KR20150004260A - Method, Apparatus and System for using an IC card as authentication medium - Google Patents
Method, Apparatus and System for using an IC card as authentication medium Download PDFInfo
- Publication number
- KR20150004260A KR20150004260A KR1020140065285A KR20140065285A KR20150004260A KR 20150004260 A KR20150004260 A KR 20150004260A KR 1020140065285 A KR1020140065285 A KR 1020140065285A KR 20140065285 A KR20140065285 A KR 20140065285A KR 20150004260 A KR20150004260 A KR 20150004260A
- Authority
- KR
- South Korea
- Prior art keywords
- card
- identification information
- authentication
- user
- user terminal
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Abstract
Description
The present invention relates to management and use of an authentication medium, and more specifically, to an apparatus and method for registering and using an IC card as an authentication medium in a user terminal.
In recent years, the spread of IC cards as a secure storage medium for personal information has been actively promoted. IC card technology for public use such as electronic passport and electronic ID card has been developed, and most of the cash cards and credit cards are being converted into IC cards. In addition, IC cards are widely used as physical access control means in places such as companies, government offices, and the like. This is because it is difficult to maliciously delete or change the IC card information issued to the user, and there is a technical advantage that the user information stored in the IC card can be conveniently read. Therefore, users can issue various services (eg, account management / withdrawal, payment, access control, etc.) provided by a specific environment (eg ATM, POS, etc.) prepared by an IC card issuer .
However, the use of an IC card in an open environment such as a user terminal is not yet universal. The latest technology in this field is to use an SE (Secure Element) such as an IC card, a UICC (USIM card), mounted on a mobile phone. Some of the e-wallets that have recently been introduced by many vendors offer mobile payment services using these SEs. However, these latest technologies also have limitations in ensuring diversity of services. The number of IC cards that can be loaded on the user terminal is very limited (for example, 1 to 3), and limiting the applications that can use the IC card for security reasons is also a limiting factor for service expansion.
In addition, an IC card installed in the user terminal basically has an attack (for example, an IC card, an IC card, etc.) that hinders important personal information from being leaked by a terminal hacking or a malicious application, Locking), it is not easy to take countermeasures against various external risks.
SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a device capable of storing authentication information such as a public certificate in an IC card existing separately from a user terminal, And methods.
In order to achieve the above object, there is provided an apparatus for using an IC card as an authentication medium according to an embodiment of the present invention. The apparatus includes an identification information extracting module for extracting identification information from an IC card performing short-range wireless communication with a user terminal; An identification information checking module for checking whether the extracted identification information is identical with identification information of an IC card previously registered as an authentication medium; And a security service module for providing a security service interface for using the security service provided by the identified IC card.
In one embodiment, the identification information extraction module may include a command code for extracting identification information for at least one of a standardized IC card standard and a private IC card standard.
In one embodiment, the identification information extracting module identifies the IC card as a card conforming to an IC card standard usable as an authentication medium, and executes an identification information extracting instruction code corresponding to the identified card standard, thereby identifying Information can be extracted.
In one embodiment, when the request for registering the IC card as an authentication medium is received from the user, the identification information extraction module extracts the extracted identification information from the memory in the user terminal or a security element (Secure Element).
In one embodiment, when the request for registering the IC card as the authentication medium is received from the user, the identification information extraction module transmits the extracted identification information to the card management server so as to be managed by the card management server can do.
In one embodiment, in the case where a request to use the security service of the IC card is received from the user, the identification information confirmation module may transmit the extracted identification information to a memory in the user terminal or a security element coupled to the user terminal in advance It is possible to confirm whether it matches the stored identification information.
In one embodiment, when the request for using the security service of the IC card is received from the user, the identification information confirmation module transmits the extracted identification information to the card management server, It may request to confirm whether or not it matches with the identification information stored in advance in the server.
In one embodiment, the apparatus may further include a user authentication module for, when the user authentication is requested from the IC card, transmitting the user authentication information acquired from the user terminal to the IC card.
In one embodiment, the apparatus may further include a terminal authentication module for transmitting the terminal authentication information generated by the user terminal to the IC card when the user terminal authentication is requested from the IC card.
According to an embodiment of the present invention, an authentication system using an IC card as an authentication medium is provided. A user terminal for extracting identification information from the IC card, registering the IC card as an authentication medium, and using a security service provided by the registered IC card; And a card management server for judging whether the IC card can be registered as an authentication medium of the IC card by using the identification information extracted from the IC card or judging whether the IC card is a card already registered as an authentication medium.
In one embodiment, the user terminal comprises: a short range wireless communication unit performing wireless communication based on the IC card; A memory in which an IC card manager program command for providing an application program command requiring a security service and a security service required by the application program using the IC card registered as an authentication medium is stored; And a processor for executing the application program command and the IC card manager program command stored in the memory, wherein the IC card manager program command comprises: instruction for extracting identification information from the IC card; An instruction for confirming whether the extracted identification information matches the identification information of the IC card previously registered as the authentication medium; And a security service interface for using the security service provided by the identified IC card.
According to an embodiment of the present invention, a method for using an IC card as an authentication medium is provided. The method includes: requesting a user to touch an IC card to be registered as an authentication medium to a user terminal; Checking whether the IC card touched to the user terminal is an IC card standard registerable as an authentication medium; Extracting identification information from the IC card by executing an identification information extracting instruction code corresponding to the identified card standard from the IC card identified as being registerable; And storing the extracted identification information in one of a security element (SE) associated with a memory in the user terminal and the user terminal, or transmitting the stored identification information to a card management server to be stored in the card management server .
In one embodiment, the method may further include transmitting the terminal authentication information of the user terminal to the IC card so as to be stored in the IC card.
In one embodiment, the method further comprises: requesting the user to touch the IC card registered with the authentication medium to the user terminal when the user intends to use the IC card registered as the authentication medium; Extracting identification information from the touched IC card by executing an identification information extracting instruction code corresponding to the registered IC card standard; Checking whether the extracted identification information matches the identification information of the IC card registered as an authentication medium; And using the security service provided by the identified IC card.
In one embodiment, the method further includes transmitting the terminal authentication information of the user terminal to the IC card when authentication for the user terminal is required to use the security service provided by the IC card can do.
In one embodiment, the method may further comprise transmitting the user authentication information of the user to the IC card when authentication for the user is required to use the security service provided by the IC card have.
According to the present invention, a user can register an IC card possessed by himself / herself as a secure authentication medium through a user's own terminal, and securely and conveniently manage and use authentication information such as a public certificate through a registered IC card Provide a method. By allowing the IC card equipped with the user's authorized certificate to be registered and made available through the user terminal without additional hardware, it is possible to use the service at a low cost while providing high security as the existing security token.
In addition, a problem in using an IC card mounted in the user terminal, that is, business constraints, restrictions due to security problems, and the like can be partially solved.
Also, it is possible to limit the security information and the security service provided by the IC card to use only through the registered terminal of the user, and to cope with the danger such as fraudulent use and external attack, and to use the security service such as the electronic signature more safely .
Further, by utilizing the identification information or the like of the registered IC card, it is possible to optimize the procedure required when using the IC card, and to improve the usability of the user.
1 schematically shows an authentication system for using an IC card as an authentication medium according to an embodiment of the present invention.
2 is a diagram illustrating a detailed configuration of an IC card manager installed in a user terminal according to an embodiment of the present invention.
3 is a flowchart illustrating a process of registering an IC card as an authentication medium according to an embodiment of the present invention.
4 is a flowchart illustrating a process of using an IC card registered as an authentication medium according to an embodiment of the present invention.
5 illustrates an example of an IC card registration screen shot according to an embodiment of the present invention.
Figure 6 illustrates an example of a screen shot for digitally signing using an IC card in accordance with an embodiment of the present invention.
FIG. 7 shows an example of a screen shot showing a case where certificate update previously stored in the IC card fails according to an embodiment of the present invention.
While the present invention has been described in connection with certain exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
In addition, the singular phrases used in the present specification and claims should be interpreted generally to mean "one or more " unless otherwise stated.
Also, the terms "module," "part," "interface, " and the like, used in the present specification generally mean computer-related objects and may mean, for example, hardware, software and combinations thereof.
Since most recent user terminals (smart phones, tablets, etc.) basically adopt a near field wireless communication (NFC) function, the present invention can be applied to a case where an IC card equipped with a public certificate, As an authentication medium. To this end, the present invention should solve the following problems.
(1) The user terminal must be able to identify and use the services provided by the IC card and the IC card equipped with the public certificate.
(2) Because IC cards are at risk of being lost, a malicious user should be able to prevent the use of IC cards with certificates of others.
(3) The malicious terminal should be able to block the attack of the IC card with the certificate. An IC card capable of short-range wireless communication can easily be attacked from the outside in an open place where it is easy to contact with an outside person such as a subway even though it is in a user's wallet.
(4) The user should be able to use the authentication service conveniently with minimal operation. Since the user terminal serving as the service medium and the IC card serving as the authentication medium are separated from each other, the IC card is used at the point of time when the service is required, and thus the security is high.
Hereinafter, embodiments of the present invention designed to solve these problems will be described with reference to FIGS. 1 to 7 attached hereto. The present invention will be described in detail with reference to the portions necessary for understanding the operation and operation according to the present invention.
1 schematically shows an authentication system for using an IC card as an authentication medium according to an embodiment of the present invention. As shown, the authentication system may include an
In one embodiment, the
The
The
The
The security
The
In one embodiment, the
The
The
The
In one embodiment, the
2 is a diagram illustrating a detailed configuration of an IC card manager installed in a user terminal according to an embodiment of the present invention.
In one embodiment, the
The identification
In one embodiment, the identification
In one embodiment, the identification
In one embodiment, the identification
In one embodiment, when a request to register the IC card as an authentication medium is received from a user, the identification
The identification
In one embodiment, the pre-stored identification information may be stored in a memory or security element SE in the
In another embodiment, the identification information may be stored in the
The
When user authentication is requested to receive a security service such as an electronic signature from the IC card, the
When terminal authentication is required to extract identification information from an IC card or to provide a security service, the
In one embodiment, the
On the other hand, an authentication module is provided on the IC card side to confirm the authentication information provided by the user terminal, and to provide identification information and / or a security service to only the identified user terminal.
3 is a flowchart illustrating a process of registering an IC card as an authentication medium according to an embodiment of the present invention. Specifically, FIG. 5 illustrates a process of allowing a user to touch an IC card to use as an authentication medium or to receive a security service, and to extract and register identification information of the IC card according to an embodiment of the present invention.
In step S301, the application or the IC card manager requests the user to touch the IC card to be registered as the authentication medium to the user terminal. In one embodiment, the application or the IC card manager can display the IC card type of the standard that can be registered with the user on the terminal screen through the GUI. At this time, the application can perform a procedure for communicating with the IC card to be touched to the user terminal by using the IC card manager in advance. For example, it is possible to minimize the time for communicating with the IC card by preloading the specification module to communicate with the IC card (for example, loading the PKCS # 11 library of the financial IC card security token).
The user touches the IC card to be registered with the user terminal. At this time, the user will place the IC card within a range in which the communication module and the IC card can communicate with each other so that the communication module of the user terminal can recognize the IC card. When the communication module recognizes the IC card, the application can communicate with the IC card.
In step S302, the IC card manager determines whether or not the IC card touched to the user terminal is a card that conforms to an IC card standard (e.g., a traffic card standard, a financial IC card standard, a certificate related standard, an ID card private standard, . In one embodiment, the specification of the IC card can be confirmed by confirming whether an application of a specific standard is loaded on the IC card, which is possible by inquiring a fixed application ID (AID). .
In step S303, if the specification of the IC card touched to the user terminal is not confirmed or the specification of the confirmed IC card is not a registerable standard, the user may be requested to again touch another IC card.
In step S304, the IC card manager extracts the identification information by executing an identification information extracting instruction code corresponding to the confirmed card standard from the IC card identified as being registerable. The format and the type of the identification information can be variously defined according to the standard of the IC card, and the procedure for extracting the identification information can also be different according to the standard. Further, the identification information may be composed of a collection of various information of the IC card. For example, in the case of registering an IC card of a certificate-related standard such as PKCS # 11, at least one of the certificate key ID and the owner name may be used as the identification information
In step S305, the IC card manager stores the extracted identification information in the memory of the user terminal or the terminal SE (e.g., UICC). Alternatively, the extracted identification information may be transmitted to the card management server and managed by the card management server.
In one embodiment, in order to store the extracted identification information in the terminal SE, it may be necessary for the IC card manager to perform procedures for using the SE (e.g., UICC connection, UICC applet selection, etc.) in advance.
In another embodiment, in order to store the extracted identification information in the IC card management server, the IC card manager performs a procedure (for example, server connection, user account selection and authentication, etc.) for using the IC card management server in advance .
In addition, when the extracted identification information is to be stored in the IC card management server, the card management server can restrict the registration of the identification information. The card management server can use the identification information to check whether the IC card is within the range that the IC card needs to manage, or to check whether the card conforms to the security policy. For example, it is possible to identify an issuer of an IC card using the confirmed standard and identification information of the IC card, and to restrict the registration of a card of a specific provider.
Further, when the user information is confirmed by using the identification information of the IC card, the registration of the IC card can be restricted through whether or not the user of the user terminal matches the user of the IC card.
In step S306, it is determined whether to perform authentication of the user terminal in the future communication process between the user terminal and the IC card.
When terminal authentication is to be performed, the terminal authentication information can be registered (stored) in advance in the IC card in step S307. The IC card, which has registered the terminal authentication information, can perform terminal authentication with respect to a user terminal communicating with itself.
For example, the terminal authentication information may be a public key of the user terminal. When the public key of the user terminal is stored in the IC card, the IC card can request a digital signature for arbitrary data from the user terminal communicating later. The user terminal can provide the IC card with information that has been digitally signed using the private key, and the IC card can authenticate the terminal by checking the provided digital signature information using the registered public key.
As another example, the unique identification information of the user terminal can be registered as the terminal authentication information. Since it is not easy to guess and generate unique identification information of a specific user terminal from other user terminals, terminal unique identification information can be used as terminal authentication information in a low-level security service.
In one embodiment, the terminal authentication information is stored and managed in the terminal SE or the card management server and may be transmitted to the IC card. When the terminal authentication information is managed by the terminal SE or the card management server, terminal authentication can be normally performed even when the user terminal is replaced in the future.
4 is a flowchart illustrating a process of using an IC card registered as an authentication medium according to an embodiment of the present invention.
In step S401, the application displays the IC card previously registered with the user in a GUI form, and requests the user to touch the card. For example, if the registered IC card stores the user's authorized certificate and provides the digital signature service, the owner information of the authorized certificate may be displayed. At this time, the owner information is extracted and stored in the registration step of the IC card. Further, the application can perform a procedure for communicating with the IC card to be touched to the user terminal by using the IC card manager in advance. For example, the time for communication with the IC card can be minimized by preloading the standard module to communicate with the IC card (for example, loading the PKCS # 11 library of the financial IC card security token) or receiving the authentication information in advance.
The user touches the pre-registered IC card to the user terminal. At this time, the user will place the IC card within a range where the user terminal and the IC card can communicate with each other so that the user terminal can recognize the IC card. The application can communicate with the IC card.
In step S402, the IC card manager extracts the identification information from the IC card touched by the user by executing the identification information extraction instruction code corresponding to the previously registered IC card standard.
In step S403, the IC card manager checks whether the extracted identification information matches the identification information of the IC card previously registered as the authentication medium. If it is confirmed that the identification information is not the same, the user may be requested to touch another IC card.
In step S404, it is determined whether or not terminal authentication is necessary. In such a case, terminal authentication information may be transmitted to the IC card (S405). At this time, the terminal authentication information generated at the time of registering the IC card may be used as the terminal authentication information, or information associated with or modified from the terminal authentication information may be used.
It is determined whether the terminal authentication of the IC card has succeeded (S407). If the authentication is successful, the process proceeds to the next step (S406). Otherwise, the user can request a touch of another IC card.
In step S406, it is determined whether user authentication is necessary. In such a case, user authentication information may be transmitted to the IC card in step S407. The user authentication information is preferably acquired from the user before the IC card is touched, and PIN, password, bio information, or the like can be used as the user authentication information. The user authentication information is issued, for example, as a credit card, And may be stored in advance at the time of receiving, and may be registered by receiving authentication information from a user in the IC card registration process of the present invention.
FIG. 4 illustrates that user authentication is performed after user terminal authentication. However, in some implementations, user authentication may be performed before terminal authentication, and user authentication and terminal authentication may be performed together. For example, it is possible to provide the IC card with information generated by cryptographically combining the terminal authentication information and the user authentication information, and the IC card can cryptographically confirm the provided information.
Next, if it is determined in step S409 that the user authentication of the IC card is successful, the user can use the security service provided by the IC card. In one embodiment, the security services provided by the IC card may include storing, retrieving, renewing, revoking, digital signing, and the like of an authorized certificate.
Meanwhile, the storage of security information (e.g., a public certificate) necessary for the security service provided by the IC card can be performed through the security service (e.g., security token service) of the IC card in the security service utilization step S409 of the present invention But may be stored in advance in the IC card through the IC card issuer system irrespective of the present invention.
5 illustrates an example of an IC card registration screen shot according to an embodiment of the present invention. Referring to FIG. 5, the application may be mobile bank software. The mobile bank software may request the user to register a 'touch sign' card (an IC card supporting the certificate-related IC card specification in accordance with the present invention) for transferring money. When the user touches his / her 'touch sign' card to the user terminal, the identification information extracted from the 'touch sign' card and the standard supported by the 'touch sign' card can be confirmed.
In this case, the extracted identification information is used to output a portion requiring confirmation by the user, and may not be output unless user confirmation is required. In the embodiment shown in FIG. 5A, a part of the identification information is output for the purpose of confirming the owner information of the certificate stored in the IC card.
In addition, the verified card standard also outputs a portion requiring confirmation by the user, and may not be output unless user confirmation is required. FIG. 5 shows a detailed description of the specification in order to explain the present invention. However, the application may notify the user whether or not the card is a card that can be registered by judging through the support standard of the IC card and the provided data.
When the user clicks the registration button on the registerable IC card, the registration process of the IC card according to the present invention will be performed.
Figure 6 illustrates an example of a screen shot for digitally signing using an IC card in accordance with an embodiment of the present invention. Referring to FIG. 6, the application may be mobile bank software. It is assumed that an IC card for providing a security service (for example, an electronic signature service for transferring money) to the user terminal is already registered. The mobile bank software requests the user authentication information (for example, the certificate password) of the IC card in which the 'Hong Kil-Dong' public certificate is stored to secure the electronic signature data. When the user inputs the user authentication information and clicks the OK button, the mobile bank software requests to touch the previously registered IC card. When the user touches the previously registered IC card, the mobile bank software confirms the identification information of the IC card and can perform the digital signature after performing the user authentication. At this time, if the terminal authentication information is registered in the IC card, the terminal authentication may be performed before the digital signature is performed.
In the above example, requesting the user to input the user authentication information for the 'Hong Kil-Dong' authentication certificate and requesting the user to touch the IC card stored with the authentication certificate has a different aspect from the use of the general authentication certificate. The general certificate-related software obtains the authorized certificate data from the terminal repository or the security token, extracts the owner information from the acquired data and outputs the extracted information to the screen, and inputs the user authentication information of the authorized certificate selected by the user who verified the output owner information , The process proceeds to a procedure of digital signature after confirming the identity of the user through the inputted user authentication information. On the other hand, in the present invention, the registration process is performed in consideration of the usage characteristic of the IC card (for example, The electronic signature procedure may be slightly changed, for example, by requesting the user to touch the registered IC card after pre-selecting the registered authorized certificate of the IC card and inputting the user authentication information.
FIG. 7 shows an example of a screen shot showing a case where certificate update previously stored in the IC card fails according to an embodiment of the present invention. Referring to FIG. 7, the application may be authorized certificate management software. It is assumed that the IC card on which the authorized certificate is mounted has already been registered in the corresponding user terminal and that the authorized certificate needs to be renewed. The authorized certificate management software obtains the user authentication information and other data for renewal of the authorized certificate, outputs the related contents to the screen, and requests the user to touch the IC card stored with the 'Hong Kil-Dong' certificate of the renewal target. The user touches the IC card, but the certificate management software displays on the screen that the certificate renewal has failed. At this time, there are various reasons why certificate renewal may fail. However, there are two possibilities in the scope of the present invention. One may be a card in which an IC card touched by the user is not registered as shown in the screen of Fig. That is, the certificate management software expects an IC card stored with a public certificate of 'Hong Gil Dong', but a card not associated with an IC card or a public certificate stored with another public certificate is touched. The other is a case where the terminal authentication performed by the IC card fails because another user terminal is used in performing terminal authentication through the terminal authentication information registered at the time of registering the IC card.
The authorized certificate management SW according to the present invention can request the user terminal to touch an IC card that can register itself in order to issue or update the authorized certificate to the user through the user terminal screen. When a user touches an unregistered IC card, it can recognize that the card is an unregistered card through the card identification information and output a failure screen. In the case where the IC card performs authentication for the user terminal, when the user terminal authentication information received from the user terminal is different from the user terminal authentication information registered by the user terminal at the time of registration of the IC card, You may.
It is to be understood that the present invention is not limited to these embodiments, and all elements constituting the embodiment of the present invention described above are described as being combined or operated in one operation. That is, within the scope of the present invention, all of the components may be selectively coupled to one or more of them. In addition, although all of the components may be implemented as one independent hardware, some or all of the components may be selectively combined to perform a part or all of the functions in one or a plurality of hardware. As shown in FIG. In addition, such a computer program may be stored in a computer-readable medium such as a USB memory, a CD disk, a flash memory, etc., and read and executed by a computer, thereby implementing embodiments of the present invention. As the storage medium of the computer program, a magnetic recording medium, an optical recording medium, a carrier wave medium, or the like may be included.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
Claims (16)
An identification information extracting module for extracting identification information from an IC card performing short-range wireless communication with a user terminal;
An identification information checking module for checking whether the extracted identification information is identical with identification information of an IC card previously registered as an authentication medium; And
A security service module providing a security service interface for using the security service provided by the identified IC card
/ RTI >
An IC card,
A user terminal that extracts identification information from the IC card, registers the IC card as an authentication medium, and uses the security service provided by the registered IC card; And
Determining whether the IC card can be registered as an authentication medium of the IC card by using the identification information extracted from the IC card or determining whether the IC card is a card already registered as an authentication medium,
.
A short range wireless communication unit for performing wireless communication based on the IC card;
A memory in which an IC card manager program command for providing an application program command requiring a security service and a security service required by the application program using the IC card registered as an authentication medium is stored; And
And a processor for executing the application program and the IC card manager program stored in the memory, wherein the IC card manager program causes the processor to execute, when executed by the processor,
Extracting identification information from the IC card,
Confirms whether the extracted identification information matches the identification information of the IC card previously registered as the authentication medium,
And providing a security service interface for using the security service provided by the identified IC card.
Requesting a user to touch an IC card to be registered as an authentication medium to a user terminal;
Checking whether the IC card touched to the user terminal is an IC card standard registerable as an authentication medium;
Extracting identification information from the IC card by executing an identification information extracting instruction code corresponding to the identified card standard from the IC card identified as being registerable; And
Storing the extracted identification information in one of a security element (SE) associated with a memory in the user terminal and the user terminal, or transmitting the stored identification information to a card management server to be stored in the card management server
≪ / RTI >
When the user intends to use the IC card registered as the authentication medium,
Requesting the user to touch an IC card registered as an authentication medium to the user terminal;
Extracting identification information from the touched IC card by executing an identification information extracting instruction code corresponding to the registered IC card standard;
Checking whether the extracted identification information matches the identification information of the IC card previously registered as an authentication medium; And
Using the security service provided by the identified IC card
≪ / RTI >
Further comprising transmitting the terminal authentication information of the user terminal to the IC card when authentication of the user terminal is required to use the security service provided by the IC card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/319,412 US20150007300A1 (en) | 2013-07-01 | 2014-06-30 | Method, apparatus, and system for using ic card as authentication medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130076554 | 2013-07-01 | ||
KR1020130076554 | 2013-07-01 |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150004260A true KR20150004260A (en) | 2015-01-12 |
Family
ID=52476593
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020140065285A KR20150004260A (en) | 2013-07-01 | 2014-05-29 | Method, Apparatus and System for using an IC card as authentication medium |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150004260A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160100192A (en) * | 2015-02-13 | 2016-08-23 | (주)엠앤스마트 | System for digital authentication using pairing between universal RF tag and smart phone |
WO2017188550A1 (en) * | 2016-04-28 | 2017-11-02 | 한양대학교 산학협력단 | Binder composite and preparation method therefor |
KR20180039450A (en) * | 2016-10-10 | 2018-04-18 | 주식회사 엘지유플러스 | Mobile Using NFC Function Conducting Certification and Method thereof |
-
2014
- 2014-05-29 KR KR1020140065285A patent/KR20150004260A/en not_active Application Discontinuation
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160100192A (en) * | 2015-02-13 | 2016-08-23 | (주)엠앤스마트 | System for digital authentication using pairing between universal RF tag and smart phone |
WO2017188550A1 (en) * | 2016-04-28 | 2017-11-02 | 한양대학교 산학협력단 | Binder composite and preparation method therefor |
KR20180039450A (en) * | 2016-10-10 | 2018-04-18 | 주식회사 엘지유플러스 | Mobile Using NFC Function Conducting Certification and Method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210226798A1 (en) | Authentication in ubiquitous environment | |
US20190122212A1 (en) | Methods and systems for provisioning payment credentials | |
JP6629952B2 (en) | Method and apparatus for securing mobile applications | |
JP6381833B2 (en) | Authentication in the ubiquitous environment | |
US7357309B2 (en) | EMV transactions in mobile terminals | |
US20090307140A1 (en) | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment | |
US20150242844A1 (en) | System and method for secure remote access and remote payment using a mobile device and a powered display card | |
EP2237519A1 (en) | Method and system for securely linking digital user's data to an NFC application running on a terminal | |
US11887022B2 (en) | Systems and methods for provisioning point of sale terminals | |
KR20170133307A (en) | Online financial transactions, identity authentication system and method using real cards | |
KR20110002968A (en) | Method and system for providing financial trading service by using biometrics and portable memory unit therefor | |
US20150007300A1 (en) | Method, apparatus, and system for using ic card as authentication medium | |
KR101834365B1 (en) | Service providing system and method for payment based on electronic tag | |
KR101834367B1 (en) | Service providing system and method for payment using sound wave communication based on electronic tag | |
KR20150004260A (en) | Method, Apparatus and System for using an IC card as authentication medium | |
JP2019004475A (en) | Authentication under ubiquitous environment | |
KR20110029031A (en) | System and method for authenticating financial transaction using electric signature and recording medium | |
KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR20110029032A (en) | Method for processing issue public certificate of attestation, terminal and recording medium | |
WO2015107346A1 (en) | Authentication method and system | |
KR101103189B1 (en) | System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium | |
EP4177810A1 (en) | Method and device for authorizing mobile transactions | |
US20230385418A1 (en) | Information processing device, information processing method, program, mobile terminal, and information processing system | |
KR20230045875A (en) | User authenitication system using real card and the method | |
JP2020115386A (en) | Authentication in ubiquitous environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |