KR20120089885A - Smart phone and method for providing card transaction by volatile certification value - Google Patents

Abstract

PURPOSE: A smart phone for providing a card transaction using a volatile authentication value and a method thereof are provided to authenticate justification about a card transaction through a volatility authentication value which is generated in a smart phone without a hacking attempt of the smart phone using a data communication network. CONSTITUTION: A user registration unit(130) transmits issue company information and a user identification value to a operation server which is cooperated with an issue company. An authentication value generation unit(145) applies a key generation function to a dynamic seed value which is dynamically determined based on a fixed seed value and a dynamic seed determination value which are stored in a medium. The authentication value generation unit generates a volatility authentication value dynamically. A authentication value output unit(150) outputs the volatility authentication value which is generated on a screen.

Description

Smart Phones and Methods for Providing Card Transaction by Volatile Certification Value

The present invention registers a user transaction means to be used for a user's card transaction in a smartphone to an operator server affiliated with an issuer that issued at least one card to the user, and dynamically generates a volatile authentication value in the user's smartphone. After the necessary values are maintained in the medium in agreement with the operator server, the smart phone detects the user's card transaction time, and dynamically generates and outputs the volatile authentication value based on the agreed value in the smart phone. After receiving and verifying the volatile authentication value dynamically generated in the smartphone through the transaction request terminal device at the operator server, the card transaction of the user requested from the transaction request terminal device is processed through the issuer.

There is a phone bill service that charges a payment amount to a communication fee of a mobile phone. When the phone bill service is provided with the subscriber information and the mobile phone number of the user registered in the telecommunication company from the user's computer, the phone bill service authenticates the subscriber's subscription status and the communication fee based payment limit for the user through the subscriber information and the mobile phone number. After that, after approving payment for the payment amount according to the communication fee-based payment limit, the next month, the payment amount is charged to the communication fee charged to the mobile phone.

The above-mentioned phone bill service can be stably provided because the communication medium to which the mobile phone is connected for providing the phone bill service is a circuit-switched voice communication network in which a third party cannot intervene. That is, since the voice communication network basically communicates in a circuit-switched manner, a third party on the communication line is responsible for the authentication number sent from the server side to the mobile phone through a text message of the voice communication network for the phone bill service. It is very difficult to intervene in a text message or to steal unauthorized.

Recently, smart phones that can access both data communication networks and voice communication networks have been activated. When the smart phone is connected to the voice call network, the security function for the voice call network is the same as the mobile phone. However, the smart phone can be connected to a data communication network in addition to a voice communication network. Since the data communication network is basically a TCP / IP-based Internet network, third-party intervention or hacking can be performed at any time. For example, if the smartphone is equipped with a hacking program that refers to the text message and automatically reports it to a third party (or hacker), the third party (or hacker) can call the other person's smartphone at any time. It has a problem of requesting bill service and obtaining payment approval.

After all, the security problem by the data network must be solved through the data network. Unlike voice communication networks, data communication networks have been developed and applied to various security solutions that block third-party intervention or hacking, and their stability has been periodically verified.

An object of the present invention for solving the above problems, the smart without a separate data exchange between the user's smartphone and the issuer and the operator server issuing the card that issued the at least one card to the user at the time of the card transaction of the user When the phone dynamically generates and outputs a volatile authentication value internally as previously agreed with the operator server, the operator server receives the volatile authentication value dynamically generated in the smartphone from the transaction request terminal device and then smarts the user. The present invention provides a smart phone and a method for processing a card transaction of a user requested from the transaction request terminal device through the issuer after authenticating the validity of the phone.

Another object of the present invention is to provide a volatile authentication value for authenticating the validity of the card transaction when a minimal data exchange occurs between the user's smartphone and the operator server at the time of the card transaction. It is to provide a smartphone and a method for preventing the exchange between the smartphone and the operator server.

Smartphones that provide card transactions through the volatile authentication value according to the present invention, in a smart phone that can be connected to the data communication network and voice communication network, issuer information for identifying the issuer that issued at least one card to the user; An interface output unit for outputting an interface for inputting a user identification value matching the issuer information registered to the issuer; and if the issuer information and the user identification value are input through the interface, the operator server affiliated with the issuer is the server. A user register which transmits the issuer information and the user identification value, and which is not agreed with the operator server among the fixed seed value, the dynamic seed determination value and the key generation function value required for dynamically generating the volatile authentication value in the smartphone. Maintaining the value of at least one post-consensus on the medium in agreement with the operator server. A print processing unit, an authentication value generation unit for dynamically generating a volatile authentication value by substituting the dynamic seed value dynamically determined based on the fixed seed value and the dynamic seed determination value held in the medium into the agreed key generation function; An authentication value output unit for outputting the generated volatile authentication value on the screen, the operator server checks the device identification value for identifying the smart phone (or program module of the smart phone), and issuing corresponding to the issuer information A transaction for providing at least one user transaction means to be used for the card transaction of the user among the transaction means matching the N (N≥1) card issued to the user by the issuer by providing the user identification value to the company server; After determining the means identification value, the means of transaction identification value and the device identification value and the agreed fixed seed value are dynamically determined. Connecting a de-determined value and the key generation function values will be stored in the storage medium.

According to the present invention, the user registration unit transmits the issuer information and the user identification value to the operator server through the data communication channel, or the issuer to a communication device connected to the operator server through the voice communication network. Transmits the information and the user identification value, or transmits the partial value of the user identification value and the issuer information to the operator server through the data communication channel, and sends the information to the operator connected to the operator server through the voice communication network. Some remaining values of the user identification value may be transmitted.

According to the present invention, the personalization processing unit internally determines at least one value of the post sum and transmits it to the operator server through the data communication channel, and when the agreement approval information for the post sum value is received, the personal sum value of the post sum is received. Storing in the medium or internally determining the value of at least one post-conference and sending it to a communication device associated with the operator server through the voice communication network, and when agreement approval information on the post-conference value is received, Storing a value in a medium or receiving a post sum value determined by the operator server through the data communication channel, storing the value in a medium, and transmitting agreement approval information on the post sum value, or through the voice communication network After receiving the value of post-assessment determined by the operator server, storing it in the medium, Information can be sent.

According to the present invention, the interface output unit further outputs an interface for selecting at least one of the trading means matching the N (N≥1) card issued by the issuer to the user, the user registration unit The transaction means identification value selected through the interface may be further transmitted to the operator server.

According to the present invention, a smartphone that provides a card transaction through the volatile authentication value is a device that identifies the smartphone (or program module of the smartphone) to be pushed at least one transaction related value through the data communication network. The apparatus may further include a device identification processor configured to receive the identification value and store the identification value in the medium.

According to the present invention, the smart phone that provides a card transaction through the volatile authentication value may further include a push processing unit that receives the value generation request information for requesting to internally generate the volatile authentication value from the operator server. .

According to the present invention, the push processing unit receives the value generation request information through a data communication network based on the device identification value, or generates the value from a message received by a message module based on a message standard of the voice communication network. The request information can be detected.

According to the present invention, the push processing unit is pushed through the transaction history value of at least one of the transaction value value, merchant identification value, purchase product identification value through the data communication network based on the device identification value through the transaction history value; Deriving the value generation request information or detecting a message including the transaction history value from the message received by the message module based on the message specification of the voice communication network, the value generation request information through the transaction history value Can be derived.

According to the present invention, the device identification value includes at least one device token value and a program identification value assigned to identify a program module of the smartphone through the data communication network, or the smartphone through the voice communication network. It may include at least one of an identifiable telephone number, an electronic serial number, a USIM serial number (UICC ID), a MAC address (Media Access Control Address), a network identification value, an exchange allocation value, a subscriber number, and a contract number. have.

In the method of providing a card transaction through the volatile authentication value of the smart phone according to the present invention, the issuer information identifying the issuer who issued the at least one card to the user and the user identification value matching the issuer information registered in the issuer. An interface output step of outputting an interface for inputting the user; and a user registration step of transmitting the issuer information and the user identification value to an operator server affiliated with the issuer when the issuer information and the user identification value are input through the interface. And agree with the operator server at least one sum value that is not agreed with the operator server among the fixed seed value, the dynamic seed determination value, and the key generation function value required for dynamically generating the volatile authentication value in the smartphone. A personalization process held on the medium and matching with the fixed seed value held on the medium An authentication value generation step of dynamically generating a volatile authentication value by substituting the dynamic seed value dynamically determined based on the existing dynamic seed determination value into the agreed key generation function, and outputting an authentication value outputting the generated volatile authentication value on a screen And the operator server checks a device identification value for identifying the smartphone (or a program module of the smartphone) and provides the user identification value to an issuer server corresponding to the issuer information to issue the issuer. After the company determines a transaction means identification value identifying at least one user transaction means to be used for the user's card transaction among the transaction means matched to the N (N≥1) card issued to the user, the transaction means identification value And store the device identification value, the agreed fixed seed value, the dynamic seed determination value, and the key generation function value. It is stored in the body.

According to the present invention, the user registration step transmits the issuer information and the user identification value to the operator server through the data communication channel, or issues the issuer to a communication device associated with the operator server through the voice communication network. Call device which transmits the company information and the user identification value or transmits the partial value of the user identification value and the issuer information to the operator server through the data communication channel and is connected to the operator server through the voice communication network. The remaining partial value of the user identification value can be sent.

According to the present invention, the personalization processing step may internally determine at least one value of the post sum and transmit it to the operator server through the data communication channel, and then when the agreement approval information for the post sum value is received, the post sum value Store the information in the medium or internally determine the value of at least one post-conference and send it to a communication device associated with the operator server through the voice communication network, and then when the agreement approval information on the post-conference value is received, Storing the agreement value in a medium, or receiving a post sum value determined by the operator server through the data communication channel, storing the sum value in a medium, and transmitting agreement approval information on the post sum value, or transmitting the voice call network Receives the value of the post-order determined by the operator server through the storage in the medium and the sum of the post-value It can transmit the authentication information.

According to the present invention, the interface output step further outputs an interface for selecting at least one of the trading means matched with a card of N (N≥1) issued to the user by the issuer, the user registration The step may further transmit the selected transaction means identification value to the operator server through the interface.

According to the present invention, the method for providing a card transaction through the volatile authentication value of the smartphone, a device for identifying the smartphone (or program module of the smartphone) to be pushed at least one transaction-related value through the data communication network The method may further include a device identification processing step of receiving and storing the identification value in the medium.

According to the present invention, the method for providing a card transaction through the volatile authentication value of the smart phone may further include a push processing step of receiving value generation request information for requesting to internally generate the volatile authentication value from the operator server. have. In the push processing step, the value generation request information is pushed through the data communication network based on the device identification value, or the value generation request information is detected from the message received by the message module based on the message specification of the voice communication network. can do. Alternatively, the push processing may include generating the value through the transaction history value after receiving at least one transaction history value among a transaction value, a merchant identification value, and a purchase product identification value through a data communication network based on the device identification value. Deriving the information or detecting the message including the transaction history value from the message received by the message module based on the message specification of the voice communication network, and then deriving the value generation request information from the transaction history value. have.

