KR20120129617A - Identification card, apparatus and method for issuing card - Google Patents

Identification card, apparatus and method for issuing card Download PDF

Info

Publication number
KR20120129617A
KR20120129617A KR1020110047977A KR20110047977A KR20120129617A KR 20120129617 A KR20120129617 A KR 20120129617A KR 1020110047977 A KR1020110047977 A KR 1020110047977A KR 20110047977 A KR20110047977 A KR 20110047977A KR 20120129617 A KR20120129617 A KR 20120129617A
Authority
KR
South Korea
Prior art keywords
applet
card
identification card
key
distribution module
Prior art date
Application number
KR1020110047977A
Other languages
Korean (ko)
Inventor
윤희정
Original Assignee
주식회사 에스원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 에스원 filed Critical 주식회사 에스원
Priority to KR1020110047977A priority Critical patent/KR20120129617A/en
Publication of KR20120129617A publication Critical patent/KR20120129617A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/08Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
    • G06K19/10Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means at least one kind of marking being used for authentication, e.g. of credit or identity cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

PURPOSE: An ID(Identification) card, card issue apparatus, and method thereof capable of rapidly and easily issue a card for identifying a user. CONSTITUTION: A card initialization unit(22) initializes an ID card. A loading processing unit(23) loads a key distribution module for issuing one or more applets related to the identification card in the initialized ID card. An issue processing unit(24) communicates with a management server using a network. The issue processing unit acquires a secret number for using the applet and a key for the applet. The issue processing unit provides the acquired key and the secret number to the key distribution module of the ID card. [Reference numerals] (20) Card issue apparatus; (21) Card interface unit; (22) Card initialization unit; (23) Loading processing unit; (24) Issue processing unit; (25) Verification processing unit; (26) Renewal processing unit

Description

Identification card, apparatus and method for issuing a card {Identification card, apparatus and method for issuing card}

The present invention relates to a card issuing apparatus and a method thereof, and more particularly, to an identification card for identifying a user, and an apparatus and method for issuing such a card.

Recently, technologies for identifying an individual using a smart card and using various services based on the smart card have been developed. While conventional cards are plastic products using magnetics, smart cards are electronic cards that can hold a large amount of information by embedding at least one integrated circuit (IC) memory device in the plastic card. Smart cards have memory, two-way communication, and information protection functions, which can be used in various fields such as ID cards, credit cards, and cash cards, and can store 100 times more information than magnetic cards. Such smart cards include memory type smart cards, microprocessor embedded smart cards, interactive smart cards, and the like.

However, issuing such a smart card requires a separate device and takes a long time to manufacture the card. For example, when a separate group or company wants to issue a smart card for personal authentication of members or employees, it takes a long time to produce a card and an additional cost increases.

The problem to be solved by the present invention is to provide an apparatus and a method for issuing a card for identifying a user more quickly and simply.

In addition, an object of the present invention is to provide a device and method for issuing such a SD card more simply and stably while using a secure digital (SD) card having a smart card function as a card for identifying a user. It is.

In addition, the problem to be solved by the present invention is to provide an identification card that is easy to issue.

For the above problem, the card issuing method according to a feature of the present invention, in the method for issuing an identification card, the identification card is initialized; Loading at least one applet associated with a key distribution module and an identification card function to the initialized identification card; Obtaining, by the key distribution module of the identification card, a key for the applet; And providing the obtained key to the applet and providing the identification card related information to the applet.

Card issuing apparatus according to another aspect of the present invention is a device for issuing an identification card, card interface for performing an interface with the identification card; A card initialization unit for initializing the identification card by driving the operation module of the identification card; A loading processor configured to load at least one applet associated with the identification card and a key distribution module for issuing applets into the initialized identification card; And an issuing processing unit communicating with a management server through a network to obtain a key for the applet and a password for using the applet, and provide the obtained key and password to the key distribution module of the identification card.

According to another aspect of the present invention, an identification card comprises: an operation module for initializing the identification card and performing authentication for mounting an applet; At least one applet for performing the function of the identification card; And a key distribution module for distributing a key for use to the applet, wherein the key distribution module receives the key of the applet from a card issuing device and provides the key to the applet.

According to an embodiment of the present invention, an identification card can be easily issued using a terminal having a communication function without using a separate device for issuing a card. In particular, the number of communication transactions with the server through the network at the time of issuance is reduced, so that the card can be issued more stably and without processing load.

1 is a view showing the relationship between the structure of the identification card and the card issuing apparatus according to an embodiment of the present invention.
2 is a diagram showing the structure of a card issuing apparatus according to an embodiment of the present invention.
3 to 5 are flowcharts illustrating a card issuing method according to an embodiment of the present invention.
6 is a flowchart illustrating an information update process according to an embodiment of the present invention.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. In the following detailed description of the preferred embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. In the drawings, like reference numerals are used throughout the drawings.

Hereinafter, a card issuing apparatus and a method thereof according to an embodiment of the present invention will be described with reference to the drawings.

1 is a view showing the relationship between the structure of the identification card and the card issuing apparatus according to an embodiment of the present invention.

According to an embodiment of the present invention, a card, that is, a card 10 in which user related information is stored, is issued, and the card 10 is based on user related information. This is a card used for transactions and goods transactions. Identifying the user includes determining whether the corresponding card is a legitimate card in various transactions, including identification, and here, for convenience of explanation, the card 10 issued according to an embodiment of the present invention is referred to as an "identification card." ". In particular, the identification card 10 according to an embodiment of the present invention is a secure digital (SD) card equipped with a smart card function.

The identification card 10, as shown in Figure 1, includes an operating module 11, a key distribution module 12, and at least one applet 13 (applet) for issuing a card according to an embodiment of the present invention. do. Each of the modules 11 and 12 and the applet 13 may be implemented in a form stored in a flash memory (not shown).

The operation module 11 includes an operation program for operating the identification card 10 and initializes the identification card and performs authentication for loading the applet.

The key distribution module 12 is a module for issuing applets mounted on an identification card according to an embodiment of the present invention, and provides the applets with keys for use. The key distribution module 12 functions as a Personalization Secure Application Module (PerSAM), and performs card authentication and key loading into an applet when a card is issued. The key distribution module 12 may be referred to as an applet for issuing applets.

The key distribution module 12 is provided with keys for using an applet generated and managed by the management server 40 and provides these keys to the applet. The keys provided to the applet are called "applet unique keys". These applet unique keys may be modified by the key distribution module 12 and provided to the applet. The key distribution module 12 also performs an authentication process for the information storage process for the applet. Specifically, the card issuing device 20 performs verification on the password provided from the card issuing device 20 so that the information on the applet 13 is stored, and when the verification is made, the card issuing device 20 is issued from the card issuing device 20. Allows the provided information to be provided to the applet 13.

The applet 13 is an applet for various transactions using an identification card, and may be at least one. For example, it may include a public certificate, a cash card applet, and the like.

The card issuing apparatus 20 according to the embodiment of the present invention for issuing the identification card 10 has a structure as shown in FIG. 2.

2 is a structural diagram of a card issuing apparatus according to an embodiment of the present invention.

As shown in FIG. 2, the card issuing apparatus 20 according to an exemplary embodiment of the present invention may include a card interface unit 21 for performing an interface with the identification card 10 and a card initialization unit 22 for initializing the identification card 10. ), A loading processing unit 23, an issuing processing unit 24, and a verification processing unit 25, and may further include an update processing unit 26. The card issuing device 20 is connected to the management server 40 through the network 30.

When the SD card for functioning as an identification card for storing user information is connected to the card interface unit 21 of the card issuing apparatus 20, the card initialization unit 22 is an SD card, that is, through the card interface unit 21. It is determined that the identification card 10 is connected to perform a card initialization process.

The loading processor 23 loads the applet for issuing the card into the identification card 10. For example, when the initialization of the identification card 10 is performed, the loading processor 23 identifies the key distribution module 12, which is an applet for issuing the identification card, and the at least one applet 13 for use of the identification card. Load in 10. In this case, the applet designated by the issuer may be loaded into the identification card 10.

The issuing processing unit 24 provides a key and information for issuing an identification card. In particular, after requesting the management server 40 for information on the key distribution module 12 and the applet 13 and providing the received information to the key distribution module 12, and associated with the key distribution module 12 To provide the key and information for the applet 13.

Specifically, the issuing processing unit 24 requests a key for recording personal information to the identification card. For this purpose, the issuing request message is generated and transmitted to the management server 40 connected to the network 30. The full issuance request includes information on a user who wants to receive an identification card, for example, a social security number. The issuing processing unit 24 receives the issuing response message transmitted from the management server 40, processes the applet unique key included in the received issuing response message, and provides it to the identification card 10. In the issuing response message, data including an applet unique key and a personal identification number (PIN) for accessing the applet is encrypted. The issue processing unit 24 decrypts the encrypted data to decrypt the applet unique key and PIN. Acquire. Then, the acquired applet unique key and PIN are transmitted to the identification card 10 so as to be stored in the key distribution module 12 of the identification card 10.

The verification processing unit 25 performs verification processing on the PIN in association with the key distribution module 12. Specifically, the verification processing unit 25 provides the PIN transmitted from the issuing processing unit 24 to the key distribution module 12 of the identification card 10. In addition, a determination result indicating whether the PIN is stored in the key distribution module 12 is provided. If it is determined that the two PINs match, the card issuing device 20 obtains the access right to the key distribution module 12, and the card issuing device 20 between the key distribution module 12 and the applet 13. A communication path through is formed. Through this communication path, the applet unique key provided from the key distribution module 12 is provided to the applet 13 of the identification card 10 through the issuing processing unit 24, and the user's information on the applet is stored in the applet ( 13).

The update processing unit 26 performs a process of updating the information on the applet issued to the identification card 10. To this end, the update processing unit 26 provides the applet 13 with information to be updated in association with the key distribution module 12 of the identification card 10.

By the card issuing device according to the embodiment of the present invention having such a structure, after the initialization of the identification card and the applet loading process (first process) is performed, the applet key distribution process (second process) and the user The process of recording the information on the identification card (third process) is performed. The first process is performed by the communication between the card issuing device and the identification card on the offline, the second process is performed based on the communication through the network while the card issuing device is connected to the management server on-line, and the third process is offline By means of communication between the card issuing device and the identification card.

On the other hand, the management server 40 is a server operated by an institution (for example, a financial institution, a company) that manages the identification card, and provides practical various keys (applet unique key, etc.) used for the identification card 10. .

Next, a card issuing method according to an embodiment of the present invention will be described based on the card issuing device having such a structure.

3 to 5 are flowcharts of a card issuing method according to an embodiment of the present invention.

In particular, FIG. 3 is a flowchart illustrating an initialization process and an applet loading process in a card issuing method according to an exemplary embodiment of the present invention.

As shown in FIG. 3, when a user wants to issue an identification card that stores information related to a user, the card issuing device 20 is connected to the card issuing device 20 when the identification card 10 is connected to the card issuing device 20. It recognizes that the identification card 10 is connected through the card interface unit 21 (S100). The information related to the user represents information necessary for the user to use in various transactions including identification verification through an identification card, and may include, for example, a social security number and account information necessary for a financial transaction.

When the identification card 10 is connected, the card initialization unit 22 of the card issuing device 20 drives the operation module 11 stored in the flash memory of the identification card 10 (S110). The operation module 11 of the identification card 10 initializes the identification card 10 (S120).

Thereafter, authentication for mounting the applet on the identification card may be performed (S130). When performing authentication for applet loading, the operation module 11 generates an authentication command and an authentication value for authenticating whether the identification card 10 can be used while mounting the applet. The authentication command and the authentication value generated as described above are provided to the identification card 10, and the identification card 10 determines whether the authentication value generated by itself and the provided authentication value match, and when the matching is allowed, the loading is allowed. . Such authentication may be optionally performed, and such authentication may be performed by a central processing unit (not shown) embedded in the identification card 10.

After the identification card is initialized or after the authentication for mounting the applet is completed, applet loading is performed on the identification card 10 (S140). For example, the loading processing unit 23 of the card issuing apparatus 20 may load the key distribution module 12 and the applet 13 into the flash memory (not shown) of the identification card 10. Alternatively, the key distribution module 12 and the applet 13 stored in the flash memory of the identification card 10 may be loaded. Thereafter, an installation process for the key distribution module 12 and the applet 13 loaded on the identification card 10 is performed. This loading and installation process may be repeated as many times as the number of applets to be installed.

As described above, the initialization and applet loading process for the identification card is performed offline through communication between the identification card 10 and the card issuing device 20. Therefore, compared to the communication with the server of the card issuing authority for initialization and loading the applet, it can reduce the time and processing load required to perform the process.

4 and 5 are flowcharts illustrating a key distribution and information recording process in the card issuing method according to an embodiment of the present invention.

After the initialization of the identification card and the applet loading process are completed, the card issuing device 20 is provided with a key for using the identification card in association with the management server 40 of the institution managing the identification card. Perform key distribution and information recording process provided.

To this end, the issuing processing unit 24 of the card issuing apparatus 20 transmits the full issuing request request including information on the user who is to be issued the identification card as shown in FIG. 4 (S200 and S210). The issuance request text includes information on a user who wants to receive an identification card, for example, a social security number and a name. In the case of a foreigner, an alien registration number may be included instead of a social security number.

The management server 40 having received the issuance request message generates a key based on the information on the user included in the issuance request message. The management server 40 may selectively perform the real name verification based on the information on the user. Information about the user, for example, using the social security number and name to verify whether the name is real name (S220).

After the real name verification is selectively performed, the management server 40 selects one identification number to generate a key corresponding to the user information (S230). The applet unique key is generated in response to the selected identification number, and a PIN, which is a password for using the applet, is generated (S240).

In addition, an issue response message in which the applet unique key and the applet PIN correspond to the identification number is generated and transmitted to the card issuing device 20 (S250). In addition to the identification number, the corresponding applet unique key and the applet PIN, the data included in the transmitted issuance response message may include information (resident number, etc.) about the user who requested the issuance. In addition, when the generated unique key is for a financial applet, related financial information (eg, an account number, etc.) may be included. Data included in the issuance response message may be encrypted and transmitted.

The management server 40 may store the applet unique key and the applet PIN generated in response to the newly generated identification number after storing the issuing response message in a database of its own, not shown, and may be managed or deleted. The applet unique key and the applet PIN may be generated for each server transaction request.

Meanwhile, the issuing processing unit 24 of the card issuing device 20 receives the issuing response message transmitted from the management server 40 after transmitting the issuing request message (S260). As described above, the card issuing apparatus 20 according to an exemplary embodiment of the present invention obtains a key for actually issuing a card from the management server 40 through a network.

Next, based on the information obtained from the full issuance response received online, the process of providing a key to the applet and recording the information.

As shown in FIG. 5, the card issuing apparatus 20 processes the applet unique key included in the received issuance response message and provides the identification card 10 to the identification card 10. In the issuing response message, the data including the applet unique key and the applet PIN for using the applet is encrypted. The issue processing unit 24 decrypts the encrypted data to obtain the applet unique key and the applet PIN (S300). . The acquired applet unique key and the applet PIN are transmitted to the identification card 10 (S310). Based on the applet unique key and the applet PIN, issuance of the key distribution module and issuance of the applet are performed.

The key distribution module 12 of the identification card 10 receives and stores the applet unique key and the applet PIN corresponding thereto transmitted from the card issuing device 20 (S320).

Thereafter, the card issuing device 20 provides an applet unique key to the applet 13 in association with the key distribution module 12 of the identification card 10, and provides user-related information to be stored in the applet 13. 10) completes issuing an applet to function as an actual identification card. To this end, the card issuing apparatus 20 first performs PIN verification so that processing through the key distribution module 12 is performed (S330). The verification processing unit 25 of the card issuing device 20 provides the key distribution module 12 with a PIN to determine whether there is a match. The key distribution module 12 determines whether or not the provided PIN matches the applet PIN owned by itself, and provides the determination result to the verification processing unit 25. When a determination result indicating that two PINs coincide, a communication path is formed between the key distribution module 12 of the identification card 10 and the applet 13 through the card issuing device 20, and the subsequent process is performed. do.

The applet unique key provided from the key distribution module 12 is provided to the applet 13 of the identification card 10 through the issuing processing unit 24 through the above communication path, and the user's information on the applet is stored in the applet ( 13).

Specifically, after PIN verification is performed, the issuing processing unit 24 of the card issuing device 20 obtains a session key for encrypting the key based on the random number (S340), and the key distribution module 12 based on the session key. The applet stored in the applet is encrypted and read (S350). The applet unique key read is stored in the applet 13 (S360 and S370).

On the other hand, in order to store the information in the applet 13, the issuing processing unit 24 of the card issuing device 20 generates a message authentication code (MAC) based on the random number (S380). The verification code (MAC) is a code for correcting the integrity of the data provided. The card issuing apparatus 20 provides the applet 13 with data corresponding to the verification code MAC and the user related information to be stored in the identification card based on the command obtained from the key distribution module 12 (S390). Accordingly, the applet 13 stores the data provided, thereby completing the applet issuance (S400).

The above process is performed individually for each installed applet, and when a plurality of applets exist, they may be performed in parallel through different channels. That is, the unique key and information storage process for the first applet through the first channel and the unique key and information storage process for the second applet through the second channel may be performed in parallel.

Through the process as described above, the unique key and user-related information for the applet mounted on the identification card 10 is stored, so that applet issuance is completed and issuance to the identification card 10 is finally completed. Therefore, the identification card 10 can perform a function as a corresponding card.

Through such a card issuing process, an actual online transaction is performed only when a card issuing device receives a key through a management server. Therefore, since the number of online transactions is performed significantly less than the conventional method of issuing a card, it is possible to reduce the load caused by performing online transactions and to further reduce the risk of information breach caused by online transactions. .

In addition, since a module for issuing a card is conventionally installed in a separate terminal to perform card issuance, at least two terminals including a terminal for processing an identification card for card issuance and a terminal for processing a module for key issuance are provided. Was required. However, according to an embodiment of the present invention, the module for issuing a key is installed and operated in the issued identification card, so that the identification card can be easily issued using one terminal.

Next, as described above, after the issuance of the identification card is completed, the process of updating the information stored in the applet of the identification card will be described.

6 is a flowchart illustrating an information update process for an identification card according to an embodiment of the present invention.

When the update processing unit 26 of the card issuing device 20 wants to update information about a predetermined applet of the identification card 10 (for example, to add an account number to an applet functioning as a cash card). The applet PIN, which is a password for obtaining an applet use, that is, a use right for the key distribution module 12, is provided from the management server 40. To this end, the update processing unit 26 of the card issuing device 20 generates a transaction request message including the identification number for the key distribution module 12 and the user's information (resident number, etc.) and transmits it to the management server 40. (S500).

The management server 40 performs real name verification on the user information included in the transaction request message, generates an applet having a corresponding identification number, that is, a PIN for the key distribution module, and includes the transaction response message in the transaction response message 26. To transmit (S510, S520).

The update processing unit 26 receives and processes a transaction response message including the PIN from the management server 40 (for example, a process of decrypting an encrypted PIN) to obtain a PIN (S530), and then obtains the obtained PIN. Based on the information update process.

Thereafter, the PIN verification is performed (S540), specifically, the card issuing device 20 provides the PIN obtained from the full text to the key distribution module 12, and the PIN received from the key distribution module 12 and the stored PIN. The determination result of whether the match is provided to the card issuing device 20. When the PIN verification is completed, a communication path is formed between the key distribution module 12 of the identification card 10 and the applet 13 through the card issuing device 20, and the subsequent process is performed.

The card issuing device 20 then provides the information to be updated to the corresponding applet of the identification card 10 to be stored. The process of storing the information to be updated in the applet can be performed by the following two methods.

In response to a request from the update processing unit 26 of the card issuing device 20, the key distribution module 12 of the identification card 10 generates an authentication value and provides the authentication value to the applet 13 (S550). On the basis of whether or not the provided authentication value and the authentication value generated by the self matching is allowed (S560). Upon receiving the information update permission result from the applet 13, the card issuing device 20 provides the data to be updated to the applet 13, and the applet 13 updates the information stored therein based on the provided data. (S570).

In contrast, when the card issuing device 20 provides the data to be updated to the key distribution module 12, the key distribution module 12 supplies the authentication value and the data to the applet 13 through the card issuing device 20. to provide. If the provided authentication value and the generated authentication value coincide with each other, the applet 13 updates the stored information based on the data provided together with the corresponding authentication value.

Through this process, the information of the applet stored in the identification card 10 can be easily updated through the key distribution module 12 stored in the identification card 10. For example, an account number can be easily added to an applet that functions as a cash card.

The embodiments of the present invention described above are not implemented only through the apparatus and the method, and the program or the computer on which the program is recorded can execute a method corresponding to the method and the configuration of the apparatus according to the embodiment of the present invention. It can also be implemented through a recording medium that can be read, such an implementation can be easily implemented by those skilled in the art from the description of the embodiments described above.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

Claims (13)

How to issue an identification card
Initializing the identification card;
Loading a key distribution module and at least one applet associated with the identification card into the initialized identification card;
Obtaining, by the key distribution module of the identification card, a key for the applet; And
Providing the obtained key to the applet and providing the identification card related information to the applet.
Card issuing method comprising a. The method of claim 1, wherein
Acquiring the key
Transmitting, by the card issuing device, to which the identification card is connected, an issuing request message for requesting key issuance to a management server through a network;
Receiving, by the card issuing device, an issuing response message including a key for the applet and a password for using the applet from the management server; And
The card issuing device providing the key and password to a key distribution module of the identification card
Including, card issuing method. The method according to claim 2, wherein
The steps provided to the applet
The card issuing device verifying a password provided to the key distribution module to form a communication path between the key distribution module and the applet; And
Providing a key stored in the key distribution module to the applet through the communication path
Including, the card issuing method. The method of claim 1, wherein
Updating the information stored in the applet. The method of claim 4
The updating step
Generating, by the key distribution module, an authentication value for updating information;
The applet performing authentication on the authentication value;
Updating the stored information based on the information provided by the applet when the authentication is performed.
Including, card issuing method. The method of claim 5, wherein
Updating the stored information based on the provided information
And the applet receives the information along with the authentication value, and updates the stored information based on the received information when the authentication is performed on the authentication value. The method of claim 5, wherein
Updating the stored information based on the provided information
Providing information to the applet to be updated by the card issuing value when the authentication value is authenticated by the applet; And
Updating the stored information based on the information provided by the applet
Card issuing method comprising a. On the device that issues the identification card
A card interface unit for performing an interface with the identification card;
A card initialization unit for initializing the identification card by driving the operation module of the identification card;
A loading processor configured to load at least one applet associated with the identification card and a key distribution module for issuing applets into the initialized identification card; And
Issuing processing unit for communicating with a management server through a network to obtain a key for the applet and a password for using the applet, and to provide the obtained key and password to the key distribution module of the identification card.
Card issuing device comprising a. The method of claim 8, wherein
A verification processing unit for verifying a password provided to the key distribution module to obtain an access right to the key distribution module
Card issuing device further comprising. The method of claim 9
And a key provided from the key distribution module of the identification card is provided to the applet through the issuing processing unit, and the issuing processing unit provides identification card related information to the applet. An operation module for initializing the identification card and performing authentication for mounting the applet;
At least one applet for performing the function of the identification card; And
A key distribution module for distributing keys for use to the applet
/ RTI >
And the key distribution module receives the key of the applet from a card issuing device and provides the key to the applet. The method of claim 11, wherein
And the key distribution module and applet are loaded into the identification card after the identification card is initialized. The method of claim 11,
The key distribution module
Verifying a password provided from the card issuing device and a password that is stored in itself, and providing the applet's key to the applet through the card issuing device if the two passwords match.








KR1020110047977A 2011-05-20 2011-05-20 Identification card, apparatus and method for issuing card KR20120129617A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110047977A KR20120129617A (en) 2011-05-20 2011-05-20 Identification card, apparatus and method for issuing card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110047977A KR20120129617A (en) 2011-05-20 2011-05-20 Identification card, apparatus and method for issuing card

Publications (1)

Publication Number Publication Date
KR20120129617A true KR20120129617A (en) 2012-11-28

Family

ID=47514088

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110047977A KR20120129617A (en) 2011-05-20 2011-05-20 Identification card, apparatus and method for issuing card

Country Status (1)

Country Link
KR (1) KR20120129617A (en)

Similar Documents

Publication Publication Date Title
US11218480B2 (en) Authenticator centralization and protection based on authenticator type and authentication policy
US11223948B2 (en) Anonymous authentication and remote wireless token access
US8863308B2 (en) System and methods for providing identity attribute validation in accordance with an attribute disclosure profile
US10586229B2 (en) Anytime validation tokens
TWI497336B (en) Data security devices and computer program
JP2018516505A (en) Authentication in the ubiquitous environment
US20160155123A1 (en) System and method for user authentication by using a physical financial card and mobile communication terminal
TW200539644A (en) A method, a hardware token, a computer and a program for authentication
KR20120108599A (en) Credit card payment service using online credit card payment device
JP6691582B2 (en) User authentication method and authentication management method
CN113595714A (en) Contactless card with multiple rotating security keys
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
KR102348823B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
KR20110122432A (en) Authentication system and method using smart card web server
TWI596547B (en) Card application service anti-counterfeiting writing system and method based on multi-card combination
KR101480034B1 (en) Method for providing financial service using qr security code
CN106355404B (en) Debit credit transaction system and method with security vulnerability protection mechanism
KR20140063256A (en) Payment method and system
KR20110005612A (en) System and method for managing otp using biometric, otp device and recording medium
KR20120129617A (en) Identification card, apparatus and method for issuing card
JP6009521B2 (en) User identification system, method and program
KR101619282B1 (en) Cloud system for manging combined password and control method thereof
KR102652497B1 (en) Did authentication method using smart card and smart card device
JP5386860B2 (en) Payment system, payment processing apparatus, validity verification apparatus, validity verification request processing program, validity verification processing program, and validity verification method
KR20230058574A (en) Method and system for authenticating for on-line financial transaction

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application