted in the wireless terminal 135, one-time authentication matching the one-time authentication key By generating a key authentication code and comparing with the one-time authentication key, wireless security authentication using the one-time authentication key is processed. The one characterized in that obtained by having the authentication server (105).

In addition, the one-time authentication key-based wireless security authentication processing system, in conjunction with the authentication server 105 processes at least one or more financial transactions (or payment) in accordance with the one-time authentication key-based wireless security authentication, or the one-time use Characterized in that it comprises at least one or more wireless server 125 for performing various member authentication / service authentication / terminal authentication according to the wireless security authentication, wherein the wireless server 125 is the one-time authentication key The financial server 110 having at least one financial transaction function based on the wireless security authentication, the payment server 115 having at least one payment function based on the one-time authentication based on the wireless security authentication, and the disposable service. Wireless web server 120 with various member authentication / service authentication / terminal authentication functions based on authentication key-based wireless security authentication An preferably comprises at least one.

In FIG. 11 according to the embodiment of the present invention, in order to effectively explain the technical features for the one-time authentication key-based wireless security authentication process to those skilled in the art, the one-time authentication key for convenience. Although the authentication server 105 for processing the wireless security authentication based on, and the wireless server 125 for providing various additional services based on the one-time authentication key-based wireless security authentication as a separate server, the present invention is not limited thereto. According to the intention of the skilled person, the one-time authentication key-based wireless security authentication function provided in the certificate server 105 (for example, the information receiving unit 1105, the information checking unit 1110, the extracting unit 1115, and the authenticating unit shown below). (1125) is apparently provided in the wireless server 125, or it is possible that the authentication server 105 and the wireless server 125 can be implemented as one server. It is to be revealed.

The wireless terminal 135 is a mobile communication terminal connected to a Code Division Multiple Access (CDMA) / Wide-CDMA (WCDMA) based mobile communication network, a wireless communication terminal connected to an HSDPA based wireless communication network, or an IEEE 802.16x based communication. And at least one wireless terminal 135 including at least one portable internet terminal connected to the high-speed wireless internet, wherein the wireless terminal 135 is a wireless terminal 135 shown in FIG. It is characterized by comprising a functional configuration.

Those skilled in the art to which the present invention pertains can easily infer the technical features of the wireless terminal 135 including the functional configuration of the wireless terminal 135 shown in FIG. Detailed description is omitted for convenience.

Referring to FIG. 11, the authentication server 105 includes an interface unit 1100 connecting at least one wireless terminal 135 and a one-time authentication key-based secure communication channel for a one-time authentication-based wireless security authentication process. An information receiving unit 1105 for receiving security authentication request information including a one-time authentication key for the one-time authentication key-based wireless security authentication process from the wireless terminal 135 through the wireless communication network in association with the interface unit 1100; And an information checking unit 1110 confirming information of the wireless terminal 135 transmitting the one-time authentication key through the wireless communication network (or a wireless communication protocol), and the wireless terminal from the one-time authentication management D / B 1130. An extracting unit 1115 extracting the one-time authentication program information associated with the information and the wireless terminal 135 based on the extracted one-time authentication program information. Generate a one-time authentication key authentication code using the same authentication key generation conditions (eg, the same one-time authentication key generation information and authentication key generation algorithm) that generated the one-time authentication key in the one-time authentication program, and received from the wireless terminal 135 An authentication unit 1125 for authenticating the validity of the received one-time authentication key by comparing the one-time authentication key included in the received security authentication request information with the generated one-time authentication key authentication code, and linked with the interface unit 1100. And a transmission unit 1120 for transmitting the security authentication result information including the validity authentication result for the one-time authentication key to the wireless terminal 135 through the wireless communication network. When the authentication server 105 is provided outside the wireless server 125 as shown in the illustrated embodiment, the transmission unit 1120 performs the work. The validity authentication result of the authentication key required for the one-time authentication key based wireless security and authentication process is characterized in that the transmission by sharing with at least one wireless server 125.

The interface unit 1100 may connect at least one wireless terminal 135 and a communication channel for the one-time authentication key based wireless security authentication process through a wireless communication network, wherein the communication channel is the security authentication request information. It is desirable to include an encryption / decryption-based secure communication channel for.

The information receiving unit 1105 receives the security authentication request information transmitted from the wireless terminal 135 through the interface unit 1100, and the information checking unit 1110 receives the security authentication request information. In the receiving process, the information on the wireless terminal 135 which has transmitted the one-time authentication key through the wireless communication network (or a wireless communication protocol) is characterized in that it is confirmed.

According to an exemplary embodiment of the present invention, the security authentication request information is received through the information receiving unit through a separate one-time authentication key exchange protocol defined between the one-time authentication program provided in the wireless terminal 135 and the interface unit 1100 ( 1105).

According to another embodiment of the present invention, the security authentication request information is the information receiving unit 1105 through an encryption / decryption protocol based on a data communication protocol defined in a wireless communication network to which the wireless terminal 135 is connected. Is preferably received.

The extractor 1115 extracts one-time authentication program information associated with the wireless terminal 135 information from the one-time authentication management D / B 1130 based on the identified wireless terminal 135 information and the authentication unit. 1125, characterized in that provided.