In the method of providing a card transaction using a volatile authentication value of an operator server according to the present invention, a device identification step of identifying a device identification value assigned to the smart phone (or a program module) and storing it in a storage medium, and the smart phone (or And a user registration step of receiving issuer information identifying an issuer who issued at least one card to the user and a user identification value identifying the user, from an issuer server corresponding to the issuer information. A transaction means determining step of determining at least one user transaction means to be used for the user's card transaction among the transaction means matching the N (N≥1) card issued to the user by the issuer by providing the user identification value; And connecting the transaction identification value identifying the user transaction means and the user identification value. Registering a transaction means to be stored in a storage medium and the smart seed value of the fixed seed value, the dynamic seed determination value and the key generation function value required for verifying the volatile authentication value to be dynamically generated inside the smartphone (or program module). A personalization processing step of storing, on the storage medium in agreement with the smartphone (or program module), a value of at least one after-sale that is not agreed with the phone (or program module); and the smartphone (or from the transaction request terminal device). When a volatile authentication value dynamically generated in the program module is received, the volatile verification value is dynamically generated by substituting the stored seed value and the dynamic seed value dynamically determined through the dynamic seed determination value into the agreed key generation function. Generating a verification value, and comparing the received volatile authentication value with the generated volatile verification value. An authentication value verifying step of verifying the coincidence, and if the coincidence is verified, the transaction received from the transaction request terminal device through the user transaction means corresponding to the transaction means identification value stored in the storage medium to the issuer server. A transaction request step of requesting a card transaction for the history value.

According to the present invention, the user registration step may receive the user identification value through a data communication channel connected with the smartphone (or program module), or the call device and the smartphone (or program module) associated with the operator server. Receiving the user identification value detected from the voice communication network connected to the mobile terminal; or receiving a partial value of the user identification value through a data communication channel connected with the smart phone (or program module), After receiving the remaining partial value of the user identification value detected from the voice communication network from a communication device, the partial value of the user identification value received through the data communication network and the remaining partial value received through the voice communication network are combined. The user identification value may be configured.

According to the present invention, the step of determining the transaction means provides a transaction means identification value for the transaction means of N to the smartphone (or program module) and then transactions for the user transaction means from the smartphone (or program module). A means identification value may be received.

According to the present invention, the user registration step further receives a transaction means identification value for the user transaction means input from the smart phone (or program module), and the transaction means determination step is the transaction based on the user identification value After authenticating the user issuing status for the trading means corresponding to the means identification value, the trading means corresponding to the means of trading means may be determined as the user trading means.

According to the present invention, the personalization processing step receives the sum value transmitted from the smart phone (or program module) through the data communication channel and stores the value in the storage medium and then the smart phone (or program module) Consensus approval information on the value of the post sum, or a call device associated with the operator server receives the value of the post sum detected from a voice call channel connected to the smartphone (or program module) and stores it in a storage medium. Afterward, the consensus approval information on the value of the post sum is transmitted to the smartphone (or program module), or at least one post value is determined and transmitted to the smartphone (or program module) through the data communication channel. After receiving the agreement approval information on the value of the post sum, the post sum value is stored in a storage medium, Or determine the value of at least one post-sum, send it to the smartphone (or program module) through the call device associated with the operator server, and store the value of the post-sum if agreement approval information for the post-value is received. Can save to media.

According to the present invention, the method for providing a card transaction through the volatile authentication value of the operator server, if at least one identification value of the user identification value and the device identification value is received from the transaction request terminal, the received at least one identification The method may further include a push processing step of pushing value generation request information requesting to generate a volatile authentication value using the agreed value to a smartphone (or a program module) corresponding to the value. The push processing may push the value generation request information through a data communication network based on the device identification value, or may send a message including the value generation request information through a message standard of the voice communication network. Alternatively, the push processing may push at least one transaction detail value among a transaction value, a merchant identification value, and a purchase product identification value through a data communication network based on the device identification value, or through a message specification of the voice communication network. Send a message including the transaction history value, the smart phone (or program module) may derive the value generation request information through the transaction history value.

According to the present invention, a smart card transaction that can be connected to both a data communication network and a voice call network is valid for the card transaction through a volatile authentication value generated internally in the smartphone regardless of an attempt to hack the smartphone by the data communication network. By authenticating the card transaction of the user requested to the operator server has the advantage that it is handled safely and conveniently through the issuer server.

1 is a diagram illustrating a smartphone function configuration according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of an operator server and a card transaction system according to an embodiment of the present invention.
3 is a diagram illustrating a user transaction means registration and personalization process of a smartphone (or program module) according to an embodiment of the present invention.
4 is a diagram illustrating a user transaction means registration and personalization process of the operator server according to an embodiment of the present invention.
5 is a diagram illustrating a process of processing a card transaction by verifying a volatile authentication value in an operator server according to an exemplary embodiment of the present invention.
6 is a diagram illustrating a process of dynamically generating a volatile authentication value in a smartphone (or program module) according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention. In addition, in the embodiments shown below, the names of functionally identical or similar functional configurations will be described using the same names.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram illustrating a functional configuration of a smart phone 100 according to an embodiment of the present invention.

In more detail, Figure 1 registers in the operator server 200 affiliated with the issuer by interlocking the volatile authentication value to be generated internally at the time of the card transaction and the user transaction means to process the user's card transaction in the smartphone 100 After agreeing the values necessary for generating the volatile authentication value internally in the smartphone 100 with the operator server 200, the volatile authentication value is obtained through the agreed value at the time of card transaction using the volatile authentication value. As a program function configuration for generating and outputting internally, a person having ordinary skill in the art to which the present invention pertains, various implementations of the function of the smartphone 100 by referring to and / or modifying the drawing 1 The method may be inferred, but the present invention comprises all the inferred implementation methods, and the implementation shown in FIG. Only not exclusively those technical features. In particular, the configuration of the smartphone 100 shown in FIG. 1 may further include a configuration of the smartphone 100 that is currently / later released, thereby clearly indicating that the present invention is not limited thereto.

Referring to FIG. 1, the smartphone 100 includes a control unit 101, a memory unit 111, a screen output unit 102, a key input unit 103, a sound output unit 104, and a sound input unit 105. And a wireless network communication module 108, a short range wireless communication module 107, a USIM reader unit 109, a USIM 110, and a battery 106 for power supply.

The controller 101 is a generic term for a functional configuration that controls the operation of the smartphone 100. The controller 101 includes at least one processor and an execution memory, and each of the functional components and the buses provided in the smartphone 100 are connected to each other. BUS). According to the present invention, the control unit 101 loads and calculates at least one program code included in the smartphone 100 through the processor into the execution memory, and calculates at least one function through the bus. Transfer to the component to control the operation of the smartphone (100). Hereinafter, for convenience, the functional components of the program module 115 implemented in the form of program codes will be described in the control unit 101 of FIG.

The memory unit 111 is a generic term for a nonvolatile memory included in the smart phone 100, and includes at least one program code executed through the control unit 101 and at least one data set used by the program code. Save it and keep it. The memory unit 111 basically includes a system program code and a system data set corresponding to an operating system of the smartphone 100, a communication program code and a communication data set for processing a wireless communication connection of the smartphone 100, and at least One application program code and an application data set are stored, and the program code and data set for implementing the present invention are also stored in the memory unit 111.

The screen output unit 102 is composed of a screen output device (e.g., a liquid crystal display (LCD) device) and an output module for driving the screen output device 102. The screen output unit 102 is connected to the control unit 101 via a bus, And outputs an operation result corresponding to the screen output to the screen output device.

The key input unit 103 comprises a key input device having at least one key button (or a touch screen device interlocked with the screen output unit 102) and an input module for driving the key input unit. The control unit 101, And inputs a command for commanding various operations of the control unit 101 or data necessary for the operation of the control unit 101. [

The sound output unit 104 includes a speaker for outputting a sound signal and a sound module for driving the speaker. The sound output unit 104 is connected to the control unit 101 by a bus to correspond to sound output among various calculation results of the control unit 101. The calculation result is output through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 105 includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits sound data input through the microphone to the controller 101. The sound module encodes and encodes a sound signal input through the microphone.

The wireless network communication module 108 is a generic term for a communication configuration for connecting wireless communication, and includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving radio frequency signals of a specific frequency band. It is connected to the control unit 101 by a bus and transmits a calculation result corresponding to wireless communication among various calculation results of the control unit 101 through wireless communication, or receives data through wireless communication to the control unit 101. At the same time as the transmission, it maintains the procedure of connection, registration, communication, handoff of the wireless communication. According to the present invention, the wireless network communication module 108 may connect the smart phone 100 to the voice call network 170, and optionally connect the smart phone 100 to the data communication network 160. .

According to an embodiment of the present invention, the wireless network communication module 108 is a mobile communication module that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to the CDMA / WCDMA standard . Meanwhile, according to the intention of the person skilled in the art, the wireless network communication module 108 is an IEEE 802.16? According to the specification, the mobile internet communication may further include a mobile internet communication configuration for performing at least one connection, location registration, data communication, and handoff according to the standard. It is clear that this is not a limitation.

The short range wireless communication module 107 is configured as a short range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance, preferably, RFID communication, Bluetooth communication, Wi-Fi communication of ISO 180000 series standard. And at least one of public wireless communication. According to an embodiment of the present invention, the short range wireless communication module 107 may be integrated with the wireless network communication module 108. According to the present invention, the short range wireless communication module 107 connects the smart phone 100 to the data communication network 160.

The USIM reader unit 109 is a generic term for a configuration for exchanging at least one data set with a universal subscriber identity module (Universal Subscriber Identity Module) mounted on or detached from the smartphone 100 based on ISO / IEC 7816 standard. As an example, the data sets are exchanged in a half-duplex communication through an APDU (Application Protocol Data Unit).

The USIM 110 is a SIM type card equipped with an IC chip according to the ISO / IEC 7816 standard, an input / output interface including at least one contact point connected to the USIM reader unit 109, and at least one IC. An IC chip memory for storing a program code and a data set for a chip, and the program code for the IC chip or extracts the data set in accordance with at least one command transmitted from the smart phone 100 connected to the input and output interface (or Processing) and a processor for transmitting to the input / output interface.

The input / output interface includes at least one contact point of power supply (VCC), reset signal (RST), clock signal (CLK), ground (GND), programming power supply (VPP), and input / output (I / O). The processor interfaces with the USIM reader unit 109 through the contact point. The IC chip memory stores system program codes and system parameters corresponding to the operating system of the IC chip and at least one security module, and at least one communication required for accessing the wireless communication network of the smartphone 100 to a fixed storage area. Stores Subscriber Identity Module (SIM) information including parameters. According to an embodiment of the present invention, the IC chip memory includes at least one storage area for each applet issuer (for example, SD (Security Domain)) storing program codes (= applets) and data sets produced by at least one applet issuer )).

According to the present invention, the smartphone 100 receives a message (eg, a short message, a long message, a multimedia message, etc.) through the voice call network 170 of the smartphone 100, or the voice call network A message module 112 for transmitting a message through 170 is provided, and the program module 115 of FIG. 1 may operate in conjunction with the message module 112.

The message module 112 may receive, store, and output a message transmitted from the operator server 200 through the voice call network 170. The data area of the message received from the operator server 200 includes at least one value configured to be readable according to a format (or data structure) designated by the operator server 200.

Referring to FIG. 1, the program module 115 may identify a device for identifying the smartphone 100 (or the program module 115) in order to receive at least one transaction related value through the data communication network 160. And a device identification processor 120 which receives the identification value and stores the identification value in the medium.

Here, the device identification value may include at least one device token value and a program identification value assigned to identify the program module 115 of the smart phone 100 through the data communication network 160, the device The medium for storing the identification value includes at least one of the memory unit 111 or the memory of the USIM 110.

The device identification processing unit 120 receives a device identification value corresponding to a device token for identifying the smart phone 100 (or the program module 115) according to an Apple Push Notification Service (APNS) standard, thereby receiving a memory unit 111. ) Or in the memory of the USIM 110.

Alternatively, the device identification processing unit 120 provides a phone number assigned to the smart phone 100 to the operator server 200, and then the smart phone 100 (or a program module) from the operator server 200. The device identification value identifying the reference numeral 115 may be received and stored in the memory of the memory 111 or the USIM 110.

According to another exemplary embodiment of the present invention, the device identification value may include a phone number, an electronic serial number, and a USIM serial number (UICC ID) for identifying the smart phone 100 through the voice call network 170. ), At least one of a MAC address (Media Access Control Address), network identification value, exchange allocation value, subscriber number, contract number. If the device identification value is a value capable of identifying the smart phone 100 through the voice call network 170, the device identification value is a voice call network 170 registration process or a voice call of the smart phone 100. In the process of connecting the network 170, the memory unit 111 or the USIM 110 is stored in the memory. In this case, the device identification processing unit 120 may be omitted.

Referring to FIG. 1, the program module 115 inputs an issuer information for identifying an issuer who issued at least one card to the user and a user identification value matching the issuer information registered in the issuer. When the issuer information and the user identification value are input through the interface output unit 125 for outputting an interface and the interface, the user transmitting the issuer information and the user identification value to the operator server 200 associated with the issuer. The registration unit 130 is provided.

Here, the issuer includes a card company or a financial company that issues a card having at least one of a magnetic stripe (MS) and an integrated circuit (IC) chip to a user according to a preset card issuing procedure.

The card issued to the user includes a credit card with credit card information, a check card with check card information, a cash card with cash card information, and a debit card with at least one of the MS and IC chip. It may include at least one card, or may include a financial IC card in which at least one of credit card information, check card information, cash card information, debit card information, customer account information, and customer account information is recorded on the IC chip. have.

According to the invention, the card issued to the user corresponds to at least one user transaction means. For example, a credit card corresponds to a credit card transaction that handles a credit transaction requested by a card company through a credit limit, and a check card is a debit requested to a card company through the balance of a linked account established at a financial company affiliated with the card company. The debit card corresponds to the debit card transaction means for processing transactions, the debit card corresponds to the debit card transaction means for processing debit transactions requested by the financial institution through the balance of the linked account opened at the financial institution, and the cash card is the financing for the linked account. Corresponds to the cash card transaction means for processing the transaction. Further, the financial IC card corresponds to at least one of the credit card transaction means, check card transaction means, debit card transaction means, cash card transaction means, or a customer account transaction for processing a financial transaction for a customer account. Sudan, can correspond to the customer account transaction means for processing financial transactions for the customer account linked to the customer account.

The user identification value includes at least one of the issuer's name and a resident registration number (or part of a resident registration number) when the issuer who issued the card is an individual, and the issuer's name and a corporation registration number (or a corporation) when the issuer is a corporation. A part of the registration number) and a business registration number (or a part of the business registration number).

According to the first embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 based on the device identification value. After the data communication channel is connected to the operator server 200 through the communication network 160, the issuer information and the user identification value input through the interface are transmitted to the operator server 200 through the data communication network 160. The operator server 200 confirms a device identification value for identifying the smart phone 100 (or the program module 115), and identifies the user with an issuer server 270 corresponding to the issuer information. At least one of the one or more trading means matched with a card of N (N≥1) issued to the user by the issuer by providing a value to be used for the user's card transaction. Determine a vehicle identification value that identifies the user vehicle. If there is only one card issued to the user by the issuer, the operator server 200 obtains a transaction means identification value identifying a transaction means matching the card issued to the user from the issuer server 270. The device identification value is received and stored in the storage medium 255. On the other hand, if there is more than one card issued to the user by the issuer, the operator server 200 may identify two or more transaction means identification values that respectively identify two or more cards issued to the user from the issuer server 270. Received and provided to the smart phone 100 (or program module 115). In this case, the interface output unit 125 outputs an interface for selecting any one of the N transaction means identification values, and the user register 130 transmits the selected means of transaction identification value to the data communication network. The operator server 200 transmits the data to the operator server 200 through the 160 and the operator server 200 stores the device identification value and the transaction identification value in the storage medium 255.

Here, the trading means identification value is a trading means number (for example, card number (or part of the card number), account number (or part of the account number), bank account number (or part of the bank account number) assigned to the user trading means Etc.) and a transaction means name (eg, card name, account name, bank account name, etc.) and a transaction means identifier (eg, identification number, identification code, alias, etc., associated with the transaction means).

According to the second embodiment of the present invention, the interface output unit 125 may match one or more transactions that match the issuer information, the user identification value, and the card of N (N≥1) issued to the user by the issuer. An interface for inputting a transaction means identification value for identifying at least one user transaction means to be used for the user's card transaction among the means, and the user registration unit 130 based on the device identification value, the data communication network 160 After connecting the data communication channel with the operator server 200 through the issuer information, the user identification value and the transaction means identification value input through the interface to the operator server 200 through the data communication network 160 The operator server 200 confirms the device identification value for identifying the smart phone 100 (or the program module 115), and issues the issuer. The device identification value and the device identification value and the transaction identification value are provided to the issuer server 270 corresponding to the information to verify that the card corresponding to the transaction identification value is issued to the user. The transaction means identification value is connected and stored in the storage medium 255.

According to the third embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 is provided through the voice call network 170. The voice call channel is connected to the call device 280 (eg, ARS server, CTI device, etc.) associated with the operator server 200. If the incoming information of the call device 280 is stored in the memory unit 111, the user register 130 may call the call device 280 through the voice call network 170 based on the incoming information. The voice call channel can be connected by requesting a call connection. Alternatively, if the device identification value of the smart phone 100 identifiable through the voice call network 170 is stored in the operator server 200 (or the call device 280), the user registration unit 130 may A call connection requested from the call device 280 may be received through the voice call network 170 to connect the voice call channel. If the call device 280 and the voice call channel are connected, the user registration unit 130 transmits the issuer information and the user identification value input through the interface through the DTMF signal of the voice call channel. ), The call device 280 checks the device identification value of the smart phone 100 that can be identified through the voice call network 170, the issuing company from the DTMF signal received through the voice call channel After detecting the information and the user identification value, the device identification value, the issuer information and the user identification value are provided to the operator server 200. The operator server 200 provides the user identification value to the issuer server 270 corresponding to the issuer information to match one or more cards of N (N≥1) issued to the user by the issuer. A trading means identification value identifying at least one user trading means to be used for the user's card transaction among the trading means is determined. If there is only one card issued to the user by the issuer, the operator server 200 obtains a transaction means identification value identifying a transaction means matching the card issued to the user from the issuer server 270. The device identification value is received and stored in the storage medium 255. On the other hand, if there is more than one card issued to the user by the issuer, the operator server 200 may identify two or more transaction means identification values that respectively identify two or more cards issued to the user from the issuer server 270. Received and provided to the smart phone 100 (or program module 115). In this case, the interface output unit 125 outputs an interface for selecting any one of the N transaction means identification values, and the user register 130 transmits the selected means of transaction identification value to the data communication network. The operator server 200 transmits the data to the operator server 200 through the 160 and the operator server 200 stores the device identification value and the transaction identification value in the storage medium 255. If the operator server 200 and the smartphone 100 (or program module 115) communicates through the data communication network 160 in the process of generating a volatile authentication value, the device identification value stored in the storage medium 255 is A device identification value of the data communication network 160 associated with the device identification value of the voice call network 170.

According to the fourth embodiment of the present invention, the interface output unit 125 may match one or more transactions that match the issuer information, the user identification value, and the card of N (N≥1) issued to the user by the issuer. An interface for inputting a transaction means identification value identifying at least one user transaction means to be used for the user's card transaction among the means, and the user registration unit 130 transmits the operator server through the voice call network 170. The voice call channel is connected to the call device 280 associated with 200. If the incoming information of the call device 280 is stored in the memory unit 111, the user register 130 may call the call device 280 through the voice call network 170 based on the incoming information. The voice call channel can be connected by requesting a call connection. Alternatively, if the device identification value of the smart phone 100 identifiable through the voice call network 170 is stored in the operator server 200 (or the call device 280), the user registration unit 130 may A call connection requested from the call device 280 may be received through the voice call network 170 to connect the voice call channel. If the call device 280 and the voice call channel are connected, the user registration unit 130 transmits the issuer information, the user identification value, and the transaction identification value input through the interface through the DTMF signal of the voice call channel. The call device 280 transmits the call device 280 to identify the device identification value of the smart phone 100 that can be identified through the voice call network 170, and receives the DTMF received through the voice call channel. After detecting the issuer information, the user identification value, and the transaction identification value from the signal, the device identification value, the user identification value, and the transaction identification value are provided to the operator server 200. The operator server 200 provides the user identification value and the transaction means identification value to the issuer server 270 corresponding to the issuer information so that the card corresponding to the transaction means identification value is the card issued to the user. After authentication, the device identification value and the transaction means identification value are concatenated and stored in the storage medium 255. If the operator server 200 and the smartphone 100 (or program module 115) communicates through the data communication network 160 in the process of generating a volatile authentication value, the device identification value stored in the storage medium 255 is A device identification value of the data communication network 160 associated with the device identification value of the voice call network 170.

According to the fifth embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 based on the device identification value. After connecting the data communication channel with the operator server 200 through the communication network 160, and transmits the value of the issuer information and the user identification value input through the interface, and through the voice call network 170 The voice call channel is connected to the call device 280 associated with the operator server 200. If the incoming information of the call device 280 is stored in the memory unit 111, the user register 130 may call the call device 280 through the voice call network 170 based on the incoming information. The voice call channel can be connected by requesting a call connection. Alternatively, if the device identification value of the smart phone 100 identifiable through the voice call network 170 is stored in the operator server 200 (or the call device 280), the user registration unit 130 may A call connection requested from the call device 280 may be received through the voice call network 170 to connect the voice call channel. If the call device 280 and the voice call channel are connected, the user register 130 transmits the remaining part of the issuer information and the user identification value through the DTMF signal of the voice call channel. And the call device 280 confirms the device identification value of the smart phone 100 that can be identified through the voice call network 170, and the user identification value from the DTMF signal received through the voice call channel. After detecting the remaining partial value of the user identification value of the remaining partial value and the device identification value is provided to the operator server 200. The operator server 200 configures a user identification value by combining a partial value of the user identification value received through the data communication network 160 with the remaining partial value received through the voice call network 170, and then issue the issuer. The user identification value is provided to the issuing server server 270 corresponding to the company information, and the card transaction of the user among one or more trading means matching with the card of N (N≥1) issued to the user by the issuer. Determine a vehicle identification value identifying at least one user vehicle to use. If there is only one card issued to the user by the issuer, the operator server 200 obtains a transaction means identification value identifying a transaction means matching the card issued to the user from the issuer server 270. The device identification value is received and stored in the storage medium 255. On the other hand, if there is more than one card issued to the user by the issuer, the operator server 200 may identify two or more transaction means identification values that respectively identify two or more cards issued to the user from the issuer server 270. Received and provided to the smart phone 100 (or program module 115). In this case, the interface output unit 125 outputs an interface for selecting any one of the N transaction means identification values, and the user register 130 transmits the selected means of transaction identification value to the data communication network. The operator server 200 transmits the data to the operator server 200 through the 160 and the operator server 200 stores the device identification value and the transaction identification value in the storage medium 255.

According to a sixth embodiment of the present invention, the interface output unit 125 may match one or more transactions that match the issuer information, the user identification value, and the card of N (N≥1) issued to the user by the issuer. An interface for inputting a transaction means identification value for identifying at least one user transaction means to be used for the user's card transaction among the means, and the user registration unit 130 based on the device identification value, the data communication network 160 After connecting the data communication channel with the operator server 200 through the at least one of the issuer information, the user identification value and the transaction means identification value input through the interface is transmitted. Here, the user registration unit 130 transmits the partial value of the user identification value and the entire value of the transaction means identification value through the data communication channel, or the entire value of the partial value of the transaction means identification value and the user identification value. It is possible to transmit a value through the data communication channel or some value of both the user identification value and the transaction identification value through the data communication channel, thereby transmitting through the voice communication network 170. Some remaining value is determined. After the at least one value of the issuer information, the user identification value, and the transaction means identification value is transmitted through the data communication network 160, the user registration unit 130 transmits the operator server through the voice call network 170. The voice call channel is connected to the call device 280 associated with the 200. If the incoming information of the call device 280 is stored in the memory unit 111, the user register 130 may call the call device 280 through the voice call network 170 based on the incoming information. The voice call channel can be connected by requesting a call connection. Alternatively, if the device identification value of the smart phone 100 identifiable through the voice call network 170 is stored in the operator server 200 (or the call device 280), the user registration unit 130 may A call connection requested from the call device 280 may be received through the voice call network 170 to connect the voice call channel. If the call device 280 is connected to the voice call channel, the user registration unit 130 transmits the DTMF signal of the voice call channel to the remaining partial value of at least one of the issuer information, the user identification value, and the transaction means identification value. Is transmitted to the call device 280 through the call device 280 confirms the device identification value of the smart phone 100 that can be identified through the voice call network 170, and receives through the voice call channel After detecting the remaining partial value of at least one of the user identification value and the trading means identification value from the DTMF signal, the operator server (10) 200). The operator server 200 configures a user identification value by combining a partial value of the user identification value received through the data communication network 160 with the remaining partial value received through the voice call network 170, and the data. After combining the partial value of the transaction means identification value received through the communication network 160 and the remaining partial value received through the voice call network 170 to form a transaction means identification value, the issuer corresponding to the issuer information The server 270 provides the user identification value and the transaction means identification value to authenticate whether the card corresponding to the transaction means identification value is a card issued to the user. If a card corresponding to the transaction means identification value is authenticated with a card issued to the user, the operator server 200 stores the device identification value and the transaction means identification value in the storage medium 255.

Meanwhile, according to another exemplary embodiment of the present invention, at least one identification value and issuer information of the user identification value and the transaction means identification value may be stored in accordance with a message exchange standard instead of the DTMF signal of the voice communication network 170. 200), by which the present invention is not limited.

Referring to FIG. 1, the program module 115 may include at least one of a fixed seed value for dynamically generating a volatile authentication value, a dynamic seed determination value, and a key generation function value that are not agreed with the operator server 200. It is provided with a personalization processing unit 135 for maintaining the value of the post sum in agreement with the operator server 200 in the medium.

According to the present invention, the program module 115 at least at least one of the fixed seed value, the dynamic seed determination value and the key generation function value at the time of development (or registration with a program providing server (not shown)). It is downloaded to the smart phone 100 through the data communication network 160 in a state of pre-agreement with the 200, and has a value of at least one post-consensus that is not agreed with the operator server 200 at least one. have.

For example, the program module 115 does not agree with any of the fixed seed value, the dynamic seed determination value, and the key generation function value at the time of development (or registration with a program providing server (not shown)). In this case, the personalization processing unit 135 may later agree with the operator server 200 and the fixed seed value, the dynamic seed determination value, and the key generation function value.

Alternatively, the program module 115 is developed (or registered) in a state where a program coded and mounted a key generation function value agreed upon with the operator server 200 at the time of development (or registration), in which case the personalization The processor 135 may later agree with the operator server 200 the fixed seed value and the dynamic seed determination value.

Alternatively, the program module 115 is developed (or registered) in a state in which the key generation function value and the dynamic seed determination value agreed with the operator server 200 are program coded and mounted at the time of the development (or registration). In this case, the personalization processing unit 135 may later agree the fixed seed value with the operator server 200.

Alternatively, the program module 115 program-codes a key generation function value agreed upon with the operator server 200 at the time of development (or registration) and stores it in the memory of the memory 111 or the USIM 110. It is developed (or registered) in a program coded state to use a specific value among the predetermined values as the fixed seed value. In this case, the personalization processing unit 135 agrees with the operator server 200 to determine the dynamic seed determination value. can do.

According to an exemplary embodiment of the present disclosure, the personalization processor 135 may dynamically adjust at least one post-consensus value not agreed with the operator server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value. Determined to provide to the operator server 200.

For example, if the fixed seed value is included in the post sum value, the personalization processor 135 dynamically generates the fixed seed value through a random number function, or the memory unit 111 or the USIM 110. The specific seed value among the values stored in the memory may be determined as the fixed seed value.

Alternatively, if the dynamic seed determination value for determining the synchronized time value as the dynamic seed of the volatile authentication value is included in the post sum value, the personalization processor 135 determines the synchronized time value among at least two time ranges. A seed capable of determining any one synchronization time range (if omitted at the time of development (or registration) of the program module 115), or assigning a time corresponding to the synchronization time range to a key generation function Determine a seed conversion rule (e.g., hash function and number of digits of the dynamic seed, etc.) of two or more rules that convert to a value (can be omitted if determined at the time of development (or registration) of the program module 115). Thereafter, a dynamic seed determination value including at least one of the determined synchronization time range and the seed conversion rule may be determined.

Alternatively, if the dynamic seed determination value for determining the random number value exchanged with the operator server 200 as the dynamic seed of the volatile authentication value is included in the sum value, the personalization processing unit 135 may perform the operator server 200. And a random number exchange rule of at least two rules for exchanging the random number value (can be omitted if it is determined at the time of development (or registration) of the program module 115), or the operator for the random number exchange. Determine exchange target information (eg, server address (or telephone number) and network type (data communication network 160 or voice call network 170)) connecting the communication channel with the server 200 (the program module 115). May be omitted if it is determined at the time of development (or registration), and then a dynamic seed determination value including at least one of the determined random number exchange rule and the exchange target information may be determined.

Alternatively, if the value of the key generation function is included in the value of the post sum, the personalization processing unit 135 determines a key generation algorithm of any one or more of the caching algorithms (development (or registration) of the program module 115. O If it is determined at the time point, or omit a function parameter value which is basically assigned to any one of the key generation algorithms (can be omitted if it is determined at the time of development (or registration) of the program module 115). A key generation function value including at least one of the determined key generation algorithm and a function parameter value may be determined.

According to an embodiment of the present invention, when the at least one post-consensus value to be agreed upon with the operator server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value is determined, the personalization processing unit 135 Connects a data communication channel with the operator server 200 through the data communication network 160 based on the device identification value (if not already connected), through a data communication channel connected with the operator server 200. The post server transmits the value of the post sum to the operator server 200. If the agreement approval information on the post sum value is received from the operator server 200 through the data communication channel, the personalization processing unit 135 transmits the post sum value to the memory 111 or USIM 110. To the memory of the.

Alternatively, when at least one of the fixed seed value, the dynamic seed determination value, and the key generation function value is determined, at least one sum value to be agreed upon with the operator server 200 is determined, the personalization processing unit 135 may perform the voice call network ( The voice call channel is connected to the call device 280 associated with the operator server 200 through 170, and the call device 280 is connected to the call device 280 through a DTMF signal of the voice call channel connected to the call device 280. Send the sum value. The operator server 200 checks the value of at least one post sum detected from the DTMF signal received by the call device 280. If the agreement approval information on the post sum value is received from the call device 280 associated with the operator server 200 through the DTMF signal of the voice call channel, the personalization processing unit 135 returns the post sum value. It is stored in the memory of the memory 111 or USIM (110).

According to another exemplary embodiment of the present invention, the personalization processor 135 may select at least one post-consolidation value which is not agreed with the operator server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value. Received from the operator server 200.

According to another exemplary embodiment of the present invention, when the fixed seed value, the dynamic seed determination value, and the value of at least one sum of the key generation function value are received, the personalization processor 135 determines the fixed seed value and the dynamic seed determination. A value of at least one post-push pushed from the operator server 200 through the data communication network 160 based on the device identification value among a value and a key generation function value, and the value of the received at least one post-up sum The data is stored in the memory of the memory unit 111 or the USIM 110, and the agreement approval information on the post sum value is transmitted to the operator server 200 through the data communication channel.

Alternatively, when a fixed seed value, a dynamic seed determination value, and a value of at least one sum value of a key generation function value are received, the personalization processing unit 135 may perform the operator server 200 through the voice call network 170. Connects a voice call channel with a call device 280 associated with the call device, receives the sum value from the call device 280 through a DTMF signal of a voice call channel connected with the call device 280, and receives the received sum value. After storing at least one value of the post sum in the memory of the memory unit 111 or the USIM 110, and agreeing information on the post sum value to the call device 280 through the DTMF signal of the voice call channel. And the agreement approval information is transmitted to the operator server 200.

Referring to FIG. 1, the program module 115 includes a push processor 140 configured to push value generation request information for requesting to generate a volatile authentication value using the agreed value from the operator server 200. can do.

With the fixed seed value, the dynamic seed determination value, and the key generation function value agreed to dynamically generate the volatile authentication value with the operator server 200, the push processing unit 140 receives the agreement from the operator server 200. The value generation request information requesting to generate a volatile authentication value using the obtained value is pushed.

Device identification value for identifying the smart phone 100 (or program module 115) through the data communication network 160 in the memory of the memory 111 or USIM 110 in accordance with an embodiment of the present invention In this case, the push processing unit 140 receives value generation request information pushed from the operator server 200 through the data communication network 160 based on the device identification value.

Alternatively, when the device identification value for identifying the smart phone 100 (or the program module 115) is stored in the memory of the memory unit 111 or the USIM 110 through the data communication network 160 as described above. In addition, the push processing unit 140 is at least one transaction history of the transaction value value, merchant identification value, purchase product identification value pushed from the operator server 200 through the data communication network 160 based on the device identification value Receive a value. If the transaction history value includes the value generation request information, the push processing unit 140 may check the value generation request information included in the transaction history value. If the transaction history value does not include the value generation request information, the push processing unit 140 may consider that the transaction history value is received to be requested to generate a volatile authentication value from the operator server 200. Can be.

According to another exemplary embodiment of the present invention, when the device identification value identifies the smart phone 100 through the voice call network 170, the push processing unit 140 uses the voice call network 170. The message including the value generation request information may be detected by reading at least one message received by the message module 112 of the smartphone 100.

Alternatively, when the device identification value identifies the smart phone 100 through the voice call network 170 as described above, the push processing unit 140 is the smart phone through the voice call network 170 ( At least one message received by the message module 112 of 100 may be read to detect a message including at least one transaction detail value among a transaction value, a merchant identification value, and a purchase product identification value. If the transaction history value includes the value generation request information, the push processing unit 140 may check the value generation request information included in the transaction history value. If the transaction history value does not include the value generation request information, the push processing unit 140 may consider that the transaction history value is received to be requested to generate a volatile authentication value from the operator server 200. Can be.

Referring to FIG. 1, the program module 115 determines at least one dynamic seed value based on a dynamic seed determination value held in the medium, and determines the fixed seed value and the determined dynamic seed value held in the medium. An authentication value generator 145 for dynamically generating a volatile authentication value by substituting the agreed key generation function, and an authentication value output unit 150 for outputting the generated volatile authentication value on a screen.

In the state where a fixed seed value, a dynamic seed determination value, and a key generation function value for dynamically generating a volatile authentication value with the operator server 200 are agreed, a request is made to generate the volatile authentication value through the key input unit 103. When a command is inputted or when the value generation request information is pushed through the push processing unit 140, the authentication value generation unit 145 performs predetermined user authentication (eg, password authentication, for generating the volatile authentication value). Biometric authentication, etc.), and then agree with the operator server 200 to determine at least one dynamic seed value based on the dynamic seed determination value maintained in the medium. Here, the dynamic seed value is a seed value determined based on a synchronization time range of the dynamic seed determination value and a seed conversion rule, or a random number exchanged with the operator server 200 based on a random number exchange rule of the dynamic seed determination value. It includes at least one seed value determined on the basis.

If the authentication value generator 145 generates the volatile authentication value by itself when the generation of the volatile authentication value is not requested from the operator server 200 according to the embodiment of the present invention, the user authentication is omitted. It is possible. On the other hand, if the volatile authentication value is generated by the request for generating the volatile authentication value from the operator server 200, the authentication value generation unit 145 is preferably passed through the user authentication.

When the dynamic seed value is determined, the authentication value generation unit 145 is agreed with the operator server 200 to agree the fixed seed value held in the medium and the determined dynamic seed value with the operator server 200. Substitute the input value of the key generation function and dynamically generate the volatile authentication value corresponding to the result.

When the volatile authentication value is dynamically generated, the authentication value output unit 150 outputs the generated volatile authentication value through the screen output unit 102.

2 is a diagram illustrating a configuration of an operator server 200 and a card transaction system according to an embodiment of the present invention.

In more detail, Figure 2 is a time point of the card transaction, after interlocking the volatile authentication value to be generated internally in the smart phone 100 shown in Figure 1 and the user transaction means to process the user's card transaction, the card transaction point The operator server 200 and the card transaction system requesting the card transaction to be processed through the issuer server 270 that issued the user transaction means based on the volatile authentication value generated internally by the smart phone 100. As shown in the drawings, those skilled in the art to which the present invention pertains, various implementation methods (for example, some) for the operator server 200 and the card transaction system by referring to and / or modifying the present Figure 2 Configuration elements may be omitted, subdivided, or combined), but the present invention encompasses all such implementation methods inferred. To be made, the technical features are not limited only with the exemplary method shown in the figure 2.

According to the present invention, the operator server 200 is provided with a server operating unit 245 for performing a unique function of each server. Here, the server operating unit 245 is a generic term for the remaining functional configurations except for the functional configurations provided in the server to realize the functions of the present invention, and the present invention is not limited by the functions processed by the server operating unit 245. No.

Referring to FIG. 2, the operator server 200 may push the smartphone 100 (or program module) to push at least one transaction related value to the smartphone 100 (or the program module 115). And a device identification unit 210 for identifying the device identification value assigned to the storage device 255 and maintaining it in the storage medium 255. The device identification value may include at least one device token value and a program identification value allocated to identify the program module 115 of the smartphone 100 through the data communication network 160.

The device identification unit 210 processes the device token to be assigned to the smartphone 100 (or the program module 115) according to the Apple Push Notification Service (APNS) standard, and then, the smartphone 100 (or The device token assigned to the program module 115 is regarded as a device identification value uniquely identifying the smartphone 100 (or the program module 115) and stored in the storage medium 255.

Alternatively, the device identification unit 210 receives the telephone number assigned to the smart phone 100 through the data communication network 160, and then authenticates the received telephone number through the voice call network 170. And assigning a program identification value uniquely identifying the smart phone 100 (or program module 115) on the data communication network 160, and then calling the phone corresponding to the device identification value of the voice call network 170. A number and a program identification value, which is a device identification value of the data communication network 160, are concatenated and stored in the storage medium 255.

According to another exemplary embodiment of the present invention, the device identification value may include a phone number, an electronic serial number, and a USIM serial number (UICC ID) for identifying the smart phone 100 through the voice call network 170. ), At least one of a MAC address (Media Access Control Address), network identification value, exchange allocation value, subscriber number, contract number. If the device identification information of the smart phone 100 (or the program module 115) that can be identified through the voice communication network 170 is identified through the data communication network 160, the device identification unit 210 may be identified. The device may store the device identification information of the voice call network 170 in the storage medium 255 as it is.

2, the operator server 200, the user registration unit 220 for receiving the issuer information and the user identification value input via the smart phone 100 (or program module 115), and The card transaction of the user among one or more trading means matching the card of N (N≥1) issued to the user by the issuer by providing the user identification value to the issuer server 270 corresponding to the issuer information. A transaction means determining unit 225 for determining at least one user transaction means to be used for the transaction; and a transaction means for storing the transaction means identification value identifying the user transaction means in the storage medium 255 by connecting the device identification value. The registration unit 230 is provided.

The smartphone 100 (or the program module 115) inputs a user identification value matching the issuer information registered in the issuer and transmits it to the operator server 200.

According to an exemplary embodiment of the present invention, the smart phone 100 (or the program module 115) may transmit the user identification value through the data communication network 160 of the smart phone 100, and the user register unit 220 may receive the user identification value transmitted from the smart phone 100 (or the program module 115) through the data communication channel.

According to another exemplary embodiment of the present invention, the smart phone 100 (or the program module 115) is a voice call connected between the call device 280 and the smart phone 100 associated with the operator server 200. The user identification value may be transmitted through the DTMF signal of the channel, and the user register 220 may receive the user identification value received by the call device 280 through the DTMF signal of the voice call channel. .

According to another exemplary embodiment of the present invention, the smart phone 100 (or the program module 115) transmits some configuration values of the user identification value through the data communication network 160 and transmits DTMF of the voice call channel. The remaining part of the user identification value may be transmitted through a signal, and the user registration unit 220 transmits the user identification transmitted from the smart phone 100 (or the program module 115) through the data communication channel. After receiving a part of the value and receiving the remaining partial value of the user identification value received by the call device 280 associated with the server through the DTMF signal of the voice call network 170, the data communication network 160 The user identification value may be configured by combining the partial value of the user identification value received through the remaining partial value received through the voice call network 170.

When the user identification value is received, the transaction means determining unit 225 provides the user identification value to the issuer server 270 corresponding to the issuer information to issue the N card issued to the user by the issuer. Confirm a transaction means identification value identifying at least one user transaction means to be used for the user's card transaction.

If there is only one card issued to the user by the issuer, the transaction means determining unit 225 checks the transaction means identification value identifying the transaction means matching the card issued to the user, and the transaction means The registration unit 230 connects the user identification value and the transaction identification value to the device identification value and stores the result in the storage medium 255.

On the other hand, if there is more than one card issued to the user by the issuer, the transaction means determining unit 225 may identify two or more cards respectively through the data communication network 160 or the voice call network 170. The transaction identification value is provided to the smartphone 100 (or the program module 115). In this case, the smart phone 100 (or the program module 115) outputs an interface for selecting any one of the N means of transaction identification values, and displays the selected means of transaction identification through the interface. Transmitting to the operator server 200 through the data communication network 160 or voice call network 170, the transaction means registration unit 230 connects the user identification value and the transaction means identification value to the device identification value The data is stored in the storage medium 255.

Meanwhile, the smartphone 100 (or the program module 115) selects (or identifies) a transaction means identification value identifying at least one user transaction means to be used for the user's card transaction among the user identification value and the N card. Input) to transmit the data through the data communication network 160 or the voice call network 170. In this case, the user registration unit 220 receives the transaction means identification value, and the transaction means determination unit 225 The user identification value authenticates whether the user transaction means corresponding to the transaction means identification value matches a card issued to the user. If the transaction means identification value is authenticated, the transaction means registration unit 230 stores the transaction means identification value and the user identification value in the storage medium 255.

Referring to FIG. 2, the operator server 200 is required to dynamically generate a volatile verification value for verifying a volatile authentication value dynamically generated inside the smartphone 100 (or the program module 115). Among the fixed seed value, the dynamic seed determination value, and the key generation function value, a value of at least one summation that is not agreed with the smartphone 100 (or the program module 115) is input to the smartphone 100 (or the program module). And a personalization processing unit 215 for storing in the storage medium 255 in agreement with (115).

According to the exemplary embodiment of the present invention, the personalization processing unit 215 may not agree with the smartphone 100 (or the program module 115) among the fixed seed value, the dynamic seed determination value, and the key generation function value. The value of at least one post sum is dynamically determined and provided to the smartphone 100 (or the program module 115).

For example, if the fixed seed value is included in the post sum value, the personalization processor 215 may dynamically generate the fixed seed value through a random number function, or may be stored in a database storing a plurality of seed values. The specific seed value may be determined as the fixed seed value.

Alternatively, if the dynamic seed determination value for determining the synchronized time value as the dynamic seed of the volatile authentication value is included in the post sum value, the personalization processing unit 215 determines the synchronized time value among at least two time ranges. A seed conversion rule (e.g., a hash function and a dynamic) of any one or more of the two or more rules for determining either synchronization time range or converting the time corresponding to the synchronization time range to a seed value that can be assigned to a key generation function. After determining the number of digits of the seed, etc.), a dynamic seed determination value including at least one of the determined synchronization time range and the seed conversion rule may be determined.

Alternatively, if the dynamic seed determination value for determining the random number value exchanged with the smartphone 100 (or the program module 115) as the dynamic seed of the volatile authentication value is included in the post sum value, the personalization processor 215. ) Determines a random number exchange rule of any one or more rules for exchanging the random number value with the smartphone 100 (or the program module 115), or for the random number exchange Or after determining exchange target information (eg, a device identification value and a network type (data communication network 160 or voice call network 170)) connecting the communication channel with the program module 115, the determined random number exchange rule and A dynamic seed determination value including at least one exchange target information may be determined.

Or, if the value of the key generation function is included in the value of the post sum, the personalization processing unit 215 determines the key generation algorithm of any one or more of the two or more cabbing algorithms, or assigns basically to any one key generation algorithm. After determining the function parameter value, the key generation function value including at least one of the determined key generation algorithm and the function parameter value may be determined.

According to an exemplary embodiment of the present invention, at least one post-conference value to be later agreed with the smartphone 100 (or the program module 115) is determined among the fixed seed value, the dynamic seed determination value, and the key generation function value. In this case, the personalization processing unit 215 connects the data communication channel with the smart phone 100 (or the program module 115) through the data communication network 160 based on the device identification value (if it is already connected). The value of the post sum is transmitted to the smart phone 100 (or the program module 115) through a data communication channel connected to the smart phone 100 (or the program module 115). If agreement approval information on the post sum value is received from the smartphone 100 (or the program module 115) through the data communication channel, the personalization processing unit 215 stores the post sum value on the storage medium. Store at (255).

Alternatively, when the fixed seed value, the dynamic seed determination value, and the key generation function value are determined, at least one post-conference value to be later agreed upon with the smartphone 100 (or the program module 115), the personalization processing unit ( 215 connects a voice call channel with a call device 280 associated with the smartphone 100 (or program module 115) through the voice call network 170, and is connected with the call device 280. The post sum value is transmitted to the call device 280 through a DTMF signal of a voice call channel. The smartphone 100 (or the program module 115) checks the value of at least one post sum detected from the DTMF signal received by the call device 280. If the agreement approval information on the post sum value is received from the call device 280 associated with the smartphone 100 (or the program module 115) through the DTMF signal of the voice call channel, the personalization processing unit ( 215 stores the post sum value in the storage medium 255.

According to another exemplary embodiment of the present disclosure, the personalization processor 215 may not agree with the smartphone 100 (or the program module 115) among the fixed seed value, the dynamic seed determination value, and the key generation function value. At least one value of the post sum value from the smart phone 100 (or the program module 115).

According to another exemplary embodiment of the present invention, when the fixed seed value, the dynamic seed determination value and the value of at least one sum of the key generation function value are received, the personalization processing unit 215 determines the fixed seed value and the dynamic seed determination. Receive a value of at least one post-push pushed from the smartphone 100 (or program module 115) through the data communication network 160 based on the device identification value among the value and the key generation function value, and After storing the received at least one value of the post sum in the storage medium 255, the agreement approval information on the post sum value to the smart phone 100 (or the program module 115) through the data communication channel. Send it.

Alternatively, when the fixed seed value, the dynamic seed determination value, and a value of at least one sum value of the key generation function value are received, the personalization processor 215 may transmit the smart phone 100 through the voice call network 170. (Or a voice communication channel connected to the call device 280 associated with the program module 115), and the post-conference from the call device 280 through the DTMF signal of the voice call channel connected to the call device 280. Receive a value, store the received at least one value of the post sum in the storage medium 255, and then agree to the call device 280 for the post sum value via a DTMF signal of the voice call channel. Information is transmitted, and the agreement approval information is transmitted to the smartphone 100 (or the program module 115).

Referring to FIG. 2, the operator server 200 may include a terminal device interworking unit 205 for receiving at least one identification value of the user identification value and the device identification value from the transaction request terminal device 290, and the reception operation. Based on the at least one identification value, the smartphone 100 (or the program module 115) may generate value generation request information requesting to generate a volatile authentication value using the agreed value within the smartphone ( It may further include a push processing unit 235 for pushing to 100 (or the program module 115). If the volatile authentication value is generated inside the smartphone 100 (or the program module 115) by a user's key input command, the push processing unit 235 may be omitted.

The terminal device interworking unit 205 may communicate with an affiliated store terminal (eg, a credit inquiry terminal, a purchase point terminal) through a Bansa server. Alternatively, the terminal device interworking unit 205 may communicate with the user terminal or directly communicate with the user terminal through a PG server (or shopping server). Alternatively, the terminal device interworking unit 205 may communicate with a financial terminal (eg, CD / ATM) (not shown).

The terminal device interworking unit 205 receives at least one identification value of the user identification value and the device identification value from at least one transaction request terminal device 290 among a merchant terminal, a user terminal, and a financial terminal. Here, the device identification value received by the terminal device interworking unit 205 preferably includes a device identification value identifiable through the voice call network 170, and the device of the data communication network 160 according to the intention of those skilled in the art. It is possible to include identification values.

When the device identification value of the data communication network 160 is assigned to the smart phone 100 (or the program module 115) according to the exemplary embodiment of the present invention, the push processing unit 235 may be configured to connect the terminal device interworking unit ( The value generation request information may be pushed to the smartphone 100 (or the program module 115) through the data communication network 160 based on the at least one identification value received through 205.

Alternatively, when the device identification value of the data communication network 160 is assigned to the smart phone 100 (or the program module 115) as described above, the push processing unit 235 may operate the terminal device interworking unit 205. Based on at least one identification value received through the at least one of the transaction value, merchant identification value, purchase product identification value to the smart phone 100 (or program module 115) through the data communication network 160 The transaction history value may be pushed, and in this case, the smartphone 100 (or the program module 115) may derive the value generation request information through the transaction history value.

According to another exemplary embodiment of the present invention, the push processing unit 235 may be configured to execute the smart phone through the voice call network 170 based on at least one identification value received through the terminal device interworking unit 205. The message module of the value generation request information may be transmitted to the message module of 100. In this case, the smartphone 100 (or the program module 115) may read at least one message received by the message module. The message including the value generation request information may be detected.

Alternatively, the push processing unit 235 is a transaction amount to the message module of the smart phone 100 through the voice call network 170 based on at least one identification value received through the terminal device interworking unit 205. A message including a transaction history value of at least one of a value, a merchant identification value, and a purchase product identification value, in which case the smartphone 100 (or the program module 115) receives at least one received from the message module. One message may be read to detect a message including the transaction history value, and the value generation request information may be derived through the transaction history value.

Referring to FIG. 2, the operator server 200 receives a volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) from the transaction request terminal 290. Determine at least one dynamic seed value based on the device interlocking unit 205 and the dynamic seed determination value held in the storage medium 255 and the fixed seed value held in the storage medium 255 and the determined dynamic seed. A verification value generator 240 for dynamically generating a volatile verification value by assigning a value to the agreed key generation function, and an authentication value for verifying consistency by comparing the received volatile verification value with the generated volatile verification value When the verification unit 260 and the match is verified, the transaction request terminal device 290 through the user transaction means corresponding to the transaction means identification value stored in the storage medium 255 to the issuer server 270 Received from The card transactions for transaction history value and a transaction request unit 250 for requesting.

When the smartphone 100 (or the program module 115) generates and outputs a volatile authentication value internally using at least one value agreed with the operator server 200, the output volatile authentication value is determined by the smart phone 100 (or the program module 115). The transaction request terminal 290 is input, and the transaction request terminal 290 transmits the volatile authentication value dynamically generated inside the smartphone 100 (or the program module 115), and the terminal device. The interlocking unit 205 receives the volatile authentication value.

When the volatile authentication value dynamically generated in the smart phone 100 (or the program module 115) is received from the transaction request terminal device 290, the verification value generating unit 240 is the smart phone 100. (Or program module 115) to determine at least one dynamic seed value based on the dynamic seed determination value stored in the storage medium 255. Here, the dynamic seed value is a seed value determined based on a synchronization time range of the dynamic seed determination value and a seed conversion rule, or a random number exchanged with the operator server 200 based on a random number exchange rule of the dynamic seed determination value. It includes at least one seed value determined on the basis.

When the dynamic seed value is determined, the verification value generator 240 is in agreement with the smartphone 100 (or the program module 115) and the fixed seed value stored in the storage medium 255 and the determined dynamic seed. A value is substituted into the input value of the key generation function agreed with the smartphone 100 (or the program module 115) to dynamically generate a volatile verification value corresponding to the result.

When the volatile verification value is generated while the volatile authentication value is received, the authentication value verification unit 260 compares the volatile authentication value with the generated volatile verification value and verifies the consistency. If the verification is successful, the transaction request unit 250 provides the issuer server 270 with the transaction means identification value stored in the storage medium 255 and the transaction history value received from the transaction request terminal 290. The issuer server 270 requests a user transaction means corresponding to the transaction identification value to process a card transaction for the transaction history value. Here, the transaction history value may be received together with at least one identification value of the user identification value and the device identification value, may be received together with the volatile authentication value, or may be separately received. The present invention is not limited by the manner of receiving.

3 is a diagram illustrating a user transaction means registration and personalization process of the smartphone 100 (or program module 115) according to the embodiment of the present invention.

In more detail, FIG. 3 illustrates that the application corresponding to the program module 115 shown in FIG. 1 is downloaded to the user's smart phone 100, and then the user is connected to the operator server 200 through the program module 115. The process of personalizing the program module 115 by registering a transaction means and agreeing on at least one value necessary for dynamically generating a volatile authentication value, and the person skilled in the art to which the present invention pertains. However, various implementation methods (for example, some steps may be omitted or the order may be changed) for the user transaction means registration and personalization process may be inferred by referring to and / or modifying the present invention. It is made to include all the implementation methods inferred, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 3, when an application corresponding to the program module 115 shown in FIG. 1 is downloaded to the user's smart phone 100 and the program module 115 is executed, the device of the program module 115 may be executed. The identification processor 120 receives a device identification value for receiving at least one transaction related value through the data communication network 160 and stores the received device identification value in a medium (300). If the transaction-related value is pushed through the voice call network 170 (eg, sending a message or DTMF signal), or via the device identification value assigned to the voice call network 170 on the data communication network 160. If the phone 100 (or program module 115) can be identified to push the transaction related value, the device identification value storage process can be omitted. However, among the device identification values of the voice call network 170, an identification value which is not stored in the medium of the smart phone 100 (eg, is dynamically allocated at the time of connection of the voice call network 170 of the smart phone 100). Value, the device identification processor 120 may receive the device identification value of the voice call network 170 and store it in a medium.

The interface output unit 125 outputs an interface for inputting the issuer information and the user identification value (305). If the issuer information and the user identification value are input through the interface (310), the user registration unit ( 130 transmits or transmits the issuer information and the user identification value to the operator server 200 through at least one of the data communication network 160 and the voice call network 170 (315).

According to an exemplary embodiment of the present invention, the interface output unit 125 may further output an interface for inputting a transaction means identification value corresponding to the user transaction means to an interface for inputting a user identification value. When the identification value is input (325), the user registration unit 130 further transmits the transaction means identification value to the operator server 200 through one or more of the data communication network 160 and voice call network 170 or Can be sent (330).

According to another exemplary embodiment of the present invention, the interface output unit 125 may include one or more transaction means identification values corresponding to N cards issued to the user at the request of the operator server 200 provided with the user identification value. An interface for selecting a trading means identification value corresponding to the user trading means may be output (320). If the trading means identification value is input (325), the user registration unit 130 and the data communication network 160 The transaction means identification value is further transmitted or transmitted to the operator server 200 through one or more networks of the voice call network 170 (330).

The operator server 200 provides the user identification value to the issuer server 270 corresponding to the issuer information so that at least one user transaction means among one or more transaction means issued to the user corresponding to the user identification value. Determine and determine a transaction means identification value corresponding to the user transaction means and the user identification value and store them in the storage medium 255.

The user registration unit 130 confirms whether the user transaction means is registered in the operator server 200 based on the user identification value (335), and if the user transaction means is not registered (330), the interface output The unit 125 outputs an interface for inputting (or selecting) the transaction means identification value (320), and if the transaction means identification value is input (325), the user registration unit 130 is the data communication network 160 The user's transaction means may be registered by transmitting or transmitting the transaction means identification value to the operator server 200 through at least one of the voice call networks 170 and 330.

On the other hand, the program module 115 stores the fixed seed value, the dynamic seed determination value, and the key generation function value required for dynamically generating the volatile authentication value in the smartphone 100 (or the program module 115). It may be included in the module 115 or downloaded in connection with a medium on a communication network storing the fixed seed value, the dynamic seed determination value and the key generation function value, in which case the personalization processor 135 may be fixed. The seed value, the dynamic seed determination value, and the key generation function value are stored and maintained in the memory of the memory 111 or the USIM 110 (360).

On the other hand, if the program module 115 has at least one sum value that is not agreed with the operator server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value required for the dynamic generation of the volatile authentication value, In operation 345, the personalization processing unit 135 may generate at least one post-synchronization value necessary for dynamically generating the volatile authentication value through at least one of the data communication network 160 and the voice call network 170. (350).

If the value of the at least one post sum is agreed with the operator server 200 (355), the personalization processor 135 may determine a fixed seed value, a dynamic seed determination value, and a key generation function value agreed with the operator server 200. It is stored in the memory of the memory 111 or USIM (110) and maintained (360).

4 is a diagram illustrating a user transaction means registration and personalization process of the operator server 200 according to an embodiment of the present invention.

In more detail, Figure 4 shows that after the application corresponding to the program module 115 shown in Figure 1 is downloaded to the user's smartphone 100, the operator server 200 shown in Figure 2 the smartphone At least one required to register a user transaction means in conjunction with (100) (or program module 115), and to verify the volatile authentication value generated dynamically in the smartphone 100 (or program module 115) The process of personalizing the program module 115 by agreeing a value with the smartphone 100 (or the program module 115), and if the person skilled in the art to which the present invention pertains, By referring to and / or modifying FIG. 4, various implementation methods (for example, some steps may be omitted or the order may be changed) may be inferred for the user trading means registration and personalization process. However, the present invention includes all the implementation methods inferred, and the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 4, when an application corresponding to the program module 115 shown in FIG. 1 is downloaded to the user's smart phone 100 and the program module 115 is executed, the device of the operator server 200 may be used. The identification unit 210 checks the device identification value assigned to the smart phone 100 (or the program module 115) and stores it in the storage medium 255 (400). Here, the device identification value is confirmed according to the APNS standard, assigned by the operator server 200, or provided from the smartphone 100 (or program module 115), or the smartphone 100 ) May be provided from the subscribed carrier server.

The user registration unit 220 confirms whether the user issuer information and the user identification value of the user who requested the user transaction registration registration are received from the at least one smartphone 100 (or the program module 115) to which the device identification value is assigned. (405). If the issuer information and the user identification value are received (410), the transaction means determining unit 225 provides the user identification value to the issuer server 270 corresponding to the issuer information to provide the user's card. At least one user transaction means to be used for the transaction is determined (415). In this case, the user transaction means may be automatically determined or determined in connection with the smartphone 100 (or the program module 115).

If the user trading means is determined (420), the trading means registration unit 230 stores the trading means identification value corresponding to the user trading means and the user identification value in the storage medium 255 (425). .

If the fixed seed value, the dynamic seed determination value, and the key generation function value required for verifying the volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) are the smartphone 100 (or If it is agreed with the program module 115 (430), the personalization processing unit 215 is a fixed seed value, dynamic seed value and key generation function agreed with the smartphone 100 (or program module 115) The value is stored in the storage medium 255 (445).

On the other hand, the smartphone 100 (or the fixed seed value, the dynamic seed determination value, and the key generation function value required for verifying the volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) are generated. If there is at least one post-consolidation value that is not agreed with the program module 115 (430), the personalization processing unit 215 dynamically generates the inside of the smartphone 100 (or the program module 115). Agree 435 with the smartphone 100 (or program module 115) the value of at least one summation required to verify the volatile authentication value to be established, and if the smartphone 100 (or program module 115) ) And the value of the post-consensus (440), the fixed seed value, the dynamic seed value and the key generation function value agreed with the smartphone 100 (or the program module 115) are stored in the storage medium 255. (445).

5 is a diagram illustrating a process of processing a card transaction by verifying a volatile authentication value in the operator server 200 according to an exemplary embodiment of the present invention.

In more detail, FIG. 5 shows that after the user transaction means is registered in the operator server 200 and the program module 115 downloaded to the user's smartphone 100 is personalized through the process shown in FIG. 3 or FIG. The transaction by verifying whether the volatile authentication value received from the transaction request terminal 290 in the operator server 200 is a value generated dynamically in the personalized smartphone 100 (or the program module 115). A process of processing a card transaction requested from the request terminal 290, and a person of ordinary skill in the art to which the present invention pertains, referring to and / or modifying the drawing 5, the card transaction processing process Various implementation methods (e.g., implementation steps in which some steps are omitted or reordered) may be inferred, but the present invention includes all implementation methods inferred from the above. Is made, the technical features are not limited only with the exemplary method shown in the figure 5.

Referring to FIG. 5, the terminal device interworking unit 205 of the operator server 200 confirms whether at least one identification value of the user identification value and the device identification value is received from the transaction request terminal device 290 (500). . If at least one identification value of the user identification value and the device identification value is received from the transaction request terminal device 290 (505), the push processing unit 235, the received at least one identification value is shown in FIG. It is checked whether the storage medium 255 is registered through the illustrated process (510).

If the received identification value is not registered in the storage medium 255 (515), the terminal device interworking unit 205 transmits a transaction error to the transaction request terminal device 290 (520). On the other hand, if the received identification value is registered in the storage medium 255 (515), the push processing unit 235 is the smart phone via at least one network of the data communication network 160 and voice call network 170 100 (or program module 115) requests to generate a volatile authentication value (525). Here, the push processing unit 235 may request the generation of the volatile authentication value by pushing the value generation request information to the smart phone 100 (or the program module 115). Alternatively, if the transaction history value is received from the transaction request terminal 290 through the terminal device interworking unit 205, the push processing unit 235 is the smart phone 100 (or the program module 115). Push the transaction history value to request generation of the volatile authentication value. If the smartphone 100 (or the program module 115) generates the volatile authentication value based on a user's key command, the process of requesting the push processing unit 235 to generate the volatile authentication value is omitted. It may be.

Thereafter, the terminal device interworking unit 205 checks whether the volatile authentication value dynamically generated inside the smartphone 100 (or the program module 115) is input and received through the transaction request terminal device 290. (530). According to the embodiment of the present invention, the volatile authentication value may be received together with at least one identification value of the user identification value and the device identification value, whereby the present invention is not limited.

If the smart phone 100 (or the program module 115) requests the dynamic generation of the volatile authentication value and then the volatile authentication value is not received from the transaction request terminal 290 within a specified valid time (535). The terminal device interworking unit 205 transmits a transaction error to the transaction request terminal device 290 (520).

On the other hand, after requesting the dynamic generation of the volatile authentication value to the smart phone 100 (or the program module 115), the volatile authentication value is received from the transaction request terminal 290 within a specified valid time, or the user When at least one identification value of the identification value and the device identification value and the volatile authentication value are received (535), the verification value generator 240 is agreed with the smartphone 100 (or the program module 115). The volatile verification value is dynamically generated by substituting the dynamic seed value dynamically determined based on the fixed seed value and the dynamic seed determination value into a key generation function agreed with the smartphone 100 (or the program module 115) (540). .

If the volatile verification value is dynamically generated (545), the authentication value verification unit 260 verifies the consistency by comparing the received volatile authentication value with the generated volatile verification value (550).

If the correspondence is not verified (555), the terminal device interworking unit 205 transmits a transaction error to the transaction request terminal (290) (520). On the other hand, if the match is verified (555), the transaction request unit 250 is received from the transaction request terminal 290 through the user transaction means to the issuer server 270 corresponding to the user transaction means A card transaction (eg, card payment, financial transaction) is requested for a transaction detail value (560), and the issuer server 270 processes the requested transaction according to a transaction approval procedure designated for each user transaction means.

6 is a diagram illustrating a process of dynamically generating a volatile authentication value in the smartphone 100 (or the program module 115) according to the embodiment of the present invention.

In more detail, FIG. 6 shows that after the user transaction means is registered in the operator server 200 and the program module 115 downloaded to the user's smartphone 100 is personalized through the process shown in FIG. 3 or FIG. According to the present invention, a process of dynamically generating and outputting a volatile authentication value based on a value agreed with the operator server 200 in the smart phone 100 (or the program module 115) is described. Those skilled in the art may refer to and / or modify this drawing 6 to infer various implementation methods (e.g., some steps may be omitted or reordered) for the volatile authentication value generation process. As will be appreciated, the present invention includes all implementation methods inferred, and the technical features are not limited to the implementation method illustrated in FIG.

Referring to FIG. 6, the push processor 140 of the program module 115 determines whether to dynamically generate a volatile authentication value using a value agreed with the operator server 200 (600). When the generation of the volatile authentication value is commanded through the smartphone 100 or the generation of the volatile authentication value is requested from the operator server 200 through the process illustrated in FIG. 5, the push processing unit ( 140 determines the dynamic generation of the volatile authentication value.

If the dynamic generation of the volatile authentication value is determined (605), the authentication value generation unit 145 may dynamically determine the dynamic seed value based on the fixed seed value and the dynamic seed determination value agreed with the operator server 200. In operation 610, a volatile authentication value is dynamically generated by substituting a key generation function agreed with the smartphone 100 (or the program module 115).

If the volatile authentication value is dynamically generated (615), the authentication value output unit 150 outputs the dynamically generated volatile authentication value to the screen (620), the volatile authentication value is the transaction shown in Figure 2 Input to the request terminal device 290 is transmitted to the operator server 200.

100: smartphone 115: program module
120: device identification processing unit 125: interface output unit
130: user registration unit 135: personalization processing unit
140: push processing unit 145: authentication value generation unit
150: authentication value output unit 160: data communication network
170: voice call network 200: operator server

Claims (25)

A smart phone capable of connecting to a data communication network and a voice communication network and providing a card transaction through a volatile authentication value,
An interface output unit for outputting an interface for inputting issuer information identifying an issuer who issued at least one card to a user and a user identification value matching the issuer information registered to the issuer;
A user registration unit for transmitting the issuer information and the user identification value to an operator server affiliated with the issuer when the issuer information and the user identification value are input through the interface;
The fixed seed value, the dynamic seed determination value, and the key generation function value, which are required for dynamically generating the volatile authentication value in the smartphone, are at least one sum value that is not agreed with the operator server. A personalization processor to keep on;
An authentication value generator for dynamically generating a volatile authentication value by substituting the dynamic seed value dynamically determined based on the fixed seed value and the dynamic seed determination value held in the medium into the agreed key generation function; And
And an authentication value output unit which outputs the generated volatile authentication value to a screen.
The operator server,
A device identification value for identifying the smartphone (or a program module of the smartphone) is checked, and the user identification value is provided to the issuer server corresponding to the issuer information to be issued to the user by the issuer. After determining a trading means identification value identifying at least one user trading means to be used for the user's card transaction among the trading means matching the card of N≥1), the trading means identification value and the device identification value and the agreed A smart phone providing a card transaction through a volatile authentication value, characterized in that the fixed seed value, the dynamic seed determination value and the key generation function value is connected and stored in the storage medium.
The method of claim 1, wherein the user registration unit,
Transmitting the issuer information and the user identification value to the operator server through the data communication channel; or
Transmitting the issuer information and the user identification value to the calling device associated with the operator server through the voice call network; or
Partial value of the user identification value and the issuer information are transmitted to the operator server through the data communication channel, and the remaining partial value of the user identification value is transmitted to a communication device associated with the operator server through the voice communication network. Smartphone that provides a card transaction through a volatile authentication value, characterized in that.
The method of claim 1, wherein the personalization processing unit,
Internally determining at least one value of the post sum and transmitting it to the operator server through the data communication channel and storing the post sum value in a medium when agreement approval information on the post sum value is received, or
Internally determine the value of at least one after-sales and send it to the calling device associated with the operator server through the voice call network, and when the agreement approval information for the after-sales value is received, store the value of the after-sales in the medium or , or
Receive the value of the post sum determined by the operator server through the data communication channel and store it in a medium, and transmit agreement approval information on the post sum value, or
A smart phone that provides a card transaction through a volatile authentication value, characterized in that after receiving the value of the post sum determined by the operator server through the voice call network and storing it in a medium, the agreement approval information for the post sum value is transmitted. .
The method of claim 1,
The interface output unit,
And outputting an interface for selecting at least one of the trading means matched with a card of N (N≥1) issued by the issuer to the user,
The user registration unit,
Smart phone providing a card transaction through the volatile authentication value, characterized in that for further transmitting to the operator server selected transaction means identification value through the interface.
The method of claim 1,
And a device identification processor for receiving and storing a device identification value for identifying the smartphone (or a program module of the smartphone) in a medium so as to receive at least one transaction related value through the data communication network. A smartphone that provides card transactions through a volatile authentication value.
The method of claim 1,
The smart phone providing a card transaction through the volatile authentication value further comprises a push processing unit for receiving the value generation request information for requesting to internally generate the volatile authentication value from the operator server.
The method of claim 6, wherein the push processing unit,
The value generation request information is pushed through a data communication network based on the device identification value, or
Smart phone providing a card transaction through the volatile authentication value, characterized in that for detecting the value generation request information from the message received by the message module based on the message standard of the voice call network.
The method of claim 6, wherein the push processing unit,
Or based on the device identification value, the value generation request information is derived through the transaction history value after being pushed at least one transaction detail value among a transaction amount value, a merchant identification value, and a purchase product identification value through a data communication network, or
A volatile authentication value comprising detecting the message including the transaction history value from the message received by the message module based on the message specification of the voice communication network and deriving the value generation request information through the transaction history value. A smartphone that offers card transactions through.
The method of claim 1, wherein the device identification value,
At least one device token value and a program identification value assigned to identify a program module of the smartphone through the data communication network;
A telephone number, an electronic serial number, a USIM serial number (UICC ID), a MAC address (Media Access Control Address), a network identification value, an exchange allocation value, and a subscriber that can identify the smartphone through the voice call network. Smart phone providing a card transaction through a volatile authentication value comprising at least one of a number, a contract number.
In the card transaction providing method through the volatile authentication value of the smart phone that can be connected to the data communication network and voice communication network,
An interface output step of outputting an interface for inputting issuer information identifying an issuer who issued at least one card to a user and a user identification value matching the issuer information registered to the issuer;
A user registration step of transmitting the issuer information and the user identification value to an operator server affiliated with the issuer when the issuer information and the user identification value are input through the interface;
The fixed seed value, the dynamic seed determination value, and the key generation function value, which are required for dynamically generating the volatile authentication value in the smartphone, are at least one sum value that is not agreed with the operator server. Personalized processing steps to maintain in;
An authentication value generation step of dynamically generating a volatile authentication value by substituting the dynamic seed value dynamically determined based on the fixed seed value and the dynamic seed determination value retained in the medium into the agreed key generation function; And
And an authentication value outputting step of outputting the generated volatile authentication value on a screen.
The operator server,
A device identification value for identifying the smartphone (or a program module of the smartphone) is checked, and the user identification value is provided to the issuer server corresponding to the issuer information to be issued to the user by the issuer. After determining a trading means identification value identifying at least one user trading means to be used for the user's card transaction among the trading means matching the card of N≥1), the trading means identification value and the device identification value and the agreed A method of providing a card transaction through a volatile authentication value, comprising: storing a fixed seed value, a dynamic seed determination value, and a key generation function value in a storage medium.
The method of claim 10, wherein the user registration step,
Transmitting the issuer information and the user identification value to the operator server through the data communication channel; or
Transmitting the issuer information and the user identification value to the calling device associated with the operator server through the voice call network; or
Partial value of the user identification value and the issuer information are transmitted to the operator server through the data communication channel, and the remaining partial value of the user identification value is transmitted to a communication device associated with the operator server through the voice communication network. The card transaction providing method through the volatile authentication value, characterized in that.
The method of claim 10, wherein the personalization processing step,
Internally determining at least one value of the post sum and transmitting it to the operator server through the data communication channel and storing the post sum value in a medium when agreement approval information on the post sum value is received, or
Internally determine the value of at least one after-sales and send it to the calling device associated with the operator server through the voice call network, and when the agreement approval information for the after-sales value is received, store the value of the after-sales in the medium or , or
Receive the value of the post sum determined by the operator server through the data communication channel and store it in a medium, and transmit agreement approval information on the post sum value, or
And receiving consensus approval information on the value of the post sum after receiving and storing the post sum value determined by the operator server through the voice call network.
The method of claim 10,
The interface output step,
And outputting an interface for selecting at least one of the trading means matched with a card of N (N≥1) issued by the issuer to the user,
The user registration step,
And transmitting the selected transaction means identification value through the interface to the operator server.
The method of claim 10,
And a device identification processing step of receiving and storing a device identification value identifying the smartphone (or a program module of the smartphone) in a medium in order to receive at least one transaction related value through the data communication network. The card transaction providing method through the volatile authentication value.
The method of claim 10,
And a push processing step of receiving the value generation request information requesting to internally generate the volatile authentication value from the operator server.
The method of claim 15, wherein the push processing step,
The value generation request information is pushed through a data communication network based on the device identification value, or
And detecting the value generation request information from the message received by the message module based on the message standard of the voice communication network.
The method of claim 15, wherein the push processing step,
Or based on the device identification value, the value generation request information is derived through the transaction history value after being pushed at least one transaction detail value among a transaction amount value, a merchant identification value, and a purchase product identification value through a data communication network, or
A volatile authentication value comprising detecting the message including the transaction history value from the message received by the message module based on the message specification of the voice communication network and deriving the value generation request information through the transaction history value. How to provide a card transaction through.
In the card transaction providing method through the volatile authentication value of the operator server linked to the program module provided in the user's smart phone that can be connected to the data communication network and voice communication network,
Identifying a device identification value assigned to the smartphone (or program module) and storing the device identification value in a storage medium;
A user registration step of receiving, from the smart phone (or program module), issuer information identifying an issuer who issued at least one card to the user and a user identification value identifying the user;
At least one of the transaction means matching the card of N (N≥1) issued to the user by the issuer by providing the user identification value to the issuer server corresponding to the issuer information, to be used for the card transaction of the user. Means for determining a user means of trading;
A transaction means registering step of connecting the transaction means identification value identifying the user transaction means and the user identification value and storing the transaction means on the storage medium;
At least a fixed seed value and a dynamic seed determination value and a key generation function value required for verifying a volatile authentication value to be dynamically generated inside the smartphone (or program module) that are not agreed with the smartphone (or program module). A personalization processing step of storing a value of one post sum on the storage medium in agreement with the smartphone (or program module);
When the volatile authentication value dynamically generated in the smartphone (or program module) is received from the transaction request terminal device, the agreed key generation is based on the stored dynamic seed value and the dynamic seed value dynamically determined through the dynamic seed determination value. A verification value generating step of dynamically generating a volatile verification value by assigning to a function;
An authentication value verification step of verifying consistency by comparing the received volatile authentication value with the generated volatile verification value; And
If the match is verified, a transaction request step of requesting a card transaction for the transaction history value received from the transaction request terminal device through the user transaction means corresponding to the transaction means identification value stored in the storage medium to the issuer server; Card transaction providing method through a volatile authentication value, characterized in that comprises;
The method of claim 18, wherein the user registration step,
Receiving the user identification value through a data communication channel connected with the smartphone (or program module), or
Receive the user identification value detected from the voice call network connected between the call device associated with the operator server and the smartphone (or program module); or
Receives a partial value of the user identification value through a data communication channel connected with the smartphone (or program module) and receives the remaining partial value of the user identification value detected from the voice call network from a communication device associated with the operator server. After receiving the card transaction through the volatile authentication value characterized in that for configuring the user identification value by combining a partial value of the user identification value received through the data communication network and the remaining partial value received through the voice communication network Way.
19. The method of claim 18, wherein the determining of the transaction means,
Volatility of receiving a trading means identification value for the user trading means from the smart phone (or program module) after providing the trading means identification value for the trading means of the N to the smartphone (or program module) How to provide a card transaction with an authentication value.
19. The method of claim 18,
The user registration step,
Further receiving a transaction identification value for the user transaction means input from the smartphone (or program module),
The determining means for trading means,
Volatile authentication, characterized in that after determining the user issuing status for the trading means corresponding to the trading means identification value based on the user identification value, the trading means corresponding to the trading means identification value as the user trading means. How to provide card transactions by value.
The method of claim 18, wherein the personalization processing step,
Receive the value of the post sum transmitted from the smartphone (or program module) through the data communication channel, store it in a storage medium, and transmit the agreement approval information on the post sum value to the smartphone (or program module). Or
The call device associated with the operator server receives the value of the post sum detected from the voice call channel connected with the smart phone (or program module), stores the value of the post sum in a storage medium, and then stores the post sum with the smart phone (or program module). Send consent approval information for the value, or
After determining the value of at least one post sum and transmitting it to the smartphone (or program module) through the data communication channel, when the agreement approval information on the post sum value is received, the post sum value is stored in a storage medium, or
After determining the value of at least one after the sum is sent to the smart phone (or program module) through the call device associated with the operator server, and when the agreement approval information on the value of the after the sum is received storage medium The card transaction providing method through the volatile authentication value, characterized in that stored in.
19. The method of claim 18,
When at least one identification value of the user identification value and the device identification value is received from the transaction request terminal device, the smartphone (or program module) corresponding to the received at least one identification value is volatile using the agreed value. And a push processing step of pushing value generation request information requesting to generate an authentication value.
The method of claim 23, wherein the push processing step,
Push the value generation request information through a data communication network based on the device identification value, or
And transmitting a message including the value generation request information through the message standard of the voice communication network.
The method of claim 23, wherein the push processing step,
Push a transaction history value of at least one of a transaction value, a merchant identification value, and a purchase product identification value through a data communication network based on the device identification value, or
Sending a message including the transaction history value through the message standard of the voice call network;
The smartphone (or program module),
And deriving the value generation request information through the transaction history value.

Images