KR20120100342A - Security token device and rf module and method of authentication usable in smartphone and pc - Google Patents

Security token device and rf module and method of authentication usable in smartphone and pc Download PDF

Info

Publication number
KR20120100342A
KR20120100342A KR1020110019173A KR20110019173A KR20120100342A KR 20120100342 A KR20120100342 A KR 20120100342A KR 1020110019173 A KR1020110019173 A KR 1020110019173A KR 20110019173 A KR20110019173 A KR 20110019173A KR 20120100342 A KR20120100342 A KR 20120100342A
Authority
KR
South Korea
Prior art keywords
security token
smartphone
external device
device interface
wireless module
Prior art date
Application number
KR1020110019173A
Other languages
Korean (ko)
Inventor
서정훈
Original Assignee
주식회사 스마트솔루션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 스마트솔루션 filed Critical 주식회사 스마트솔루션
Priority to KR1020110019173A priority Critical patent/KR20120100342A/en
Publication of KR20120100342A publication Critical patent/KR20120100342A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephone Function (AREA)

Abstract

PURPOSE: A security token device for a smart phone and a PC, a wireless module thereof, and authentication method thereof are provided to connect a security token for safely storing a certificate with the smart phone and use the stored certificate for smart phone banking, thereby preventing security incidents. CONSTITUTION: A security token(100) includes the followings. A smart card IC(130) is supplied with power through a security token external device interface unit(110). The smart card IC is connected with a smart phone(200) through a security token controller(120) and transceives data. A smart card user authentication function is performed. The security token controller is connected with the smart phone through the security token external device interface unit in order to be supplied with power. The security token controller transceives the data with the smart phone. The security token external device interface unit connects the smart phone with the security token controller. [Reference numerals] (110) Security token external device interface unit; (120) Security token controller; (130) Smart card IC; (210) Smart phone external device interface unit; (220) Smart phone banking application; (230) Smart phone operating system; (240) Smart phone wireless communication unit; (310) Wireless module control unit; (320) Wireless module wireless communication unit; (330) Wireless module external device interface unit; (410) PC banking application; (420) PC operating system; (430) PC external device interface unit; (AA) PC; (BB) Wireless module; (CC) Smart phone; (DD) Security token device

Description

Security token device and RF module and method of authentication usable in smartphone and PC}

The present invention relates to a security token device, a wireless module, and an authentication method that can be used in a smart phone and a PC.

Recently, with the rapid increase of smartphones, mobile financial transactions using smartphones are attracting attention. At the same time, interest in security measures for mobile financial transactions using smartphones is increasing.

Mobile financial transactions using smart phones have the advantage that they can conveniently carry out financial transactions anytime, anywhere. It is also observed that mobile financial transactions (smartphone banking) using smartphones will outpace financial transactions on existing PCs.

Although regulations on mandatory use of accredited certificates have been eased in online financial transactions (Internet banking) recently, accredited certificates will continue to be used as an important user authentication method in domestic online financial transactions.

Smartphones can be downloaded and installed freely as the user wants the application program like a normal PC. As a result, there is a security risk that can be hacked by programs that contain malicious code like general PCs. Internet banking on existing PCs also have serious security problems that can be copied and leaked at any time. Due to these problems, the Ministry of Public Administration and Security is planning to prohibit the storing of accredited certificates on hard disks from 2013 and to implement the policy of storing accredited certificates in secure security tokens.

 A security token is a hardware device that can safely store and store secret information such as an electronic signature key, and is a hardware device that can not be leaked outside of the secret information.It has a process and cryptographic operation device that can generate an electronic signature key, generate and verify an electronic signature, etc. It is a hardware device. If the certificate is stored and used in the security token, the leakage of the electronic signature key can be blocked at the source to prevent financial security accidents caused by the leak of the certificate.

For security of smartphone banking, there are limitations in applying various security programs such as antivirus program, keyboard security program, anti-phishing program, firewall program applied to internet banking in existing PC to smartphone. In the case of smartphones, unlike general PCs with an open platform (operating system and hardware environment), the platform is independent and diverse for each smartphone manufacturer, making it difficult or fundamentally difficult to convert the various security programs applied to existing PCs for smartphones. It is often impossible to apply. In addition, it is impossible to completely prevent hacking even when the various security programs are applied to a smartphone. Unlike PCs, running multiple security programs on a smartphone with limited hardware performance has a problem of slowing down speed and greatly reducing the utility of smartphone banking. In addition, the public certificate stored in the smart phone, like the public certificate stored in the hard disk of the general PC, there is a risk that the public certificate can be leaked.

As mentioned above, due to the problem of leakage of the certificate that may occur when the Internet banking on the smart phone has become an obstacle to the spread of smart phone banking.

Storing the public certificate in the security token has the effect of preventing the leak of the public certificate. However, if the security token is only able to communicate with a smartphone and cannot communicate with a PC, laptop, tablet PC, etc., when Internet banking is performed on a PC, laptop, tablet PC, etc., the certificate stored in the security token must be copied to the outside. Since it is impossible, there is an inconvenience of having to reissue the certificate every time.