The authentication unit 1125 generates the same one-time authentication key generation information and the authentication key generation algorithm used to generate the one-time authentication key in the one-time authentication program included in the wireless terminal 135 based on the extracted one-time authentication program information. By generating a one-time authentication key authentication code, and comparing the one-time authentication key included in the security authentication request information received from the wireless terminal 135 with the generated one-time authentication key authentication code, for the received one-time authentication key Characterizing authenticity.

Here, the validity of the one-time authentication key is authenticated by the authentication unit 1125 is confidentiality, authentication, integrity, and non-repudiation of the one-time authentication key-based wireless security authentication process. Nonrepudiation).

When the validity of the one-time authentication key is authenticated through the authentication unit 1125, the transmission unit 1120 performs a validity authentication result of the one-time authentication key through the wireless communication network in association with the interface unit 1100. Characterized by generating a security authentication result information, characterized in that for transmitting to the wireless terminal (135).

When the authentication server 105 is provided outside the wireless server 125 as shown in FIG. 11, the transmission unit 1120 displays a validity authentication result for the one-time authentication key. It is characterized in that the transmission to the at least one or more wireless server 125 that needs to be based on the wireless security authentication processing, and correspondingly, the wireless server 125 at least based on the validity authentication result for the one-time authentication key It is characterized by processing one or more financial transactions (or payments), or processing various member authentication / service authentication / terminal authentication.

According to another embodiment of the present invention, when the wireless security authentication function of the authentication server 105 is provided in the wireless server 125, the transmission unit 1120 is different from the validity authentication result for the one-time authentication key. The function of sharing and transmitting to the wireless server 125 may be omitted, whereby the present invention is not limited.

More specifically, FIG. 12 illustrates a process of generating a one-time authentication key in a time synchronization manner for the one-time authentication key-based wireless security authentication processing in the wireless terminal 135 shown in FIG. 7. The wireless terminal 135 is provided on the wireless terminal 135 in a state in which a terminal side screen including at least one of a desktop screen, a content using screen, a web access screen, a financial transaction screen, and a payment screen is outputted. When the one-time authentication key-based wireless security authentication function is driven through the key input means, the wireless terminal 135 screen is displayed on the terminal side screen (eg, a desktop screen, a content usage screen, a web access screen, a financial transaction screen, Terminal-side output area for outputting a payment screen, etc.), and a one-time authentication area for outputting a one-time authentication screen for wireless security authentication processing based on a one-time authentication key After the processing to be divided and output, output a one-time authentication start screen (or interface) to a certain area on the one-time authentication area, and if the one-time authentication is started through the one-time authentication start screen (or interface), A process of outputting an interface for outputting a password input screen (or interface) in a certain area is shown.

Referring to FIG. 12, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 135 screen illustrated in FIG. 7. And outputting (1200), while outputting the terminal screen, the key input via the key input means provided in the wireless terminal 135 (or the one-time authentication key-based wireless security authentication-related user interface included in the terminal-side screen and When the one-time authentication program is driven through the associated key input (1205), the wireless terminal 135 checks whether the wireless security authentication process is performed by generating the one-time authentication key through the one-time authentication program (1210).

According to one embodiment of the present invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 135 in response to the program driving (or activation). It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 135. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 135.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input corresponding to the terminal-side screen is used, the web access, the financial transaction, or the payment processing through the key input means. When an authentication command (or key data) for wireless security authentication is input for the one-time authentication program, it is preferable that the one-time authentication key-based wireless security authentication is requested to be processed in the wireless terminal 135.

If it is confirmed that the one-time authentication key-based wireless security authentication process is confirmed (1215), the wireless terminal 135 outputs the terminal side screen through the one-time authentication program and the wireless security authentication process. In operation 1220, a single-use authentication area for outputting a one-time authentication screen is divided to be output on the screen of the wireless terminal 135.

According to one embodiment of the present invention, the one-time authentication program reduces the terminal screen area output on the entire area of the screen of the wireless terminal 135 in a predetermined direction to set the terminal side output area, and is reduced. It is preferable to set the one-time authentication area in the remaining area.

For example, if the entire area of the screen of the wireless terminal 135 includes coordinates of (X, Y) to (0, 0), the one-time authentication program may set the terminal side screen area to (X, 0) to (Xx). It is preferable to set the terminal-side output area by reducing to (Yy), and to set the one-time authentication area at the coordinates of (X, Y) in the reduced and remaining (X-x + 1, Y-y + 1). All.

According to another exemplary embodiment of the present invention, the one-time authentication program sets the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area that is output on the entire area of the screen of the wireless terminal 135. desirable.

For example, if the entire area of the screen of the wireless terminal 135 includes coordinates of (X, Y) in (0,0), the one-time authentication program is selected from (Xx, Yy) in (Xx, Yy) of the terminal screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal-side screen area corresponding to the coordinate of, Y).

According to another exemplary embodiment of the present invention, the one-time authentication program is overlapped (or pop-up) in a predetermined area on the terminal screen area that is output on the entire area of the screen of the wireless terminal 135. up)) to set the one-time authentication area.

For example, if the entire area of the screen of the wireless terminal 135 includes coordinates of (X, Y) in (0,0), the one-time authentication program is selected from (Xx, Yy) in (Xx, Yy) of the terminal screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer corresponding to the coordinate of, Y).

