KR20090036061A - Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium - Google Patents

Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium Download PDF

Info

Publication number
KR20090036061A
KR20090036061A KR1020070101157A KR20070101157A KR20090036061A KR 20090036061 A KR20090036061 A KR 20090036061A KR 1020070101157 A KR1020070101157 A KR 1020070101157A KR 20070101157 A KR20070101157 A KR 20070101157A KR 20090036061 A KR20090036061 A KR 20090036061A
Authority
KR
South Korea
Prior art keywords
time authentication
wireless terminal
wireless
authentication
screen
Prior art date
Application number
KR1020070101157A
Other languages
Korean (ko)
Inventor
정종필
Original Assignee
주식회사 신한은행
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 신한은행 filed Critical 주식회사 신한은행
Priority to KR1020070101157A priority Critical patent/KR20090036061A/en
Publication of KR20090036061A publication Critical patent/KR20090036061A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for providing a location linkage wireless one-time authentication-key, and a mobile phone and a recording medium for the same are provided to perform wireless security authentication of which security reliability is enhanced by performing authentication based on the location coordinate information of a wireless terminal and a one-time authentication key. A location calculating unit(140) calculates the location coordinate information of a mobile terminal by measuring the current location of the mobile phone through a location measurement unit(193). A generation unit(150) processes wireless security authentication based on a one-time authentication key. An information generation unit(145) generates security authentication request information, and the security authentication request information includes a one-time authentication key and the location coordinate information of a mobile phone. A communication processing unit(157) transmits the security authentication request information to an authentication sever of a communication network.

Description

Method for Providing Location-Linked Wireless One-Time Authentication Key and Mobile Phone and Recording Media for It {Method for Providing Location Linkage Wireless One-time Authentication-Key and Mobile Phone, Recording Medium}

1 is a diagram illustrating a wireless terminal function configuration having a one-time authentication key based wireless security authentication processing function using location information according to an embodiment of the present invention.

2 is a diagram illustrating a program providing system configuration for remotely downloading a one-time authentication program to a wireless terminal according to an embodiment of the present invention.

3 is a diagram illustrating a configuration of wireless terminal information having a one-time authentication program according to an embodiment of the present invention.

4 is a diagram illustrating one-time authentication management information provided to a wireless terminal according to an embodiment of the present invention.

5 is a diagram illustrating one-time authentication management information provided to a wireless terminal according to another embodiment of the present invention.

6 is a diagram illustrating a process of remotely loading and downloading a one-time authentication program to a wireless terminal according to an embodiment of the present invention.

7 is a diagram illustrating a configuration of a one-time authentication key-based wireless security authentication processing system according to an embodiment of the present invention.

8 is a diagram illustrating a one-time authentication area output for wireless security authentication processing and a password input process for one-time authentication key-based wireless security authentication processing according to an embodiment of the present invention.

FIG. 9 is a diagram illustrating a one-time authentication area output for wireless security authentication processing and a password input process for one-time authentication key-based wireless security authentication processing according to another embodiment of the present invention.

FIG. 10 is a diagram illustrating a one-time authentication area output for wireless security authentication and a password input process for one-time authentication key-based wireless security authentication according to another embodiment of the present invention.

11 is a diagram illustrating a password input process for a one-time authentication key-based wireless security authentication process through another area other than the one-time authentication area output and the one-time authentication area output for the wireless security authentication process according to an embodiment of the present invention.

12 is a diagram illustrating a password input process for one-time authentication key-based wireless security authentication processing through another area other than one-time authentication area output and one-time authentication area output for wireless security authentication processing according to another embodiment of the present invention. .

FIG. 13 is a view illustrating a password input process for one-time authentication key based wireless security authentication processing through another area other than one-time authentication area output and one-time authentication area output for wireless security authentication processing according to another embodiment of the present invention. to be.

14 is a diagram illustrating a process of generating a time synchronization-based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

15 is a diagram illustrating a process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

16 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to an embodiment of the present invention.

17 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to another embodiment of the present invention.

18 is a diagram illustrating a one-time authentication key-based wireless security authentication process according to an embodiment of the present invention.

19 is a diagram illustrating a one-time authentication key-based wireless security authentication process according to an embodiment of the present invention.

<Description of main parts of drawing>

100: network operation system 105: authentication server

110: control unit 115: one-time authentication processing unit

120: caret processing unit 125: security certification confirmation unit

130: output processing unit 135: interface output unit

140: position calculation unit 143: position calculation check unit

145: information generating unit 147: security authentication processing unit

150 generation unit 153 confirmation unit

157: communication processing unit 160: screen output unit

163: sound processing unit 165: key input unit

167: IC chip 170: IC chip reader

173 input and output interface 175 processor unit

177: chip reader 180: IC chip storage information

183: processing unit 185: storage unit

187: battery 188: memory

190: wireless processing unit 193: position location

195: wireless terminal

The present invention is a step of processing to position the current position of the mobile phone through the position positioning unit for positioning the position of the mobile phone during the one-time authentication key-based wireless security authentication process using a mobile phone, the location of the mobile phone, the positioning Calculating mobile phone position coordinate information corresponding to the location of the mobile phone, generating a one-time authentication key for processing the one-time authentication key-based wireless security authentication, and the generated one-time authentication key uses the one-time authentication key input interface. If it is input through, the step of generating the security authentication request information including the one-time authentication key and the location information of the mobile phone and the security authentication request information by transmitting to the authentication server on the communication network based wireless security authentication Location interlocking wireless one-time authentication key comprising the step of causing the processing It relates to a method.

As the rapid development of information and communication technology has been applied to the financial industry, most financial transactions (or payments) and various service industries that have been conventionally face-to-face have been made online through non-face-to-face financial transactions (or payments) and online services. Developed into an industry.

As the non-face-to-face financial transactions (or payments) and online service industries are gradually activated, cases of security problems such as online anonymity and security shortcomings in communication protocols are increasing rapidly. The non-face-to-face financial transactions (or payments) and online services are based on a method of using an encryption / decryption-based security protocol to solve anonymity, compensate for shortcomings in communication protocols through real name verification.

Recently, various non-face-to-face financial transactions (or payments) and online services that have been activated online have been transferred to the wireless field using the wireless network due to the opening of the wireless network and the expansion of the wireless communication infrastructure. Most wireless terminals are not only more constrained to MMI (Man Machine Interface) than the wired terminals used online, but also have low computing power, and the communication speed of the wireless network is lower than on-line. Since the security defects are different, it includes a problem that is difficult to apply the security function applied online, the security function applied to the wireless field is to minimize the user input, and to prevent high-level encryption / decryption operation It is preferably made in the form.

On the other hand, as a means for solving the online security problem, a one-time authentication key method called a one-time password (OTP) is commercially available, so-called OTP generator for the security function of the one-time authentication key method Although a module called a wireless terminal is used recently, an example of using the wireless terminal as an OTP generator for an online security function (for example, inputting an OTP generated by a wireless terminal to an online wired terminal) has been commercialized. In order to apply the OTP commercially available online to transactions (or payments) and wireless services, a national policy (eg, a two-factor policy in which the OTP generator must be logically separated from the communication terminal), or security This includes problems on elements (eg, lost wireless terminals, or changes in wireless carriers, etc.).

An object of the present invention for solving the above problems, during the disposable authentication key-based wireless security authentication process using a mobile phone, by positioning the current location of the mobile phone through the location positioning unit for positioning the mobile phone location coordinate information A location calculation unit for calculating, a generation unit for generating a one-time authentication key for processing the wireless authentication based on the one-time authentication key, and information generation for generating security authentication request information including the one-time authentication key and the mobile phone position coordinate information And a communication processor for transmitting the security authentication request information to the authentication server on the communication network.

The method for providing a position-linked wireless disposable authentication key according to the present invention comprises the steps of: processing a current position of the mobile phone through a location positioning unit for positioning the mobile phone during wireless authentication authentication based on a one-time authentication using a mobile phone; And when the location of the mobile phone is positioned, calculating mobile phone position coordinate information corresponding to the location of the mobile phone, generating a one-time authentication key for processing the one-time authentication key-based wireless security authentication, and generating the mobile phone. When the one-time authentication key is input through the one-time authentication key input interface, generating security authentication request information including the input one-time authentication key and the mobile phone position coordinate information and the security authentication request information to the authentication server on the communication network. To transmit the one-time authentication key based wireless security authentication And characterized by comprising comprises a.

On the other hand, the method for providing a location-linked wireless one-time authentication key according to the present invention, generating a one-time authentication key for processing the one-time authentication key-based wireless security authentication, the one-time authentication key-based wireless security authentication processing using a mobile phone, Processing the current location of the mobile phone through a location positioning unit for positioning the mobile phone; if the location of the mobile phone is located, calculating mobile phone location coordinate information corresponding to the location of the mobile phone; When the mobile phone position coordinate information is calculated, generating security authentication request information including the one-time authentication key and the mobile phone position coordinate information, and transmitting the security authentication request information to an authentication server on a communication network based on the one-time authentication key. Characterized by comprising the step of processing the wireless security authentication. It is done.

On the other hand, it includes a recording medium recording a program for executing the above-described method for providing a wireless interlocking wireless authentication key.

On the other hand, the location-linked wireless disposable authentication key providing mobile phone according to the present invention, the mobile phone by positioning the current position of the mobile phone through a location positioning unit for positioning the location of the mobile phone when the wireless security authentication processing based on the disposable authentication key using the mobile phone A location calculation unit for calculating position coordinate information, a generation unit for generating a one-time authentication key for processing the wireless authentication based on the one-time authentication key, and security authentication request information including the one-time authentication key and the mobile phone position coordinate information; And a communication processing unit for transmitting the generated information generating unit and the security authentication request information to the authentication server on the communication network.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also omitted as described above The relationship between the components and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify, integrate, or separate the terminology so that those skilled in the art to which the present invention pertains may clearly understand the present invention. The present invention is by no means limited thereto.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram showing the configuration of a wireless terminal 195 having a one-time authentication key based wireless security authentication processing function using location information according to an embodiment of the present invention.

In more detail, FIG. 1 shows at least one financial transaction screen (payment screen) on a wireless terminal 195 screen used by a customer when the wireless terminal 195 for processing the one-time authentication key-based wireless security authentication is a mobile communication terminal. When a one-time authentication key-based wireless security authentication processing for the financial transaction (or payment) processing is required in a state in which a terminal-side screen including one or more is output in advance, a predetermined area (or an entire area) on the screen of the wireless terminal 195 is required. ) To output a one-time authentication area including a one-time authentication screen for processing the one-time authentication key-based wireless security authentication, and to position the position of the wireless terminal 195 in response to the one-time authentication area output. 195) After calculating the position coordinate information, the disposable authentication key and the wireless terminal 195 position coordinate information generated through the one-time authentication screen FIG. 1 illustrates a configuration of a wireless terminal 195 having a one-time authentication program for processing a one-time authentication key based wireless security authentication in connection with the present invention. By referring to and / or modified to infer various implementation methods for the configuration of the wireless terminal 195 function with the one-time authentication key-based wireless security authentication processing function, the present invention includes all the inferred implementation method It is made by, and the technical features are not limited only to the implementation method shown in FIG.

For example, those skilled in the art to which the present invention pertains may refer to, and / or modify, the wireless terminal 195 in addition to the mobile communication terminal by referring to and / or modifying FIG. 3, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the configuration of the wireless terminal 195 function having the one-time authentication key-based wireless security authentication processing function, and the present invention is apparent that the present invention includes all possible inference methods. It is a bar.

The wireless terminal 195 for providing a mobile communication service according to an embodiment of the present invention, in terms of hardware, an external body, a speaker, a microphone, a keypad, a liquid crystal display (LCD), an antenna, and a battery 187. And a predetermined modem chip (e.g., US Qualcomm) having internal functions such as a code division multiple access (CDMA) modem, a central processing unit / micro processing unit (CPU / MPU), a vocoder, and the like. Qualcomm) 's MSM series modem chips), various memory elements, duplexer filters that separate transmission and reception signals from one antenna, power amplifiers for amplifying transmission signals, high power amplifiers (HPAs), and high power transmission signals Isolator to prevent return, RF / IF SAW filter to remove unwanted out-of-band unwanted signal, frequency up circuit of transmission path, frequency down of reception path Including a circuit circuit, a Voltage Controlled Temperature Compensated X-tal Oscillator (VCTCXO) corresponding to a reference clock source, a UHF frequency synthesizer used as a local signal for frequency up-down conversion, and a codec chip for converting an analog voice signal into a digital signal. The internal components are gradually integrated in the modem chip, and the modem chip provides various multimedia services and / or additional services in addition to the core components for the mobile communication service. Various functions are being integrated together.

Referring to FIG. 1, the wireless terminal 195 having the one-time authentication key-based wireless security authentication processing function structurally outputs a control unit 110 corresponding to the modem chip and a liquid crystal display (LCD). The unit 160, a sound processor 163 corresponding to a microphone / speaker, a key input unit 165 corresponding to a keypad, a wireless processor 190 corresponding to an antenna and various RF modules, and a nonvolatile memory And a memory unit 188 and a battery 187 for supplying a predetermined power.

In addition, the wireless terminal 195 may be an IC chip 167 mounted on or detached from the wireless terminal 195 to provide various financial (or payment) services and / or various additional services corresponding thereto (for example, USIM ( Universal Subscriber Identity Module or financial IC chip 167) and an IC chip reader 170 for reading / writing at least one or more information (or data) on the IC chip 167. Do.

In addition, the wireless terminal 195 is a location positioning unit for positioning the position of the wireless terminal 195 through at least one or more of the radio positioning method of the GPS (Global Positioning System) -based radio positioning method, or a communication network-based radio positioning method ( And 193).

The control unit 110 includes a processor and execution memory including a CPU / MPU provided in the modem chip in hardware, and provides a predetermined program routine for providing a function specific to the wireless terminal 195 from a predetermined memory device. And a predetermined electronic circuit (or integrated circuit) for inputting and outputting the output data and / or program data. The memory unit 188 and And / or a generic term for program routines and / or program data loaded from the memory device (or chipset) into the execution memory and computed through the processor to perform specific functions (hence, the one-time authentication key based wireless security authentication process). For convenience, a predetermined program routine recorded on the recording medium of the wireless terminal 195 may be conveniently stored in the control unit 110. The program routine included in the controller 110 is basically an operating system routine (not shown) and at least one system management routine (eg, a power management routine, a channel (forward / reverse) management). Routine, handoff routine, etc.), and various functional configurations intended to be implemented in the wireless terminal 195 by the controller 110 are realized.

According to the exemplary embodiment of the present invention, after power is supplied to the wireless terminal 195, the operating system routine (not shown), at least one system management routine (not shown), and various system variables corresponding thereto are stored in the controller ( By loading into the execution memory included in the 110 and arithmetic processing by the processor, the wireless terminal 195 converts a system setting detailed state, a pilot channel acquisition detailed state, a synchronization channel acquisition detailed state, and a timing change according to a predetermined booting procedure. The operation mode corresponding to the "mobile station initialization state" including the detailed state is set.

After performing the booting procedure, the operating system routine (not shown), at least one system management routine (not shown), and various system variables corresponding thereto are loaded into the execution memory included in the controller 110 and loaded into the processor. By the arithmetic processing, the wireless terminal 195 is set to an operation mode corresponding to a "mobile station call waiting state", "system access state", "call channel state", or the like, thereby enabling mobile communication based wireless connection and call processing ( Call Processing) procedure.

The screen output unit 160 is a function configuration unit for checking the operation of each operation mode and the corresponding operation state of the wireless terminal 195, one or more including an LCD provided in the wireless terminal 195 And a screen output device and a driver for driving the screen output device, and output at least one key data input through the key input unit 165 in association with the control unit 110, and / Or outputs a menu screen, a function processing screen, and a function processing result screen corresponding to at least one or more functions (or programs) included in the wireless terminal 195, and / or provided in the wireless terminal 195 (or At least one content (eg, text content, image content, multimedia content) to be downloaded is output.

According to the exemplary embodiment of the present invention, the screen output unit 160 performs a function of screen output means for outputting various function processing screens and function processing result screens corresponding to the one-time authentication key-based wireless security authentication processing function. desirable.

The sound processor 163 is a functional component that processes input and output of sound in each operation mode of the wireless terminal 195. The sound processor 163 decodes at least one or more encoded sound data and is provided in the wireless terminal 195. And a vocoder and a codec for encoding and encoding a sound signal inputted through a microphone provided in the wireless terminal 195 and / or the microphone provided in the wireless terminal 195. .

According to an exemplary embodiment of the present invention, the sound processor 163 may include a sound corresponding to a predetermined ring back tone through the speaker in an operation mode corresponding to the “system access state” among the operation modes of the wireless terminal 195. It is preferable to decode and output data, and / or to encode and input a predetermined voice signal through a microphone in an operation mode corresponding to the "call channel state", or to decode and output a predetermined voice signal through a speaker. .

The sound processor 163 may also play at least one sound content and / or multimedia content provided (or downloaded) by the wireless terminal 195 in at least one operation mode including the "mobile station call waiting state." In this case, it is preferable to decode and output sound data corresponding to the reproduced content.

According to the exemplary embodiment of the present invention, the sound processor 163 preferably performs a function of sound output means for decoding and outputting sound data corresponding to the one-time authentication key-based wireless security authentication processing function.

The key input unit 165 is provided with at least one key button including a predetermined number key and / or a character key and / or a function key. And a driver for driving the key input device, thereby detecting at least one key input signal generated by clicking (or entering) the key button in the key input device. It is characterized by.

