KR20140098872A - security system and method using trusted service manager and biometric for web service of mobile nfc device - Google Patents

Abstract

The present invention relates to a security system and a method using a trusted service manager (TSM) and biometric for web service of a mobile NFC device. A security system using a TSM and biometric for web service of a mobile NFC device according to one embodiment of the present invention includes a mobile NFC terminal which includes a chip with an NFC function and a secure element; a mobile network operator (MNO); and a TSM.

Description

TECHNICAL FIELD [0001] The present invention relates to a security system and a security system based on biometrics and TSM for a mobile NFC terminal web service,

The present invention relates to a system and method for managing the security of a trusted mobile terminal environment and a trusted web service process using biometrics and a trusted service manager (TSM) for a mobile NFC terminal web service

As smart devices evolve as a means of providing various functions such as payment and discount coupons, the market for mobile NFC service, which is a fusion of communication and finance, is expected to grow rapidly.

Especially, as the mobile NFC payment service market is expected to be activated, the mobile NFC payment service has received wide attention both domestically and internationally.

However, there is still little security-related technology that can lead to this.

As mobile NFC settlement services become active, not only financial companies but also related companies are increasingly interested in security because of the possibility that financial information other than customer information may be expanded and managed. Therefore, related organizations such as NFC Forum and GSMA emphasized the importance of security by presenting role, function, and security requirements of each component constituting mobile NFC payment service.

Generally, a mobile NFC payment service refers to a method in which a payment application and issuance information are stored in a mobile IC chip, and a service customer makes payment online or offline using a mobile in which a payment application is installed

The threat section that can occur in the mobile NFC settlement service can be classified into communication and terminal (including chip) as follows.

1) Telecommunication threat

When using the mobile terminal NFC settlement service offline, RF communication is performed between the devices. The management of transaction information securely through RF communication between devices and the availability of services are becoming important security problems. The threats that can occur in RF communication are eavesdropping and tampering. Depending on the attacker's ability to eavesdrop an RF signal transmitted between devices or the way the device operates, the attacker's probability of successful eavesdropping increases, and an attacker can modulate some or all of the signal depending on the encoding method of the signal. In addition, there may be a threat of frequency disturbance or meson attack that may occur in the communication between mobile NFC devices, but if an incorrect frequency detection function is used in a mobile NFC device, the attack can be prevented. In addition, mobile NFC payment service uses Wi-Fi and 3G communication, and Wi-Fi is expected to increase attacks using wireless APs (Access Points). Most private wireless APs operate in a relatively weak security environment, often with no AP password, factory defaults, or weak encryption algorithms (WEP). These vulnerable wireless APs can cause hacking, distributed denial of service (DDoS) attacks, attacks on clients connected to wireless APs, and malicious code infections.

2) threats on terminals

It is expected that security threats in mobile terminal NFC service will exist in a form similar to the security threats that can occur in existing mobile terminal based services.

Mobile terminal-based security threats can expose, modify, and route key input information by spreading malicious code, phishing attacks, application and platform tampering, which is a threat that can occur in mobile NFC devices. For example, when a Worm-URL is written to an NFC tag using a URL spoofing attack and the Worm-URL is loaded when an NFC device reads an NFC tag, the device may be threatened by the attacker moving to the desired path.

There are also subchannel attacks on chips with security elements. In the case of subchannel attacks, when the cryptographic algorithm is implemented in a low power device such as an IC card, information of leakage time, power consumption, electromagnetic wave, etc. can be used to find the main secret information used in the implemented cryptographic algorithm.

In order for a user to access service information from a mobile device, it is necessary to think about account data every time when accessing several different web services, and it is troublesome to input login and password information. Although the equipment can remember these credentials, the device is likely to be lost or stolen, and misbehaving may cause another problem.

Disclosure of Invention Technical Problem [8] Accordingly, the present invention has been made to solve the above problems, and it is an object of the present invention to provide a system and method for managing security of a trusted mobile NFC terminal web service process by acting together with a biometric technology and a trusted service manager .

The above-described technical problem is achieved by the characteristic aspects of the present invention described later. The biometric authentication and TSM-centric security system for a trusted mobile NFC web service according to the present invention includes a network operator, a service provider, a terminal manufacturer, and a trusted service manager.

According to this aspect of the present invention, a major stakeholder refers to a business that has a profit relationship with performing a service, and a stakeholder can be a mainstay to configure a mobile NFC terminal web service.

According to a further aspect of the present invention, the mobile NFC terminal includes a Secure Element that is closely related to the TSM.

According to this aspect of the present invention, since the service issued by the TSM is important information related to the personal information, it must be stored only in the Secure Element in the mobile terminal, and the non-hackable Embedded SE, Secure Memory Card, USIM Identity Module).

According to a further aspect of the present invention, a mobile terminal establishes a packet connection through a RAN (Remote Area Network) of a mobile communication company (MNO), and the packet connection includes an over-the-air (OTA) Communication and TSM Agent application methods.

According to this aspect of the present invention, Bearer Independent Protocol (BIP), Short Messaging Service-Point-to-Point (SMS-PP) and OTA Proxy (HTTPS) The UICC (Universal Integrated Circuit Card) of the terminal can be used as an agent of the TSM to the operator.

In accordance with a further aspect of the present invention, once a packet connection is established, a Personalization Service Agent Secure Application program (e.g., an electronic wallet) running on the mobile terminal may be used by an OSI layer using a certificate issued by a Certificate Authority (CA) 4 TSM personalization server establishes TLS (Secure Socket Layer) / SSL (Secure Socket Layer) communication network sessions, and secure transmission of account data transmitted from the service provider to TSM is based on TLS / SSL standard public key infrastructure (PKI) and methods for encryption.

In accordance with this aspect of the present invention, TLS / SSL is used for mutual authentication, confidentiality and data integrity functions

1) Mutual authentication: mutual authentication between client and server (RSA, DSS, X.509)

2) Confidentiality: Data encryption through symmetric key encryption algorithm (DES, 3DES, RC4, etc.)

3) Data Integrity: Confirmation of Data Modulation by MAC Method (HMAC-md5, HMAC-SHA1)

Can be used.

According to a further aspect of the present invention, there is provided a method for authenticating a client authenticating at least a multifactor authentication technique (UICC, OTP, biometrics, etc.) , And a method of performing authentication using LDAP.

According to this aspect of the present invention, in the client authentication, in order to further secure the public key based encryption method, the signature method, and the key exchange method, it is possible to discard or reissue Re-release biometric information, or may be used with the UICC or OTP as the SE 110.

According to a further aspect of the present invention, when this packet connection is connected, the TSM (3000 has another secure connection to the SE of the mobile terminal using the Global Platform's Secure Channel Protocol running in the OSI (Open Systems Interconnection) 7 application layer .

According to this aspect of the invention, the use of security of the application layer enhances multiple protection levels. When the last connection is connected, at least one logical layer of encryption can be used protected by the service provider's keys.

As described above, according to the present invention, a mobile terminal stores important information only in a secure element in a terminal, 2) an over-the-air (OTA) channel management communication with a mobile terminal and a mobile communication company (MNO) 3) Once a packet connection is established, the personalization service agent Secure Application program (eg, electronic wallet) running on the mobile terminal sends a certificate issued by the certificate authority CA (Certificate Authority) Establish a Transport Layer Security (TLS) / Secure Socket Layer (SSL) communication network session with the TSM personalization server at the OSI Layer 4 used 4) Secure secure transmission of account data from the service provider to TSM is based on the TLS / SSL standard (UICC, OTP, biometrics, etc.) instead of existing Strict passwords for mutual authentication. Authentication is performed using the applied client authentication and embedded database, directory server, RADIUS, AD (Active Directory) and LDAP inside the equipment. 6) When this packet connection is connected, By performing another secure connection to the SE of the mobile terminal using the Secure Channel Protocol, the confidentiality, integrity, mutual authentication and availability of the data can be verified.

In addition, for example, in the case of a settlement service using a mobile phone, a service of a mobile communication provider and a financial service company are combined, and a customer using the mobile phone service can stop transaction, data recovery Related complaints may arise and confusion about the treatment of complaints may occur. Using a trusted system environment and Trusted Service Managers (TSMs) to solve technical or business conflicts that may arise between different carriers for service activation, consumers can achieve maximum benefits from a broad service ecosystem. Service providers can simplify the complexity of the mobile environment.

FIG. 1 is a block diagram of a TSM security system in which encryption of the OSI 3 layer is enhanced according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a method of providing a Secure Element, which is a storage place of personal information related to a service issued by the TSM according to an embodiment of the present invention.
3 is a flowchart of a method for performing RSA key exchange in TLS / SSL according to an embodiment of the present invention.
4 is a flow diagram of a method for generating a re-issueable biometric reference (RBR) based on a bearer identification information recorder (PIR) and a remote bearer identification information comparator (PIC) in accordance with an embodiment of the present invention.
5 is a flow diagram of a method for generating a reissueable biometric reference (RBR) based on an anonymous identification encoder (PIE) and an anonymous personal identification authenticator (PIV) in accordance with an embodiment of the present invention.
6 is a flowchart of a method of generating a digital key from biometric information according to an embodiment of the present invention.
7 is a flowchart illustrating an authentication method using a digital signature combined with biometric information according to an exemplary embodiment of the present invention.
FIG. 8 is a flowchart illustrating a biometric information based message encryption / decryption method according to an embodiment of the present invention.
FIG. 9 is an exemplary diagram of a security domain (SD) as a method for managing multi-services in a Secure Element according to an exemplary embodiment of the present invention.
10 is an exemplary diagram illustrating a key management method of the TSM according to an embodiment of the present invention
11 is a flowchart of a method of implementing initialization of a TSM-centered OTA structure before providing an NFC service to an end-user of a mobile terminal according to an embodiment of the present invention.
12 is a flowchart of a method for providing an NFC service to an end-user of a mobile terminal in a TSM-centric system according to an embodiment of the present invention.

The foregoing and further aspects of the present invention will become more apparent through the following examples. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.

FIG. 1 is a block diagram of a TSM security system in which encryption of the OSI 3 layer is enhanced according to an embodiment of the present invention.

As shown in the figure, the biometric authentication and TSM-centric security system for the trusted mobile NFC web service according to the present invention includes a network operator (MNO) 200, a service provider 400, a mobile handset 100, , And trusted service manager (TSM) 300.

The mobile terminal stores only important information in the secure element 110 of the terminal and the Over-the-Mobile handset 100 and the MNO 200, 3) once a packet connection is established, a personalized service agent Secure Application program (e.g., an electronic wallet) running on the mobile terminal 100 may be used to establish a packet connection with the channel management communication and the TSM Agent application; Establishes a TLS (Transport Layer Security) / SSL (Secure Socket Layer) communication network session with the TSM 300 personalization server of the OSI layer 4 using the certificate issued by the certificate authority CA 4) (PKI) and encryption based on the TLS / SSL standard. 5) At least multifactor authentication technology (UICC) is used instead of the existing strict password for mutual authentication. , OTP, biometrics, etc.), authentication is performed using internal database, directory server, RADIUS, AD (Active Directory) and LDAP inside the device. 6) When this packet connection is connected, (SE 110) of the mobile terminal 100 using the Secure Channel Protocol of the Global Platform running in the layer.

Hereinafter, each configuration of the biometric authentication and TSM-based security system for the mobile NFC terminal 100 web service according to the present invention will be described in detail.

1. The mobile terminal establishes a packet connection through a radio access network (RAN) of a mobile communication company (MNO)

These OTA communications are encrypted at OSI layer 1 based on protocols established by CDMA and GSM.

The security of the OTA communication is controlled by the MNO 200 because it manages the keys used to encrypt the data traffic. Data encryption on the wireless communication network ensures privacy information and confidentiality for data traffic between the MNO 200 and the mobile terminal 100. The OTA cryptographic layer adds another firewall against potential intrusion of account data due to the wireless network.

Over-the-air (OTA) channel management can be used in three forms.

1) Bearer Independent Protocol Bearer Independent Protocol (BIP) can be used with the Card Application Toolkit Transport Protocol (CAT_TP). The BIP configures the end-to-end data channel by allowing the data channel to be opened between the TSM and (U) SIM card from the mobile device. In contrast to SMS where one SMS has a size of 140 bytes, the data package of the BIP contains 1472 bytes. BIP can use UE GPRS connection for high speed access. BIP can be standardized as ETSI TS 102 124 to 3GPP TS 31.111, CAT TP.

2) SMS-PP (short messaging service-point-to-point) sends a message to SMS to be sent to TSM by Secure Element.

3) OTA Proxy installs TSM Agent application as role of OTA Proxy on mobile device, then OTA Proxy mediates between TSM (300) and Secure Element (110). There is a public protocol such as HTTPS between OTA Proxy and TSM, and API is mainly used between OTA Proxy and Secure Element.

The main channel used in the above three channels is the OTA Proxy. BIP and SMS-PP can be used only in USIM, SMS-PP is too short to issue a service, and BIP has few mobile terminals 100 to support. In the case of platform providers, it is advantageous to use OTA Proxy.

2. Once the packet connection is established, the Personalization Service Agent Secure Application program (e.g., electronic wallet) running on the mobile terminal 100 is transferred to the TSM of the OSI layer 4 using the certificate issued by the Certificate Authority CA 300) establishes a TLS (Transport Layer Security) network session with the personalization server.

Key features of TLS / SSL include:

1) Identity verification: Because the SSL server certificate is issued after a visit to the company, customers can check the server certificate to verify that the company's website is actually there and owned by the company. This allows customers to enter their personal information with confidence.

2) Confidentiality of message: SSL encrypts information (such as credit card number) exchanged with the company's web server and the customer with a single session key. In order to securely transmit one Session key to the customer, it is encrypted with the company's public key. One Session key is used only once. One key is used for each customer in each session. Therefore, an unauthorized third party can not intercept the information during the transmission.

3) Integrity of the message: When the message is transmitted, the recipient and the sender's computer generate the encryption method according to the contents of the message. If any single character is modified during transmission, the receiving computer generates a different encryption method and a warning message is sent to the recipient. The integrity of the message indicates that the messages sent by the two parties to each other are delivered.

3. Secure secure transmission of accounting data transmitted from service provider 410 to TSM 300 performs public key infrastructure (PKI) and encryption based on TLS / SSL standards.

TSM (300) stores account information in an encrypted database. When the mobile terminal 100 requires personalization, three separate layers of encryption are established with the packet data connection

4. In order to provide secure personal information protection service based on characteristics of NFC technology and application service, elliptic curve public key based encryption method, signature method and key exchange are very important. Therefore, biosensing information that can be reissued is applied so that it can be leaked to support the confidentiality, integrity, availability, and re-issuance of data, or discarded or reissued if it is no longer needed by the user Perform multifactor client authentication.

To protect the biometric template, we used a method based on the Biometric Cryptosystem rather than a feature transformation.

In the Biometric Cryptosystem, after generating the encryption key directly from the bio information (Key Generation), the encryption key is interwoven with the bio information and stored, and if necessary, it can be extracted again using the bio information Key Binding method was used.

As a method to be used for an unordered feature value set such as a minuite feature point of a fingerprint, information requiring protection such as a user ID and an encryption key is stored in the form of a polynomial using bio information. For example, you can create a polynomial by replacing the coefficients of the polynomial with the ID values you want to hide. After this, we obtain the function value by substituting the feature values into this polynomial. In order to prevent this leakage, we store the chaff points together and take protection measures. The decoding process extracts the feature value information of the user, compares the feature value information with the stored polynomial values, removes the Chaff points, reconstructs polynomials with the remaining values, and obtains the coefficients, thereby extracting the originally hidden ID values . CRC (Cyclic Redundancy Check), which is an error correcting code, is used so that a polynomial can be extracted stably considering variations in bio information obtained each time due to the nature of bio information. This method is advantageous in that it can be safely transmitted and stored using biometric information without ID leakage for individual identification.

The most important aspect of the above-mentioned key generation method is to generate the key used in the cryptosystem directly from the bio information. However, the most important property required for the key used in the encryption system is the key stability and entropy of the key. Here, the stability of the key is that the desired key value can be automatically generated repeatedly from the bio information, and the entropy of the key is interested in how many keys can be generated. However, due to the nature of the bio information, there is a characteristic that the bio information value is changed every time it is acquired, so that it is difficult to ensure the stability of the key and the number of keys that can be generated from the bio information also has a limitation. Also, from the viewpoint of bio information protection, the key generation method is not a method for protecting biometric information, but it can be considered that biometric information is used as a technique for securely managing keys in a cryptographic system application.

The requested biometric information should be combined with the individual identification information for the operation of the biometric authentication system. Generally, a data storage system includes biometric information and personally identifiable information registered in the same repository or logically or physically separate storage space. This is because biometric data combined with these two pieces of information must be protected in terms of security and privacy for the biometric subject.

Sharing the common identifier CI is against the purpose of separating personally identifiable information and biometric information. Therefore, the two separate DBs must be managed by separate administrators with different encryption keys.

If a DB is infringed and its contents are illegally changed, the operators of both DBs must be able to detect it. Similarly, while using a DB, if a legitimate DB operator with a legitimate key changes its contents, the other DB must be able to detect the change. In such a case, more rigid coupling is required.

No confidentiality or integrity is provided if unprocessed personally identifiable or biometric information is stored. If encrypted personal or biometric information is stored, confidentiality is provided and some integrity is provided. If personally identifiable information or biometric information is protected by a signature or MAC algorithm, integrity is provided. Also, if personally identifiable information or biometric information is protected by an authenticated encryption algorithm, both confidentiality and integrity are provided.

ISO / IEC 19785 specifies the Common Biometric Exchange Format Framework (CBEFF) to facilitate the interoperability of biometric-based applications and systems by defining a standard structure for BIR (Biometric Information Record). BIR has an optional security block for the integrity and encryption of biometric data. Therefore, the security of the biometric information itself can be achieved by following ISO / IEC 19785-4 [29].

The public key information is registered in the CA using the PKI method.

At the same time, private key information is also stored.

And stored in a hidden form in the biotemplate. The biotemplate stores minutiae information and the like. In this case, when the stored minutia information is exposed, the privacy information of the individual is leaked. Therefore, the security aspect should be considered in the digital key generation process.

Digital signature technology is a commonly used application because it provides integrity, authentication, privacy and non-repudiation functions. And performs digital signature on message m using the generated / extracted key. The signed message is delivered to the recipient. The recipient receives the public key information recorded in the CA and performs a verification process on the signature message. If the verification is correct, the integrity of the transmitted message can be verified, and authentication of the sender and non-repudiation blocking function can be confirmed. In this way, the digital signature technique can be used in conjunction with the biometric information.

The secret information related to the private key generated from the biometric information is stored in a secure form such as a Remote Authentication Dial-in User Service (RADIUS), an Active Directory (AD), or a Lightweight Directory Access Protocol (LDAP) .

5. When this packet connection is connected, the TSM initiates another secure connection to the security element (SE) 110 of the mobile terminal 100 using the Global Platform's Secure Channel Protocol running in the OSI 7 application layer.

The final layer of encryption is protected by keys belonging to the service provider. The use of OSI 7 application layer security enhances multiple protection levels. When the last connection is connected, at least one logical layer of encryption is protected by the service provider's keys and always protects data between the TSM's most intercommunication processes and the SE 110 in the mobile device. The second layer of encryption is mostly data protection. While data is passed through the OTA, the data is protected by three layers of encryption.

2 is a diagram illustrating a method of providing a Secure Element 110, which is a storage place of personal information related to a service issued by the TSM 300 according to an embodiment of the present invention.

As shown, the location of the SE (Secure Element) 110 may vary depending on the provider, the Secure Element 110 may be used in the form of a UICC (Universal Integrated Circuit Card), and the Personalization Service Secure Application may be embedded in the UICC When used together, it provides the following advantages.

1) User mobility in using Secure Application

2) Improved user control of credentials due to the fact that critical information is now on-card rather than in the cloud (improved security protection)

3) Reduced the need to use Generic Bootstrap Architecture (GBA), which causes a significantly lower load on network resources

4) Authentication traffic is limited to the public Internet between network entities without requiring over the air (OTA)

5) can be used as an agent of the TSM 300 for the MNO 200 to locally maintain the authentication traffic and to prevent burden on the carrier network.

Item Embedded SE (111) Secure Digital
Memory Card (112) USIM 113 Secure Element
Provider Mobile device manufacturers, platform providers Financial service providers are also available Mobile carrier OTA channel OTA Proxy only OTA Proxy only OTA Proxy / BIP / SMS-PP Disadvantages As an integral part of mobile equipment, when replacing mobile equipment
Continuous use difficulty Difficult to manage relationships with mobile devices because it is easy to attach and detach Service model dependent on mobile service provider Advantages The platform provider can be the center of business Financial service providers can easily issue their Secure Element Ability to use functions provided by existing mobile operators

* Secure Application: Personalized Service Agent Secure Application Program

  (For example, an electronic purse)

* UICC is a wide variety of mobile phones, such as SIM, wallet, and EMV supplied by MNO

  application includes USIM (Universial SIM) 113 if it uses a Universal Mobile Telecommunications System (UTMS) network instead of a Global System for Mobile communications (GSM) network.

Up to now, each configuration of the biometric authentication for the mobile NFC terminal 100 web service and the security system based on the TSM 300 has been described in detail. Hereinafter, a method of performing multifactor client authentication by applying re-issueable biometric information and a public key based encryption method, a signature method, and a key exchange method in a TSM (300) based security system will be described in detail.

3 is a diagram illustrating an example of a connection between a mobile terminal 100 and a TSM (Frontend 310 / Backend 320) based on TLS / SSL in a mobile communication company (MNO) 200 according to an embodiment of the present invention. a flowchart of a method for performing an RSA key exchange for a biometric handshake.

1) Client Hello: Notifying the server (Frontend) 310 (encryption method, key exchange method, signature method, compression method)

2) Biometric Client Hello: Notifying the server (Backend) 320 that can be supported (encryption method, key exchange method, signature method, compression method)

3) (Frontend) (310) Server Hello: Reply {encryption method, key exchange method, signature method, compression method} that can be supported. At this time, a step of allocating a new Session ID

4) (Frontend) 310 Server Certificate (optional): A step of sending a public certificate stored with RSA encryption public key of server 310

5) (Frontend) (310) Server Key Exchange (optional): sending additional key values

6) Certificate Request (optional): transmitting when requesting the user mobile terminal 100 certificate

7) Biometric (Backend) Server (320) Hello: Reply {encryption method, key exchange method, signature method, compression method} At this time, a step of allocating a new Session ID

8) (Frontend) Server 310 Hello Done: Notifying that the Hello procedure of the server (Frontend) 310 is completed

9) Client Certificate (optional): a step of responding to a Certificate Request message from the server (Frontend) 310

10) Client Key Exchange: In case of RSA key exchange method,

11) Certificate Verify (optional): The signature value signed with the private key for signature is transmitted. The server (Frontend) 310 receiving the message confirms with the public key for signing the client specified in the Client Certificate message

12) (Frontend) Server (310) Change Cipher Spec: a step informing that {encryption method, key exchange method, signature method, compression method} determined by the negotiation so far will be applied from now on

13) Frontend Server 310 Finished: a message step for storing a verification value generated by applying {encryption scheme, key exchange scheme, signature scheme, compression scheme} to all messages transmitted in the negotiation process;

14) (Client) Change Cipher Spec: (Frontend) server 310;

15) (Client) Finished: Transferred in the same procedure as the (Frontend) server 310

16) Step of transmitting encrypted application layer message (biometric information and personal identification information)

The following algorithm can be used for the main functions of TLS / SSL in the above flow.

1) Mutual authentication: mutual authentication between client and server (RSA, DSS, X.509)

2) Confidentiality: Data encryption through symmetric key encryption algorithm (DES, 3DES, RC4, etc.)

3) Data Integrity: Confirmation of data modulation using MAC technique (HMAC-md5,

   HMAC-SHA1)

Figure 4 illustrates a method for generating a renewable biometric reference (RBR) based on an anonymous identification information recorder (PIR) 532 and a remote bearer identification information comparator (PIC) 521 according to an embodiment of the present invention Fig.

A pseudo identity (PI) 511 is an identifier of a re-issuable individual, which is obtained from the biometric sample and is used as an identifier capable of identifying an individual within a limited service range using the identifier. However, the PI 511 does not contain any information that can restore the original biometric information or the information of the subject. Furthermore, it has no meaning outside the service area, and has the following four states.

- Create a new PI (511) from the biodata during the registration phase

- Perform the verification of the subjects who need identification.

- Set the validity period of PI (511).

- If validity has expired, reissue or discontinue use.

First, feature data for biometric recognition is generated from the biometric sample. The extraction of these feature vectors is in accordance with the standard of ISO / IEC JTC1 / SC37 19785. Next, the pseudo identity encoder (PIE) 502 generates a renewable biometric reference (PI) 511 and an auxiliary data (AD) 512, RBR). Once the RBR is created, the biometric samples and extracted feature values are erased. The additional data referred to here are used for the following purposes.

- can be used within the same application range from one biometric feature

  Thereby enabling a plurality of independent bearer identification information (PI) 511 to be generated.

- An application-independent bearer to prevent cross-comparison and connection of the database

  Thereby enabling identification information (PI) 511 to be generated.

- For subjects with similar biometric characteristics (such as twins)

  It is possible to create an independent bearer identification information (PI) 511 that can eliminate similarity

  .

- Provides means to enable separation of biometric reference data (PI (511) and AD (512)) for increased security and privacy

 - Personalize comparison parameters to optimize personal authentication performance.

   do.

The PI 511 and the AD 512 are stored and stored together or separately. On the other hand, all acquired biometric data is removed. The combination of the PI 511 and the AD 512 becomes a renewable biometric reference (RBR).

The ancillary data AD 512 allows the bearer identification information to be diversified. That is, a plurality of identical bearer identification information can be generated from the same biometric feature. These data elements are called diversification data. The PIE 502 has supplementary data (SD) 503 as an input. The SD 503 is not part of the PI 511 or the AD 512 and can be used for various purposes as follows.

- Enhanced security by knowledge base secrets entered by registrants

- Enhance security by application or system-specific secrets or signatures

- Limit the range of PI-dependent time or place dependent PIs

- Authentication for digital signatures or data

- Identifier of the algorithm used to generate the PI

At this time, even if the SD 503 is given, the created PI 511 and the AD 512 should not disclose any information about the SD 503 itself. When a comparison is made remotely, the subsystem for comparison with the data acquisition and signal processing subsystem is physically separated

Authentication requires the following steps:

 - Feature extraction for processing biometric data

- PIR (Pseudo Identity Recorder) 532 receives a given AD 512 and extracted feature points

  Then, a new PI * (522) is generated using SD or the like.

- Using a pseudo identity comparator (PIC) 521,

  Compares PI 511 with PI * 522 exactly.

If the PI 511 matches the PI * 522, the authentication succeeds. If the SD 503 is given in the registration process, the same SD must also be provided in the authentication step.

5 is a flow diagram of a method for generating a reissueable biometric reference (RBR) based on an anonymous identification encoder (PIE) 502 and an anonymous personal identification authenticator (PIV) 533 according to an embodiment of the present invention .

If the PIC 521 is local, the signal processing and comparator systems are combined into one application or device.

A pseudo identity verifier (PIV) 533 receives the acquired biometric sample and compares it with the stored PI 511 and AD 512 to output the authentication result.

If the SD 503 is given, the PIV 533 requests the same SD 503 data during authentication

Bearer identification information is invalidated for several reasons. For example, PI (511) is reissued only when it is valid for a finite period of time, or when a new issue is necessary due to an error. Moreover, as the years pass, new biometric reference becomes necessary when the biometric information changes, such as a human face. Validity review and invalidation can be controlled by means such as watch lists. Another alternative is that the validity period may be used according to SD 503 presented at the time of PI 511 generation.

In establishing the authentication system, the PI 511 may be discarded by:

- Remove the PI from the database, or remove the privilege to use the PI.

  Following the removal, a newly issued biometric reference is generated by re-registration.

  Depending on the implementation adopted, this process may require a new biometric sample

  There is also an extra RBR.

6 is a flowchart of a method of generating a digital key from biometric information according to an embodiment of the present invention.

1) Certification Authority (CA)

: A trusted entity that issues certificates to end entities and other certificate authorities. The certification authority publishes certificates and CRLs to various entities through repositories.

2) Certificate Revocation List (CRL)

: A list indicating whether the certificate is suspended or revoked.

3) User certificate

: The public key and other information of a user who has been made unauthorized by being encrypted with the certificate authority's private key

4) CA-certificate (CA-certificate)

: The certificate of another CA issued by a CA

5) Certificate policy

: A policy that is a set of rules related to a certificate, such as a certificate issuing policy, a purpose of a certificate to be used, and a publicity method, to be used by a specific group in a public key infrastructure.

6) Certification Authority (CA)

: A trusted entity that issues certificates to end entities and other certificate authorities. The certification authority publishes certificates and CRLs to various entities through repositories.

7) Certificate Revocation List (CRL)

: A list indicating whether the certificate is suspended or revoked.

 8) Biochemical Certificate Biometric Certificate Authority (BCA) and Public Key Certificate

CA (Certificate Authority): It is a structure that provides authentication function for user's biometric information. Based on the certificate for biometric information, a key to be used for digital signatures or the like can be generated or applied to the bio-based encryption / decryption process. At this time, a certificate for biometric information is used, which has functions and characteristics similar to those of a conventional public key certificate.

Identification of the user in the digital key generation model from the biometric identification information is performed by comparing the biometric authentication information 540 stored in the BCA and the information input through the acquisition device 531. In this manner, the authentication process is performed in advance, and a key is generated after passing through the identity confirmation process 521 for the user.

If it is determined that the user is the same user, the key generation process 542 is performed. If the authentication process fails, the key generation process is stopped. Together with the inputted biometric information, receives the confidential information 503 from the user and generates a pair of the public key 543 and the private key 546 and 547 using the same. The reason for separately inputting the secret information 503 is to secure the uniqueness of the information disclosed by the BCA while ensuring safety in the process of generating the public key 543 / secret key pair. Also, even if a vulnerability such as leakage of biometrics information is found in the process of performing authentication based on biometrics information, a process of inputting confidential information 503 from a user as a random value in order to increase the safety of the key generation process . The security of the entire key generation structure can be improved by performing such a process.

For the public key 543 / private key 547 pair, a hash algorithm such as MD5 or SHA-1 is used. For example, the following process can be performed.

Procedure 1: Feature point information 511 is extracted from the biometric information created in CBEFF format

Procedure 2: A pair of private key 547 / public key 543 is generated using secret information 503 input from the user using a hash cryptographic algorithm such as MD5 or SHA-1.

The protection structure of the biotemplate 511 that should be provided to secure the generated key is as follows.

- Secret information related to the private key generated from the biometric information is used for the access control function

It should be stored in a secure form in the storage location provided.

- The confidentiality of keys generated from the biometric information can be protected

Safety can be ensured.

- The private key 547 generated from the biometric information as well as the biometric template

Since this information corresponds to the privacy of an individual, only the authorized user can access it.

If the information is leaked, the existing information can be immediately deleted / canceled

. For example, if a pair of public key 543 / private key 547

And apply the fuzzy-bolt technique to securely store / store it.

7 is a flowchart of an authentication method using a digital signature 548 combined with biometric information according to an embodiment of the present invention.

May be associated with the digital signature 548 using biometric identification information,

Techniques can be re-associated with authentication and cipher-based transmission schemes.

The digital signature 548 for the message 600 provides authentication, integrity and non-repudiation of the signed message in the telecommunication system.

8 is a flowchart illustrating a biometric information based message encryption / decryption method according to an embodiment of the present invention.

Cancellation of messages using digital keys based on biometric information

Can be provided. In the bio-based encryption / decryption method, the recipient's public key 543 is received from the CA certificate, and then encrypted (step 560) is performed for the message 600 to be transmitted for secure communication. In the decryption process 562, after performing the bio-based authentication process, a private key is extracted 561 and applied to the received message.

FIG. 9 is an exemplary diagram of a security domain (SD) as a method for managing multi-services in a secure element 110 according to an embodiment of the present invention.

The TSM 300 can install various services in one Secure Element 110 owned by the user.

In other words, just as we have several types of credit cards in our wallets, there are many kinds of services that can be installed within the Secure Element (110). For this, the TSM 300 divides the Secure Element (110) into several rooms as shown above.

These rooms are called Security Domains, and TSM (300) creates multiple rooms to install multiple services. Because rooms exist independently of each other, services installed in one room can never see information of services installed in another room.

Recently, researches on personal financial information management method using Security Domain (SD) have been actively carried out to provide more secure smart card service.

The Security Domain can be seen as the principal responsible for some kind of key management role that must be approached in a secure manner. In other words, the issuer of the card has a master key for issuing the card, and through this master key, the applet can be installed or deleted on the smart card.

Therefore, using this key implies an important role in deciding the purpose of use of the card, so that it needs to be managed separately.

Of course, since they are all applications, the applet is basically an applet on the Java card platform, but in the following description, the Security Domain that the initial card issuer (Issuer) is permanently mounted on the card is called ISD (Issuer Security Domain) (Security Domain) 124 for allowing a service provider providing the service to manage a separate key is called an SSD (Supplementary Security Domain) 124.

During the time required to complete the personalization process of the mobile terminal 100, the TSM 300 needs to protect the user account data. This process can take from 30 seconds to 1 hour, depending on factors such as network coverage or user skill. The bank 400 transmits the account data to the TSM 300 only after the user is ready to process the personalization process on the mobile terminal 1000. If the issuing bank 400 is notified to the TSM 300 If you transfer data, the data is stored until you start personalizing.

The scenario may include inputting a drive code to the mobile terminal 100 that initiated the personalization process.

Depending on the set of characteristics agreed upon between the parties, the TSM 300 has never accessed the account information. This is because the data remains encrypted and encrypted by the encryption key of the bank 400. This scenario may occur if the bank 400 has previously installed an additional secure domain (SSD) on the SE 110 by the MNO 200 or if the TSM 300 has a temporary key known to the bank 400 When the SSD 124 is installed together.

In this case, the bank creates a Security Application Protocol Data Unit (APDU) required to install the permanent SSD 124 with the bank's key, and then personalizes the card through the TSM 300 transit point.

If the bank trusted the TSM 300 directly with the key of the bank 400, the TSM 300 creates the bank 400 designated SSD 124 and personalizes it with the account data provided by the bank 400. In this scenario, once the personalization has been successfully completed, there is no reason for any account data to remain in the TSM 300. In some cases, there is no reason for the TSM 300 to continue to have data other than successful personalization of the mobile terminal 100.

In a conventional method of managing financial information in a smart card, a service provider (e.g., a mobile communication company) 400 allocates an SD area for each financial institution using the ISD 114 provided by a card issuer, The procedure for storing customer information corresponding to the relevant financial institution was performed in the SD.

However, since the information stored in the SD can be deleted and changed only by the Issuer Security Domain (ISD) 114, there is a problem that the service provider 400 has many restrictions in providing various financial services.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a service information management method using a Global Platform (GP) having a multiple SD structure in a UICC of a mobile device.

The Universal Integrated Circuit Card (UICC) authentication model according to an embodiment of the present invention is changed from a conventional ISD-SD structure to a CASD-ISD-TSD-SPSD structure.

The Issuer Security Domain (ISD) 114 is a Security Domain that is initially installed on the card by the Issuer, and a Security Service The domain is referred to as an SSD (Supplementary Security Domain) (124). . The SD compatible with the Global Platform (GP) has an ISD 114 and a plurality of SSDs 124. The SSD 124 may be a TSM Security Domain (TSD) 120 or a Service Provider Security Domain (SPSD) 123.

In addition, each SD may have only one Controlling Authority Security Domain (CASD) 117.

The structure of the CSDA 117 performs key management (330) and application verification functions in the process of loading and installing applets.

The ISD 114 is part of a Secure Element 110 where the MNO 200 can store keys for the following functions.

1) OTA provisioning

2) Card content management

3) Security Domain management

The ISD 114 has privileges for global management, authorized management, and security domain management for the Secure Element 110.

The ISD 114 is created during the manufacturing process and the key for Card content management is securely transmitted from the manufacturer to the MNO. Only ISD 114 is authorized to create SSD 124 and assign privilege management privileges.

The SSD 124 may have its own card manager key loading application. The ISD 114 may assign rights to the SSD 124 designated as the TSD 120 and the SSD 124 specified as the SPSD 123 based on the service area.

The security domain managed by the card issuer is the ISD 114 and the external host can access information corresponding to the first TSD 120 and the Nth TSD 120 managed by the TSM 300 only via the ISD 114 Can be changed or deleted.

At this time, it is preferable that the card issuer and the service provider 400 divide the service area through negotiation and define the TSD 120 corresponding to the service area.

For example, the service area may be classified into a credit card, an electronic money, a royalty, and traffic.

The key corresponding to the TSD 120 is managed by the TSM 300 and the service provider 400 can change or delete the desired SPSD 123 using the key allocated to the TSD 120. [

In addition, to meet the needs of various subscribers. The subscriber identity card is a Java card, which is one of the open platforms, and can develop individual value-added services as respective applets to flexibly provide personalized value-added services according to the needs of the subscriber.

10 is an exemplary diagram of a key management method 330 of the TSM 300 according to an embodiment of the present invention.

The keys to access the Security Domain are all different.

 Proper key management and security is essential to protect the system from attack and fraud.

The key management 330 process securely protects the encryption key 341. One of the basic functions of the TSM 300 is to always secure the key 341.

Keeping keys secure involves ensuring physical and logical security.

Physical security prevents physical access to the key management server (KMS) 330 and associated hardware security module (HSM) 340. Physical security includes the use of physical barriers and alarm systems. Logical security includes processes, procedures, and software used to protect keys. Examples of logical security include password requirements, key entry requirements and procedures, firewall rules, and the use of a proxy system for communication.

Key generation (derivation)

TSM 300 has the capability to generate a key that can generate a key 341 for a Secure Element 110 or a Secure Domain within a Secure Element. To this end, the master key 341 may be shared with a Secure Element or a service provider, and a key derived by a specific rule may be used.

Key exchange

When the Secure Element (110) is initially purchased by the user in the factory initialization state, the TSM (300) exchanges the initialization key with the Secured Key.

Key injection

The TSM (300) creates a Security Domain in the Secure Element and registers the necessary keys.

Key disposal

TSM discards expired keys.

Key storage

TSM manages all of the above keys securely. A device called Hardware Security Module (HSM) (340) is used for this purpose.

Key backup

TSM backs up the keys used in case

11 is a flowchart of a method of implementing initialization of a TSM-centered OTA structure before providing an NFC service to an end-user of a mobile terminal according to an embodiment of the present invention.

SD generation may be performed in the UICC manufacturing process with unknown SD keys by the MNO 200,

The Service ID is an identifier shared between the SP 400 and the TSM 300.

A number of service admission functions performed by the TSM 300 may be performed by the MNO 200.

1. Service Provider provisioning

1) Service Approval request (Applets and Midlets and List of AIDs, Service Name)

2) Verify / generate AIDs, inocuity of applications

3) Store application / commands hash

4) Ack (Applets and Midlets approved by card-issuer)

2. TSM Registration

5) TSM registration request

6) Register TSM

7) Ack (TSM ID)

8) SP connection request (SP ID)

9) SD creation request

10) Reserve SD for SP

11) Ack (SP SD AID)

3. Service provisioning / creation

12) Service Registration

(Approved Applet (s) and Midlet (s) and list of instanciation data)

13) Create Service

14) Ack (Service ID)

12 is a flowchart of a method for providing an NFC service to an end-user of a mobile terminal in a TSM-centric system according to an embodiment of the present invention.

4. End user subscription

1) End-user subcription to NFC service

2) Process subscription

3) Aliasing

5. SD creation (if not created in factory)

4) Service Installation Request (User ID, Service ID)

5) Check if SD already created?

6) SD creation request (User ID, SD AID

7) SD creation

8) Ack (SD temporary keys

9) Update SD keys (SD final keys)

10) Ack

6a. Applet installation (if not pre-installed)

11) Retrieve Applet and ACP file and prepare installation commands

12) Token request (Applet AID, list of commands)

13) Ack (Tokens)

14) End-user authentication and / or authentication might be required prior Applet installation

15) Token verification

7. Applet personalization

16) Get perso data

17) Ack (Perso Data)

18) Perso commands preparation

19) Applet personalization

20) Ack

6b. Midlet installation (if not pre-installed)

21) Retrieve Midlet

22) Push Wap (Midlet URL)

23) User acceptance Request Midlet

24) Retrieve Midlet

25) Signature verification and Midlet installation under a Protection Domain

26) Ack

27) Inform SP that NFC Service is operational

28) Send SMS: Service is operational

29) Inform on installation status

The present invention has been described with reference to the preferred embodiments.

It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

Midlet: The Mobile Information Device Profile (MIDP) is a set of Java APIs that target mobile information devices, such as mobile phones and basic-level palmtop devices. A MIDlet is a MIDP application.

AID: Application Identifier

Claims (13)

A mobile NFC terminal which basically includes a chip having an NFC function and a security element (Secure Elemen), which is obtained bio-identification information such as fingerprint, iris, face and voice,

A mobile communication provider (MNO) that already has a wireless network environment infrastructure for a mobile terminal and provides various web services between a trusted service manager (TSM) and a secure application in the SE,

As an entity that exists as a separate system between the MNO and the TSM Service Portal and can be trusted by both the MNO and the service provider, (TSM)

TSM Service Portal, which provides a variety of TSM service portals and account services, such as Financial Institution,

And a security-based security system based on TSM for a mobile NFC terminal web service.

The mobile NFC terminal of claim 1, wherein:
A bio information photographing module for obtaining a biometric sample

Secure Elements, a storage location for personal information related to services issued by TSM

Secure Application Program with Personalization Service Agent function running in SE

Near Field Communication (NFC) chip that enables non-contact short-range communication

It has a central processing unit (CPU), a graphics processing unit (GPU), a cache memory, an application processor (APP)

A Subscriber Identification Module (SIM) containing personal identification information of wireless communication line subscribers,

A Baseband Processor that enables packet connection through a mobile communication company (MNO) and a radio access network (RAN)

And a security-based security system based on TSM for a mobile NFC terminal web service.

2. The method of claim 1, wherein the mobile communication company (MNO)
Packet connection using TSM Agent application in mobile terminal and over-the-air (OTA) channel management communication

Once a packet connection is established, the TLS (Transport Layer Security) / SSL (Secure) protocol between the Secure Application Program and the TSM Personalization Server at OSI Layer 4 using a certificate issued by a Certificate Authority (CA) Socket layer) Establishing network session

Secure secure transfer of accounting data based on the TLS / SSL standard between the service provider and TSM

And a security-based security system based on TSM for the mobile NFC terminal web service.
2. The method of claim 1, wherein the trusted service manager (TSM)
When a packet connection is established, the TSM provides secure access to the security element (SE) of the mobile terminal using the Global Platform's Secure Channel Protocol running at the OSI 7 application layer

For multi-service management, the creation of multiple security domains (SD)

Key management such as creation, exchange, registration, destruction, storage and backup of keys that can access multiple security domains (SD)

Digital key generation and digital signature authentication via renewable biometric reference (RBR)

And a security-based security system based on TSM for the mobile NFC terminal web service.
A method for providing a location of a storage location of personal information related to a service issued by a TSM through a secure element in a mobile NFC terminal,

The SE step that is provided on the embedded chip that is integrated with the mobile device

SE step provided on detachable SDMC (Secure Digital Memory Card)

A Universal Integrated Circuit Card (UICC) used when a universal mobile telecommunications system (UMTS) network is used, and an SE step provided on a USIM (Universial SIM) supplied integrally with a Subscriber Identity Module (SIM)

A method for providing a location of a storage location of personal information in a mobile NFC terminal
A method for protecting personal account data of a secure application program provided through an MNO in a mobile NFC terminal,

After installing the TSM Personalization Service Agent application using the role of the SE as a Universal Integrated Circuit Card (UICC), the TSM personalization server at the OSI layer 4 using the certificate issued by the certificate authority CA (TLS) Security) / SSL (Secure Socket Layer) establishing a communication session between the TSM and the Secure Element,

On-card (cryptographic personal information using biometrics information) on the user's computer

A method for protecting personal account data of a secure application program in a mobile NFC terminal
A channel management method for protecting over-the-air (OTA) communication controlled by an MNO by managing keys used for encrypting data traffic in a mobile communication company (MNO)

Using the bearer independent protocol BIP (Bearer Independent Protocol) used with the Card Application Toolkit Transport Protocol (CAT_TP) to configure the end-to-end data channel by allowing the data channel to open between the TSM and the (U) SIM card from the mobile terminal Step and

TSM uses the Short Messaging Service-Point-to-Point Protocol (SMS-PP) to send a message to SMS to be sent to the Secure Element

After installing the TSM Agent application as a role of the OTA Proxy in the mobile terminal, the OTA Proxy uses a public protocol such as HTTPS between the TSM and the Secure Element.

A channel management method for protecting over-the-air (OTA) communication in a mobile communication company (MNO)
A method for performing an RSA key exchange for biometric handshake between a mobile terminal (client) and a TSM (server: Frontend / Backend) based on TLS / SSL in a mobile communication company (MNO)

1) Client Hello: Notifying the server (frontend) of the supportable {encryption method, key exchange method, signature method, compression method}
2) Biometric Client Hello: Notifying the server (Backend) of supportable {encryption method, key exchange method, signature method, compression method}
3) (Frontend) Server Hello: Reply {ciphering method, key exchange method, signature method, compression method} that can be supported. At this time, a step of allocating a new Session ID
4) (Frontend) Server Certificate (optional): The public certificate for server-side RSA encryption is sent.
5) (Frontend) Server Key Exchange (optional): sending additional key values and
6) Certificate Request (optional): transmitting when requesting a user mobile terminal certificate
7) Biometric (Backend) Server Hello: Reply {encryption method, key exchange method, signature method, compression method} that can be supported. At this time, a step of allocating a new Session ID
8) (Frontend) Server Hello Done: The step of informing that the Hello procedure of the server (Frontend) is completed
9) Client Certificate (optional): responding to the Certificate Request message from the server (Frontend)
10) Client Key Exchange: In case of RSA key exchange method,
11) Certificate Verify (optional): The signature value signed with the private key for signature is transmitted. The server (Frontend) receiving the message confirms with the public key for signing the client specified in the Client Certificate message
12) (Frontend) (Server) Change Cipher Spec: Step indicating that {encryption method, key exchange method, signature method, compression method} determined by the negotiation so far will be applied from next
13) (Frontend) (Finished) (Server) Finished: A message step containing the verification values generated by applying {encryption scheme, key exchange scheme, signature scheme, compression scheme} to all messages transmitted in the negotiation process
14) (client) Change Cipher Spec: (step)
15) (Clent) Finished: (Frontend) A step transmitted in the same procedure as the server
16) Step of transmitting encrypted application layer message (biometric information and personal identification information)

A method for performing an RSA key exchange for protecting transmission of data on a TLS / SSL basis in a mobile communication company (MNO)
In a method of managing various service information using a Global Platform (GP) in a multi-SD structure in a UICC without relying on a card issuer in a trusted service manager (TSM), SD is a method in which an initial card issuer (Issuer) A step of having a plurality of SSDs (Supplementary Security Domains) which are installed with ISD (Issuer Security Domain) which is loaded first and a service provider which develops an application or provides a service and manages a separate key;

ISD has the authority of a Secure Element that can store keys for Card content management, authorized management, and security domain management.

The steps that an SSD can be a TSM Security Domain (TSD) managed by TSM or a Service Provider Security Domain (SPSD) managed by a service provider

Each SD having a unique Controlling Authority Security Domain (CASD)

CSDA performs Key Management and Application Verification functions during loading and installation of applets

(TSM) using a Global Platform (GP) having a multiple SD structure in a trusted service manager (TSM)
A key management method for securing a key for accessing multiple security domains (SD) in a trusted service manager (TSM), comprising:

TSM has the ability to generate a key that can generate a key for a Secure Element or a Security Domain in a Secure Element. To this end, TSM shares a master key with a Secure Element or a service provider, A step of using a method of deriving

When the Secure Element is initially purchased by the user in the factory initialization state, the TSM exchanges the initialization key with the Secured Key

TSM creates a security domain in the Secure Element and injects the necessary key

TSM is the step of discarding expired keys

TSM manages all of the above keys securely. To this end, the physical access to the key management server (KMS) and the related hardware security module HSM (Hardware Security Module)

TSM will back up the keys used in case

A key management method for safely protecting a key capable of accessing multiple security domains (SD) in a trusted service manager (TSM)
A method for performing multifactor client authentication by applying disposable or re-issuable biometric information to provide a personal information protection service in a trusted service manager (TSM)

First, the step of generating feature data from the biometrics recognition sample for registration

Next, a pseudo identity encoder (PIE) generates a renewable biometric reference (RBR) consisting of bearer identification information (PI) and auxiliary data (AD)

Once the RBR is created, the biometric samples and extracted feature values are erased

The PI and the AD are stored at the same time,

The PIE includes steps of inputting supplementary data (SD)

Generating characteristic data from the biometric sample for authentication and

PIR (Pseudo Identity Recorder) generates a new PI * using the same AD, extracted feature points, and the same SD as the registration process

Comparing the PI with the PI * using a pseudo identity comparator (PIC)

If PI and PI * match, then the multifactor client authentication succeeds and

A method for performing multifactor client authentication by applying biometric information that can be discarded or reissued in a trusted service manager (TSM)
A method for generating a digital key from biometric identification information to provide a personal information protection service in a trusted service manager (TSM)

A step of comparing the biometric authentication information stored in the BCA with the information input through the acquisition device in the form of CBEFF (Common Biometric Exchange Format Framework)

Generating a digital private key / public key pair using confidential information input from a user together with input biometric information using a hash encryption algorithm such as MD5 or SHA-1;

Storing the private key related secret information generated from the biometric information in a secure form at a storage location providing the access control function

A method for generating a digital key from biometric identification information in a trusted service manager (TSM)
In a method for providing NFC service to an end-user of a mobile terminal in a system centered on TSM

1) Service Provider This includes the provisioning step
2) the TSM registration phase and
3) Service provisioning / creation steps and
4) End user subscription step and
5) SD creation (if not created in the manufacturing step)
6) Applet installation (if not already installed)
7) Applet personalization and
8) Midlet installation (if not already installed)

A method for providing an NFC service to an end-user of a mobile terminal in a system centered on TSM

Images