Subsequently, the wireless terminal 135 includes a one-time authentication key start screen (or an interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1225), and outputs the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1230).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the based wireless security authentication process starts (1235).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1240), the wireless terminal 135 receives the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) (1245).

Thereafter, the wireless terminal 135 checks whether the caret assigned to the terminal-side output area moves to the one-time authentication area through key input (1250).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1255), the wireless terminal 135 uses terminal-based screen-based various services (or Information processing), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the other hand, if the caret assigned to the terminal-side output area is moved back to the one-time authentication area (1255), the wireless terminal 135 is a one-time authentication key output to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the authentication key based wireless security authentication process is started through the start screen (or interface) (1235).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1240), the wireless terminal 135 outputs a password input screen (or interface), the password input screen Check whether the password is input through the interface (or interface) (1265).

If a password is input through the password input screen (or interface) (1270), the wireless terminal 135 checks the validity of the input password (1275).

If the password validity is not confirmed (1280), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1285), and correspondingly the password input screen (or When the password is input through the interface (1270), the wireless terminal 135 checks the validity of the input password (1275).

If the password validity is confirmed (1280), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

More specifically, FIG. 13 illustrates a process of generating a one-time authentication key in a time synchronization manner for the one-time authentication key-based wireless security authentication processing in the wireless terminal 135 illustrated in FIG. 7. At least one of a content-use screen, a web access screen, a financial transaction screen, a payment screen, etc., in the form of a wireless web document including at least one tag string (or a script) on the terminal screen output to the illustrated wireless terminal 135. When the one-time authentication key based wireless security authentication processing function is driven through the tag string (or script), the wireless terminal 135 screen is displayed on the terminal side screen (for example, a background screen, a content usage screen, Terminal-side output area to output web access screen, financial transaction screen, payment screen, etc.), and wireless security authentication processing based on one-time authentication key. A one-time authentication screen is processed to be divided into a one-time authentication area to be output, and then output a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area, and through the one-time authentication start screen (or interface) When the one-time authentication is started, a process of outputting an interface for outputting a password input screen (or an interface) in a predetermined area on the one-time authentication area is shown.

Referring to FIG. 13, a one-time wireless web document including a tag string (or a script) for driving a one-time authentication program is received by the wireless terminal 135 shown in FIG. 7, and the contents corresponding to the wireless web document are used. When a terminal side screen including at least one screen, a web access screen, a financial transaction screen, a payment screen, etc. is output (1300), the one-time authentication is performed by a program driving related tag string (or script) included in the wireless web document. The program is driven (1305).

For example, when the terminal-side screen output on the screen of the wireless terminal 135 includes a string (or a script) for automatically driving (or activating) the one-time authentication program, the one-time authentication program is the tag string (or script). It is preferred to be driven (or activated) by.

Alternatively, when the terminal-side screen output on the screen of the wireless terminal 135 includes a string (or a script) corresponding to the user interface for driving the one-time authentication program, the one-time authentication program is the tag string (or the script). It is preferable to be driven (or activated) through key input through a user interface corresponding to the key input means.

Thereafter, the wireless terminal 135 checks whether the wireless security authentication process is performed by generating a one-time authentication key through the one-time authentication program (1310).

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 135. When the terminal screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen Preferably, the one-time authentication program confirms that the one-time authentication key-based wireless security authentication is processed in the wireless terminal 135.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 135.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1315), the wireless terminal 135 outputs the terminal-side screen area through the one-time authentication program and the wireless security authentication process. A one-time authentication area for outputting a one-time authentication screen for the separation is processed to be output on the screen of the wireless terminal 135 (1320).

According to one embodiment of the present invention, the one-time authentication program reduces the terminal screen area output on the entire area of the screen of the wireless terminal 135 in a predetermined direction to set a terminal side output area, and the reduction. It is preferable to set the one-time authentication area in the remaining area.

For example, if the entire area of the screen of the wireless terminal 135 includes coordinates of (X, Y) to (0, 0), the one-time authentication program may set the terminal side screen area to (X, 0) to (Xx). It is preferable to set the terminal-side output area by reducing to (Yy), and to set the one-time authentication area at the coordinates of (X, Y) in the reduced and remaining (X-x + 1, Y-y + 1). .

For example, if the entire area of the screen of the wireless terminal 135 includes coordinates of (X, Y) in (0,0), the one-time authentication program is selected from (Xx, Yy) in (Xx, Yy) of the terminal screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in a terminal layer screen area upper layer corresponding to the coordinate of, Y).

Thereafter, the wireless terminal 135 includes a one-time authentication key start screen (or an interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1325), and the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1330).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the based wireless security authentication process is started (1335).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1340), the wireless terminal 135 receives the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) is performed (1345).

Thereafter, the wireless terminal 135 checks whether the caret assigned to the terminal output region moves to the one-time authentication region through a key input (1350).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1355), the wireless terminal 135 uses a caret allocated to the terminal-side output area to provide various services based on the terminal-side screen (or Information processing), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the other hand, when the caret assigned to the terminal output area is moved back to the one-time authentication area (1355), the wireless terminal 135 is a one-time authentication key output to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether an authentication key based wireless security authentication process is started through a start screen (or an interface) (1335).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1340), the wireless terminal 135 outputs a password input screen (or interface), the password input screen Check whether the password is input through the interface (1365).

If a password is input through the password input screen (or interface) (1370), the wireless terminal 135 checks the validity of the input password (1375).

If the password validity is not confirmed (1380), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1385), and correspondingly the password input screen (or When a password is input through the interface (1370), the wireless terminal 135 checks the validity of the input password (1375).

If the password validity is confirmed (1380), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

More specifically, FIG. 14 illustrates a process of generating a one-time authentication key in a time synchronization manner for the one-time authentication key-based wireless security authentication processing in the wireless terminal 135 shown in FIG. 7. Specifically, FIG. When the program driving information for the one-time authentication program is received through the wireless communication network through the wireless terminal 135 shown, and the one-time authentication key based wireless security authentication processing function is driven through the program driving information, the wireless terminal 135 1) A terminal side output area for outputting a screen (eg, a desktop screen, a content usage screen, a web access screen, a financial transaction screen, a payment screen, etc.) and a one-time authentication for wireless security authentication processing based on a one-time authentication key. After processing the screen to be divided into a one-time authentication area to output the output, a predetermined area on the one-time authentication area An interface output process of outputting a one-time authentication start screen (or interface) and outputting a password input screen (or interface) in a predetermined area on the one-time authentication area when one-time authentication is started through the one-time authentication start screen (or interface). The process is illustrated.

Referring to FIG. 14, a terminal side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the screen of the wireless terminal 135 illustrated in FIG. 7. During output, if program driving information for the one-time authentication program is received through the wireless communication network (1400), the wireless terminal 135 drives the one-time authentication program through the program driving information (1405).

Thereafter, the wireless terminal 135 checks whether the wireless security authentication process is performed by generating a one-time authentication key through the one-time authentication program (1410).

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1415), the wireless terminal 135 outputs the terminal-side screen through the one-time authentication program and the wireless security authentication process. A one-time authentication area for outputting a one-time authentication screen for the separation is processed to be output on the screen of the wireless terminal 135 (1420).

Thereafter, the wireless terminal 135 includes a one-time authentication key start screen (or an interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1425), and the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1430).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the based wireless security authentication process is started (1435).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1440), the wireless terminal 135 recalls the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) is performed (1445).

Thereafter, the wireless terminal 135 checks whether the caret assigned to the terminal output area moves to the one-time authentication area through a key input (1450).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1455), the wireless terminal 135 uses terminal-based screen-based various services (or Information processing) (1460), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the contrary, when the caret assigned to the terminal output area is moved back to the one time authentication area (1455), the wireless terminal 135 outputs the one time authentication key output to the one time authentication area based on the caret moved to the one time authentication area. Check whether the authentication key-based wireless security authentication process is started through the start screen (or interface) (1435).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1440), the wireless terminal 135 outputs a password input screen (or interface), and the password input screen. Check whether the password is input through the interface (or interface) (1465).

If a password is input through the password input screen (or interface) (1470), the wireless terminal 135 checks the validity of the input password (1475).

If the password validity is not confirmed (1480), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1485), and correspondingly the password input screen (or When the password is input through the interface (1470), the wireless terminal 135 checks the validity of the input password (1475).

If the password validity is confirmed (1480), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

In more detail, FIG. 15 illustrates that the password is authenticated through the interface output process shown in FIG. 12 or 13 or 14 in the wireless terminal 135 illustrated in FIG. 7. The present invention relates to a process of generating a one-time authentication key generation screen by outputting a one-time authentication key generation screen (or an interface) in a certain area on the authentication area. By referring to and / or modified may be inferred various implementation methods for the time synchronization-based one-time authentication key generation process, the present invention comprises all the inferred implementation method, the embodiment shown in Figure 15 The technical features are not limited only by the method.

Referring to FIG. 15, when the password is authenticated through the interface output process illustrated in FIG. 12 or 13 or 14 in the wireless terminal 135 illustrated in FIG. 7, the wireless terminal 135 performs the one-time authentication. After outputting the one-time authentication key generation screen (or an interface) to the area, a request (or command) to generate a time synchronization-based one-time authentication key (1500).

If the one-time authentication key generation request (or command) is confirmed through the one-time authentication key generation screen (or interface) (1505), the wireless terminal 135 is a memory unit (or a chip memory unit provided in the IC chip) Check the generation of the one-time authentication key generation information of the time synchronization method with the timer (1510).

If the one-time authentication key generation information of the time synchronization method is confirmed (1515), the wireless terminal 135 performs the wireless security authentication process by substituting the identified at least one or more one-time authentication key generation information into an authentication key generation algorithm. Generate a one-time authentication key for (1520).

16 is a diagram illustrating an interface output process for generating a challenge-response based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

In more detail, FIG. 16 illustrates a process of generating a one-time authentication key in a challenge-response method for a one-time authentication key-based wireless security authentication processing in the wireless terminal 135 shown in FIG. 7. In a state in which a terminal side screen including at least one of a desktop screen, a content using screen, a web access screen, a financial transaction screen, and a payment screen is output on the screen of the wireless terminal 135 shown in FIG. When the one-time authentication key-based wireless security authentication function is driven through the provided key input means, the wireless terminal 135 screen is displayed on the terminal side screen (eg, a desktop screen, a content usage screen, a web access screen, and a financial transaction screen). Terminal, output area for outputting payment screen, etc., and one-time authentication area for outputting a one-time authentication screen for wireless security authentication processing based on one-time authentication key After processing to be divided into the output, and output a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area, and the one-time authentication is started through the one-time authentication start screen (or interface), the one-time authentication area 1 illustrates an interface output process of outputting a password input screen (or interface) in a predetermined area on the screen.

Referring to FIG. 16, a terminal side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 135 screen shown in FIG. 7. And a key input (or a one-time authentication key-based wireless security authentication related user interface included in the terminal side screen) through a key input unit provided in the wireless terminal 135 while outputting the terminal side screen. When the one-time authentication program is driven through the associated key input (1605), the wireless terminal 135 checks whether the wireless security authentication process is performed by generating the one-time authentication key through the one-time authentication program (1610).

If it is confirmed that the one-time authentication key-based wireless security authentication process is confirmed (1615), the wireless terminal 135 outputs the terminal side screen through the one-time authentication program and the wireless security authentication process. In operation 1620, a single-use authentication area for outputting a one-time authentication screen for the mobile terminal 135 is output on the screen of the wireless terminal 135.

Thereafter, the wireless terminal 135 outputs a 1625 one-time authentication key start screen (or an interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1625), and the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1630).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the based wireless security authentication process is started (1635).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1640), the wireless terminal 135 receives the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) (1645).

Thereafter, the wireless terminal 135 checks whether the caret assigned to the terminal output region moves to the one-time authentication region through a key input (1650).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1655), the wireless terminal 135 uses terminal-based screen-based various services (or Information processing) (1660), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the other hand, if the caret assigned to the terminal-side output area is moved back to the one-time authentication area (1655), the wireless terminal 135 is a one-time authentication key output to the one-time authentication area based on the caret moved to the one-time authentication area. In operation 1635, the authentication key-based wireless security authentication process is started through the start screen (or interface).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1640), the wireless terminal 135 outputs a password input screen (or interface), and the password input screen. Check whether the password is input through the interface (or interface) (1665).

If a password is input through the password input screen (or interface) (1670), the wireless terminal 135 checks the validity of the input password (1675).

If the password validity is not confirmed (1680), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1685), and correspondingly the password input screen (or When the password is input through the interface (1670), the wireless terminal 135 checks the validity of the input password (1675).

If the password validity is confirmed (1680), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

17 is a diagram illustrating an interface output process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to another embodiment of the present invention.

In more detail, FIG. 17 illustrates a process of generating a one-time authentication key in a challenge-response method for a one-time authentication key-based wireless security authentication processing in the wireless terminal 135 shown in FIG. 7. At least one of a content use screen, a web access screen, a financial transaction screen, a payment screen, etc., in the form of a wireless web document including at least one or more tag strings (or scripts) on the terminal screen output to the wireless terminal 135 shown in FIG. When the one-time authentication key based wireless security authentication processing function is driven through the tag string (or script), the wireless terminal 135 screen is displayed on the terminal side screen (for example, a desktop screen and a content usage screen). Terminal output area that outputs web access screen, financial transaction screen, payment screen, etc.), and one-time authentication key based wireless security After processing to separate and output the one-time authentication screen for the one-time authentication area is output, and outputs a one-time authentication start screen (or interface) to a predetermined area on the one-time authentication area, and the one-time authentication start screen (or interface) When the one-time authentication is started through, an interface output process of outputting a password input screen (or an interface) in a predetermined area on the one-time authentication area is shown.

Referring to FIG. 17, a one-time wireless web document including a tag string (or a script) for driving a one-time authentication program is received by the wireless terminal 135 illustrated in FIG. 7, and the contents corresponding to the wireless web document are used. When the terminal-side screen including at least one screen, a web access screen, a financial transaction screen, a payment screen, etc. is output (1700), the one-time authentication is performed by a program driving related tag string (or script) included in the wireless web document. The program is driven (1705).

Thereafter, the wireless terminal 135 checks whether the wireless security authentication process is performed by generating a one-time authentication key through the one-time authentication program (1710).

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1715), the wireless terminal 135 outputs the terminal-side screen area through the one-time authentication program and the wireless security authentication process. A one-time authentication area for outputting a one-time authentication screen for the separation is processed to be output on the screen of the wireless terminal 135 (1720).

Thereafter, the wireless terminal 135 outputs a single-use authentication key start screen (or interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1725), and the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1730).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the base wireless security authentication process is started (1735).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1740), the wireless terminal 135 receives the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) is performed (1745).

Thereafter, the wireless terminal 135 checks whether the caret allocated to the terminal-side output area moves to the one-time authentication area through a key input (1750).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1755), the wireless terminal 135 uses terminal-based screen-based various services (or Information processing) (1760), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the other hand, if the caret assigned to the terminal output area is moved back to the one-time authentication area (1755), the wireless terminal 135 is a one-time authentication key output to the one-time authentication area based on the caret moved to the one-time authentication area It is checked whether the authentication key-based wireless security authentication process is started through the start screen (or interface) (1735).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1740), the wireless terminal 135 outputs a password input screen (or interface), the password input screen Confirm that the password is input through the interface (or interface) (1765).

If a password is input through the password input screen (or interface) (1770), the wireless terminal 135 checks the validity of the input password (1775).

If the password validity is not confirmed (1780), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1785), and correspondingly the password input screen (or When the password is input through the interface (1770), the wireless terminal 135 checks the validity of the input password (1775).

If the password validity is confirmed (1780), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

More specifically, FIG. 18 illustrates a process of generating a one-time authentication key in a challenge-response manner for the one-time authentication key-based wireless security authentication processing in the wireless terminal 135 shown in FIG. 7. When the program driving information for the one-time authentication program is received through the wireless communication network through the wireless terminal 135 shown in FIG. 1 and the one-time authentication key based wireless security authentication processing function is driven through the program driving information, the wireless terminal ( 135) A terminal side output area for outputting a screen to the terminal side screen (eg, a desktop screen, a content usage screen, a web access screen, a financial transaction screen, a payment screen, etc.), and a one-time use for one-time authentication-based wireless security authentication processing. After processing the screen to be divided into the one-time authentication area to output the authentication screen, the schedule on the one-time authentication area An interface for outputting a one-time authentication start screen (or interface) to the station and outputting a password input screen (or interface) to a predetermined area on the one-time authentication area when one-time authentication is started through the one-time authentication start screen (or interface). The print process is shown.

Referring to FIG. 18, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the wireless terminal 135 screen shown in FIG. 7. During output, the program driving information for the one-time authentication program and the first one-time authentication key generation information corresponding to the challenge-response challenge are received through a wireless communication network (1800), and the wireless terminal 135 receives the program. The one-time authentication program is driven through the driving information (1805).

According to another exemplary embodiment of the present invention, the first one-time authentication key generation information is received by requesting and receiving the authentication server 105 through the wireless communication network in the process of confirming the challenge-response one-time authentication key generation information. Also, the present invention is not limited thereto.

Thereafter, the wireless terminal 135 checks whether the wireless security authentication process is performed by generating a one-time authentication key through the one-time authentication program (1810).

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content using screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 135. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 135.

If it is confirmed that the one-time authentication key-based wireless security authentication process is confirmed (1815), the wireless terminal 135 outputs the terminal-side screen through the one-time authentication program and the wireless security authentication process. In operation 1820, a single-use authentication area for outputting a one-time authentication screen for the mobile terminal 135 is output on the screen of the wireless terminal 135.

Thereafter, the wireless terminal 135 outputs a single-use authentication key start screen (or interface) for requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area (1825), and the terminal side. The caret assigned to the output area is moved to the one-time authentication area and processed to be allocated (1830).

When the caret is assigned to the one-time authentication area, the wireless terminal 135 is a one-time authentication key through the one-time authentication key start screen (or interface) outputted to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether the based wireless security authentication process is started (1835).

If the one-time authentication key-based wireless security authentication process is not started through the one-time authentication key start screen (or interface) (1840), the wireless terminal 135 receives the caret assigned to the one-time authentication area through a key input. By relocating to the terminal-side output area and assigning and processing various key inputs through the terminal-side screen based on the reallocated caret, various services based on the terminal-side screen using the caret assigned to the terminal-side output area (Or information processing) (1845).

Thereafter, the wireless terminal 135 checks whether the caret allocated to the terminal-side output area moves to the one-time authentication area through a key input (1850).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1855), the wireless terminal 135 uses terminal-based screen-based various services (or Information processing) (1860), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the contrary, when the caret assigned to the terminal output area is moved back to the one time authentication area (1855), the wireless terminal 135 outputs the one time authentication key output to the one time authentication area based on the caret moved to the one time authentication area. Check whether the authentication key-based wireless security authentication process is started through the start screen (or interface) (1835).

If the one-time authentication key-based wireless security authentication process is started through the one-time authentication key start screen (or interface) (1840), the wireless terminal 135 outputs a password input screen (or interface) and the password input screen. Check whether the password is input through the interface (or interface) (1865).

If a password is input through the password input screen (or interface) (1870), the wireless terminal 135 checks the validity of the input password (1875).

If the password validity is not confirmed (1880), the wireless terminal 135 requests to re-enter a valid password through the password input screen (or interface) (1885), and correspondingly the password input screen (or When a password is input through the interface (1870), the wireless terminal 135 checks the validity of the input password (1875).

If the password validity is confirmed (1880), the wireless terminal 135 generates a one-time authentication key for processing the one-time authentication key-based wireless security authentication.

In more detail, when the password is authenticated through the interface output process illustrated in FIG. 16 or 17 or 18 in the wireless terminal 135 illustrated in FIG. 7, the wireless terminal 135 is disposable. The present invention relates to a process of generating a challenge-response based one-time authentication key by outputting a one-time authentication key generation screen (or an interface) in a certain area on the authentication area. By referring to and / or modifying 19, various implementation methods for the challenge-response based one-time authentication key generation process may be inferred, but the present invention includes all the inferred implementation methods, as shown in FIG. The technical features are not limited only to the implemented method.

Referring to FIG. 19, if the password is authenticated through the interface output process illustrated in FIG. 16 or 17 or 18 in the wireless terminal 135 illustrated in FIG. 7, the wireless terminal 135 performs the one-time authentication. After outputting the one-time authentication key generation screen (or an interface) to the area, a request (or command) is generated to generate a challenge-response based one-time authentication key (1900).

If the one-time authentication key generation request (or command) is confirmed through the one-time authentication key generation screen (or interface) (1905), the wireless terminal 135 to the challenge server 105 through the wireless communication network-the challenge- Request and receive first one-time authentication key generation information corresponding to a response challenge (1910), and the N-th corresponding to the challenge-response method through the memory unit (or a chip memory unit provided in the IC chip). = 2,3, ...) Verify the one-time authentication key generation information (1915).

If the challenge-response one-time authentication key generation information is confirmed (1920), the wireless terminal 135 substitutes the at least one or more confirmed one-time authentication key generation information into an authentication key generation algorithm to process the wireless security authentication. Generate a one-time authentication key for (1925).

20 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to an embodiment of the present invention.

In more detail, FIG. 20 shows the one-time authentication key generated by the one-time authentication key generation process shown in FIG. 15 or 19 in the wireless terminal 135 shown in FIG. 7 on the screen of the wireless terminal 135. The process of inputting through the one-time authentication area output separately from the terminal-side output area and transmitting to the authentication server 105 shown in Figure 11, if the person having ordinary knowledge in the technical field to which the present invention belongs, Various implementation methods for the process of inputting and transmitting the one-time authentication key by referring to and / or modifying the drawing 20 may be inferred, but the present invention includes all the inferred implementation methods. The technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 20, the wireless terminal 135 illustrated in FIG. 7 uses at least one-time authentication key generation information and an authentication key generation algorithm through the one-time authentication key generation process illustrated in FIG. 15 or 19. It is checked whether a one-time authentication key for processing wireless security authentication is generated (2000).

If the one-time authentication key for the wireless security authentication process is generated (2005), the wireless terminal 135 is located in a predetermined area on the one-time authentication area outputted separately from the terminal-side output area on the screen of the wireless terminal 135. The generated one-time authentication key is output (2010), and the one-time authentication key input screen (or interface) is output to a predetermined area on the one-time authentication area that is output separately from the terminal-side output area (2015).

Thereafter, the wireless terminal 135 checks whether the one-time authentication key is input through a one-time authentication key input screen (or an interface) outputted in the one-time authentication area output by being distinguished from the terminal side output area through a key input ( 2020).

If the one-time authentication key is input through the one-time authentication key input screen (or interface) outputted in the one-time authentication area output separately from the terminal side output area (2025), the wireless terminal 135 is the one-time authentication key Generate security authentication request information including the one-time authentication key input through an input screen (or an interface) (2030), and transmit the one-time authentication key to the authentication server 105 shown in FIG. 11 through the wireless communication network. The security authentication request information is transmitted, including 2035.

According to another embodiment of the present invention, when the security authentication request and the financial transaction (or payment) are made together, the one-time authentication key may be included in the financial transaction request information (or payment request information) and transmitted. This makes it clear that the present invention is not limited.

In detail, FIG. 21 shows the one-time authentication key generated by the one-time authentication key generation process shown in FIG. 15 or 19 in the wireless terminal 135 shown in FIG. 7 on the screen of the wireless terminal 135. The process of inputting through the terminal-side output area to be distinguished from the one-time authentication area and transmitting to the authentication server 105 shown in Figure 11, if the person of ordinary skill in the art Various implementation methods for the process of inputting and transmitting the one-time authentication key by referring to and / or modifying the drawing 21 may be inferred, but the present invention includes all the inferred implementation methods. The technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 21, the wireless terminal 135 illustrated in FIG. 7 uses at least one-time authentication key generation information and an authentication key generation algorithm through the one-time authentication key generation process illustrated in FIG. 15 or 19. Check whether a one-time authentication key for processing wireless security authentication is generated (2100).

If the one-time authentication key for the wireless security authentication process is generated (2105), the wireless terminal 135 is located in a predetermined area on the one-time authentication area outputted separately from the terminal-side output area on the screen of the wireless terminal 135. The generated one-time authentication key is output (2110), and a caret is allocated to a one-time authentication key input screen (or interface) included in the terminal-side output area (2115).

Thereafter, the wireless terminal 135 checks whether the one-time authentication key is input through a one-time authentication key input screen (or an interface) included in the terminal-side output area which is distinguished from the one-time authentication area through a key input ( 2120).

If the one-time authentication key is input through the one-time authentication key input screen (or interface) output in the terminal-side output area that is output separately from the one-time authentication area (2125), the wireless terminal 135 is the one-time authentication key Generate security authentication request information including the one-time authentication key input through an input screen (or an interface) (2130), and transmit the one-time authentication key to the authentication server 105 shown in FIG. 11 through the wireless communication network. The security authentication request information is transmitted (2135).

22 is a diagram illustrating a one-time authentication key based wireless security authentication process according to an embodiment of the present invention.

In more detail, FIG. 22 illustrates the one-time authentication from the wireless terminal 135 shown in FIG. 7 to the authentication server 105 shown in FIG. 11 through the one-time authentication key transmission process shown in FIG. 20 or 21. The present invention relates to a process of processing the one-time authentication key-based wireless security authentication by validating the one-time authentication key in the authentication server 105 when transmitting the security authentication request information including a key. Those skilled in the art will be able to infer various implementation methods for the one-time authentication key-based wireless security authentication process by referring to and / or modifying the drawing 22, but the present invention provides all the inferences It is made, including the method, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 22, the one-time authentication key from the wireless terminal 135 shown in FIG. 7 to the authentication server 105 shown in FIG. 11 through the one-time authentication key transmission process shown in FIG. 20 or 21. When transmitting the security authentication request information including the, the authentication server 105 receives the security authentication request information including the one-time authentication key via a wireless communication network (2200), the wireless communication network (for example, a network on a wireless communication network) In operation 2205, information about the wireless terminal 135 that transmits the security authentication request information is confirmed by reading the protocol associated with the operation system 130 or by reading the protocol for receiving the security authentication request information.

If the information on the wireless terminal 135 that transmits the security authentication request information is confirmed (2210), the authentication server 105 is connected to the one-time authentication management D / B 1130 shown in Figure 11 the wireless terminal In operation 1215, the one-time authentication key generation information and the authentication key generation algorithm corresponding to the one-time authentication key are checked from the one-time authentication key management information associated with the information.

If the one-time authentication key generation information and the authentication key generation algorithm corresponding to the one-time authentication key is confirmed (2220), the authentication server 105 uses the one-time authentication key generation information and the authentication key generation algorithm. Generate a one-time authentication key authentication code corresponding to the authentication key (2225), and compares the one-time authentication key included in the security authentication request information with the generated one-time authentication key authentication code to verify the validity of the one-time authentication key. (2230).

If the validity of the one-time authentication key is confirmed (2235), the authentication server 105 generates security authentication result information including the one-time authentication key validation result through the wireless communication network to the wireless terminal 135 And the one-time authentication key to the wireless server 125 (eg, the financial server 110, the payment server 115, the wireless web server 120, etc.) requesting the one-time authentication key-based wireless security authentication. Share the validity results and transmit (2245), the wireless server 125 corresponding to at least one or more financial transactions, payments and authentication based on the one-time authentication key validity results Provide additional services.

In more detail, FIG. 23 illustrates the one-time authentication in the authentication server 105 shown in FIG. 11 through the one-time authentication key based wireless security authentication process shown in FIG. 22 in the authentication server 105 shown in FIG. After generating security authentication result information including a key validation result and transmitting the result to the wireless terminal 135 shown in FIG. 7, the wireless terminal 135 processes the wireless security authentication using the security authentication result information. As for the person skilled in the art to which the present invention pertains, various implementation methods for the one-time authentication key based wireless security authentication process may be inferred by referring to and / or modifying this drawing 23. The present invention includes all the implementation methods inferred, and the technical features are not limited to the implementation method illustrated in FIG. .

Referring to FIG. 23, the one-time authentication key in the authentication server 105 shown in FIG. 11 through the wireless authentication process based on the one-time authentication key shown in FIG. 22 in the authentication server 105 shown in FIG. After generating security authentication result information including a validity result and transmitting it to the wireless terminal 135 shown in FIG. 7, the wireless terminal 135 validates the one-time authentication key from the authentication server 105 through a wireless communication network. In operation 2300, it is checked whether security authentication result information including the verification result (eg, validity approval or validity error) is received.

If the security authentication result information is received (2305), the wireless terminal 135 extracts the one-time validation result from the security authentication result information and outputs it to a predetermined area on the one-time authentication area (2310). The one-time authentication key end screen (or interface) is output to a predetermined area on the authentication area (2315).

Thereafter, it is checked whether the wireless security authentication process using the one-time authentication key is terminated through the one-time authentication key end screen (or an interface) output on the one-time authentication area (2320).

If the wireless security authentication process using the one-time authentication key is terminated through the one-time authentication key end screen (or interface) (2325), the wireless terminal 135 forms the one-time authentication area on the screen of the wireless terminal 135. In operation 2330, the terminal output area is output to the entire area of the screen of the wireless terminal 135.

According to the present invention, a terminal-side output area for outputting a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, a payment screen, and the like, which are output to a wireless terminal screen used by a customer; By processing the one-time authentication area where the one-time authentication screen for wireless security authentication processing based on the one-time authentication key is output through the divided areas on the screen of the wireless terminal, various financial transactions (or payment) and wireless services using the wireless communication network There is an advantage to provide a one-time authentication key-based wireless security authentication function.

Claims

In the interface output method of a wireless terminal for outputting a terminal-side screen including at least one of a desktop, a content using screen, a web access screen, a financial transaction screen, a payment screen, etc.,

When the one-time authentication key-based wireless security authentication processing, the terminal side output area for outputting the terminal-side screen on the wireless terminal screen, and processing to be divided into a one-time authentication area for processing the one-time authentication key-based wireless security authentication ;

Outputting a one-time authentication start screen (or an interface) to a predetermined area on the one-time authentication area that is divided and output from the terminal side output area;

Outputting a password input screen (or interface) to a predetermined area on the one-time authentication area when one-time authentication is started through the one-time authentication start screen (or interface);

A one-time authentication key generation screen (or outputting a one-time authentication key to a certain area on the one-time authentication area when the password is input through the password input screen (or interface), and the password is authenticated to generate a one-time authentication key. Interface);

Outputting a one-time authentication key input screen (or interface) for inputting the one-time authentication key in a predetermined area on the one-time authentication area; And

Outputting a one-time authentication key end screen (or an interface) to a predetermined area on the one-time authentication area when wireless security authentication is processed through the one-time authentication key input through the one-time authentication key input screen (or interface). One-time authentication interface output method, characterized in that made.

The method of claim 1,

And a step of moving a caret between the terminal-side output area and the disposable authentication area in association with a key input means provided in the wireless terminal.

A recording medium comprising a program for executing the method of claim 1.