According to the present invention, when a predetermined key input signal is detected from a predetermined key button provided in the key input device in a predetermined input mode and / or at least one or more operation modes controlled by the controller 110, the key. The input unit 165 generates a predetermined key event (eg, MH_KEY_PRESSEVENT, MH_KEY_REPEATEVENT, MH_KEY_RELEASEEVENT) corresponding to the detected key input signal, and provides the generated key event to the controller 110. The controller 110 reads predetermined key data corresponding to the key event in the current input mode and / or operation mode of the wireless terminal 195 (eg, a specific key event in each input mode and / or operation mode). Read key data from the key table that stores (manages) at least one key data corresponding to the key event; and / or And a command for executing a predetermined function matched with the vent.

According to the exemplary embodiment of the present invention, the key input unit 165 inputs a predetermined telephone number in an operation mode corresponding to the "mobile station call waiting state" of each operation mode of the wireless terminal 195, and inputs a predetermined " By inputting a "call" button, it is preferable to change the operation mode of the radio terminal 195 to an operation mode corresponding to the "system access state".

In addition, the key input unit 165 inputs a predetermined function key (for example, a menu key) in an operation mode corresponding to the "mobile station call waiting state" in each operation mode of the wireless terminal 195, thereby providing the wireless terminal. It is preferable to execute various functions provided in 195.

According to an embodiment of the present invention, the key input unit 165 preferably performs a function of key input means for inputting at least one or more key data corresponding to the one-time authentication key-based wireless security authentication processing function.

The wireless processor 190 is a functional component that connects a wireless channel with a base station on a mobile communication network in which the wireless terminal 195 operates based on CDMA / WCDMA, and includes a CDMA modem and various RF modules (eg, duplexer filter, power). Amplifiers, High Power Amplifiers (HPAs), Isolators, RF / IF SAW Filters, Frequency Up-Circuits, Frequency Down-Conversion Circuits, VCTCXOs, UHF Frequency Synthesizers, etc. for Reference Clock Sources) and Antennas And a location registration and / or slot mode and / or power control corresponding to each operation mode of the wireless terminal 195 in connection with the control unit 110. Control and / or hand-off and / or call processing procedures.

According to an embodiment of the present invention, the wireless processing unit 190 is a radio frequency signal transmission / reception function corresponding to the one-time authentication key based wireless security authentication processing function (eg, antenna control, modulation, synthesis, amplification and / or radio frequency signal). Or performing filtering or the like).

In particular, the wireless processing unit 190 processes the information or signal transmitted from the wireless terminal 195 to the base station into a CDMA stack or receives a CDMA stack received from the base station for the one-time authentication key based wireless security authentication processing. It is preferable to include a function for reading a predetermined information or signal from the.

The IC chip reader unit 170 is an IC chip 167 (for example, mounted or detached from the wireless terminal 195 through an IC chip 167 standard including ISO / IEC 7816 and / or ISO / IEC 14443). , A functional IC for exchanging at least one or more information (or data, or command) with the financial IC chip 167, or USIM), the contact IC card reader corresponding to the ISO / IEC 7816 standard, and / or And a contactless IC card reader corresponding to the ISO / IEC 14443 standard, wherein the IC card reader has at least one or more information (or data) with the IC chip 167 through an application protocol data unit (APDU). , Or command).

Referring to the standards including ISO / IEC 7816 and / or ISO / IEC 14443, the IC chip 167 mounted or detached from the customer wireless terminal may include a power supply (VCC), a reset signal (RST), and a clock signal. I / O to communicate with IC chip reader 170 (e.g. command or data exchange) via contact points such as CLK, ground GND, programming power supply (VPP), and / or input / output (I / O), etc. A processor unit 175 including an interface 173, at least one computing element including a central process unit (CPU), a micro process unit (MPU), a coprocessor, and / or the like, and a ROM (Read Only) And a chip memory unit 177 comprising at least one memory element including a memory, a random access memory (RAM), an electrically erasable and programmable read only memory (EEPROM), a flash memory (FM), and the like. At least one memory device (eg, ROM) ) Is a chip operating system (COS) for managing and operating the IC card internal resources, and is stored from the IC chip reader unit 170 through a power supply (VCC) contact point of the input / output interface 173. When the power is supplied, the COS stored in the chip memory unit 177 is loaded into a predetermined execution memory to control the overall operation of the IC chip 167, and the clock frequency (eg, 3.57) of the contact point of the clock signal CLK is controlled. Control information or data exchange between the IC chip 167 and the IC chip reader unit 170 through an APDU (Application Protocol Data Unit) based on MHz or 4.9 MHz.

According to the present invention, the chip memory unit 177 of the IC chip 167 stores at least one IC chip 167 corresponding to a card application for providing the USIM function (or the financial IC chip 167 function). The information 180 is stored, and the IC chip 167 stored information 180 corresponds to predetermined information or data that is read and / or used by a processor provided in a customer wireless terminal. A program used by a processor provided in the customer wireless terminal to operate or be executed by a storage unit 185 for storing a data set, an operation function of the processor unit 175, and an instruction set provided by a COS. As a routine (for example, a Java Applet in the case of Javacard), the instruction call code interacting with the instruction set of the COS and the execution code processed by the processor unit 175 are stored. It is characterized in that comprises a processing unit (183) for the application illustration made in box.

Here, in particular, the processing unit 183 reads a command provided from the processor provided in the customer wireless terminal through the input / output interface 173 through an APDU, and based on the read command, the processing unit 183 reads the command to the storage unit 185. Read or record at least one or more information or data stored, and provide the result or read information or data to the processor provided in the customer wireless terminal via the input and output interface 173 through an APDU. do.

According to an embodiment of the present invention, the storage unit 185 stores at least one unique information of the wireless terminal 195 for the one-time authentication key based wireless security authentication processing function, wherein the storage unit ( The unique information of the wireless terminal 195 stored in the 185 may include a telephone number of the wireless terminal 195 assigned to the wireless terminal 195, USIM information, unique information of the IC chip 167, a dynamic (or fixed) IP address, and the like. It is preferable to include at least one.

According to a preferred embodiment of the present invention, the chip memory unit 177 of the IC chip 167 includes a security structure based on ISO / IEC 10202. Accordingly, the chip memory unit 177 may include a CSN ( And a protection area for storing secret information such as a Chip Serial Number), a COS control area, a user application area, a read / write access area, an application program area, and a FAT (File Allocation Table) management area. The IC chip 167 storage information 180 is preferably stored in an area excluding the protection area and the COS control area.

In addition, according to ISO / IEC 7816 and / or ISO / IEC 14443 ICC standards, the chip memory unit 177 may include one master file (MF) corresponding to a root file, and the master file. ATR (Answer To Reset) including function information on at least one stored information at a lower portion, at least one dedicated file (DF) corresponding to each ICC stored information, and disposed below the dedicated file. And a file structure including an element file (EF) including substantial information and / or data for a smart card service. The IC chip 167 storage information 180 for the present invention is also the same as described above. This includes the file structure.

According to an embodiment of the present invention, if the IC chip 167 is a financial IC chip (or USIM with financial information), the IC chip 167 stored information 180 is an electronic bankbook and a financial joint. It is preferable to include a financial account (or financial product) means including a network, and / or credit card payment method, debit card payment method, check card payment method, It is preferable to include at least one prepaid card payment means, electronic wallet (Electronic Wallet) payment means.

The position location unit 193 receives and interprets a predetermined satellite signal from at least four GPS satellites that exist for the horizon with respect to the wireless terminal 195 among 24 GPS satellites that are operating the earth orbit, and thereby, the radio terminal. The location of the wireless terminal 195 is characterized by a GPS-based wireless positioning method for positioning a three-dimensional position of 195.

According to an embodiment of the present invention, the positioning unit 193 is provided with at least one or more satellite data corresponding to at least one or more GPS satellite signals received from at least one or more GPS satellites, and based on the satellite data, It is characterized by calculating the current position information of the radio terminal 195 by positioning the current position of the terminal 195, the position positioning unit 193 is a predetermined GPS chip (eg, MSM) provided in the modem chip 3300 modem chip and the 'gpsONE' chip mounted on the modem chip), and / or comprises a GPS positioning program code recorded on the recording medium provided in the wireless terminal 195.

According to an embodiment of the present invention, the location positioning unit 193 is received from at least one or more (preferably four or more) GPS satellites located on the line of sight at the current location of the wireless terminal 195. It is preferable to calculate the current position information of the wireless terminal 195 through a simple GPS positioning method for positioning the current position of the wireless terminal 195 based on the GPS satellite signal.

According to another exemplary embodiment of the present invention, the location positioning unit 193 is a differential GPS (DGPS) positioning method for correcting an error of a current position of the wireless terminal 195 calculated by the simple GPS positioning method. Or calculating the current position information of the wireless terminal 195 through at least one or more of an Assisted-GPS (A-GPS) positioning method or a Double Differential GPS positioning method. To this end, the wireless processor 190 corrects at least one or more position errors for correcting an error of a current position of the radio terminal 195 by the simple GPS positioning method from at least one or more base stations according to the IS-801 standard. It is desirable to receive the information.

Those skilled in the art to which the present invention pertains, the position location unit 193 is a simple GPS positioning method, or DGPS positioning method, A-GPS positioning method, or at least one of the positioning method by the dual difference method. Since it will be familiar with the technical features for calculating the current position information of the wireless terminal 195 through at least one positioning method, a detailed description thereof will be omitted for convenience.

According to another exemplary embodiment of the present invention, the position location unit 193 reads the propagation characteristics of the pilot signal received by at least one base station adjacent to the wireless terminal 195 to determine the two characteristics of the wireless terminal 195. The location of the wireless terminal 195 is characterized by a network-based wireless positioning method for positioning a dimensional position.

The memory unit 188 is a storage medium for storing at least one or more information (or data) in the wireless terminal 195, and / or a ratio corresponding to a recording medium for recording program codes corresponding to at least one or more program routines. The generic term for volatile memory includes read only memory (ROM) corresponding to the read-only memory, flash memory (FM), electrically erasable and programmable read only memory (EEPROM), and the like. It is characterized by.

According to an embodiment of the present invention, the ROM information of the nonvolatile memory is not to be stored, and the flash memory is provided through an operating system routine, a call processing program routine, and / or the wireless terminal 195. Various application program routines and information or data for the same are stored, and the EEPROM is extracted and / or generated during the execution of the application included in the terminal registration related parameters and telephone number (eg, address book) or the wireless terminal 195. Preferably at least one or more information (or data) is stored.

According to an embodiment of the present invention, the memory unit 188 stores at least one unique information of the wireless terminal 195 for the one-time authentication key based wireless security authentication processing function, and the wireless terminal 195 The unique information may include at least one of a radio terminal 195 telephone number assigned to the radio terminal 195, an electronic serial number (ESN), a dynamic (or fixed) IP address, and the like.

Referring to FIG. 1, the wireless terminal 195 may correspond to various programs that output terminal-side screens including at least one financial transaction screen (or a payment screen) on the screen of the wireless terminal 195. And a side screen processing unit (not shown), wherein the terminal side screen processing unit (not shown) is connected with the screen output unit 160 to display a background screen on the screen of the wireless terminal 195. A background screen processing unit (not shown) corresponding to a screen program, and a content screen processing unit (not shown) corresponding to a content using program that outputs a content use screen on the screen of the wireless terminal 195 in association with the screen output unit 160. A browser processing unit (not shown) corresponding to a browser program for outputting a web access screen to the screen of the wireless terminal 195 in association with the screen output unit 160; A financial transaction screen processing unit (not shown) corresponding to a financial transaction program (or a browser program) for outputting a financial transaction screen on the screen of the wireless terminal 195 in association with the screen output unit 160; and the screen output unit. In connection with 160, the wireless terminal 195 preferably includes at least one payment screen processing unit (not shown) corresponding to a payment program (or a browser program) for outputting a payment screen.

Those skilled in the art will be familiar with the technical features of the various programs corresponding to the terminal-side screen processing unit 183 and the functional components corresponding to the programs. Detailed description thereof will be omitted for convenience.

Referring to Figure 1, for the one-time authentication key-based wireless security authentication processing, the wireless terminal 195, the one-time authentication processing unit 183 corresponding to the one-time authentication program provided through the program providing system shown in Figure 2 Characterized in that it comprises a, the one-time authentication processing unit 183, the security authentication confirmation unit 125 for confirming that the one-time authentication key-based wireless security authentication using the wireless terminal 195 and the security authentication Upon confirmation, the processing process outputs a one-time authentication area for wireless security authentication processing based on a one-time authentication key on a certain area (or entire area) on the screen of the wireless terminal 195 or on the financial transaction screen (or payment screen). A terminal-side output area for outputting a corresponding terminal-side screen and a one-time authentication screen for the one-time authentication key-based wireless security authentication process; And an output processing unit 130 for processing the outputting one-time authentication region to be output. When the one-time authentication region is output on the screen of the wireless terminal 195 through the output processing unit 130, Position location information of the wireless terminal 195 through the location positioning unit 193, and corresponding to the location of the wireless terminal 195 positioned via the location positioning unit 193 It characterized in that it comprises a position calculation unit 140 for calculating the.

According to an exemplary embodiment of the present invention, the one-time authentication processor 183 may be driven (or activated) in association with the key input unit 165.

For example, when the wireless terminal 195 is provided with a key button for driving (or activating) the one-time authentication unit 183, the one-time authentication unit 183 is driven (or activated) by the key button input. It is preferable.

Alternatively, a menu for driving (or activating) the one-time authentication processor 183 may be provided on a terminal screen including at least one financial transaction screen (or a payment screen) output on the screen of the wireless terminal 195. In this case, it is preferable that the one-time authentication processing unit 183 is driven (or activated) by menu selection through the key input unit 165.

According to another exemplary embodiment of the present invention, a financial transaction screen (or a payment screen) in the form of a wireless web document in which the terminal screen displayed on the screen of the wireless terminal 195 includes at least one tag string (or script). And at least one of the tag strings (or scripts) for driving (or activating) the one-time authentication unit 183 on the tag strings (or scripts), the one-time authentication unit (183). ) Is preferably driven (or activated) by the tag string (or script).

For example, when a terminal (or script) for automatically driving (or activating) the one-time authentication program is included in the terminal-side screen output on the screen of the wireless terminal 195, the one-time authentication processing unit 183 may include the tag string ( Or a script).

Alternatively, when the terminal-side screen output on the screen of the wireless terminal 195 includes a string (or a script) corresponding to the user interface for driving the one-time authentication program, the one-time authentication processor 183 may generate the tag string ( Or via a user interface and a key input unit 165 corresponding to a script).

According to another exemplary embodiment of the present invention, program driving information corresponding to the one-time authentication program is received through a wireless communication network, or at least one of a financial transaction screen (or a payment screen) on the screen of the wireless terminal 195. When the terminal-side screen processing unit 183 corresponding to various programs for outputting the terminal-side screen including the above includes the program driving information corresponding to the one-time authentication program, the one-time authentication processing unit 183 adds to the program driving information. Preferably driven (or activated) by

According to one embodiment of the present invention, when the one-time authentication processing unit 183 is driven (or activated), the security authentication confirmation unit 125 is the one-time authentication processing unit 183 is driven (or activated) in response to the The wireless terminal 195 is characterized in that the one-time authentication key-based wireless security authentication confirms that the processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication processing unit 183 is driven (or activated), the wireless terminal 195 includes at least one or more financial transaction screens (or payment screens) on the screen. When the terminal-side screen processing unit 183 corresponding to various programs for outputting the terminal-side screen requests wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal-side screen, Authentication verification unit 125 is characterized in that the wireless terminal 195 confirms that the one-time authentication key-based wireless security authentication processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication unit 183 is driven (or activated), the content input corresponding to the terminal-side screen is used through the key input unit 165, web access, and financial transactions. Or, when an authentication command (or key data) for wireless security authentication for payment processing is input, the security authentication verification unit 125 requests the one-time authentication key-based wireless security authentication processing from the wireless terminal 195. It is characterized by being confirmed.

When confirming the one-time authentication key-based wireless security authentication using the wireless terminal 195 through the security authentication checker 125, the output processor 130 is a predetermined area (or an entire area) on the screen of the wireless terminal 195. And a one-time authentication area for wireless security authentication processing based on a one-time authentication key, and outputs a terminal-side screen including a financial transaction screen (or a payment screen) on the screen of the wireless terminal 195. It is preferable to process the output terminal side output area, and the one-time authentication area for outputting the one-time authentication screen for the one-time authentication key-based wireless security authentication processing.

According to the exemplary embodiment of the present invention, when the one-time authentication area is output in a predetermined area on the screen of the wireless terminal 195, the output processing unit 130 is output in the entire area of the screen of the wireless terminal 195. Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 195 includes coordinates of (0,0) to (1, Y), the output processor 130 may display the terminal side screen area at (0,0). Set the terminal-side output area by reducing to (1-x, Yy), and setting the one-time authentication area at the coordinates of (1, Y) in the reduced and remaining (1-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 195, the output processing unit 130 is within the terminal side screen area that is output to the entire area of the screen of the wireless terminal 195. It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 195 includes coordinates of (0,0) to (1, Y), the output processor 130 may display (1-x, Yy) in the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (1, Y).

Alternatively, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 195, the output processor 130 may output a schedule on the terminal screen area that is output in the entire area of the screen of the wireless terminal 195. It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 195 includes coordinates of (0,0) to (1, Y), the output processor 130 may display (1-x, Yy) in the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer (Layer) corresponding to the coordinates of (1, Y).

According to another exemplary embodiment of the present invention, the output processing unit 130 for processing the one-time authentication screen for the one-time authentication key-based wireless security authentication processing to be output on the screen of the wireless terminal 195 is the one-time authentication processing unit 183. It is apparent that the present invention is not limited thereto, and may be provided in a program manager (not shown) associated with the one-time authentication program in the wireless terminal 195.

In order for the position positioning unit 193 to position the position of the radio terminal 195, a radio positioning preparation time for a predetermined time is consumed.

For example, when the positioning unit 193 positions the position of the wireless terminal 195 through a GPS-based radio positioning method, the positioning unit 193 prepares time for searching for at least four GPS satellites. In this case, when positioning the position of the radio terminal 195 through a communication network-based radio positioning method, as much as the pilot signal waiting time.

By the way, when the one-time authentication key generated through the one-time authentication program includes a one-time authentication key of the time synchronization method, when the position of the wireless terminal 195 is generated after generating the one-time authentication key, the wireless positioning By the preparation time, the possibility that a synchronization time error occurs in the one-time authentication key-based wireless security authentication is rapidly increased.

Therefore, when the disposable authentication area is output on the screen of the wireless terminal 195 through the output processor 130, the position calculator 140 transmits the wireless terminal 195 through the position positioning unit 193. The mobile terminal 195 passes the radio positioning waiting time before the one-time authentication key is generated or the generated one-time authentication key is input through a predetermined one-time authentication key input interface. It characterized in that the processing so that the position of.

When the position of the wireless terminal 195 is positioned through the position positioning unit 193, the position calculating unit 140 performs a series of coordinate system transformations based on the coordinate system used for the wireless positioning. The position information of the wireless terminal 195 corresponding to the position is calculated.

According to an embodiment of the present invention, when the wireless positioning method for calculating the positional coordinate information of the wireless terminal 195 uses GPS, the positional coordinate information of the wireless terminal 195 preferably includes a GPS position code value. According to another embodiment of the present invention, when the radio positioning method for calculating the position coordinate information of the radio terminal 195 uses radio wave characteristics of the communication network, the position coordinate information of the radio terminal 195 corresponds to each radio wave characteristic. It is preferable to include the location code value.

Those skilled in the art to which the present invention pertains, the position calculating unit 140 is familiar with the technical features of calculating the position information of the radio terminal 195 corresponding to the position of the radio terminal 195 Since there will be, a detailed description thereof will be omitted for convenience.

Referring to FIG. 1, when the one-time authentication key is generated by the time synchronization method for the one-time authentication-based wireless security authentication processing, the one-time authentication processing unit 183 provided in the wireless terminal 195 may include the position calculation unit. And a position calculation checking unit 143 for checking whether the position information of the wireless terminal 195 is calculated through 140, and the wireless terminal 195 by the position calculation checking unit 143. When it is confirmed that the position coordinate information is calculated, the one-time authentication processing unit 183 preferably performs the function of generating the one-time authentication key of the time synchronization method.

When generating a one-time authentication key in a challenge-response method for the one-time authentication key-based wireless security authentication process according to another embodiment of the present invention, the location calculation check unit 143 may be omitted, thereby The invention is not limited.

Referring to FIG. 1, for the one-time authentication key-based wireless security authentication processing, the one-time authentication processing unit 183 provided in the wireless terminal 195 is provided in the memory unit 188 (or the IC chip 167). A check unit 153 for confirming at least one or more one-time authentication key generation information required for generating the one-time authentication key from the stored chip memory unit 177 and an authentication key generation algorithm based on the one-time authentication key generation information. And a generation unit 150 for generating a one-time authentication key for the one-time authentication key-based wireless security authentication process. When the authentication key generation method includes a challenge-response method, the wireless processing unit 190 And a communication processor 157 for receiving the one-time authentication key generation information corresponding to the challenge.

When the one-time authentication area is output on the screen of the wireless terminal 195 by the output processing unit 130 and a one-time authentication key generation for the one-time authentication key based wireless security authentication processing using the wireless terminal 195 is requested. The identification unit 153 confirms at least one piece of one-time authentication key generation information necessary for generating the one-time authentication key from the memory unit 188 (or the chip memory unit 177 included in the IC chip 167). It is characterized by.

When the authentication key generation method includes a challenge-response method according to an embodiment of the present invention, the communication processing unit 157 is a single-use corresponding to the challenge to the authentication server 105 in association with the wireless processing unit 190. The method may further include requesting authentication key generation information and receiving at least one or more one-time authentication key generation information required for generating the one-time authentication key from the authentication server 105.

When generating a one-time authentication key of the time synchronization method according to an embodiment of the present invention, the confirmation unit 153 is the memory unit 188 (or the chip memory unit 177 provided in the IC chip 167). It is preferable to confirm at least one or more one-time authentication key generation information required for generating the one-time authentication key from the, and to check the time information for generating the one-time authentication key from the timer provided in the wireless terminal 195.

In the case of generating a challenge-response type disposable authentication key according to another exemplary embodiment of the present invention, the identification unit 153 may include a chip memory unit 177 provided in the memory unit 188 (or the IC chip 167). Confirm at least one or more one-time authentication key generation information required for generating the one-time authentication key from the)), at least one or more one-time authentication key required for generating the one-time authentication key from the authentication server 105 in association with the communication processing unit 157 It is desirable to receive the generation information.

When at least one or more one-time authentication key generation information required for generating the one-time authentication key is confirmed as described above, the generation unit 150 uses the authentication key generation algorithm based on the at least one or more one-time authentication key generation information. Characterized by generating a one-time authentication key for the one-time authentication key-based wireless security authentication process, wherein the one-time authentication key preferably comprises a data block of a predetermined length.

Those skilled in the art to which the present invention pertains, one-time corresponding to the time synchronization method (or challenge-response method) using an authentication key generation algorithm based on the at least one or more disposable authentication key generation information identified. Since you will be familiar with the technical features for generating the authentication key, a detailed description thereof will be omitted for convenience.

Referring to Figure 1, for the one-time authentication key-based wireless security authentication processing, the one-time authentication processing unit 183 provided in the wireless terminal 195, when the one-time authentication area is output, a predetermined area on the one-time authentication area Outputting a one-time authentication start screen (or interface) to the device, and when one-time authentication is started through the one-time authentication start screen (or interface), validity of the one-time authentication key based wireless security authentication process on a predetermined area on the one-time authentication area. Outputting a password input interface for inputting a password for authentication, and if the validity of the wireless security authentication processing through the password is authenticated, and outputs a one-time authentication key generation screen (or interface) in a predetermined area on the one-time authentication area; Disposable through the one-time authentication key generation screen (or interface) When a key generation is requested and the requested one-time authentication key is generated through the generation unit 150 and is output to a predetermined area on the one-time authentication area, the customer uses the one-time authentication key input interface for inputting a one-time authentication key. An interface output unit 135 for outputting to a certain area on an authentication area and outputting a one-time authentication key end screen (or interface) to a certain area on the one-time authentication area when the one-time authentication key-based wireless security authentication is processed; When a password is input through a password input interface, the validity of the one-time authentication key-based wireless security authentication process is authenticated through the password, and when the requested one-time authentication key is generated through the generation unit 150, the one-time authentication Output the one-time authentication key to a certain area on the authentication area, one-time authentication And a security authentication processing unit 147 which processes the generated one-time authentication key to be input through an input interface, and is generated through the generation unit 150 (or through the one-time authentication key input interface). And an information generation unit 145 for generating security authentication request information including the inputted one-time authentication key and the calculated position information of the wireless terminal 195.

When the one-time authentication area is output on the screen of the wireless terminal 195 through the output processor 130, a one-time authentication start screen (or interface) is output to a predetermined area on the one-time authentication area, and the one-time authentication start screen When the one-time authentication is started through the interface (or interface), the interface output unit 135 inputs a password for validating authentication for the one-time authentication key based wireless security authentication process in a predetermined area on the one-time authentication area. It characterized in that the output.

When a password is input through the password input interface, the security authentication processing unit 147 may verify the validity of the one-time authentication key based wireless security authentication processing through the password.

When password authentication information (not shown) matching the password is stored in the memory unit 188 according to an embodiment of the present invention, the security authentication processing unit 147 compares the input password with the password authentication information. It is preferable to check the validity of the one-time authentication key-based wireless security authentication.

According to another exemplary embodiment of the present invention, when the password includes a series of number systems, the security authentication processing unit 147 performs the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to check the validity of the base wireless security authentication.

In addition, the interface output unit 135 outputs a one-time authentication key generation screen (or interface) to a predetermined area on the one-time authentication area, and the one-time authentication key is generated through the one-time authentication key generation screen (or interface). When the one-time authentication key for the one-time authentication key-based wireless security authentication processing is generated by the one-time authentication key generation request, the security authentication processing unit 147 is a predetermined area on the one-time authentication area It characterized in that for outputting the one-time authentication key.

In addition, the interface output unit 135 is characterized in that the customer outputs a one-time authentication key input interface for inputting the generated one-time authentication key for a wireless security authentication process to a predetermined area on the one-time authentication area.

The one-time authentication key is generated through the generation unit 150 or the one-time authentication key is input through the generated one-time authentication key input interface, and the wireless terminal 195 through the position calculator 140. When the position coordinate information is calculated, the information generator 145 generates the one-time authentication key generated through the generation unit 150 (or input through the one-time authentication key input interface) and the calculated wireless terminal 195. (C) generating security authentication request information including location coordinate information, wherein the security authentication processing unit 147 is in connection with the communication processing unit 157 and the one-time authentication key and the location information of the wireless terminal 195; The security authentication request information generated, including the processing to be transmitted to the authentication server 105 on the communication network characterized in that for processing the one-time authentication key-based wireless security authentication It is done.

According to another exemplary embodiment of the present invention, when the one-time authentication key is generated through the generation unit 150 or the one-time authentication key is input through the generated one-time authentication key input interface, the security authentication processing unit 147 ) Processes the security authentication request information, including the one-time authentication key and the location information of the wireless terminal 195 in association with the communication processing unit 157, to be transmitted to the authentication server 105 on the communication network. The one-time authentication key based wireless security is processed by processing the position information of the wireless terminal 195 calculated by the position calculator 140 to be transmitted to the authentication server 105 on the communication network through a GPS protocol of IS-801 standard. It is possible to allow authentication to be processed, whereby the invention is not limited.

If the one-time authentication key-based wireless security authentication is processed, the interface output unit 135 outputs a one-time authentication key end screen (or interface) in a predetermined area on the one-time authentication area, the one-time authentication key When the one-time authentication key-based wireless security authentication is terminated through an end screen (or an interface), the output processor 130 deletes the one-time authentication area on the screen of the wireless terminal 195 and displays the terminal-side output area. The wireless terminal 195 may return to the entire area of the screen.

Referring to FIG. 1, for the one-time authentication key-based wireless security authentication processing, the one-time authentication processing unit 183 provided in the wireless terminal 195 is connected to the key input unit 165 and the wireless terminal 195. And a caret processor 120 for processing a caret between the terminal output area and the disposable authentication area on the screen to move.

According to the present invention, when the password input interface or the one-time authentication key input interface is output to another area (eg, the terminal side output area) other than the one-time authentication area, the caret processing unit 120 is assigned to the one-time authentication area. Characterized in that the caret is moved to an area (eg, a terminal-side output area) to which the password input interface or the single-use authentication key input interface is output and is allocated.

At this time, if at least one number (or code) for the wireless security authentication process is input through the password input interface or the one-time authentication key input interface output to the other area (eg, the terminal side output area), the The caret processing unit 120 may move the caret to be allocated to the one-time authentication area.

2 is a diagram illustrating a program providing system for downloading and remotely mounting a one-time authentication program to the wireless terminal 240 according to an embodiment of the present invention.

In more detail, Figure 2 is a one-time authentication key-based wireless security authentication processing for the one-time authentication key-based wireless security authentication processing through the wireless terminal 240 used by the customer through a wireless communication network in the wireless security authentication processing system is required, the A one-time authentication area including a one-time authentication screen for processing the one-time authentication key-based wireless security authentication is output to a predetermined area (or an entire area) on the screen of the wireless terminal 240, and in response to the one-time authentication area output. After calculating the position coordinate information of the wireless terminal 240 by positioning the position of the wireless terminal 240, the one-time authentication key by linking the one-time authentication key generated through the one-time authentication screen and the position information of the wireless terminal 240. Download the one-time authentication program to process the wireless security authentication based on the wireless terminal 240 to remote As the present invention relates to a system configuration, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify the drawing 2 to download the one-time authentication program to the wireless terminal 240 and remotely mount it. Various implementation methods may be inferred, but the present invention includes all the inferred implementation methods, and is not limited by the implementation method shown in FIG.

For example, the one-time authentication program is downloaded to a wired terminal (eg, a wired terminal used by a customer, or a wired terminal used by a teller employee) through a wired communication network in the program providing system, and then the wired terminal and the wireless terminal 240. It is possible to be mounted on the wireless terminal 240 through a cable communication to connect), or it is possible to manufacture so that the one-time authentication program is mounted on the wireless terminal 240 from the manufacturer of the wireless terminal 240 The present invention is characterized in that it comprises all the possible inference methods.

Hereinafter, the components on the wireless security authentication processing system for downloading and remotely mounting the one-time authentication program to the wireless terminal 240 in FIG. 2 are referred to as "program providing server 200" for convenience, and the program providing server 200 ) Is implemented in the form of a server (or device) provided on the wireless security authentication processing system, as shown in Figure 2, or to download and remotely mount the one-time authentication program to the wireless terminal 240 It is possible to be implemented in the form of functional components provided in the authentication server 105 on the wireless security authentication processing system, it will be apparent that the present invention is not limited thereto.

Referring to FIG. 2 according to an embodiment of the present invention, the program providing system is connected to the program providing server 200 through a wireless communication network, and downloads the one-time authentication program to a wireless terminal 240 for recording on a recording medium. And a program providing server 200 connected to the wireless terminal 240 through a wireless communication network to provide the one-time authentication program to the wireless terminal 240, and provided to the wireless terminal 240. It characterized in that it further comprises an authentication server 105 provided in the wireless security authentication processing system, including at least one or more functional configuration for the one-time authentication key-based wireless security authentication processing through an authentication program.

The wireless terminal 240 is a mobile communication terminal connected to a code division multiple access (CDMA) / Wide-CDMA (WCDMA) based mobile communication network, a wireless communication terminal connected to an HSDPA based wireless communication network, or an IEEE 802.16x based communication. And at least one wireless terminal 240 including at least one portable internet terminal connected to the high-speed wireless internet, wherein the wireless terminal 240 is provided at least by the program providing server 200. A function for outputting one or more program providing interface screens, inputting (or selecting) program request information for downloading and remotely mounting the one-time authentication program through the program providing interface screen, and transmitting the program request information to the program providing server 200. Configuration (e.g., browser program and communication functions) Preferable.

Those skilled in the art to which the present invention pertains will be able to easily infer the features of the wireless terminal 240, a detailed description thereof will be omitted for convenience.

According to an embodiment of the present invention, the wireless communication network to which the wireless terminal 240 connects includes at least one of the CDMA based mobile communication network, the HSDPA based wireless communication network, or the IEEE 802.16x based high speed wireless Internet. Do.

The wireless communication network to which the wireless terminal 240 connects includes at least one or more base stations, a control station for controlling the base station, and at least one server (or apparatus) for controlling and operating a wireless communication network including the base station and the control station. Characterized in that it comprises a network operation system 100 including).

The base station is located at an end of the wireless communication network connecting a wireless section with at least one wireless terminal 240 located in a cell (eg, frequency reach) according to a wireless communication protocol defined in the wireless communication network. As a component, it is characterized in that the network operation system 100 to control and operate the radio terminal 240 through the control station.

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the base station connects at least one wireless terminal 240 and a wireless section based on the CDMA / WCDMA / GSM wireless protocol stack. It is desirable to.

According to another exemplary embodiment of the present invention, when the wireless communication network is an HSDPA-based wireless communication network, the base station preferably connects a wireless section with at least one wireless terminal 240 based on the HSDPA wireless protocol stack.

According to another embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the base station includes at least one based on a wireless physical (PHY) layer and a media access control (MAC) layer of the IEEE 802.16x protocol. It is preferable to connect the wireless terminal 240 and the wireless section.

The control station controls at least one or more base stations, and is a component on a wireless communication network connecting the base station and the network operation system 100 by wired section. When the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, Preferably, the control station includes a base station controller (BSC). When the wireless communication network is an IEEE 802.16x based wireless communication network, the control station includes a packet access router (PAR). desirable.

The network operation system 100 controls at least one radio terminal 240 connectable to the radio communication network through at least one base station in association with the control station, and at least one other radio with the radio terminal 240. Connecting a communication channel (or a call channel) with a server on the terminal 240 or a communication network, and calculating various communication charges and additional service use charges corresponding to the communication plan subscribed to by the wireless terminal 240; do.

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the network operation system 100 may include a mobile switching center (MSC) and an HLR (Mobile Switching Center) for processing circuit switching. Interworking function that provides circuit data service and / or packet data service for wireless data communication and connection with other networks in the network infrastructure for voice call and home location register (VLR). IWF), various message centers (e.g., short message center (SMC), multimedia message center (MMC), etc.) and various additional service server farms, and SGSN for processing packet exchange. (Serving GPRS Support Node), GGSN (Gateway GPRS Support Node) and RNC (Radio Network Controller) are preferably included.

According to another exemplary embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the network operation system 100 may include a home agent (HA) for mobility of IP to the wireless terminal 240, and Authentication, Authorization and Accounting (AAA) server for user authentication, Network Management Server (Network Management System), FA (Foreign Agent) interworking with the wireless network and at least one external wireless network, and the wireless terminal ( 240 preferably includes a Dynamic Host Configuration Protocol (DHCP) server and DNS for allocating and registering Mobile IP (MIP).

According to the present invention, the program providing server 200 connects and manages a communication channel with the wireless terminal 240 through the wireless communication network to provide a web interface corresponding to the wireless terminal 240 and a wireless communication network. It characterized in that it comprises an interface unit 205, whereby the program providing server 200 has a function of a web server that is connected to the wireless terminal 240 and the communication via a wireless communication network.

According to an embodiment of the present invention, when the wireless terminal 240 is a mobile communication terminal to which a communication channel is connected through a CDMA / WCDMA-based wireless communication network, the interface unit 205 may connect the wireless terminal 240 and the WAP. (Wireless Markup Language) or WML (Wireless Markup Language) or the like to connect a communication channel based on (Wireless Application Protocol) or ME (Mobile Explorer) protocol (or full-browsing based wireless Internet-based), and to the wireless terminal 240 through the communication channel. It is preferable to perform a function of transmitting and outputting a program providing interface screen in the form of an HTML compatible document and receiving and processing program request information corresponding to the program providing interface screen from the wireless terminal 240.

According to an embodiment of the present invention, when the wireless terminal 240 is a wireless communication terminal to which a communication channel is connected through an HSDPA-based wireless communication network, the interface unit 205 is connected to the wireless terminal 240 and the HSDPA. A communication channel is connected based on a corresponding wireless protocol, a program providing interface screen in the form of an HTML-compatible document is transmitted to the wireless terminal 240 through the communication channel, and outputted, and the program is provided from the wireless terminal 240. It is preferable to perform a function of receiving and processing program request information corresponding to an interface screen.

According to another exemplary embodiment of the present invention, when the wireless terminal 240 is a wireless terminal 240 through which a communication channel is connected through an IEEE 802.16x based wireless communication network, the interface unit 205 may be connected to the wireless terminal ( 240 and a communication channel based on a wireless protocol corresponding to the IEEE 802.16 standard, transmits and outputs a program providing interface screen to the wireless terminal 240 through the communication channel, and outputs from the wireless terminal 240. It is preferable to perform a function of receiving and processing predetermined program request information corresponding to the program providing interface screen.

According to the present invention, the program providing server 200 when the wireless terminal 240 is connected to the program providing server 200 through the interface unit 205, in conjunction with the interface unit 205, the wireless terminal. The interface providing unit 210 generates (or extracts) and provides a program providing interface screen for inputting (or selecting) and transmitting program request information at 240.

The interface providing unit 210 is provided to the wireless terminal 240 when the wireless terminal 240 is connected to the program providing server 200 through the interface unit 205 (or a one-time authentication program providing request). A program providing interface screen for inputting (or selecting) program request information corresponding to a function configuration (for example, a browser program provided in the wireless terminal 240) and transmitting the program request information to the program providing server 200 through the wireless communication network. Generating or extracting from a database (not shown) and providing the generated (or extracted) program providing interface screen to the wireless terminal 240 through the wireless communication network in association with the interface unit 205. It features.

Subsequently, the wireless terminal 240 inputs (or selects) program request information based on the program providing interface screen, and transmits the input (or selected) program request information to the program providing server 200 through the wireless communication network. To send).

Here, the program request information is customer information (eg, customer member information including the member ID information and password information of the customer, or the name of the customer, requesting to provide the one-time authentication program to the wireless terminal 240). Customer personal information including at least one of a social security number, an address, a contact number, etc.) and operating system (or platform) information provided in the wireless terminal 240 in which the one-time authentication program is mounted. , At least one mobile identification number (MIN), a serial number (Electronic Serial Number; ESN), USIM (Universal Subscriber Identity Module (USIM information, etc.)) and at least one carrier information and terminal model information, etc. It is preferable to include information.

According to the present invention, the program providing server 200 is a program D / B 230 for storing at least one or more program sources or program files corresponding to the one-time authentication program to be provided to the wireless terminal 240, and the wireless When the program request information is received from the terminal 240, the single-use authentication program corresponding to the program request information is extracted or dynamically generated from the program D / B 230, and the wireless terminal is connected through the interface unit 205. And a program providing unit 215 provided at 240.

According to one embodiment of the invention, the program D / B 230 is characterized in that for storing a one-time authentication program file that can operate in the operating system (or terminal platform) provided in the wireless terminal 240, When the program request information is received from the wireless terminal 240, the program providing unit 215 extracts a one-time authentication program file matching the program request information from the program D / B 230. do.

According to another exemplary embodiment of the present invention, the program D / B 230 stores a one-time authentication program source capable of operating in an operating system (or terminal platform) provided in the wireless terminal 240. When the program request information is received from the wireless terminal 240, the program providing unit 215 extracts a one-time authentication program source matching the program request information from the program D / B 230, Compile the extracted one-time authentication program source (Compile), characterized in that for dynamically generating a one-time authentication program to be provided to the wireless terminal (240).

Thereafter, the program providing unit 215 remotely mounts the extracted (or dynamically generated) one-time authentication program through the wireless communication network to the wireless terminal 240 through the interface unit 205. Those skilled in the art will be familiar with the method of remotely mounting the one-time authentication program (for example, the method of remotely mounting the wireless terminal 240 by attaching a program provider certificate). Detailed description thereof will be omitted for convenience.

The one-time authentication program provided to the wireless terminal 240 by the program providing unit 215 has a function of checking whether a one-time authentication key-based security authentication using the wireless terminal 240 is processed, and when checking the security authentication. And a function of outputting a one-time authentication area for wireless security authentication processing based on a one-time authentication key on a predetermined area (or entire area) on the screen of the wireless terminal 240, and when the one-time authentication area is output, the wireless terminal ( A function of calculating the positional information of the wireless terminal 240 by positioning the current position of the wireless terminal 240 through a position positioning function provided at 240, and the position of the wireless terminal 240 through the position calculator. A function for checking whether coordinate information is calculated and the position information of the wireless terminal 240 is calculated, and for one-time authentication key based security authentication processing. A function of generating a disposable authentication key, and the generated one-time authentication key is input through the one-time authentication key input interface output to the one-time authentication area, and includes the one-time authentication key and the position information of the wireless terminal 240. And a function of generating security authentication request information, and transmitting the security authentication request information to the authentication server 105 on a communication network so that one-time authentication-based wireless security authentication for the non-face-to-face financial transaction is processed. It features.

In addition, the one-time authentication program has a function of checking whether a one-time authentication key-based security authentication using the wireless terminal 240 is processed, and when checking the security authentication, a predetermined area (or entire area) on the screen of the wireless terminal 240. ) And a function of processing a one-time authentication area for wireless security authentication processing based on a one-time authentication key, and when the one-time authentication area is outputted, the wireless terminal 240 through a positioning function provided in the wireless terminal 240. A function of calculating position coordinate information of the wireless terminal 240 by positioning a current position of the mobile terminal, generating a one-time authentication key for the one-time authentication key-based security authentication processing, and the generated one-time authentication key is the one-time When the input through the one-time authentication key input interface output to the authentication area, the one-time authentication key and the position calculated by the calculation unit A function of generating security authentication request information including location information of the wireless terminal 240, and transmitting the security authentication request information to the authentication server 105 on the communication network based on a one-time authentication key-based wireless security for the non-face-to-face financial transaction It is characterized in that it comprises a function for the authentication is processed.

When the one-time authentication program is downloaded and remotely mounted to the wireless terminal 240 through the program providing unit 215, the wireless terminal 240 first executes the one-time authentication program to validate the one-time authentication program. Initiate the program diagnostic mode for authenticating, for this purpose, the program providing server 200 is a diagnostic unit for diagnosing the validity of the one-time authentication program in cooperation with the one-time authentication program provided in the wireless terminal 240 ( And 220).

According to an exemplary embodiment of the present invention, the program diagnostic mode generates and transmits a one-time authentication key according to a one-time authentication key-based wireless security authentication procedure in the one-time authentication program provided in the wireless terminal 240, and the one-time authentication. It is desirable to include verifying that the key is valid.

Here, the one-time authentication key-based wireless security authentication, it is preferable to include at least one or more one-time authentication key generation method of the time-synchronous (Challenge-Response) method (Time-Synchoronous).

According to the present invention, the program providing server 200 is downloaded to the wireless terminal 240, the one-time authentication management information corresponding to the remote-mounted one-time authentication program and the one-time authentication program request the wireless terminal 240 Characterized in that the information storage unit 225 is stored in the one-time authentication management D / B (235) by processing the customer information and the wireless terminal 240 information requested to be mounted on.

According to an embodiment of the present invention, when the validity of the one-time authentication program is confirmed as the result of diagnosis of the diagnosis unit 220, the information storage unit 225 is downloaded to the wireless terminal 240 and the remote-mounted one-time authentication. Preferably, the management information, the customer information corresponding to the customer who has transmitted the program request information, and the wireless terminal 240 information are cooperatively processed and stored in a cooperative process with a predetermined one-time authentication management D / B 235. The one-time authentication management information, the customer information and the wireless terminal 240 information stored in the one-time authentication management D / B 235 is used for the one-time authentication key-based wireless security authentication processing in a wireless security authentication processing system. do.

3 is a diagram showing the configuration of the information of the wireless terminal 240 having a one-time authentication program according to the embodiment of the present invention.

In more detail, FIG. 3 illustrates that the wireless terminal 240 illustrated in the program providing system illustrated in FIG. 2 is a mobile communication terminal. Regarding the configuration of the wireless terminal 240 information provided in the one-time authentication management D / B 235, those skilled in the art to which the present invention pertains, refer to and / or modify the present figure 3 for the disposable Various implementation methods for the configuration of the information of the wireless terminal 240 having the authentication program may be inferred, but the present invention includes all the implementation methods inferred above, and the technical description is given only by the implementation method shown in FIG. Features are not limited.

For example, those skilled in the art to which the present invention pertains may refer to, and / or modify, the wireless terminal 240 in addition to the mobile communication terminal, HSDPA-based wireless communication terminal, or IEEE 802.16.x. In the case of the base portable Internet terminal, the one-time authentication management information structure stored in the one-time authentication management D / B 235 may be inferred, and also omitted for convenience in the wireless terminal 240 information configuration shown in FIG. Inferred information items will be inferred, and it will be apparent that the present invention includes all such inferred methods of implementation.

Referring to FIG. 3, the wireless terminal information includes at least one wireless terminal 240 of the telephone number MIN, serial number ESN, and USIM information USIM of the wireless terminal 240 equipped with the one-time authentication program. Characterized by including the unique information, and may further include the platform information, the carrier information, the terminal model information, and the like for the wireless terminal 240.

4 is a view showing the one-time authentication management information provided to the wireless terminal 240 according to an embodiment of the present invention.

In more detail, Figure 4 is a mobile terminal 240 shown in the program providing system shown in Figure 2 is a mobile communication terminal, and the one-time authentication key in a time-synchronous (Time-Synchoronous) method to the wireless terminal 240 When providing and mounting the one-time authentication program to generate, showing the configuration of the one-time authentication management information stored in the one-time authentication management D / B 235 shown in the program providing system shown in Figure 2, the present invention Those skilled in the art will be able to infer various implementation methods for constructing the one-time authentication management information provided to the wireless terminal 240 by referring to and / or modifying the present invention. It is made to include all the implementation methods inferred, the technical features are not limited only to the implementation method shown in FIG.

For example, those skilled in the art to which the present invention pertains may refer to, and / or modify, the wireless terminal 240 in addition to the mobile communication terminal HSDPA-based wireless communication terminal, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the one-time authentication management information configuration stored in the one-time authentication management D / B 235, and also the information omitted for convenience in the one-time authentication management information configuration shown in FIG. It will be apparent that the items will be inferred and the present invention includes all such inferred methods of implementation.

According to the present invention, the one-time authentication program mounted on the wireless terminal 240 through the program providing system shown in FIG. 2 is mounted on the wireless terminal 240 owned by the customer to generate a one-time authentication key. By doing so, the one-time authentication program is characterized in that it comprises a program code that can be driven or operated in the customer wireless terminal 240 platform. For example, if the wireless terminal 240 is equipped with a WIPI (Wireless Internet Platform for Interoperability) platform, the one-time authentication program includes a program code that operates on a WIPI basis, and other platforms (eg, GVM / SK- If VM / BREW is installed), it includes program code that runs on the platform.

In FIG. 4, the one-time authentication program is provided in the program D / B 230 shown in FIG. 2 in the form of a precompiled program, or the program shown in FIG. 2 in the form of source code to be compiled. It is characterized in that stored in the D / B (230).

According to an embodiment of the present invention, when the one-time authentication program is provided in the program D / B 230 in the form of a precompiled program, the wireless terminal 240 through the wireless communication network in the program providing server 200. At the time of providing and mounting the one-time authentication program, at least one or more one-time authentication key generation information corresponding to the one-time authentication program (eg, a secret key value corresponding to a number randomly generated by the program providing server 200). ) Together with the wireless terminal 240 to be stored in a storage device (eg, a memory unit of the wireless terminal 240, or a chip memory unit provided in an IC chip mounted or detached from the wireless terminal 240). Preferably, the disposable authentication program mounted on the wireless terminal 240 generates a one time authentication key. Program, it is preferable to extract at least one one-time authentication key generation information from the storage device, and generating a one-time authentication key based on the one-time authentication key generation information.

According to another embodiment of the present invention, when the one-time authentication program is stored in the program D / B 230 in the form of source code to be compiled, the program providing server 200 sends the wireless terminal 240 to the wireless terminal 240. At the time of providing the one-time authentication program, the one-time use of at least one or more one-time authentication key generation information corresponding to the one-time authentication program (for example, a secret key value corresponding to a number randomly generated by the program providing server 200) It is assigned to the one-time authentication key generation information variable included in the authentication program source code, and the one-time authentication program is compiled by compiling the one-time authentication program source code in which at least one or more one-time authentication key generation information is assigned to the one-time authentication key generation information variable. Create a one-time authentication pro, dynamically generated as above Preferably, a RAM is provided to the wireless terminal 240 through a wireless communication network and mounted thereon. Then, when the one-time authentication program mounted on the wireless terminal 240 generates the one-time authentication key, the one-time authentication program is It is preferable to generate a one-time authentication key based on the one-time authentication key generation information substituted in the one-time authentication program internal variable.

According to another exemplary embodiment of the present invention, even when at least one or more one-time authentication key generation information is substituted into the one-time authentication program as described above, the dynamically generated one-time authentication program to the wireless terminal 240 according to the intention of a person skilled in the art. At the time of providing and mounting, at least one or more other disposable authentication key generation information is provided together with the wireless terminal 240 to be stored in a storage device, and then the one-time authentication program mounted on the wireless terminal 240 is disposable. At the time of generating the authentication key, it is possible to generate a one-time authentication key using both the one-time authentication key generation information provided in the one-time authentication program and the one-time authentication key generation information provided in the storage device, thereby The present invention is not limited.

Referring to FIG. 4, the one-time authentication management information provided to the wireless terminal 240 through the program providing system shown in FIG. 2 is an operating system (or platform) for the wireless terminal 240 on which the one-time authentication program is mounted. Information), a version of the one-time authentication program, an authentication key generation algorithm, at least one or more one-time authentication key generation information, or a one-time authentication key update period. It may be further included, but the present invention is not limited by the information item.

The operating system (or platform) information included in the one-time authentication management information includes a type of operating system (or platform) included in the wireless terminal 240 equipped with the one-time authentication program through the program providing system shown in FIG. Preferably, the operating system (or platform) information is used to identify the operating system (or platform) of the one-time authentication program to be provided to the wireless terminal 240 when the one-time authentication program is upgraded.

The version included in the one-time authentication management information includes version information of the one-time authentication program for each platform to be provided to the wireless terminal 240.

According to the embodiment of the present invention, even if the same type of one-time authentication program (for example, one-time authentication program operating on the same platform), the type or version of the authentication key generation algorithm applied according to the version of the one-time authentication program may be different. And, as a result, since the one-time authentication key generated by the one-time authentication program will also vary, the version information provides information for accurately determining the one-time authentication program mounted on the wireless terminal 240. By the version information of the one-time authentication key agent program it is possible to minimize the one-time authentication key authentication error that may occur in the process of authenticating the one-time authentication key generated in the wireless terminal 240.

The authentication key generation algorithm included in the one-time authentication management information includes hashing algorithm information applied to the one-time authentication program or detailed attribute information of the hashing algorithm. Currently, the most commonly used hashing algorithms for generating authentication keys are MD4, MD5, SHA, and the like, and a hashing algorithm modified from the hashing algorithm according to an application field (for example, SHA-1 hashing algorithm modified from SHA). Is being used.

The one-time authentication key generation information included in the one-time authentication management information is information for generating a one-time authentication key of the time synchronization method, referring to FIG. 4, the one-time authentication key generation information is a time when the one-time authentication key is generated ( Or time) as first generation information, and is unique to the wireless terminal 240 on which the secret key value corresponding to the value randomly generated by the program providing server 200 or the one-time authentication program is mounted according to the implementation method. In this case, it is preferable to use MIN / ESN and the like as second generation information or third generation information.

Referring to an embodiment of the present invention, when the one-time authentication program uses the MIN / ESN of the wireless terminal 240 as one-time authentication key generation information for generating a one-time authentication key, the MIN / ESN is a one-time authentication as it is. The MIN / ESN may be used as key generation information, and the MIN / ESN has an excessively large value to prevent the one-time authentication program from overflowing in the process of generating the one-time authentication key. It is possible to convert the data to a value within a certain size by applying a hash function to the device, which is determined by the intention of a person skilled in the art or the computing power of the wireless platform.

The one-time authentication key update period of the one-time authentication management information is a time interval in which the one-time authentication key generated by the one-time authentication program is volatilized and invalidated in time when the authentication key generation algorithm follows the time synchronization scheme. When it is difficult to transmit the time (or time) information of the one-time authentication key generated with the one-time authentication key in the process of transmitting the one-time authentication key to the authentication server 105 at 240, the wireless terminal ( It is used to synchronize the one-time authentication key generation time (or time) information between the 240 and the authentication server 105 for a predetermined time. That is, the one-time authentication key generated by the one-time authentication program is transmitted to the authentication server 105 in the one-time authentication key update period, the authentication server 105 is a one-time authentication key authentication code corresponding to the one-time authentication key Should be created. That is, after the one-time authentication key is generated in the one-time authentication program provided in the wireless terminal 240, when the one-time authentication key authentication code is generated within the one-time authentication key update period in the authentication server 105, the one-time authentication The validity of the key is authenticated. Therefore, the one-time authentication key update period is a time required to provide the one-time authentication key generated in the wireless terminal 240 to the wireless terminal 240, and to transmit the one-time authentication key to the authentication server 105 It is preferable to consider the time required and the time required to generate a one-time authentication key authentication code in the authentication server 105, and the like.

According to another exemplary embodiment of the present invention, the authentication key generation algorithm follows a time synchronization scheme and transmits time (or time) information on which the one-time authentication key is generated in the one-time authentication program to the authentication server 105. If it is easy, the one-time authentication key update period may be omitted, or may be set at very short time intervals.

5 is a view showing the one-time authentication management information provided to the wireless terminal 240 according to another embodiment of the present invention.

In more detail, Figure 5 is a mobile terminal 240 shown in the program providing system shown in Figure 2 is a mobile communication terminal, a one-time authentication key in the challenge-response (Challenge-Response) method to the wireless terminal 240 When providing and mounting a one-time authentication program for generating a, showing the configuration of the one-time authentication management information stored in the one-time authentication management D / B 235 shown in the program providing system shown in Figure 2, the present invention Those skilled in the art will be able to infer various implementation methods for constructing one-time authentication management information provided to the wireless terminal 240 by referring to and / or modifying the drawing 5. Is made including all the inferred implementation method, the technical features are not limited only to the implementation method shown in FIG.

For example, those of ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 5 so that the wireless terminal 240 is an HSDPA-based wireless communication terminal in addition to the mobile communication terminal, or IEEE 802.16.x. In the case of the portable Internet terminal, it is possible to infer the configuration of the one-time authentication management information stored in the one-time authentication management D / B 235, and also the information omitted for convenience in the one-time authentication management information configuration shown in FIG. It will be apparent that the items will be inferred and the present invention includes all such inferred methods of implementation.

According to the present invention, the one-time authentication program mounted on the wireless terminal 240 through the program providing system shown in FIG. 2 is mounted on the wireless terminal 240 owned by the customer to generate a one-time authentication key. By this, the one-time authentication program is characterized in that it comprises a program code that can be driven or operated in the customer wireless terminal 240 platform. For example, if the wireless terminal 240 is equipped with a WIPI (Wireless Internet Platform for Interoperability) platform, the one-time authentication program includes a program code that operates on a WIPI basis, and other platforms (eg, GVM / SK- If VM / BREW is installed), it includes program code that runs on the platform.

In FIG. 5, the one-time authentication program is provided in the program D / B 230 shown in FIG. 2 in the form of a precompiled program, or in the form of source code to be compiled. It is characterized in that stored in the D / B (230).

According to an embodiment of the present invention, the one-time authentication program is provided in the program D / B 230 in the form of a precompiled program, and the one-time authentication program is for generating the one-time authentication key from the authentication server 105. It is characterized in that for receiving the challenge value as the one-time authentication key generation information, the program providing server 200 is preferably provided by mounting the one-time authentication program to the customer wireless terminal 240 via a wireless communication network, and then mounted At the time when the one-time authentication program mounted on the wireless terminal 240 generates the one-time authentication key, the one-time authentication program generates the one-time authentication key based on the challenge value received from the authentication server 105. desirable.

According to another embodiment of the present invention, when the one-time authentication program is provided in the program D / B 230 in the form of a precompiled program, the wireless terminal 240 through the wireless communication network in the program providing server 200. At the time when the one-time authentication program is provided and mounted, at least one or more one-time authentication key generation information corresponding to the one-time authentication program (eg, a secret key corresponding to a random number generated by the program providing server 200) Value) together with the wireless terminal 240 and stored in a storage device (eg, a memory unit of the wireless terminal 240, or a chip memory unit provided in an IC chip mounted or detached from the wireless terminal 240). Preferably, when the one-time authentication program mounted on the wireless terminal 240 generates a one-time authentication key, the one-time authentication program To extract one or more one-time authentication key generation information from the challenge value and the storage device is received from the authentication server 105, and generates a one-time authentication key based on the one-time authentication key generation information are preferred.

According to another embodiment of the present invention, when the one-time authentication program is stored in the one-time authentication management D / B 235 in the form of source code to be compiled, the wireless terminal 240 in the program providing server 200. At the time of providing the one-time authentication program with a), at least one or more one-time authentication key generation information corresponding to the one-time authentication program (for example, a secret key value corresponding to a number randomly generated by the program providing server 200) Is substituted into the one-time authentication key generation information variable included in the one-time authentication program source code, and the one-time authentication program source code in which at least one or more one-time authentication key generation information is substituted into the one-time authentication key generation information variable Create a one-time authentication program, dynamically generated one-time as described above Preferably, an authentication program is provided to the wireless terminal 240 through a wireless communication network and mounted thereon. Then, the disposable authentication program mounted on the wireless terminal 240 generates a one-time authentication key. It is preferable to generate a one-time authentication key based on the challenge value received from the authentication server 105 and the one-time authentication key generation information substituted in the one-time authentication program internal variable.

According to another exemplary embodiment of the present invention, even when at least one or more one-time authentication key generation information is substituted into the one-time authentication program as described above, the dynamically generated one-time authentication program to the wireless terminal 240 according to the intention of a person skilled in the art. At the time of providing and mounting, at least one or more other one-time authentication key generation information is provided to the wireless terminal 240 and stored in a storage device, and the one-time authentication program mounted on the wireless terminal 240 is a one-time authentication. At the time of generating the key, the one-time authentication program is a challenge value received from the authentication server 105, the one-time authentication key generation information provided in the one-time authentication program and the one-time authentication key provided in the storage device It is possible to generate a one-time authentication key using the generated information, etc., whereby the present invention It is not limited.

Referring to FIG. 5, the one-time authentication management information provided to the wireless terminal 240 through the program providing system illustrated in FIG. 2 is an operating system (or platform) for the wireless terminal 240 on which the one-time authentication program is mounted. Information, a version of the one-time authentication program, an authentication key generation algorithm, and at least one or more one-time authentication key generation information, which may further include at least one or more information items according to the intention of a person skilled in the art. The present invention is in no way limited by the terms.

The operating system (or platform) information included in the one-time authentication management information includes a type of operating system (or platform) included in the wireless terminal 240 equipped with the one-time authentication program through the program providing system shown in FIG. Preferably, the operating system (or platform) information is used to identify the operating system (or platform) of the one-time authentication program to be provided to the wireless terminal 240 when the one-time authentication program is upgraded.

The version included in the one-time authentication management information includes version information of the one-time authentication program for each platform to be provided to the wireless terminal 240.

According to the embodiment of the present invention, even if the same type of one-time authentication program (for example, one-time authentication program operating on the same platform), the type or version of the authentication key generation algorithm applied according to the version of the one-time authentication program may be different. As a result, since the one-time authentication key generated by the one-time authentication program will also vary, the version information provides information for accurately determining the one-time authentication program mounted on the wireless terminal 240. By the version information of the one-time authentication key agent program it is possible to minimize the one-time authentication key authentication error that may occur in the process of authenticating the one-time authentication key generated in the wireless terminal 240.

The authentication key generation algorithm included in the one-time authentication management information includes hashing algorithm information applied to the one-time authentication program or detailed attribute information of the hashing algorithm. Currently, the most commonly used hashing algorithms for generating authentication keys are MD4, MD5, SHA, and the like, and a hashing algorithm modified from the hashing algorithm according to an application field (for example, SHA-1 hashing algorithm modified from SHA). Is being used.

The one-time authentication key generation information included in the one-time authentication management information is information for generating a one-time authentication key of the time synchronization method, referring to FIG. 5, the one-time authentication key generation information is provided in the wireless terminal 240. At the time when the one-time authentication program generates the one-time authentication key, the challenge value provided to the wireless terminal 240 through the authentication server 105 is used as first generation information, and the program providing server 200 according to an implementation method. Secret key value corresponding to the randomly generated value) or MIN / ESN uniquely assigned to the wireless terminal 240 on which the one-time authentication program is mounted, is used as the second generation information or the third generation information. Do.

According to the method of the present invention, the challenge value is an arbitrary value randomly generated by the authentication server 105 at the time when the one-time authentication program included in the wireless terminal 240 generates the one-time authentication key. The challenge server 105 transmits the challenge to the wireless terminal 240 until a one-time authentication key (for example, a response corresponding to the challenge) generated based on the challenge value is received from the wireless terminal 240. It is preferable to maintain a value, and when the one-time authentication key is received, it is preferable to generate the one-time authentication key authentication code based on the challenge value to authenticate the received one-time authentication key.

Referring to an embodiment of the present invention, when the one-time authentication program uses the MIN / ESN of the wireless terminal 240 as one-time authentication key generation information for generating a one-time authentication key, the MIN / ESN is a one-time authentication as it is. The MIN / ESN may be used as key generation information, and the MIN / ESN has an excessively large value to prevent the one-time authentication program from overflowing in the process of generating the one-time authentication key. It is possible to convert the data to a value within a certain size by applying a hash function to the device.

6 is a diagram illustrating a process of remotely loading and downloading a one-time authentication program to the wireless terminal 240 according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a process of downloading and remotely mounting the one-time authentication program from the program providing server 200 to the wireless terminal 240 through the program providing system illustrated in FIG. 2. Those skilled in the art will be able to infer various implementation methods for downloading and remotely mounting the one-time authentication program to the wireless terminal 240 by referring to and / or modifying the present invention. The present invention includes all the inferred implementation methods, and is not limited by the implementation method shown in FIG.

Hereinafter, in FIG. 6, the wireless terminal 240 shown in FIG. 2 is referred to as a "terminal" for convenience, and the program providing server 200 shown in FIG. 2 is referred to as a "server" for convenience.

Referring to FIG. 6, the terminal accesses the server through a wireless communication network, requests the server to download and remotely mount the one-time authentication program (600), and correspondingly, the server sends the one-time authentication program to the server. The program providing interface screen for providing to the wireless terminal 240 is extracted (or generated) and provided to the terminal (605).

Thereafter, the terminal inputs (or selects) program request information through the program providing interface screen (610), and transmits the input (or selected) program request information to the server through the wireless communication network (615). In response, the server extracts (or dynamically generates) a one-time authentication program matching the program request information from the program D / B 230 (620), and extracts the one-time authentication program (or dynamically generated). It is provided to the terminal via the wireless communication network to be mounted remotely (625).

If the one-time authentication program is remotely mounted to the terminal (630), the terminal executes the one-time authentication program to initiate a diagnostic mode for the one-time authentication program (635), and the terminal correspondingly the one-time authentication Generate a validity diagnostic information through a program and transmit it to the server through the wireless communication network (640), the server receives and read the received validity diagnostic information to confirm the validity of the one-time authentication program (645)

According to an embodiment of the present invention, if the diagnostic mode for the one-time authentication program generates and transmits a one-time authentication key according to the one-time authentication key-based wireless security authentication procedure in the one-time authentication program provided in the wireless terminal 240. It is preferable that the one-time authentication key comprises a check that is valid.

If the validity of the one-time authentication program is not confirmed (650), the server generates program diagnostic error information and transmits the terminal to the terminal through the wireless communication network (655), and then the program providing interface screen to the terminal. And receiving program request information, and extracting (or dynamically generating) a one-time authentication program corresponding to the received program request information and remotely mounting the terminal to the terminal.

On the other hand, if the validity of the one-time authentication program is confirmed (650), the server is a one-time authentication management information corresponding to the one-time authentication program mounted on the terminal, and the customer information and wireless corresponding to the customer who transmitted the program request information The terminal 240 stores information in one-time authentication management D / B 235 by cooperatively processing the information, and thereafter, the one-time authentication management information, the customer information, and the wireless terminal stored in the one-time authentication management D / B 235. The information is characterized in that it is used for the one-time authentication key-based wireless security authentication processing in a wireless security authentication processing system.

7 is a diagram illustrating a configuration of a one-time authentication key based wireless security authentication processing system according to an embodiment of the present invention.

In more detail, Figure 7 relates to a system configuration for processing a one-time authentication key-based wireless security authentication through a wireless terminal 240 having a functional configuration corresponding to the one-time authentication program shown in Figure 1, specifically In the wireless terminal 240 shown in FIG. 1, the security authentication request information including the one-time authentication key and the location information of the wireless terminal 240 is linked to each other, and then transmitted to the authentication server 105 through the wireless communication network. After confirming the wireless terminal 240 position indication information corresponding to the position information of the wireless terminal 240 in the authentication server 105, and generates a one-time authentication key authentication code matching the one-time authentication key and the one-time authentication key By comparison, it is a diagram showing a system configuration for processing wireless security authentication using the one-time authentication key.

Those skilled in the art to which the present invention pertains may refer to and / or modify this drawing to infer various implementation methods for the one-time authentication key-based wireless security authentication processing system configuration, but the present invention. Is made including all the inferred implementation methods, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 7, the one-time authentication key-based wireless security authentication processing system includes at least one wireless terminal 240 having a functional configuration corresponding to the one-time authentication program shown in FIG. 1, and the wireless terminal 240. And at least one base station connecting the wireless section, and a control station controlling the base station and at least one server (or device) controlling and operating a wireless communication network including the base station and the control station. Characterized in that it comprises a (100), in connection with the network management system 100 receives the one-time authentication key information generated and transmitted in the wireless terminal 240, one-time authentication matching the one-time authentication key By generating a key authentication code and comparing with the one-time authentication key, wireless security authentication using the one-time authentication key is processed. By having the authentication server 105 is characterized in that formed.

In addition, the one-time authentication key-based wireless security authentication processing system, in conjunction with the authentication server 105 processes at least one or more financial transactions (or payment) in accordance with the one-time authentication key-based wireless security authentication, or the one-time use Characterized in that it comprises at least one or more wireless server 770 to perform a variety of member authentication / service authentication / terminal authentication according to the wireless security authentication, wherein the wireless server 770 is the one-time authentication key A financial server 755 having at least one financial transaction function based on the wireless security authentication, a payment server 760 having at least one payment function based on the one-time authentication key-based wireless security authentication, and the disposable service Wireless web server with various member authentication / service authentication / terminal authentication functions based on authentication key based wireless security authentication (765) It is preferable to include at least one or more.

In this figure 7 according to the embodiment of the present invention, in order to effectively explain the technical features for the one-time authentication key-based wireless security authentication process to those of ordinary skill in the art, the one-time authentication key for convenience Although the authentication server 105 for processing the wireless security authentication based on, and the wireless server 770 for providing a variety of additional services based on the one-time authentication key-based wireless security authentication as a separate server, the present invention is not limited thereto. According to the intention of the person skilled in the art, the one-time authentication key-based wireless security authentication function provided in the authentication server 105 (for example, the information receiving unit 715, terminal identification unit 720, extraction unit 725 and authentication unit shown below) 735) is provided in the wireless server 770 (eg, the financial server 755 provided in a financial institution), or the authentication server 105 and the wireless server 770 Burrow bayida place apparently found that it is possible to be implemented.

The wireless terminal 240 is a mobile communication terminal connected to a code division multiple access (CDMA) / Wide-CDMA (WCDMA) based mobile communication network, a wireless communication terminal connected to an HSDPA based wireless communication network, or an IEEE 802.16x based communication. At least one wireless terminal 240 including at least one or more portable Internet terminal connected to the high-speed wireless Internet, characterized in that the wireless terminal 240 is a wireless terminal 240 shown in FIG. It is characterized by comprising a functional configuration.

Those skilled in the art to which the present invention pertains can easily infer the technical characteristics of the wireless terminal 240 including the functional configuration of the wireless terminal 240 shown in FIG. Detailed description is omitted for convenience.

According to an embodiment of the present invention, the wireless communication network to which the wireless terminal 240 connects includes at least one of the CDMA based mobile communication network, the HSDPA based wireless communication network, or the IEEE 802.16x based high speed wireless Internet. Do.

The wireless communication network to which the wireless terminal 240 connects includes at least one or more base stations, a control station for controlling the base station, and at least one server (or apparatus) for controlling and operating a wireless communication network including the base station and the control station. Characterized in that it comprises a network operation system 100 including).

The base station is located at an end of the wireless communication network connecting a wireless section with at least one wireless terminal 240 located in a cell (eg, frequency reach) according to a wireless communication protocol defined in the wireless communication network. As a component, it is characterized in that the network operation system 100 to control and operate the radio terminal 240 through the control station.

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the base station connects at least one wireless terminal 240 and a wireless section based on the CDMA / WCDMA / GSM wireless protocol stack. It is desirable to.

According to another exemplary embodiment of the present invention, when the wireless communication network is an HSDPA-based wireless communication network, the base station preferably connects a wireless section with at least one wireless terminal 240 based on the HSDPA wireless protocol stack.

According to another embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the base station includes at least one based on a wireless physical (PHY) layer and a media access control (MAC) layer of the IEEE 802.16x protocol. It is preferable to connect the wireless terminal 240 and the wireless section.

The control station controls at least one or more base stations and is a component on a wireless communication network connecting the base station and the network operation system 100 by wired section, wherein the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network. Preferably, the control station includes a base station controller (BSC). When the wireless communication network is an IEEE 802.16x based wireless communication network, the control station includes a packet access router (PAR). It is preferable.

The network operation system 100 controls at least one radio terminal 240 connectable to the radio communication network through at least one base station in association with the control station, and at least one other radio with the radio terminal 240. A communication channel (or a call channel) is connected to a terminal 240 or a server on a communication network, and the various communication charges and additional service use charges corresponding to the communication plan subscribed to the wireless terminal 240 are calculated. .

According to an embodiment of the present invention, when the wireless communication network is a CDMA / WCDMA / GSM-based wireless communication network, the network operation system 100 may include a mobile switching center (MSC) and an HLR (Mobile Switching Center) for processing circuit switching. Interworking function that provides circuit data service and / or packet data service for wireless data communication and connection with other networks in the network infrastructure for voice call and home location register (VLR). IWF), various message centers (e.g., short message center (SMC), multimedia message center (MMC), etc.) and various additional service server farms, and SGSN for processing packet exchange. (Serving GPRS Support Node), GGSN (Gateway GPRS Support Node) and RNC (Radio Network Controller) are preferably included.

According to another exemplary embodiment of the present invention, when the wireless communication network is an IEEE 802.16x based wireless communication network, the network operation system 100 may include a home agent (HA) for mobility of IP to the wireless terminal 240, and Authentication, Authorization and Accounting (AAA) server for user authentication, Network Management Server (Network Management System), FA (Foreign Agent) interworking with the wireless network and at least one external wireless network, and the wireless terminal ( 240 preferably includes a Dynamic Host Configuration Protocol (DHCP) server and DNS for allocating and registering Mobile IP (MIP).

According to the present invention, the authentication server 105 is at least one or more position coordinate information matching the position coordinate information of the radio terminal 240 received from the radio terminal 240, and the position indication information corresponding to the position coordinate information (E.g., an address, a building name, a store name, etc.) or location information D / B 740 for storing the data in association with each other.

In addition, the authentication server 105 is the location information D / D based on the wireless terminal 240 information transmitted the security authentication request information and the position information of the wireless terminal 240 received from the wireless terminal 240. It is characterized in that it is provided with an authentication location management D / B (745) for storing in association with the location information of the wireless terminal 240 identified from the B (740), or through a communication network.

Referring to FIG. 7, the authentication server 105 includes an interface unit 700 connecting at least one wireless terminal 240 and a one-time authentication key-based secure communication channel for a one-time authentication key-based wireless security authentication process. And a one-time authentication key for the one-time authentication key-based wireless security authentication processing from the wireless terminal 240 and the position information of the wireless terminal 240 in association with the interface unit 700 through the wireless communication network. An information receiving unit 715 for receiving security authentication request information and a terminal checking unit 720 for confirming information of the wireless terminal 240 transmitting the one-time authentication key through the wireless communication network (or a wireless communication protocol); Characterized in that made.

Referring to FIG. 7, the authentication server 105 confirms the positional coordinate information of the wireless terminal 240 received from the wireless terminal 240 for the one-time authentication key-based wireless security authentication process, and the location information D / A positioning unit 710 for identifying location indication information (eg, address, building name, store name, etc.) corresponding to the location coordinate information of the wireless terminal 240 in connection with the B 740, and the wireless terminal 240 information. And an information storage unit 705 for storing the location information on the wireless terminal 240 in association with the authentication location management D / B 745.

Referring to FIG. 7, the authentication server 105 extracts one-time authentication program information associated with the wireless terminal 240 information from the one-time authentication management D / B 750 for the one-time authentication key-based wireless security authentication processing. The same authentication key generation conditions for generating the one-time authentication key in the extraction unit 725 and the one-time authentication program provided in the wireless terminal 240 based on the extracted one-time authentication program information (for example, the same one-time authentication key) Generating one-time authentication key authentication code using the generated information and the authentication key generation algorithm), and comparing the one-time authentication key included in the security authentication request information received from the wireless terminal 240 with the generated one-time authentication key authentication code. The authentication unit 735 for authenticating the validity of the received one-time authentication key, and in connection with the interface unit 700 through the wireless communication network And a transmitting unit 730 for transmitting the security authentication result information including the validity authentication result for the disposable authentication key to the wireless terminal 240, as shown in FIG. When the authentication server 105 is provided outside the wireless server 770, the transmission unit 730 is at least one of the one-time authentication key-based wireless security authentication processing of the validity authentication result for the one-time authentication key Characterized in that the transmission to the wireless server 770 or more.

The interface unit 700 connects at least one wireless terminal 240 and a communication channel for the one-time authentication key-based wireless security authentication process through a wireless communication network, wherein the communication channel is the security authentication request. It is desirable to include an encryption / decryption based secure communication channel for the information.

The information receiving unit 715 receives the security authentication request information transmitted from the wireless terminal 240 through the interface unit 700, and the terminal checking unit 720 receives the security authentication request information. In the receiving process, characterized in that to confirm the information of the wireless terminal 240 that transmitted the one-time authentication key through the wireless communication network (or wireless communication protocol).

According to one embodiment of the invention, the security authentication request information is the information receiving unit through a separate one-time authentication key exchange protocol defined between the one-time authentication program provided in the wireless terminal 240 and the interface unit 700 ( 715).

According to another exemplary embodiment of the present invention, the security authentication request information is transmitted to the information receiving unit 715 through an encryption / decryption protocol based on a data communication protocol defined in a wireless communication network to which the wireless terminal 240 is connected. Is preferably received.

According to an embodiment of the present invention, when the location information of the wireless terminal 240 is included in the security authentication request information, the location checking unit 710 receives the wireless terminal 240 included in the security authentication request information. Check location coordinate information and confirm location indication information (eg, address, building name, store name, etc.) corresponding to the location coordinate information of the wireless terminal 240 in connection with the location information D / B 740. It is done.

According to another exemplary embodiment of the present invention, when the position information of the wireless terminal 240 is received through the GPS protocol of the IS-801 standard, the positioning unit 710 receives the positional coordinate of the wireless terminal 240. The information may be checked and location indication information (eg, address, building name, store name, etc.) corresponding to the location information of the wireless terminal 240 may be checked in connection with the location information D / B 740.

When the location information of the wireless terminal 240 corresponding to the positional coordinate information of the wireless terminal 240 is confirmed through the positioning unit 710, the information storage unit 705 is connected to the terminal identification unit 720. The identified wireless terminal 240 information and the wireless terminal 240 location indication information identified through the location check unit 710 is processed in association with the authentication location management D / B (745) characterized in that it is stored.

The extractor 725 extracts one-time authentication program information associated with the wireless terminal 240 information from the one-time authentication management D / B 750 based on the confirmed wireless terminal 240 information and the authentication unit. It is characterized by the provision at 735.

The authentication unit 735 uses the same one-time authentication key generation information and the authentication key generation algorithm used to generate the one-time authentication key in the one-time authentication program provided in the wireless terminal 240 based on the extracted one-time authentication program information. By generating a one-time authentication key authentication code, and comparing the one-time authentication key included in the security authentication request information received from the wireless terminal 240 and the generated one-time authentication key authentication code, for the received one-time authentication key Characterizing authenticity.

Here, the validity of the one-time authentication key is authenticated by the authentication unit 735 is confidentiality, authentication, integrity, and non-repudiation of the one-time authentication key-based wireless security authentication process. Nonrepudiation).

When the validity of the one-time authentication key is authenticated through the authentication unit 735, the transmission unit 730 is connected with the interface unit 700 to obtain a result of validity authentication of the one-time authentication key through the wireless communication network. Characterized by generating a security authentication result information, characterized in that for transmitting to the wireless terminal (240).

When the authentication server 105 is provided outside the wireless server 770 as in the embodiment shown in FIG. 7, the transmission unit 730 receives the one-time authentication result of the validity authentication for the one-time authentication key. It is characterized in that the transmission to the at least one or more wireless server 770 that requires a key-based wireless security authentication processing, and correspondingly, the wireless server 770 is based on the validity authentication result for the one-time authentication key Process at least one or more financial transactions (or payments), or various member authentication / service authentication / terminal authentication and the like.

According to another embodiment of the present invention, when the wireless security authentication function of the authentication server 105 is provided in the wireless server 770, the transmission unit 730 may be different from the validity authentication result for the one-time authentication key. The function of sharing and transmitting to the wireless server 770 may be omitted, whereby the present invention is not limited.

8 is a diagram illustrating a one-time authentication area output for wireless security authentication processing and a password input process for one-time authentication key based wireless security authentication processing according to an embodiment of the present invention.

In more detail, FIG. 8 illustrates a terminal screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen on a screen of the wireless terminal 240 shown in FIG. When the one-time authentication key-based wireless security authentication function is driven through the key input means provided in the wireless terminal 240 in the state, the wireless security authentication on the one-time authentication key-based wireless security processing on the screen 240 After processing to output the one-time authentication area included in the one-time authentication screen, the GPS-based (or network-based) to position the position of the wireless terminal 240 through the wireless positioning method, but the password on the one-time authentication area After outputting an input interface to authenticate the terminal side validity for the one-time authentication key-based wireless security authentication, the one-time authentication key based wireless security The process of authenticating with the first factor for the authentication process will be described and described, but for convenience, the process of outputting the one-time authentication start screen (or interface) will be omitted.

For example, although FIG. 8 illustrates the output of the one-time authentication area on the screen of the wireless terminal 240 and then outputs the password input interface on the one-time authentication area, the present invention is limited thereto. By no means, the password input interface may be output to other areas other than the one-time authentication area, the present invention is characterized in that it comprises all the analogous implementation method.

Referring to FIG. 8, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 240 screen shown in FIG. 1. While outputting (800) the terminal-side screen, a key input (or a one-time authentication key-based wireless security authentication-related user interface included in the terminal-side screen through a key input means provided in the wireless terminal 240; When the one-time authentication program is driven through the associated key input (805), the wireless terminal 240 checks whether or not the wireless security authentication process by generating the one-time authentication key through the one-time authentication program (810).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input corresponding to the terminal-side screen is used, the web access, the financial transaction, or the payment processing through the key input means. When an authentication command (or key data) for wireless security authentication is input for the one-time authentication program, it is preferable that the one-time authentication key-based wireless security authentication is requested to be processed in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (815), the wireless terminal 240 has a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (820).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (8, Y), the wireless terminal 240 sets the terminal screen area at (0,0). Set the terminal side output area by reducing to (8-x, Yy), and set the one-time authentication area to the coordinates of (8, Y) in the reduced and remaining (8-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (8, Y), the wireless terminal 240 is (8-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (8, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (8, Y), the wireless terminal 240 is (8-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer (Layer) corresponding to the coordinates of (8, Y).

Subsequently, the wireless terminal 240 positions the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (825), and the one-time authentication key in a predetermined area on the one-time authentication area. A password input interface for inputting a password for validity authentication for the based wireless security authentication process is output, and it is checked whether the password is input through the password input interface (830).

If the password is input through the password input interface (835), the wireless terminal 240 checks the validity of the one-time authentication key based wireless security authentication through the input password (840).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 is based on the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to verify the validity of the wireless security certificate.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (845), the wireless terminal 240 generates the password validity error information and outputs it on the one-time authentication area ( 850), the process of inputting the password by outputting the password input interface to the one-time authentication area is repeated.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (845), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

FIG. 9 is a diagram illustrating a one-time authentication area output for wireless security authentication processing and a password input process for one-time authentication key-based wireless security authentication processing according to another embodiment of the present invention.

In more detail, FIG. 9 illustrates a screen for using a content in the form of a wireless web document, a web access screen, in which a terminal screen displayed on the wireless terminal 240 illustrated in FIG. 1 includes at least one tag string (or script). Keys included in the wireless terminal 240 when a financial transaction screen, a payment screen, etc. are included, and the one-time authentication key-based wireless security authentication function is driven through the tag string (or script). When the one-time authentication key-based wireless security authentication function is driven through the input means, a one-time authentication area including a one-time authentication screen for processing the one-time authentication key-based wireless security authentication is output on the screen of the wireless terminal 240. Then, to position the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method, the disposable After outputting the password input interface on the authentication area to authenticate the terminal-side validity for the one-time authentication key-based wireless security authentication, and illustrates the process of authenticating with a first factor for the one-time authentication key-based wireless security authentication processing For convenience, the process of outputting the one-time authentication start screen (or interface) will be omitted.

For example, FIG. 9 illustrates that the password input interface is output on the one-time authentication area after outputting the one-time authentication area on the screen of the wireless terminal 240. However, the present invention is limited thereto. By no means, the password input interface may be output to other areas other than the one-time authentication area, the present invention is characterized in that it comprises all the analogous implementation method.

Referring to FIG. 9, a one-time wireless web document including a tag string (or a script) for driving a one-time authentication program is received by the wireless terminal 240 illustrated in FIG. 1, and content corresponding to the wireless web document is received. When the terminal side screen including at least one of a usage screen, a web access screen, a financial transaction screen, a payment screen, and the like is output (900), the one-time use is made by a program driving related tag string (or script) included in the wireless web document. The authentication program is driven (905).

For example, when the terminal-side screen output on the screen of the wireless terminal 240 includes a string (or script) for automatically driving (or activating) the one-time authentication program, the one-time authentication program is the tag string (or script). It is preferred to be driven (or activated) by.

Alternatively, when the terminal-side screen output on the screen of the wireless terminal 240 includes a string (or a script) corresponding to the user interface for driving the one-time authentication program, the one-time authentication program is the tag string (or the script). It is preferable to be driven (or activated) through key input through a user interface corresponding to the key input means.

Thereafter, the wireless terminal 240 checks whether or not the wireless security authentication process by generating a one-time authentication key through the one-time authentication program (910).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (915), the wireless terminal 240 is a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (920).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (9, Y), the wireless terminal 240 changes the terminal screen area to (0,0). Set the terminal-side output area by reducing to (9-x, Yy), and setting the one-time authentication area to the coordinates of (9, Y) in the reduced and remaining (9-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (9, Y), the wireless terminal 240 is (9-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (9, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (9, Y), the wireless terminal 240 is (9-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer (Layer) corresponding to the coordinates of (9, Y).

Subsequently, the wireless terminal 240 positions the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (925), and the one-time authentication key in a predetermined area on the one-time authentication area. A password input interface for inputting a password for validity authentication for the based wireless security authentication process is output, and it is checked whether the password is input through the password input interface (930).

If the password is input through the password input interface (935), the wireless terminal 240 confirms the validity of the one-time authentication key based wireless security authentication through the input password (940).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 is based on the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to verify the validity of the wireless security certificate.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (945), the wireless terminal 240 generates the password validity error information and outputs it on the one-time authentication area ( 950), the process of inputting the password by outputting the password input interface to the one-time authentication area is repeated.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (945), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

10 is a diagram illustrating a one-time authentication area output for wireless security authentication processing and a password input process for one-time authentication key-based wireless security authentication processing according to another embodiment of the present invention.

In more detail, in FIG. 10, program driving information for the one-time authentication program is received through a wireless communication network through the wireless terminal 240 shown in FIG. 1, and the one-time authentication key-based wireless security authentication process is performed through the program driving information. When the function is driven, the one-time authentication key based wireless security authentication processing through the key input means provided in the wireless terminal 240, when the function is driven, the one-time authentication key based wireless security authentication on the screen of the wireless terminal 240 After processing to output a one-time authentication area that includes a one-time authentication screen for processing, and to position the position of the wireless terminal 240 via the GPS-based (or network-based) wireless positioning method, on the one-time authentication area Outputting a password input interface to the terminal to validate the terminal side validity for the one-time authentication key-based wireless security authentication The step of, but explained by illustrating a process of authentication in the first factor above the one-time authentication key based wireless security authentication process, and outputs the sake of convenience the disposable authentication start screen (or interface) will be omitted.

For example, although FIG. 10 illustrates the output of the one-time authentication area on the screen of the wireless terminal 240 and then outputs the password input interface on the one-time authentication area, the present invention is limited thereto. By no means, the password input interface may be output to other areas other than the one-time authentication area, the present invention is characterized in that it comprises all the analogous implementation method.

Referring to FIG. 10, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 240 screen shown in FIG. 1. During output, if program driving information for the one-time authentication program is received through the wireless communication network (1000), the wireless terminal 240 drives the one-time authentication program through the program driving information (1005).

Thereafter, the wireless terminal 240 checks whether or not the wireless security authentication process by generating a one-time authentication key through the one-time authentication program (1010).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1015), the wireless terminal 240 is a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (1020).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (10, Y), the wireless terminal 240 sets the terminal screen area at (0,0). Set the terminal-side output area by reducing to (10-x, Yy), and setting the one-time authentication area at the coordinates of (10, Y) in the reduced and remaining (10-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (10, Y), the wireless terminal 240 is (10-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (10, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (10, Y), the wireless terminal 240 is (10-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer (Layer) corresponding to the coordinate of (10, Y).

Subsequently, the wireless terminal 240 positions the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (1025), and the one-time authentication key in a predetermined area on the one-time authentication area. A password input interface for inputting a password for validity authentication for the based wireless security authentication process is output, and it is checked whether the password is input through the password input interface (1030).

If the password is input through the password input interface (1035), the wireless terminal 240 checks the validity of the one-time authentication key based wireless security authentication through the input password (1040).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 is based on the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to verify the validity of the wireless security certificate.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (1045), the wireless terminal 240 generates the password validity error information and outputs it on the one-time authentication area ( 1050), the process of inputting the password by outputting the password input interface to the one-time authentication area is repeated.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (1045), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

FIG. 11 is a diagram illustrating a password input process for one-time authentication key-based wireless security authentication processing through areas other than one-time authentication area output and one-time authentication area output for wireless security authentication processing according to an embodiment of the present invention.

In detail, FIG. 11 shows a terminal screen including at least one of a desktop screen, a content using screen, a web access screen, a financial transaction screen, and a payment screen on a screen of the wireless terminal 240 shown in FIG. When the one-time authentication key-based wireless security authentication function is driven through the key input means provided in the wireless terminal 240 in the state, to process the one-time authentication key-based wireless security authentication on the screen of the wireless terminal 240 After processing to output the one-time authentication area included in the one-time authentication screen, and to position the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method, the terminal side output in addition to the one-time authentication area After authenticating the terminal side validity for the one-time authentication key-based wireless security authentication through the password input interface output to the area, the one-time A process of authenticating with the first factor for the authentication-based wireless security authentication process will be described and described, but for convenience, the process of outputting the one-time authentication start screen (or interface) will be omitted.

For example, although FIG. 11 illustrates that the password input interface is output to the terminal output area output on the screen of the wireless terminal 240 in addition to the one-time authentication area, the present invention is not limited thereto. The password input interface may be output to any area on the screen of the wireless terminal 240, whereby the present invention is not limited thereto.

Referring to FIG. 11, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 240 screen shown in FIG. 1. And a key input (or a one-time authentication key-based wireless security authentication related user interface included in the terminal-side screen) through the key input means provided in the wireless terminal 240 while outputting the terminal-side screen. When the one-time authentication program is driven through the associated key input (1105), the wireless terminal 240 checks whether the wireless security authentication process is performed by generating the one-time authentication key through the one-time authentication program (1110).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key-based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1115), the wireless terminal 240 is a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (1120).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (11, Y), the wireless terminal 240 sets the terminal side screen area at (0,0). Set the terminal-side output area by reducing to (11-x, Yy), and set the one-time authentication area to the coordinates of (11, Y) in the reduced and remaining (11-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (11, Y), the wireless terminal 240 is (11-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal-side screen area corresponding to the coordinate of (11, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (11, Y), the wireless terminal 240 is (11-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal layer screen area upper layer (Layer) corresponding to the coordinate of (11, Y).

Subsequently, the wireless terminal 240 locates the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (1125), and inputs the password input interface allocated to the terminal-side output area. The caret is assigned and the password is input through the password input interface (1130).

If the password is input through the password input interface (1135), the wireless terminal 240 checks the validity of the one-time authentication key based wireless security authentication through the input password (1140).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 is based on the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to verify the validity of the wireless security certificate.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (1145), the wireless terminal 240 generates the password validity error information and outputs the information on the one-time authentication area ( 1150), and repeats the process of inputting the password by outputting the password input interface to the one-time authentication area.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (1145), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

12 is a diagram illustrating a password input process for one-time authentication key-based wireless security authentication processing through another area other than one-time authentication area output and one-time authentication area output for wireless security authentication processing according to another embodiment of the present invention. .

In more detail, FIG. 12 illustrates a content usage screen, a web access screen, and a web page form in which a terminal-side screen outputted to the wireless terminal 240 shown in FIG. 1 includes at least one tag string (or script). Including at least one financial transaction screen, payment screen, etc., and when the one-time authentication key-based wireless security authentication processing function is driven through the tag string (or script), the key input provided in the wireless terminal 240 When the one-time authentication key-based wireless security authentication function is driven through the means, the one-time authentication area including the one-time authentication screen for processing the one-time authentication key-based wireless security authentication is processed on the wireless terminal 240 screen. Then, to position the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method, the disposable After authenticating the terminal-side validity for the one-time authentication key-based wireless security authentication through the password input interface output to the terminal-side output area in addition to the authentication area, the process of authenticating with a first factor for the one-time authentication key-based wireless security authentication processing It will be described with reference to, for convenience, the process of outputting the one-time authentication start screen (or interface) will be omitted.

For example, although FIG. 12 illustrates that the password input interface is output to the terminal side output area output on the screen of the wireless terminal 240 in addition to the one-time authentication area, the present invention is not limited thereto. The password input interface may be output to any area on the screen of the wireless terminal 240, whereby the present invention is not limited thereto.

Referring to FIG. 12, a one-time wireless web document including a tag string (or a script) for driving a one-time authentication program is received by the wireless terminal 240 illustrated in FIG. 1, and the contents corresponding to the wireless web document are used. When a terminal side screen including at least one screen, a web access screen, a financial transaction screen, a payment screen, etc. is output (1200), the one-time authentication is performed by a program driving related tag string (or script) included in the wireless web document. The program is driven (1205).

For example, when the terminal-side screen output on the screen of the wireless terminal 240 includes a string (or script) for automatically driving (or activating) the one-time authentication program, the one-time authentication program is the tag string (or script). It is preferred to be driven (or activated) by.

Alternatively, when the terminal-side screen output on the screen of the wireless terminal 240 includes a string (or a script) corresponding to the user interface for driving the one-time authentication program, the one-time authentication program is the tag string (or the script). It is preferable to be driven (or activated) through key input through a user interface corresponding to the key input means.

Thereafter, the wireless terminal 240 checks whether the wireless security authentication process through the one-time authentication key generation through the one-time authentication program (1210).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal-side screen processing unit corresponding to various programs for outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1215), the wireless terminal 240 has a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (1220).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (12, Y), the wireless terminal 240 sets the terminal screen area at (0,0). Set the terminal-side output area by reducing to (12-x, Yy), and set the one-time authentication area to the coordinates of (12, Y) in the reduced and remaining (12-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (12, Y), the wireless terminal 240 is (12-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (12, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (12, Y), the wireless terminal 240 is (12-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in the terminal-side screen area upper layer (Layer) corresponding to the coordinate of (12, Y).

Then, the wireless terminal 240 to position the location of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (1225), and to the password input interface assigned to the terminal-side output area The caret is assigned and the password is input through the password input interface (1230).

If the password is input through the password input interface (1235), the wireless terminal 240 checks the validity of the one-time authentication key based wireless security authentication through the input password (1240).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 is based on the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to verify the validity of the wireless security certificate.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (1245), the wireless terminal 240 generates the password validity error information and outputs the information on the one-time authentication area ( 1250, the process of inputting the password by outputting the password input interface to the one-time authentication area is repeated.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (1245), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

FIG. 13 is a diagram illustrating a password input process for one-time authentication key based wireless security authentication processing through another area other than one-time authentication area output and one-time authentication area output for wireless security authentication processing according to another embodiment of the present invention. to be.

In more detail, in FIG. 13, program driving information for the one-time authentication program is received through a wireless communication network through the wireless terminal 240 shown in FIG. 1, and the one-time authentication key-based wireless security authentication process is performed through the program driving information. When the function is driven, the one-time authentication key based wireless security authentication processing through the key input means provided in the wireless terminal 240, when the function is driven, the one-time authentication key based wireless security authentication on the screen of the wireless terminal 240 After processing to output a one-time authentication area that includes a one-time authentication screen for processing, and to position the position of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method, in addition to the one-time authentication area Terminal for wireless security authentication based on one-time authentication key through password input interface output in terminal output area After authenticating the validity, the process of, but explained by illustrating a process of authenticating a first factor for the one-time authentication key based wireless security authentication process, and outputs the sake of convenience the disposable authentication start screen (or interface) will be omitted.

For example, although FIG. 13 illustrates that the password input interface is output to the terminal output area output on the screen of the wireless terminal 240 in addition to the one-time authentication area, the present invention is not limited thereto. The password input interface may be output to any area on the screen of the wireless terminal 240, whereby the present invention is not limited thereto.

Referring to FIG. 13, a terminal-side screen including at least one of a desktop screen, a content usage screen, a web access screen, a financial transaction screen, and a payment screen is displayed on the entire area of the wireless terminal 240 shown in FIG. During output, if program driving information for the one-time authentication program is received through a wireless communication network (1300), the wireless terminal 240 drives the one-time authentication program through the program driving information (1305).

Thereafter, the wireless terminal 240 confirms whether or not the wireless security authentication processing by generating a one-time authentication key through the one-time authentication program (1310).

According to one embodiment of the invention, when the one-time authentication program is driven (or activated), the one-time authentication program is a one-time authentication key based wireless security authentication in the wireless terminal 240 in response to the program driving (or activation) It is desirable to confirm that this processing is requested.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), a screen, a content use screen, a web access screen, a financial transaction screen, a payment screen, and the like are displayed on the screen of the wireless terminal 240. When the terminal side screen processing unit corresponding to various programs outputting at least one terminal screen including at least one request for wireless security authentication for content use, web access, financial transaction, or payment processing corresponding to the terminal screen, The one-time authentication program preferably confirms that the one-time authentication key-based wireless security authentication processing is requested in the wireless terminal 240.

According to another exemplary embodiment of the present invention, after the one-time authentication program is driven (or activated), the content input, web access, financial transaction, or payment processing corresponding to the terminal screen is performed through the key input means. When an authentication command (or key data) for wireless security authentication is input, the one-time authentication program preferably checks that the one-time authentication key-based wireless security authentication is requested in the wireless terminal 240.

If the one-time authentication key-based wireless security authentication process is confirmed as a result of the checking (1315), the wireless terminal 240 has a one-time authentication area for outputting a one-time authentication screen for the wireless security authentication process through the one-time authentication program. The wireless terminal 240 processes the output on the screen (1320).

According to the method of the present invention, when the one-time authentication area is output in a certain area on the screen of the wireless terminal 240, the wireless terminal 240 is output to the entire area of the screen of the wireless terminal 240 Preferably, the terminal-side screen area is reduced in a predetermined direction to set the terminal-side output area, and the disposable authentication area is set in the reduced remaining area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (13, Y), the wireless terminal 240 sets the terminal screen area at (0,0). Set the terminal-side output area by reducing to (13-x, Yy), and set the one-time authentication area to the coordinates of (13, Y) in the reduced and remaining (13-x + 1, Y-y + 1) It is desirable to.

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is in the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area by inserting a one-time authentication screen.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (13, Y), the wireless terminal 240 is (13-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area by inserting the one-time authentication screen into the terminal side screen area corresponding to the coordinate of (13, Y).

Alternatively, when the one-time authentication area is output to a predetermined area on the screen of the wireless terminal 240, the wireless terminal 240 is a schedule on the terminal screen area that is output to the entire area of the screen of the wireless terminal 240 It is preferable to set the one-time authentication area in an overlap method (or pop-up method) in the area.

For example, if the entire area of the screen of the wireless terminal 240 includes coordinates of (0,0) to (13, Y), the wireless terminal 240 is (13-x, Yy) of the terminal-side screen area. It is preferable to set the one-time authentication area including the one-time authentication screen in an overlap method (or a pop-up method) in a terminal-side screen area upper layer (Layer) corresponding to the coordinate of (13, Y).

Thereafter, the wireless terminal 240 performs positioning of the wireless terminal 240 through the GPS-based (or network-based) wireless positioning method (1325), and inputs the password input interface allocated to the terminal-side output area. The caret is assigned and the password is input through the password input interface (1330).

If the password is input through the password input interface (1335), the wireless terminal 240 checks the validity of the one-time authentication key based wireless security authentication through the input password (1340).

When password authentication information (not shown) matching the password is stored in the memory unit according to an exemplary embodiment of the present invention, the wireless terminal 240 compares the input password with the password authentication information for the one-time authentication. It is desirable to verify the validity of key-based wireless security certificates.

According to another exemplary embodiment of the present invention, when the password includes a series of number systems, the wireless terminal 240 performs the one-time authentication key through number system analysis (or hash code generation) of the input password. It is desirable to check the validity of the base wireless security authentication.

If the validity of the one-time authentication key-based wireless security authentication is not confirmed through the input password (1345), the wireless terminal 240 generates the password validity error information and outputs it on the one-time authentication area ( 1350, the process of inputting the password by outputting the password input interface to the one-time authentication area is repeated.

On the other hand, if the validity of the one-time authentication key-based wireless security authentication is confirmed through the input password (1345), the wireless terminal 240 processes the one-time authentication key-based wireless security authentication through the one-time authentication key.

14 is a diagram illustrating a process of generating a time synchronization-based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

More specifically, Figure 14 is a one-time authentication key based wireless security authentication through the process shown in Figure 8 or Figure 9 or Figure 10 or Figure 11 or Figure 12 or Figure 13 in the wireless terminal 240 shown in Figure 1 When the validity is confirmed, a process of generating a one-time authentication key by a time synchronization method based on the validation result, specifically, to prevent time synchronization error of wireless security authentication using a one-time authentication key generated by a time synchronization method. In order to calculate the positional coordinate information of the wireless terminal 240 for the wireless terminal 240 in advance, it is a diagram illustrating an implementation method of generating the one-time authentication key.

Those skilled in the art to which the present invention pertains can refer to and / or modify this drawing 14 to infer various implementation methods for the time synchronization-based one-time authentication key generation process for the wireless security authentication process. However, the present invention includes all the implementation methods inferred above, and the technical features are not limited only to the implementation method shown in FIG.

Referring to Figure 14, the wireless terminal 240 shown in Figure 1 through the process shown in Figure 8 or Figure 9 or Figure 10 or Figure 11 or Figure 12 or Figure 13 the validity of the wireless security authentication based on one-time authentication key If confirmed, the wireless terminal 240 is connected to the wireless terminal through a GPS-based (or network-based) wireless positioning performed in the process shown in Figure 8 or 9 or 10 or 11 or 12 or 13. Check whether the position of the 240 is positioned (1400).

If it is confirmed that the position of the radio terminal 240 is located (1405), the radio terminal 240 calculates the position information of the radio terminal 240 corresponding to the position of the position of the radio terminal 240 ( 1410).

If the positional information of the wireless terminal 240 is calculated (1415), the wireless terminal 240 is a one-time authentication key generation screen requesting (or commanding) to generate a one-time authentication key in a predetermined area on the one-time authentication area ( Or 1420), and the caret allocated to the terminal-side output area is moved to the one-time authentication area to be allocated (1425).

When the caret is assigned to the one-time authentication area, the wireless terminal 240 uses the one-time authentication key through the one-time authentication key generation screen (or interface) output to the one-time authentication area based on the caret moved to the one-time authentication area. Check whether generation is requested (or commanded) (1430).

If the one-time authentication key generation request (or command) is not confirmed through the one-time authentication key generation screen (or interface) (1435), the wireless terminal 240 is a caret assigned to the one-time authentication area through a key input. Relocates to the terminal-side output area and allocates and processes various key inputs through the terminal-side screen based on the reassigned caret, thereby using the terminal-side screen based on the caret assigned to the terminal-side output area. Various services (or information processing) are performed (1440).

Thereafter, the wireless terminal 240 checks whether the caret assigned to the terminal output region moves to the one-time authentication region through key input (1445).

If the caret allocated to the terminal-side output area does not move back to the one-time authentication area (1450), the wireless terminal 240 uses various care-based screen-based services (or Information processing) (1455), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the other hand, when the caret assigned to the terminal output area is moved back to the one-time authentication area (1460), the wireless terminal 240 is a one-time authentication key output to the one-time authentication area based on the caret moved to the one-time authentication area. It is checked whether a one-time authentication key generation is requested (or commanded) through the generation screen (or interface) (1430).

If the one-time authentication key generation request (or command) is confirmed through the one-time authentication key generation screen (or interface) (1435), the wireless terminal 240 is a memory unit (or a chip memory unit provided in the IC chip). Check the one-time authentication key generation information of the time synchronization method with the timer (1460).

If the one-time authentication key generation information of the time synchronization method is confirmed (1465), the wireless terminal 240 performs the wireless security authentication process by substituting the identified at least one or more one-time authentication key generation information into an authentication key generation algorithm. Generate a one-time authentication key for (1470), and then the wireless terminal 240 performs a process of transmitting the generated one-time authentication key and the wireless terminal 240 position coordinate information to the authentication server 105 through a wireless communication network. do.

15 is a diagram illustrating a process of generating a challenge-response based one-time authentication key for wireless security authentication processing according to an embodiment of the present invention.

In more detail, Figure 15 is a one-time authentication key-based wireless security authentication through the process shown in Figure 8 or Figure 9 or Figure 10 or Figure 11 or Figure 12 or Figure 13 in the wireless terminal 240 shown in Figure 1 When the validity is confirmed, the process of generating a one-time authentication key in a challenge-response method based on the validation result, specifically, after generating a one-time authentication key in a challenge-response method, the wireless terminal 240 is generated. FIG. 3 is a diagram illustrating an exemplary method of calculating the position coordinate information of the wireless terminal 240. FIG.

Those skilled in the art to which the present invention pertains can refer to and / or modify this drawing 15 to infer various implementation methods for the challenge-response based one-time authentication key generation process for the wireless security authentication process. As will be appreciated, the present invention includes all implementation methods inferred, and the technical features are not limited to the implementation method illustrated in FIG.

Referring to FIG. 15, the wireless terminal 240 shown in FIG. 1 is effective for one-time authentication key based wireless security authentication through the process shown in FIG. 8 or 9 or 10 or 11 or 12 or 13. If confirmed, the wireless terminal 240 outputs a one-time authentication key generation screen (or interface) including request (or command) to generate a one-time authentication key in a certain area on the one-time authentication area (1500), and the terminal The caret assigned to the side output area is moved to the one-time authentication area and processed to be allocated (1505).

When the caret is assigned to the one-time authentication area, the wireless terminal 240 uses the one-time authentication key through the one-time authentication key generation screen (or interface) output to the one-time authentication area based on the caret moved to the one-time authentication area. Check whether the generation is requested (or commanded) (1510).

If the one-time authentication key generation request (or command) is not confirmed through the one-time authentication key generation screen (or interface) (1515), the wireless terminal 240 is a caret assigned to the one-time authentication area through a key input. Reassigns to the terminal-side output area, and processes various key inputs through the terminal-side screen based on the reassigned caret, thereby using the caret assigned to the terminal-side output area Various services (or information processing) are performed (1520).

Thereafter, the wireless terminal 240 checks whether the caret assigned to the terminal output region moves to the one-time authentication region through a key input (1525).

If the caret assigned to the terminal-side output area does not move back to the one-time authentication area (1530), the wireless terminal 240 uses various care-based screen-based services (or Information processing) (1535), and the terminal-based screen-based various services (or information processing) using the caret are repeated until the caret moves to the one-time authentication area.

On the contrary, when the caret assigned to the terminal output area is moved back to the one time authentication area (1530), the wireless terminal 240 outputs the one time authentication key output to the one time authentication area based on the caret moved to the one time authentication area. It is checked whether a one-time authentication key generation is requested (or commanded) through the generation screen (or interface) (1510).

If the one-time authentication key generation request (or command) is confirmed through the one-time authentication key generation screen (or interface) (1515), the wireless terminal 240 to the challenge server 105 through the wireless communication network-the challenge- Request and receive first one-time authentication key generation information corresponding to a response challenge (1540), and N-th (N) corresponding to a challenge-response method through the memory unit (or a chip memory unit provided in the IC chip). = 2,3, ...) Confirm the one-time authentication key generation information (1545).

If the challenge-response disposable authentication key generation information is confirmed (1550), the wireless terminal 240 substitutes the at least one or more disposable authentication key generation information into the authentication key generation algorithm to process the wireless security authentication. Generate a one-time authentication key for (1555).

Thereafter, the wireless terminal 240 performs the wireless terminal 240 through GPS-based (or network-based) wireless positioning performed in the process shown in FIG. 8 or 9 or 10 or 11 or 12 or 13. (1560) is checked.

If it is confirmed that the position of the radio terminal 240 is located (1565), the radio terminal 240 calculates the position information of the radio terminal 240 corresponding to the position of the position of the radio terminal 240 ( 1570).

If the wireless terminal 240 position coordinate information is calculated (1575), the wireless terminal 240 is the authentication server 105 through the generated disposable authentication key and the wireless terminal 240 position coordinate information through a wireless communication network Perform the process of transmission to.

16 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to an embodiment of the present invention.

More specifically, FIG. 16 outputs the one-time authentication key generated through the process of generating the one-time authentication key shown in FIG. 14 or 15 in the wireless terminal 240 shown in FIG. 1 on the screen of the wireless terminal 240. As a process for inputting through the one-time authentication area and the transmission to the authentication server 105 shown in Figure 7, specifically shown in Figure 14 or 15 in the security authentication request information for transmitting the one-time authentication key FIG. 7 illustrates a method of transmitting the wireless terminal 240 position coordinate information calculated through the process to the authentication server 105 shown in FIG.

Those skilled in the art to which the present invention pertains will be able to infer various implementation methods for the process of inputting and transmitting the one-time authentication key by referring to and / or modifying the drawing 16. It is made to include all the implementation methods inferred, the technical features are not limited only to the implementation method shown in FIG.

For example, a person having ordinary knowledge in the art to which the present invention pertains may refer to and / or modify this drawing 16 to not include the wireless terminal 240 position coordinate information in the security authentication request information, but not to the IS-801 standard. It will be able to infer an implementation method of transmitting directly to the authentication server 105 through the GPS protocol of the present invention, characterized in that the present invention comprises all the inferred implementation method.

Referring to FIG. 16, the wireless terminal 240 shown in FIG. 1 uses at least one-time one-time authentication key generation information and an authentication key generation algorithm through the one-time authentication key generation process shown in FIG. 14 or FIG. A one-time authentication key for processing wireless security authentication is generated, and it is checked whether the position information of the wireless terminal 240 is calculated through wireless positioning (1600).

If the one-time authentication key for the wireless security authentication process is generated and it is not confirmed that the wireless terminal 240 position coordinate is calculated (1605), the wireless terminal 240 is shown in FIG. 14 or FIG. 15. Perform the process.

On the other hand, if the one-time authentication key for the wireless security authentication process is generated, and it is confirmed that the calculated position coordinates of the wireless terminal 240 (1605), the wireless terminal 240 is the disposable on the screen of the wireless terminal 240 Outputting the generated one-time authentication key to a predetermined area on an authentication area (1610), outputting the one-time authentication key input interface to a certain area on the one-time authentication area (1615), and using the one-time authentication key input interface. In operation 1620, a one-time authentication key for validity authentication for the authentication key-based wireless security authentication process is input.

If it is confirmed that the one-time authentication key is input (1625), the wireless terminal 240 is the one-time authentication key and the wireless terminal 240 position coordinate information input through the one-time authentication key input screen (or interface) Generating security authentication request information including (1630), the security authentication including the one-time authentication key and the wireless terminal 240 position coordinate information to the authentication server 105 shown in Figure 7 through the wireless communication network The request information is transmitted (1635).

According to another embodiment of the present invention, when the security authentication request and the financial transaction (or payment) are made together, the one-time authentication key may be included in the financial transaction request information (or payment request information) and transmitted. This makes it clear that the present invention is not limited.

17 is a diagram illustrating a process of inputting and transmitting a one-time authentication key according to another embodiment of the present invention.

In more detail, FIG. 17 outputs the one-time authentication key generated by the one-time authentication key generation process shown in FIG. 14 or FIG. 15 from the wireless terminal 240 shown in FIG. 1 to the screen of the wireless terminal 240. A process for inputting through the terminal-side output area and transmitting to the authentication server 105 shown in FIG. 7, specifically, shown in FIG. 14 or 15 in the security authentication request information for transmitting the one-time authentication key. The implementation method of transmitting to the authentication server 105 shown in FIG. 7 further includes the position information of the wireless terminal 240 calculated through the process described above.

Those skilled in the art to which the present invention pertains will be able to infer various implementation methods for the process of inputting and transmitting the one-time authentication key by referring to and / or modifying the drawing 17. It is made to include all the implementation methods inferred, the technical features are not limited only to the implementation method shown in FIG.

For example, a person having ordinary knowledge in the technical field to which the present invention pertains may refer to and / or modify this drawing 17 to not include the position information of the wireless terminal 240 in the security authentication request information and to comply with the IS-801 standard. It will be able to infer an implementation method of transmitting directly to the authentication server 105 through the GPS protocol of the present invention, characterized in that the present invention comprises all the inferred implementation method.

Referring to FIG. 17, the wireless terminal 240 shown in FIG. 1 uses at least one-time one-time authentication key generation information and an authentication key generation algorithm through the one-time authentication key generation process shown in FIG. 14 or FIG. A one-time authentication key for processing wireless security authentication is generated, and it is checked whether the position information of the wireless terminal 240 is calculated through wireless positioning (1700).

If the one-time authentication key for the wireless security authentication process is generated, and it is not confirmed that the calculated position coordinates of the wireless terminal 240 (1705), the wireless terminal 240 is shown in Figure 14 or 15 Perform the process.

On the other hand, if the one-time authentication key for the wireless security authentication process is generated, and it is confirmed that the calculated position coordinates of the wireless terminal 240 (1705), the wireless terminal 240 is the disposable on the screen of the wireless terminal 240 The generated one-time authentication key is output to a predetermined area on an authentication area (1710), the caret is assigned to the one-time authentication key input interface included in the terminal-side output area (1715), and through the one-time authentication key input interface. In operation 1720, a one-time authentication key for validity authentication for the one-time authentication key-based wireless security authentication process is input.

If it is confirmed that the one-time authentication key is input (1725), the wireless terminal 240 is the one-time authentication key and the wireless terminal 240 position coordinate information input through the one-time authentication key input screen (or interface) Generating security authentication request information including a 1730, and the security authentication including the one-time authentication key and the position information of the wireless terminal 240 to the authentication server 105 shown in Figure 7 through the wireless communication network The request information is transmitted (1735).

According to another embodiment of the present invention, when the security authentication request and the financial transaction (or payment) are made together, the one-time authentication key may be included in the financial transaction request information (or payment request information) and transmitted. This makes it clear that the present invention is not limited.

18 is a diagram illustrating a one-time authentication key based wireless security authentication process according to an embodiment of the present invention.

In more detail, FIG. 18 illustrates the one-time authentication from the wireless terminal 240 shown in FIG. 1 to the authentication server 105 shown in FIG. 7 through the one-time authentication key transmission process shown in FIG. 16 or 17. When the security authentication request information including the key and the location information of the wireless terminal 240 is transmitted, the authentication server 105 processes the one-time authentication key-based wireless security authentication by validating the one-time authentication key. As for the person skilled in the art to which the present invention pertains, it will be possible to infer various implementation methods for the one-time authentication key-based wireless security authentication process by referring to and / or modified in this figure 18, The present invention includes all the implementation methods inferred, and the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 18, the one-time authentication key from the wireless terminal 240 shown in FIG. 1 to the authentication server 105 shown in FIG. 7 through the process of transmitting the one-time authentication key shown in FIG. And the security authentication request information including the location information of the wireless terminal 240, the authentication server 105, the security authentication request including the one-time authentication key and the location information of the wireless terminal 240 via the wireless communication network A wireless device that receives the information (1800), associates with the wireless communication network (eg, the network management system 100 on the wireless communication network), or reads a protocol for receiving the security authentication request information and transmits the security authentication request information. The terminal 240 checks the information (1805).

If the wireless terminal 240 information that transmits the security authentication request information is confirmed (1810), the authentication server 105 is connected to the one-time authentication management D / B 750 shown in Figure 7 the wireless terminal In operation 1815, the one-time authentication key generation information and the authentication key generation algorithm corresponding to the one-time authentication key are checked from the one-time authentication key management information associated with the information.

If the one-time authentication key generation information and authentication key generation algorithm corresponding to the one-time authentication key is confirmed (1820), the authentication server 105 is the one-time authentication through the verified one-time authentication key generation information and authentication key generation algorithm. Generate a one-time authentication key authentication code corresponding to the key (1825), and compares the one-time authentication key included in the security authentication request information with the generated one-time authentication key authentication code to check the validity of the one-time authentication key ( 1830).

If the validity of the one-time authentication key is confirmed (1835), the authentication server 105 and the wireless terminal 240 position coordinate information included in the security authentication request information in association with the location information D / B (740) The matching wireless terminal 240 location indication information (eg, address, building name, store name, etc.) is checked (1840).

If the wireless terminal 240 location indication information is confirmed (1845), the authentication server 105 is connected to the wireless terminal 240 information and the wireless terminal 240 location indication information authentication location management D / B Save at 745 (1850).

Subsequently, the authentication server 105 generates security authentication result information including the one-time authentication key validation result and the wireless terminal 240 position indication information through the wireless communication network and transmits the result to the wireless terminal 240 ( 1855) and sharing the result of the one-time authentication key validity with the wireless server 770 (eg, the financial server 755, the payment server 760, the wireless web server 765, etc.) requesting the wireless security authentication based on the one-time authentication key. In response thereto, the wireless server 770 provides various additional services based on at least one financial transaction, payment, and authentication to the wireless terminal 240 based on the one-time authentication key validity result. do.

19 is a diagram illustrating a one-time authentication key-based wireless security authentication process according to an embodiment of the present invention.

In more detail, FIG. 19 illustrates the one-time authentication in the authentication server 105 shown in FIG. 7 through the one-time authentication key based wireless security authentication process shown in FIG. 18 in the authentication server 105 shown in FIG. After generating security authentication result information including a key validation result and transmitting the result to the wireless terminal 240 shown in FIG. 1, the wireless terminal 240 processes the wireless security authentication using the security authentication result information. As for the person skilled in the art to which the present invention pertains, various implementation methods for the one-time authentication key-based wireless security authentication process may be inferred by referring to and / or modifying the drawing 19. The present invention includes all the inferred implementation methods, and the technical features are not limited to the implementation method illustrated in FIG.

Referring to FIG. 19, the one-time authentication key in the authentication server 105 shown in FIG. 7 through the one-time authentication key-based wireless security authentication process shown in FIG. 18 in the authentication server 105 shown in FIG. After generating security authentication result information including a validity result and transmitting it to the wireless terminal 240 shown in FIG. 1, the wireless terminal 240 validates the one-time authentication key from the authentication server 105 through a wireless communication network. In operation 1900, it is checked whether security authentication result information including the verification result (eg, validity approval or validity error) is received.

If the security authentication result information is received (1905), the wireless terminal 240 extracts the one-time validity verification result and the wireless terminal 240 position indication information from the security authentication result information to a predetermined area on the one-time authentication area In operation 1910, the one-time authentication key end screen (or an interface) is output to a predetermined area on the one-time authentication area (1915).

Then, it is checked whether the wireless security authentication process using the one-time authentication key is terminated through the one-time authentication key end screen (or interface) output on the one-time authentication area (1920).

If the wireless security authentication process using the one-time authentication key is terminated through the one-time authentication key end screen (or interface) (1925), the wireless terminal 240 opens the one-time authentication area on the screen of the wireless terminal 240. In operation 1930, the terminal-side output area is output to the entire area of the screen of the wireless terminal 240.

According to the present invention, in the one-time authentication key-based wireless security authentication processing through the wireless terminal used by the customer, by connecting the one-time authentication key for processing the wireless security authentication and the wireless terminal position coordinate information corresponding to the position of the wireless terminal By authenticating, there is an advantage of improving the reliability and security of the wireless security authentication.

According to the present invention, in the one-time authentication key-based wireless security authentication processing through the wireless terminal used by the customer, the additional service based on the location of the wireless terminal (for example, the number of lost wireless terminal, the one-time authentication blocking through the lost wireless terminal) , By providing a coupon / traffic information), there is an advantage of activating the one-time authentication key-based wireless security authentication.

Claims (4)

When the one-time authentication key-based wireless security authentication processing using a mobile phone, processing to position the current location of the mobile phone through a location positioning unit for positioning the location of the mobile phone; Calculating location information of the mobile phone corresponding to the location of the mobile phone when the location of the mobile phone is positioned; Generating a one-time authentication key for processing the one-time authentication key based wireless security authentication; When the generated one-time authentication key is input through a one-time authentication key input interface, generating security authentication request information including the input one-time authentication key and the mobile phone position coordinate information; And And transmitting the security authentication request information to an authentication server on a communication network so that the one-time authentication key based wireless security authentication is processed. Generating a one-time authentication key for processing the one-time authentication key based wireless security authentication when using a one-time authentication key-based wireless security authentication using a mobile phone; Processing to locate the current location of the mobile phone through a location location unit for positioning the mobile phone; Calculating location information of the mobile phone corresponding to the location of the mobile phone when the location of the mobile phone is positioned; Generating the security authentication request information including the one-time authentication key and the mobile phone position coordinate information when the mobile phone position coordinate information is calculated; And And transmitting the security authentication request information to an authentication server on a communication network so as to process the one-time authentication key-based wireless security authentication. A recording medium comprising a program for executing the method according to any one of claims 1 to 2. A position calculation unit for calculating the mobile phone position coordinate information by positioning the current position of the mobile phone through a position positioning unit for positioning the mobile phone during the disposable security key based wireless security authentication process using a mobile phone; A generation unit generating a one-time authentication key for processing the one-time authentication key-based wireless security authentication; An information generation unit for generating security authentication request information including the one-time authentication key and the mobile phone position coordinate information; And And a communication processing unit for transmitting the security authentication request information to an authentication server on a communication network.
KR1020070101157A 2007-10-08 2007-10-08 Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium KR20090036061A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020070101157A KR20090036061A (en) 2007-10-08 2007-10-08 Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020070101157A KR20090036061A (en) 2007-10-08 2007-10-08 Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium

Related Child Applications (1)

Application Number Title Priority Date Filing Date
KR1020090066082A Division KR20090092744A (en) 2009-07-20 2009-07-20 Method for Providing Location Linkage Wireless One-time Authentication-Key

Publications (1)

Publication Number Publication Date
KR20090036061A true KR20090036061A (en) 2009-04-13

Family

ID=40761168

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020070101157A KR20090036061A (en) 2007-10-08 2007-10-08 Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium

Country Status (1)

Country Link
KR (1) KR20090036061A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150095231A (en) * 2015-08-03 2015-08-20 주식회사 비즈모델라인 Method for Providing Mobile OTP based on Location

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150095231A (en) * 2015-08-03 2015-08-20 주식회사 비즈모델라인 Method for Providing Mobile OTP based on Location

Similar Documents

Publication Publication Date Title
KR20090114585A (en) Method and System for Processing Cash Payment by Using USIM and Recording Medium
KR100963924B1 (en) Method for Confirming Wireless One-time Authentication Location and Mobile Phone, Recording Medium
KR100963928B1 (en) Method for Authenting Wireless One-time with Financial Password and Mobile Phone, Recording Medium
KR101463451B1 (en) System for Processing Transaction by using Token Code
KR20100106256A (en) Method for processing financial transaction by using mobile terminal
KR101413117B1 (en) System for Processing Financial Transaction by using Token Code
KR100999567B1 (en) Method for Authenticating Wireless One-time with Living Body Information Base Two Factor and Recording Medium
KR100963929B1 (en) Method for Authenticating Wireless One-time with Financial Security Card Base Two Factor and Recording Medium
KR20090098766A (en) Method for authenticating locatin base wireless one-time
KR20090036060A (en) System and method for authenticating locatin base wireless one-time and recording medium
KR101326100B1 (en) Method for Providing Transaction by using Token Code
KR20090036061A (en) Method for providing location linkage wireless one-time authentication-key and mobile phone, recording medium
KR20090092744A (en) Method for Providing Location Linkage Wireless One-time Authentication-Key
KR101092186B1 (en) Method for Providing OTP with USIM, Wireless Terminal and Recording Medium
KR101710721B1 (en) Method for Operating Mobile OTP by using Location
KR101615689B1 (en) Method for Providing Mobile OTP based on Location
KR100963927B1 (en) Moblie Phone for Displaying Security with Wireless One-time Authentication and Recording Medium
KR101392360B1 (en) Method for Processing Financial Transaction by using Token Code
KR100942608B1 (en) Method for Processing Wireless One-time Authentication Mobile Phone Loss
KR20090036059A (en) Method for providing wireless one-time authentication location and mobile phone, recording medium
KR20100096934A (en) Method for managing mobile student card and recording medium
KR20070021581A (en) System and Method for Processing Financial Transaction, Devices for Processing Financial Transaction, Terminals and Recording Medium
KR20090036051A (en) Method for processing wireless one-time authentication password error and recording medium
KR20090036046A (en) System and method for providing target advertisement with wireless one-time authentication and mobile phone, recording medium
KR20120059474A (en) Method for Certificating by using One Time Code

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
A107 Divisional application of patent
E601 Decision to refuse application
J201 Request for trial against refusal decision
J501 Disposition of invalidation of trial