In order to solve the above-mentioned problems, the present invention connects a security token that securely stores a public certificate to a smartphone and prevents a security accident such as leaking a public certificate by using a public certificate stored in the security token when the smartphone is banked. For the purpose of

More specifically, the smart phone external device interface unit such as a microSD connector or a portable digital media interface (PDMI) connector of the smart phone that can be supplied to the outside is supplied with power required to drive a security token, and the smart phone external device interface unit Send and receive data between smartphone and security token. In addition, a smartphone banking application is installed on the smartphone and the user uses the certificate stored in the security token through the smartphone banking application when the smartphone banking. This aims to provide a security token device and authentication method that prevents the leakage of the public certificate that may occur during smartphone banking.

In addition, when internet banking on a PC, laptop, or tablet PC (hereinafter referred to as PC banking), a wireless module (Bluetooth module) is connected to a device interface such as a USB port or a serial port of a PC, laptop, or tablet PC. Wirelessly communicate with each other by Bluetooth, the smartphone and the security token communicates via the smartphone external device interface (microSD or PDMI interface), and when the PC banking, the authentication certificate stored in the security token connected to the smartphone Use Through this, it aims to provide a security token device and an authentication method that prevents the leakage of a public certificate that may occur during PC banking.

It also aims to provide a secure token device, a wireless module, and an authentication method that can be used in both smartphone banking and PC banking as a single certificate.

In order to achieve the above object, the present invention is supplied to the power supply through the security token external device interface unit, connected to the smart phone through the security token control unit to transmit and receive data, the security token password registered in the internal storage, authentication Smart card IC that stores certificate and public certificate digital signature key, has encryption function, digital signature key generation function, digital signature function, electronic financial transaction function, and performs user authentication function. A security token control unit that is connected to the smart card and receives power from the smart phone, transmits and receives data to and from the smart phone, is connected to the smart card IC, and connects the smart card IC to the smart phone through a secure token external device interface unit to transmit and receive data; Connect smartphone and security token control unit and supply power from smartphone A security token configured to receive and transmit / receive data; It is installed and operated on the smart phone operating system, and provides smart phone users with a user interface for making online financial transactions using the security token, and smart data transmitting and receiving security token and data through the smart phone operating system and the external device interface of the smart phone Phone banking applications; A wireless module wireless communication unit connected to a wireless module control unit and wirelessly connected to a smartphone to transmit and receive data; A wireless module control unit connected to a wireless module wireless communication unit and a wireless module external device interface unit to transmit and receive data to each other to enable data transmission and reception between a smartphone and a PC; Provides a security token device and a wireless module that can be used in a smartphone and a PC, characterized in that it comprises a wireless module that is connected to the external device interface of the PC to receive power and transmit and receive data. do.

In addition, the present invention comprises the steps of connecting the security token to the smartphone external device interface; Receiving security power from a smart phone IC and a security token control unit, when power is supplied to the security token; Executing a smartphone banking application for a user to access (log in) a bank site; Selecting a security token menu from a user interface provided by the smartphone banking application; When the security token is selected in the user interface of the smartphone banking application, the smartphone banking application sends a connection request signal to the security token controller through the smartphone operating system and the smartphone external device interface unit; The security token control unit sends a connection completion response signal for the connection request signal to the smartphone operating system through the security token external device interface unit; Sending a connection completion signal to the smartphone banking application when the smartphone operating system receives the connection completion response signal; When the smartphone banking application receives the connection completion signal, the smartphone and the security token are connected to be in a data transmission / reception state; The smart phone banking application comprises: sending a request signal for reading authentication certificate information to the security token control unit through the smart phone operating system, the smart phone external device interface unit, and the secure token external device interface unit; The security token control unit reads the authentication certificate information stored in the smart card IC and sends it to the smartphone banking application through the security token external device interface unit when receiving the request for reading the authentication certificate information; The smart phone banking application comprises the steps of outputting the certificate information received through the smart phone external device interface and the smart phone operating system to the user interface; When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs the security token password in the security token password input window; When the user enters the security token password in the user interface security token password input window of the smartphone banking application, the security token password is transmitted to the security token controller through the smartphone operating system, the smartphone external device interface unit, and the security token external device interface unit. ; The security token control unit transmits the password to the smart card IC, and the smart card IC compares the password registered in the smart card IC internal storage with the password input from the user. Transmitting an authentication failure signal to the security token control unit if the comparison result does not match; The security token control unit transmits the received authentication success or authentication failure signal to the smartphone banking application through the security token external device interface unit, the smartphone external device interface unit, and the smartphone operating system; When the smartphone banking application receives the authentication success signal, it sends a digital signature request to the smart card IC through the smartphone application system, the smartphone external device interface unit, the security token external device interface unit, and the security token control unit, and receives the authentication failure signal to the user. Notifying the security token user authentication failure message and blocking access (login) to the bank site; When the smart card IC receives an electronic signature request from the smartphone banking application, the smart card IC uses the electronic signature key stored in the electronic signature to electronically sign the security token controller, the security token external device interface unit, the smartphone external device interface unit, and the smartphone application system. Delivering the digital signature value to the banking application; The smart phone banking application provides an authentication method using a security token device that can be used in a smart phone, characterized in that the smart card IC receives an electronic signature value and accesses (logs in) a bank site.

In another aspect, the present invention comprises the steps of connecting the security token to the smart phone external device interface and the wireless module to the PC external device interface; When the power is supplied from the smart phone IC and the security token control unit, the security token operates. When the power is supplied from the PC, the wireless module operates when the power is supplied to the wireless module control unit and the wireless module wireless communication unit. ; A user executing a PC banking application to access (log in) a bank site; The user selecting a security token menu in a user interface provided by the PC banking application; When the security token is selected in the user interface of the PC banking application, the PC banking application sends a connection request signal to the wireless module through the PC operating system and the PC external device interface unit, and the wireless module controller transmits the connection request signal through the wireless module external device interface unit. Receives and passes through the wireless module wireless communication unit (hereinafter referred to as wireless module section) to the wireless communication unit of the smartphone , security token via the operating system of the smartphone and the smartphone external device interface (hereinafter referred to as smartphone section) and the security token external device interface. Transmitting the connection request signal to a controller; The security token control unit sends a connection completion response signal for the connection request signal to the PC operating system via the PC external device interface through the smart device section and the wireless module section through the security token external device interface; Sending a connection completion signal to the PC banking application when the PC operating system receives the connection completion response signal; When the PC banking application receives the connection completion signal, the PC and the security token are connected via the wireless module and the smart phone to enable data transmission and reception; The PC banking application comprises: sending a request signal for reading the certificate information to the security token control unit through the security token external device interface unit through the PC operating system, the PC external device interface unit, the smartphone section, and the wireless module section; The security token control unit reads the authentication certificate information stored in the smart card IC upon receiving a request for reading the authentication certificate information and sends it to the PC banking application via the security token external device interface unit, the smartphone section and the wireless module section, and the PC operating system; PC banking application step of outputting the received authentication certificate information to the user interface; When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs the security token password in the security token password input window; When the user enters the security token password into the user interface security token password input window of the PC banking application, the security token is transferred to the security token controller via the PC operating system, the PC external device interface unit, the wireless module section, the smartphone section, and the security token external device interface. Passing a password; The security token control unit transmits the password to the smart card IC. The smart card IC compares the password registered in the smart card IC internal storage space with the password input from the user. Transmitting the authentication failure signal to the security token control unit if the comparison result does not match; The security token control unit transmits the received authentication success or authentication failure signal to the PC banking application through the security token external device interface unit, the smartphone section and the wireless module section, the PC external device interface unit, and the PC operating system; When the PC banking application receives the authentication success signal, it makes an electronic signature request to the smart card IC through the PC operating system, PC external device interface unit, wireless module section, smartphone section, security token external device interface section, security token control section, and authentication failure. Notifying the user of the security token user authentication failure message upon receiving the signal and blocking access to the bank site (login); When the smart card IC receives an electronic signature request from a smartphone banking application, the electronic signature key is stored in the electronic signature key, and the electronic signature key is used to secure the security token control unit, the security token external device interface unit, the smartphone section, the wireless module section, the PC external device interface unit, and the PC. Passing the electronic signature value to the PC banking application via the operating system; The PC banking application receives an electronic signature value from a smart card IC and accesses (logs in) a bank site. The authentication method uses a security token device and a wireless module that can be used in a smartphone and a PC. to provide.

According to the present invention, smart phone banking or PC banking or PC banking because it uses a certificate stored securely in a security token without using a certificate stored in the hard disk of a smartphone or PC that risks leaking the certificate It is effective to prevent damage to the public certificate that may occur during PC banking.

In addition, the power required to drive the security token is supplied through a smartphone external device interface such as a microSD memory connector and a PDMI connector built in the smartphone, and data is transferred between the smartphone and the security token through the smartphone external device interface. Send and receive When banking a smartphone, a smartphone banking application is installed on the smartphone to communicate with the security token through it. Smartphone banking application is a smartphone application program that runs on a smartphone operating system, so it is not dependent on different smartphone platforms (smartphone operating system and hardware) by manufacturer, and can be implemented on various smartphone platforms. This makes it possible to use security tokens independently when banking smartphones regardless of different smartphone platforms.

In addition, when Internet banking of a PC, a wireless module (Bluetooth module, etc.) is connected to the device interface of the PC, and a smartphone and a PC or a notebook communicate wirelessly (Bluetooth, etc.), and a smartphone and a security token are the external devices of the smartphone. Communicate through the interface unit. Through this, even when banking the PC, it is possible to use the public certificate stored in the security token and prevent the leakage of the public certificate. In addition, there is an effect that can be used in both smartphone banking and PC banking using one official certificate stored in the security token.

1 is a block diagram of a security token device and a wireless module that can be used in a smartphone and a PC of a preferred embodiment of the present invention.
2 and 3 is a flow chart illustrating an authentication method utilizing a security token device that can be used in the smart phone of the preferred embodiment of the present invention.
4 and 5 are flowcharts illustrating an authentication method using a security token device and a wireless module that can be used in a smartphone and a PC according to an exemplary embodiment of the present invention.
6 is a view showing a user interface and a security token password input window while a smartphone banking application is executed on a smartphone screen of a preferred embodiment of the present invention.
7 is a view showing a user interface and a security token password input window while a PC banking application on a PC monitor screen of the preferred embodiment of the present invention is executed.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of a security token device and a wireless module that can be used in a smartphone and a PC of a preferred embodiment of the present invention.

The block diagram is largely divided into a security token 100, a smartphone 200, a wireless module 300, a PC 400, the security token 100 is a security token external device interface 110. Security token control unit 120, smart card IC 130, smart phone 200 is a smart phone external device interface unit 210, smart phone banking application 220, smart phone operating system 230, smart phone The wireless communication unit 240, the wireless module 300 is composed of a wireless module control unit 310, wireless module wireless communication unit 320, wireless module external device interface unit 330, PC 400 is PC banking The application 410, the PC operating system 420, and the PC external device interface unit 430.

The security token 100 is supplied with power via the security token external device interface unit 110 and connected to the smart phone to transmit and receive data. The secure token external device interface 110 may be implemented using a microSD interface or a portable digital media interface (PDMI), and preferably uses a microSD interface.

The smart card IC 130 is supplied with power through the secure token external device interface unit 110 and is connected to the smartphone 200 through the secure token control unit 120 and the secure token external device interface unit 110. It transmits and receives data, and stores the security token password, public certificate and public certificate digital signature key registered in the internal storage space, and has encryption function, digital signature key generation function, electronic signature function, electronic financial transaction function, etc. Perform the function. When the smart bank banking application 220 or the PC banking application 410 receives the certificate information request signal through the security token control unit 120, the smart bank banking application 220 through the security token control unit 120 Or to the PC banking application 410. The smart card IC 140 may be used in both a fixed type mounted on a printed circuit board and a removable type detachable to a SIM socket or a smart card reader connector. You can also use a combination smart card with built-in wireless communication.

The security token control unit 120 is connected to the smartphone 200 through the security token external device interface unit 110, receives power from the smartphone 200, transmits and receives data with the smartphone 200, and smart card IC. It is connected to the 130, and connects the smart card IC and the smart phone through the security token external device interface 110 to transmit and receive data.

The secure token external device interface unit 110 connects the smart phone 200 and the secure token control unit 120, receives power from the smart phone 200, and transmits and receives data.

The smartphone external device interface 210 is connected to the security token external device interface 110 to connect the smartphone 200 and the security token 100, and similar to the security token external device interface 110, the microSD interface connector Alternatively, it may be implemented using a PDMI connector or the like, and it is preferable to use a micro SD interface connector.

The smartphone banking application 220 is an application program installed and operated on the smartphone operating system 230. Providing a smart phone user with a user interface for online financial transactions using the security token 100, and provides the security token 100 and data through the smartphone operating system 230 and the smartphone external device interface 210. Send and receive Since the smartphone banking application 220 is a smartphone application program that operates on the smartphone operating system 230, the smartphone banking application 220 is implemented on various smartphone platforms without being dependent on different smartphone platforms (smartphone operating system and hardware) for each manufacturer.

The smartphone operating system 230 provides an environment in which the smartphone banking application 220 may be executed. Smartphone operating system 230 is different for each smartphone manufacturer.

The smartphone wireless communication unit 240 may wirelessly connect the smartphone 200 to the PC 400 via the wireless module 200 to transmit data. The smartphone wireless communication unit 240 preferably uses Bluetooth.

The wireless module 300 includes a wireless module controller 310 and a wireless module external device interface unit 330. It consists of a wireless module wireless communication unit 320, and wirelessly connects the PC 400 and the smartphone 200. The wireless module external device interface unit 330 may be implemented as a USB, a serial port, a parallel port, and the like, and it is preferable to use USB.

The wireless module communication unit 320 is wirelessly connected to the smartphone wireless communication unit 240 to transmit and receive data, it is preferable to use Bluetooth.

The wireless module control unit 310 is connected to the wireless module external device interface unit 330 and the wireless module wireless communication unit 320 to transmit and receive data.

The wireless module external device interface unit 320 is connected to the PC external device interface unit 430 and connects the wireless module 300 to the PC 400 to transmit and receive data.

The PC external device interface unit 430 is connected to the wireless module external device interface unit 330 to supply power to the wireless module and to transmit and receive data. Also, it can be implemented by USB, serial port, parallel port, etc. It is preferable to use USB.

The PC banking application 410 is an application program installed and operated on the PC operating system 420. It provides a user interface for online banking transactions using the security token 100 to the PC banking user, and transmits and receives data to and from the security token 100 through the PC operating system 420 and the PC external device interface 430. .

2 and 3 is a flow chart illustrating an authentication method utilizing a security token device that can be used in the smart phone of the preferred embodiment of the present invention.

The certification stage is largely divided into three stages. First step of connecting the smart phone 200 and the security token wirelessly (S301 ~ S308) Second step of reading the authentication certificate information from the security token (S309 ~ S311) Third, enter the security token password to complete the user authentication And it is divided into steps (S312 ~ S318) to access (log in) the bank site. The following details the authentication process.

Connect the security token to the smartphone external device interface unit (S301).

When the power is supplied to the smart card IC and the security token control unit by receiving power from the smartphone, the security token operates. (S302)

The user executes a smartphone banking application to access (log in) the bank site (S303).

The user selects a security token menu from a user interface provided by the smartphone banking application (S304).

When the security token is selected in the user interface of the smartphone banking application, the smartphone banking application sends a connection request signal to the security token controller through the smartphone operating system and the smartphone external device interface unit (S305).

The security token control unit sends a connection completion response signal for the connection request signal to the smart phone operating system through the security token external device interface unit (S306).

When the smartphone operating system receives the connection completion response signal, and sends a connection completion signal to the smartphone banking application (S307).

When the smartphone banking application receives the connection completion signal, the smartphone and the security token are connected and the data can be transmitted and received (S308).

The smartphone banking application sends a request signal for reading the certificate information to the security token control unit through the smartphone operating system, the smartphone external device interface unit, and the security token external device interface unit (S309).

The security token control unit reads the authentication certificate information stored in the smart card IC upon receiving a request for reading the certificate information and sends it to the smartphone banking application through the secure token external device interface unit (S310).

The smartphone banking application outputs the certificate information received through the smartphone external device interface and the smartphone operating system to the user interface (S311).

When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs a security token password in the security token password input window (S312).

When the user enters the security token password in the user interface security token password input window of the smartphone banking application, the security token password is transmitted to the security token controller through the smartphone operating system, the smartphone external device interface unit, and the security token external device interface unit. (S313)

The security token control unit transmits the password to the smart card IC, and the smart card IC compares the password registered in the smart card IC internal storage with the password input from the user. If the comparison result does not match, the authentication failure signal is transmitted to the security token control unit (S314).

The security token control unit transmits the received authentication success or authentication failure signal to the smartphone banking application through the security token external device interface unit, the smartphone external device interface unit, and the smartphone operating system (S315).

When the smartphone banking application receives the authentication success signal, it sends a digital signature request to the smart card IC through the smartphone application system, the smartphone external device interface unit, the security token external device interface unit, and the security token control unit, and receives the authentication failure signal to the user. Notify the security token user authentication failure message and block access (login) to the bank site (S316).

When the smart card IC receives an electronic signature request from the smartphone banking application, the smart card IC uses the electronic signature key stored in the electronic signature to electronically sign the security token controller, the security token external device interface unit, the smartphone external device interface unit, and the smartphone application system. The electronic signature value is transmitted to the banking application (S317).

The smartphone banking application receives the electronic signature value from the smart card IC and accesses (logs in) a bank site (S318).

In addition to a smartphone, it is possible to apply the security token and authentication method of the present invention to a tablet PC.

4 and 5 are flowcharts illustrating an authentication method using a security token device and a wireless module that can be used in a smartphone and a PC according to an exemplary embodiment of the present invention.

Connect the security token to the smartphone external device interface and the wireless module to the PC external device interface (S401).

When the power is supplied from the smart card IC and the security token control unit, the security token operates. When the power is supplied from the PC, the wireless module operates when the power is supplied to the wireless module control unit and the wireless module wireless communication unit. (S402)

The user runs a PC banking application to access (log in) the bank site (S403).

The user selects a security token menu in the user interface provided by the PC banking application (S404).

When the security token is selected in the user interface of the PC banking application, the PC banking application sends a connection request signal to the wireless module through the PC operating system and the PC external device interface unit, and the wireless module controller transmits the connection request signal through the wireless module external device interface unit. Receives and passes through the wireless module wireless communication unit (hereinafter referred to as wireless module section) to the wireless communication unit of the smartphone , security token via the operating system of the smartphone and the smartphone external device interface (hereinafter referred to as smartphone section) and the security token external device interface. The connection request signal is transmitted to a control unit (S405).

The security token control unit sends the connection completion response signal for the connection request signal to the PC operating system via the PC external device interface unit via the smart phone section and the wireless module section through the security token external device interface unit (S406).

When the PC operating system receives the connection completion response signal, it sends a connection completion signal to the PC banking application (S407).

When the PC banking application receives the connection completion signal, the PC and the security token are connected via the wireless module and the smart phone to be in a state capable of transmitting and receiving data (S408).

The PC banking application sends a request signal for reading the certificate information to the security token control unit through the security token external device interface unit via the PC operating system, the PC external device interface unit, the smartphone section and the wireless module section. (S409)

The security token control unit reads the authentication certificate information stored in the smart card IC when the request for reading the certificate information is read and sends it to the PC banking application via the security token external device interface unit, the smartphone section and the wireless module section, and the PC operating system (S410).

The PC banking application outputs the received accredited certificate information to the user interface (S411).

When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs a security token password in the security token password input window (S412).

When the user enters the security token password into the user interface security token password input window of the PC banking application, the security token is transferred to the security token controller via the PC operating system, the PC external device interface unit, the wireless module section, the smartphone section, and the security token external device interface. Password is passed (S413).

The security token control unit transmits the password to the smart card IC. The smart card IC compares the password registered in the smart card IC internal storage space with the password input from the user. If the comparison result does not match, and transmits the authentication failure signal to the security token control unit (S414).

The security token control unit transmits the received authentication success or authentication failure signal to the PC banking application through the security token external device interface unit, the smartphone section and the wireless module section, the PC external device interface unit, and the PC operating system.

When the PC banking application receives the authentication success signal, it makes an electronic signature request to the smart card IC through the PC operating system, PC external device interface unit, wireless module section, smartphone section, security token external device interface section, security token control section, and authentication failure. Upon receiving the signal, the user notifies the user of the security token user authentication failure message and blocks access to the bank site (login) (S416).

When the smart card IC receives an electronic signature request from a smartphone banking application, the electronic signature key is stored in the electronic signature key, and the electronic signature key is used to secure the security token control unit, the security token external device interface unit, the smartphone section, the wireless module section, the PC external device interface unit, and the PC. The electronic signature value is transmitted to the PC banking application through the operating system (S417).

The PC banking application receives the digital signature value from the smart card IC and accesses (logs in) the bank site (S418).

FIG. 6 is a diagram illustrating a user interface 221 and a security token password input window 222 as a smartphone banking application 220 is executed on a screen of a smartphone 200 according to an exemplary embodiment of the present invention. The user may use a public certificate stored securely in the security token 100 when banking the smartphone through the user interface 221.

7 is a diagram illustrating a user interface 411 and a security token password input window 412 as the PC banking application 410 is executed on the PC monitor screen according to an exemplary embodiment of the present invention.

The present invention has been described above with reference to the accompanying drawings, but the present invention is not limited thereto, and various changes, modifications, and equivalents may be used. Therefore, the present invention can be applied by appropriately modifying the above embodiments, it will be natural that such applications also fall within the scope of the present invention based on the technical idea described in the claims.

The present invention relates to a security token device, a wireless module, and an authentication method that can be used in a smartphone and a PC, and can be widely used in industrial fields where security and convenience are important, such as smartphone banking or PC banking.

100: Security Token
110: security token external device interface unit 120: security token control unit
130: smart card IC
200: Smartphone
210: smart phone external device interface unit 220: smart phone banking application
221: user interface 222: security token password input window
230: smartphone operating system 240: smartphone wireless communication unit
300: wireless module
310: wireless module control unit 320: wireless module wireless communication unit
330: wireless module external device interface unit
400: PC
410: PC banking application 420: PC operating system
411: user interface 412: security token password input window
430: PC external device interface unit

Claims (3)

In the security token device and wireless module that can be used in smartphones and PCs,
Secure token is supplied with power through the external device interface, connected to the smartphone through the secure token control unit to send and receive data, and stores the security token password, public certificate and digital certificate key registered in the internal storage space, Smart card IC which has encryption function, digital signature key generation function, digital signature function, electronic financial transaction function and performs user authentication function,
It is connected to the smartphone through the secure token external device interface, receives power from the smartphone, sends and receives data to and from the smartphone, connects to the smart card IC, and connects the smart card IC to the smartphone through the secure token external device interface. Security token control unit for transmitting and receiving data,
Secure token external device interface unit for connecting the smartphone and the security token control unit, receiving power from the smartphone and transmitting and receiving data,
Security token consisting of;
It is installed and operated on the smart phone operating system, and provides smart phone users with a user interface for making online financial transactions using the security token, and smart data transmitting and receiving security token and data through the smart phone operating system and the external device interface of the smart phone Phone banking applications;
A wireless module wireless communication unit connected to a wireless module control unit and wirelessly connected to a smartphone to transmit and receive data;
A wireless module control unit connected to a wireless module wireless communication unit and a wireless module external device interface unit to transmit and receive data to each other to enable data transmission and reception between a smartphone and a PC;
A wireless module external device interface unit connected to an external device interface unit of the PC to receive power and to transmit and receive data;
Wireless module consisting of;
Security token device and wireless module that can be used in smartphones and PCs comprising a.
In the authentication method using a security token device that can be used in a smartphone,
Connecting the security token to the smartphone external device interface;
Receiving security power from a smart phone IC and a security token control unit, when power is supplied to the security token;
Executing a smartphone banking application for a user to access (log in) a bank site;
Selecting a security token menu from a user interface provided by the smartphone banking application;
When the security token is selected in the user interface of the smartphone banking application, the smartphone banking application sends a connection request signal to the security token controller through the smartphone operating system and the smartphone external device interface unit;
The security token control unit sends a connection completion response signal for the connection request signal to the smartphone operating system through the security token external device interface unit;
Sending a connection completion signal to the smartphone banking application when the smartphone operating system receives the connection completion response signal;
When the smartphone banking application receives the connection completion signal, the smartphone and the security token are connected to be in a data transmission / reception state;
The smart phone banking application comprises: sending a request signal for reading authentication certificate information to the security token control unit through the smart phone operating system, the smart phone external device interface unit, and the secure token external device interface unit;
The security token control unit reads the authentication certificate information stored in the smart card IC and sends it to the smartphone banking application through the security token external device interface unit when receiving the request for reading the authentication certificate information;
The smart phone banking application comprises the steps of outputting the certificate information received through the smart phone external device interface and the smart phone operating system to the user interface;
When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs the security token password in the security token password input window;
When the user enters the security token password in the user interface security token password input window of the smartphone banking application, the security token password is transmitted to the security token controller through the smartphone operating system, the smartphone external device interface unit, and the security token external device interface unit. ;
The security token control unit transmits the password to the smart card IC, and the smart card IC compares the password registered in the smart card IC internal storage with the password input from the user. Transmitting an authentication failure signal to the security token control unit if the comparison result does not match;
The security token control unit transmits the received authentication success or authentication failure signal to the smartphone banking application through the security token external device interface unit, the smartphone external device interface unit, and the smartphone operating system;
When the smartphone banking application receives the authentication success signal, it sends a digital signature request to the smart card IC through the smartphone application system, the smartphone external device interface unit, the security token external device interface unit, and the security token control unit, and receives the authentication failure signal to the user. Notifying the security token user authentication failure message and blocking access (login) to the bank site;
When the smart card IC receives an electronic signature request from the smartphone banking application, the smart card IC uses the electronic signature key stored in the electronic signature to electronically sign the security token controller, the security token external device interface unit, the smartphone external device interface unit, and the smartphone application system. Delivering the digital signature value to the banking application;
The smartphone banking application receives the electronic signature value from the smart card IC and accesses (logs in) a bank site;
Security token chapter that can be used in the smartphone, characterized in that including
Authentication method using the software.
In the authentication method using a security token device and a wireless module that can be used in smartphones and PCs,
Connecting a security token to a smartphone external device interface and a wireless module to a PC external device interface;
When the power is supplied from the smart phone IC and the security token control unit, the security token operates. When the power is supplied from the PC, the wireless module operates when the power is supplied to the wireless module control unit and the wireless module wireless communication unit. ;
A user executing a PC banking application to access (log in) a bank site;
The user selecting a security token menu in a user interface provided by the PC banking application;
The security token is selected from the user interface of the PC banking application, PC banking application radio sends a connection request signal to the radio module via the PC operating system and a PC external device interface unit module control unit via the connection request signal parts of the radio module an external device interface Receives and passes through the wireless module wireless communication unit (hereinafter referred to as wireless module section) to the wireless communication unit of the smartphone , security token via the operating system of the smartphone and the smartphone external device interface (hereinafter referred to as smartphone section) and the security token external device interface. Transmitting the connection request signal to a controller;
The security token control unit sends a connection completion response signal for the connection request signal to the PC operating system via the PC external device interface through the smart device section and the wireless module section through the security token external device interface;
Sending a connection completion signal to the PC banking application when the PC operating system receives the connection completion response signal;
When the PC banking application receives the connection completion signal, the PC and the security token are connected via the wireless module and the smart phone to enable data transmission and reception;
The PC banking application comprises: sending a request signal for reading the certificate information to the security token control unit through the security token external device interface unit through the PC operating system, the PC external device interface unit, the smartphone section, and the wireless module section;
The security token control unit reads the authentication certificate information stored in the smart card IC upon receiving a request for reading the authentication certificate information and sends it to the PC banking application via the security token external device interface unit, the smartphone section and the wireless module section, and the PC operating system;
PC banking application step of outputting the received authentication certificate information to the user interface;
When the user selects the public certificate output on the user interface, a security token password input window appears and the user inputs the security token password in the security token password input window;
When the user enters the security token password into the user interface security token password input window of the PC banking application, the security token is transferred to the security token controller via the PC operating system, the PC external device interface unit, the wireless module section, the smartphone section, and the security token external device interface. Passing a password;
The security token control unit transmits the password to the smart card IC. The smart card IC compares the password registered in the smart card IC internal storage space with the password input from the user. Transmitting the authentication failure signal to the security token control unit if the comparison result does not match;
The security token control unit transmits the received authentication success or authentication failure signal to the PC banking application through the security token external device interface unit, the smartphone section and the wireless module section, the PC external device interface unit, and the PC operating system;
When the PC banking application receives the authentication success signal, it makes an electronic signature request to the smart card IC through the PC operating system, PC external device interface unit, wireless module section, smartphone section, security token external device interface section, security token control section, and authentication failure. Notifying the user of the security token user authentication failure message upon receiving the signal and blocking access to the bank site (login);
When the smart card IC receives an electronic signature request from a smartphone banking application, the electronic signature key is stored in the electronic signature key, and the electronic signature key is used to secure the security token control unit, the security token external device interface unit, the smartphone section, the wireless module section, the PC external device interface unit, and the PC. Passing the electronic signature value to the PC banking application via the operating system;
The PC banking application receives the digital signature value from the smart card IC and access (log in) to the bank site;
Authentication method using a security token device and a wireless module that can be used in a smartphone and a PC comprising a.
KR1020110019173A 2011-03-03 2011-03-03 Security token device and rf module and method of authentication usable in smartphone and pc KR20120100342A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110019173A KR20120100342A (en) 2011-03-03 2011-03-03 Security token device and rf module and method of authentication usable in smartphone and pc

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110019173A KR20120100342A (en) 2011-03-03 2011-03-03 Security token device and rf module and method of authentication usable in smartphone and pc

Publications (1)

Publication Number Publication Date
KR20120100342A true KR20120100342A (en) 2012-09-12

Family

ID=47110088

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110019173A KR20120100342A (en) 2011-03-03 2011-03-03 Security token device and rf module and method of authentication usable in smartphone and pc

Country Status (1)

Country Link
KR (1) KR20120100342A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101314183B1 (en) * 2013-04-01 2013-10-14 주식회사 티모넷 System for sharing hsm(hardware security module) of mobile unit using nfc
WO2015108307A1 (en) * 2014-01-14 2015-07-23 주식회사 씽크풀 User authentication method using user device, and digital system and authentication system therefor
KR20170029483A (en) 2017-03-09 2017-03-15 홍승은 Mobile cross-authentication system and method
US11966907B2 (en) 2014-10-25 2024-04-23 Yoongnet Inc. System and method for mobile cross-authentication

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101314183B1 (en) * 2013-04-01 2013-10-14 주식회사 티모넷 System for sharing hsm(hardware security module) of mobile unit using nfc
WO2015108307A1 (en) * 2014-01-14 2015-07-23 주식회사 씽크풀 User authentication method using user device, and digital system and authentication system therefor
US11966907B2 (en) 2014-10-25 2024-04-23 Yoongnet Inc. System and method for mobile cross-authentication
KR20170029483A (en) 2017-03-09 2017-03-15 홍승은 Mobile cross-authentication system and method

Similar Documents

Publication Publication Date Title
CN105684009B (en) Using biometric authentication for NFC-based payments
TWI664591B (en) Method of disabling financial transactions between apayment network and an electronic device and management device
US9918226B2 (en) Spoofing protection for secure-element identifiers
KR102485830B1 (en) Processing for secure information
US8700908B2 (en) System and method for managing secure information within a hybrid portable computing device
JP6552714B2 (en) Data processing method and system, and wearable electronic device
KR20190018506A (en) System-on-Chip and Terminal
KR101109000B1 (en) Security module, System and Method for securing electronic banking using the same
CN101888442A (en) Security management method for mobile terminal and mobile terminal
EP2338244B1 (en) Use of a secure element for writing to and reading from machine readable credentials
US11520859B2 (en) Display of protected content using trusted execution environment
KR20120100342A (en) Security token device and rf module and method of authentication usable in smartphone and pc
CN103596175A (en) Mobile intelligent terminal certification system and method based on near field communication technology
KR20110030515A (en) Security token device and method of authentication usable in smartphone
KR20170009541A (en) Display driver integrated circuit for certifying application processor and mobile apparatus having the same
JP2014057283A (en) Exchange method of confidential information and computer
CN206788918U (en) Encrypted card
Morgner et al. Mobile smart card reader using NFC-enabled smartphones
KR101628615B1 (en) Method for Providing Safety Electronic Signature by using Secure Operating System
GB2531255A (en) Secure authentication token
Toegl Tagging the turtle: local attestation for kiosk computing
TWI651624B (en) Smart hardware safety carrier
KR20160124336A (en) Method for Providing Electronic Signature by using Secure Operating System
KR101628614B1 (en) Method for Processing Electronic Signature by using Secure Operating System
KR101314183B1 (en) System for sharing hsm(hardware security module) of mobile unit using nfc

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination