KR20150055200A - Method for Authenticating Non-Faced Transaction by using Transaction Information and Mobile One Time Password - Google Patents

Abstract

The present invention relates to a method for authenticating a transaction by using transaction information and a mobile one-time password that is performed by a server that communicates with a terminal of the user through a first channel including a designated path and communicates with a mobile terminal of the user through a second channel that is different from the first channel, which is provided to block memory hacking and to provide a variety of transactions based on a safe one time password, by comprising: a first step of receiving n (1<=n<N) pieces of transaction information that are entered or selected by the user from among N (N>=2) pieces of transaction information that will be entered from the terminal of the user for a non-faced transaction; a second step of checking m (m>=1) pieces of transaction information searched through a ledger system corresponding to the n pieces of transaction information; a third step of sending (n′+m′) pieces of information including at least one from among n′ (1<=n′<=n) pieces of information from among the n pieces of transaction information and m′ (1<=m′<=m) pieces of information from among the m pieces of transaction information to the mobile terminal of the user; a fourth step of receiving t (1<=t<=(n′+m′)) pieces of authentication information entered by the user through the mobile terminal of the user from among the (n′+m′) pieces of information; a fifth step of authenticating the validity of the received t pieces of authentication information through the n pieces of transaction information or the m pieces of transaction information; and a sixth step of, when the validity of the t pieces of authentication information is authenticated, approving the creation or output of a one-time password through the mobile terminal of the user and controlling to let (N-n) pieces of transaction information including a one-time password outputted through the mobile terminal be entered and received through the terminal of the user.

Description

[0001] 1. Field of the Invention [0002] The present invention relates to a transaction authentication method using transaction information and mobile one-

The present invention receives n (1? N <N) pieces of transaction information including designated information among N (N? 2) pieces of transaction information to be input for non-face-to-face transactions through a first channel connected to a user terminal, (M? 1) pieces of transaction information through a ledger system corresponding to the received n pieces of transaction information, and then, through the second channel separate from the first channel, And providing at least one of the transaction information and m transaction information searched through the ledger system to the user's wireless terminal for exposing and exposing the user to authentication information including at least a part of the exposed information, And transmits the one-time code through the wireless terminal of the user when the validity of the transaction information is authenticated through the authentication information, (Nn) pieces of transaction information.

Recently, memory hacking has become an issue. With memory hacking, even normal financial transactions using OTP (One Time Password) can be turned into fraudulent financial transactions. For example, if an authentication error such as a password or OTP occurs during a non-face-to-face financial transaction, a procedure is required to request the same password or OTP input within five times to maintain user convenience and transaction continuity.

Memory hacking manipulates normal transactions by digging into the characteristics of the transaction procedure to maintain transaction continuity. In the conventional transaction procedure of the transfer transaction during the non-face financial transaction in the related art, various transaction information necessary for the transfer transaction is inputted and transmitted in one page (or user interface), and when the transfer of the transaction information is completed, Enter the number. At this time, the hacker (or malicious code) copies and stores the transaction information at the time of transmission of various transaction information, copies the dynamically generated OTP through the designated OTP token, copies it at the time of transmission, Thereby inducing an authentication error to occur. The system is then initialized to re-enter the transaction information. At this time, the hacker (or malicious code) repeats the transaction procedure with the manipulated transaction information using the copied OTP by manipulating the copied transaction information (for example, transferring the transferred transaction information to the illegal account of the hacker) Manipulate with fraudulent transactions. Of course, in order to prevent the memory hacking like this, when an OTP authentication error occurs, a new OTP can be regenerated through the OTP token and inputted. Even if the hacker (or malicious code) Since the OTP has already been changed, the illegal transaction can be blocked. However, such a solution is not related to transaction continuity, and causes another problem that hinders user convenience. Moreover, the case of memory hacking is not limited to the above-described method, and it can be variously changed by copying or replacing transaction information or OTP on the memory.

An object of the present invention to overcome the above problems is to provide an information processing apparatus and an information processing method, which are capable of providing n (1? (m &gt; = 1) pieces of transaction information through the ledger system corresponding to the received n pieces of transaction information, and transmits the transaction information to a second channel different from the first channel At least one of the n pieces of transaction information inputted or selected by the user himself or herself and m pieces of transaction information searched through the ledger system is provided to the user's wireless terminal for exposing at least part of the exposed information, And transmits the authentication information to the user via the wireless terminal of the user when the validity of the transaction information is authenticated through the authentication information, To output the de is the transactions certification method using, transaction information and a mobile one-time codes to be used by (Nn) of transaction information received over the first channel to provide.

A transaction authentication method of the present invention is a transaction authentication method comprising: a transaction executed by a server communicating with a user terminal via a first channel including a designated path and communicating with a user's wireless terminal through a second channel different from the first channel; (N &gt; = 2) pieces of transaction information to be input for a non-face-to-face transaction from a user terminal, the transaction authentication method using the information and the mobile one- (M &gt; = 1) transaction information searched through the ledger system corresponding to the n pieces of transaction information; a second step of checking m (n '+ m') pieces of information each including at least m '(1? m'? m) pieces of information among the m pieces of transaction information searched for are transmitted to the user's wireless terminal (N '+ m') pieces of information, (N '+ m') pieces of authentication information input by the user through the n pieces of transaction information or m pieces of transaction information, A fifth step of authenticating the validity of the information; if the validity of the t authentication information is authenticated, accepting the generation or output of the disposable code through the wireless terminal of the user and including the disposable code output through the wireless terminal (Nn) pieces of transaction information are input and received through the user's terminal.

According to the present invention, the n pieces of transaction information may include a deposit bank, a deposit account number, and a deposit amount.

According to the present invention, the ledger system corresponding to the n pieces of transaction information may include a depositing bank side ledger system.

According to the present invention, the m pieces of transaction information may include account names of deposit accounts.

According to the present invention, the n 'pieces of information may include n' pieces of pieces of individual transaction information included in the n pieces of transaction information or partial information of each piece of transaction information.

According to the present invention, the m 'pieces of information may include m' pieces of information of each transaction information included in the m pieces of transaction information or partial information of each piece of transaction information.

According to the present invention, the third step may include the steps of specifying t authentication information to be input by the user among the (n '+ m') pieces of information, designating the t authentication information specifying the t authentication information, To the mobile station.

According to another aspect of the present invention, the fourth step may include transmitting the (n '+ m') information from the user's wireless terminal when t authentication information out of the (n '+ m') pieces of information is designated through the user's wireless terminal, The method may further include receiving designation information specifying t authentication information out of the plurality of pieces of authentication information.

According to the present invention, the disposable code may be dynamically generated through a program provided to the user's wireless terminal, or generated on the server side and provided as a program of the wireless terminal.

According to the present invention, the one-time code may be a value obtained by processing a value corresponding to at least one transaction information (or a part of transaction information) or the transaction information (or a part of transaction information) among the n transaction information and m transaction information Values can be generated dynamically using seeds.

According to the present invention, the transaction authentication method may further include receiving (Nn) pieces of transaction information from the user terminal if the validity of the t pieces of authentication information is authenticated.

According to the present invention, the one-time code can be used as an authentication value for using the user's authorized certificate at the user's terminal. In this case, in the sixth step, when the validity of the disposable code is authenticated, it is possible to control the procedure of using the user's authorized certificate to be performed.

According to the present invention, the transaction authentication method may further include processing the disposable code included in the (Nn) pieces of transaction information to be authenticated when the (Nn) pieces of transaction information are received.

According to the present invention, the transaction authentication method further comprises: controlling the process of processing the non-face-to-face transaction to be performed using N pieces of transaction information received from the user terminal when the (Nn) pieces of transaction information are received As shown in FIG.

According to the present invention, transaction information (for example, a deposit bank, a deposit account number, and the like) to be a target of memory hacking among the transaction information inputted or selected by the user through the user terminal is received, (For example, a depositor's name), which is intuitively perceivable, and provides information including at least one of the received and confirmed transaction information to a user's wireless terminal through a separate channel and displays the transaction information , The authentication information including the designated information among the information provided through the separate channel is inputted again by the user, and the user is authenticated, thereby providing various transactions based on the safe one-off code while blocking the memory hacking.

BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a block diagram of a system for providing a transaction authentication system of the present invention. FIG.
FIG. 2 is a diagram illustrating a configuration of a transaction authentication system according to an embodiment of the present invention.
3 is a functional block diagram of a wireless terminal for displaying a disposable code according to an embodiment of the present invention.
4 is a diagram illustrating a process of transmitting and receiving n pieces of transaction information according to an embodiment of the present invention.
5 is a diagram illustrating a process of dynamically generating a disposable code through a wireless terminal of a user and outputting the disposable code according to a first embodiment of the present invention.
FIG. 6 is a diagram illustrating a process of dynamically generating a disposable code on a server side according to a second embodiment of the present invention and outputting it through a user's wireless terminal.
FIG. 7 is a diagram illustrating a process of transmitting and receiving (Nn) pieces of transaction information according to an embodiment of the present invention to process non-face-to-face transactions.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. For example, it is possible that a configuration provided on the server side is implemented on the terminal side, or conversely, a configuration portion provided on the terminal side is implemented on the server side.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram showing a system configuration for providing a transaction authentication system 200 of the present invention.

1 is a diagram illustrating an example of a case where n (1? N < N), which includes designated information among N (N? 2) transaction information to be input for non-facing transactions through a first channel connected to a user terminal 100, (M &gt; = 1) transaction information through the ledger system 120 corresponding to the received n pieces of transaction information, and then transmits a second channel different from the first channel And provides at least one of the n pieces of transaction information inputted or selected by the user himself or herself and the m pieces of transaction information searched through the ledger system 120 to the user's wireless terminal 300 for exposure, And transmits the one-time code (1) through the wireless terminal (300) of the user when the validity of the transaction information is authenticated through the authentication information, Output (Nn) pieces of transaction information received through the first channel, and is used by those skilled in the art to which the present invention pertains. Referring to FIG. 1 and / or FIG. (For example, some configurations may be omitted, or a subdivided or combined implementation method) may be inferred from the system configuration diagram for providing the transaction authentication system 200. However, And the technical features thereof are not limited only by the method shown in FIG.

The system configuration of the present invention includes a user terminal 100 for inputting or selecting transaction information from a user, and a user terminal 100 for receiving and displaying specified information among the transaction information inputted or selected by the user, (300) connected to the user terminal (100) through a first channel and configured to communicate with the user's wireless terminal (300) via a second channel different from the first channel, N (1? N &lt; N) transaction information, which is connected to the terminal 300 and includes designated information among N transaction information for non-face-to-face transactions from the terminal 100 of the user through the first channel , M (m? 1) pieces of transaction information through the ledger system 120 corresponding to the received n pieces of transaction information, and then transmits n pieces of transaction information inputted or selected by the user himself or herself through the second channel And provides at least one specified information among the m pieces of transaction information searched through the ledger system 120 to the user's wireless terminal 300 to expose the authentication information including at least a part of the exposed information, And transmits a disposable code through the wireless terminal 300 of the user when the validity of the transaction information is authenticated through the authentication information, and transmits a disposable code (Nn ) Pieces of transaction information. According to an embodiment of the present invention, the transaction authentication system 200 includes a transaction server 105 that receives transaction information from the terminal 100 of the user and processes non-face-to-face transactions based on the transaction information, A separate control server 115 for controlling the non-face-to-face transaction of the transaction server 105 by performing the procedure, a code server 110 for performing the generation and / or authentication of the one-time code, The above server can be implemented.

The terminal 100 of the user is a general term of a terminal used by a user for non-face-to-face transactions, and is preferably a wired terminal including a computer, a notebook, or the like used by a user and a mobile terminal, a smart phone, And may include a wireless terminal 300. The terminal 100 of the user inputs or selects N transaction information for non-face-to-face transactions from the user and transmits the selected transaction information through a designated path.

When the validity of the transaction information is authenticated through the authentication information, the wireless terminal 300 of the user of the shopping mall executes the authentication process of the transaction information inputted or selected through the terminal 100 of the user, And may preferably include a wireless terminal 300 such as a mobile phone, a smart phone, a tablet PC, and the like, which is preferably used by a user.

Wherein the user terminal (100) is in direct or relay communication with the transaction authentication system (200) via a first channel, and the user's wireless terminal (300) System 200 directly or via relay communication. In the present invention, the first channel and the second channel are defined as satisfying at least one of a heterogeneous terminal, a heterogeneous communication network, a heterogeneous program, and a heterogeneous server. For example, if the user's terminal 100 is a wired terminal used by a user and the user's wireless terminal 300 is a wireless terminal 300 used by a user, the condition of channel separation of the present invention is satisfied. Even if the user terminal 100 is a wireless terminal used by a user, if the user's wireless terminal 300 is a wireless terminal 300 different from the user terminal 100, the condition of channel separation of the present invention is satisfied . Or if the user's terminal 100 directly or indirectly communicates with the transaction authentication system 200 via a wired communication network and the user's wireless terminal 300 communicates directly or indirectly through a wireless communication network, The condition of channel separation is satisfied. Or a non-face-to-face transaction for inputting / selecting transaction information in the wireless terminal 300 even if the user terminal 100 and the wireless terminal 300 are the same wireless terminal 300, If the program 315 for performing the authentication procedure and the procedure for generating and / or outputting the disposable code are separately classified, the condition of channel separation of the present invention is satisfied. Even if the user terminal 100 and the wireless terminal 300 are the same wireless terminal 300, a server connected to a communication channel for requesting non-face-to-face transactions by inputting / selecting transaction information, And if the server to which the communication channel is connected is different to perform the procedure of generating and / or outputting the disposable code, the condition of channel separation of the present invention may be satisfied.

The transaction server 105 is a collective term for a server that processes non-face-to-face transactions using the transaction information entered or selected by the user through the terminal 100 of the user. The transaction server 105 is preferably a banking server of a bank, A payment server of a credit card company, a payment approval server of a credit card company, a server of a securities company, or the like. Non-face-to-face transactions include non-face-to-face banking transactions using an account opened in a bank (for example, real account or virtual account), non-face credit card payment using a credit card issued by a credit card company, Non-face-to-face prepayment using prepaid cards issued by non-face-to-face check-card payments linked to opened accounts, non-face-to-face debit card payments or cash card transactions linked to bank-issued debit or cash cards and accounts opened at banks Card transaction may include at least one non-face-to-face transaction. According to an embodiment of the present invention, the transaction authentication system 200 or at least some components of the transaction authentication system 200 may be implemented in the transaction server 105.

The code server 110 collectively refers to a server for performing a procedure for outputting a disposable code through the wireless terminal 300 through the wireless terminal 300 or performing a procedure for authenticating the disposable code, (Or designated information among the transaction information) entered through the terminal 100 through the designated path and authenticating the provided transaction information through the user's wireless terminal 300 do. According to an embodiment of the present invention, the transaction authentication system 200 or at least some components of the transaction authentication system 200 may be implemented in the code server 110.

The control server 115 is a generic name of a server that can include the transaction authentication system 200 or at least a component of the transaction authentication system 200 in addition to the transaction server 105 and the code server 110, When the transaction server 105 and the code server 110 are provided, the transaction authentication system 200 is provided to the transaction server 105 and / or the code server 110, And provides the ability to implement the invention without implementation. When the transaction authentication system 200 is provided in the control server 115, the control server 115 operates in conjunction with the transaction server 105 and / or the code server 110.

The ledger system 120 is a general term for a system for managing a ledger such as an account or a card provided in a financial institution that processes non-face-to-face transactions. Preferably, the ledger system 120 provided in each financial institution includes a public network , Financial joint network, etc.).

Hereinafter, technical features of the present invention will be described with reference to an embodiment in which the non-face-to-face transaction is a non-face-to-face banking transaction.

2 is a diagram illustrating a configuration of a transaction authentication system 200 according to an embodiment of the present invention.

2 shows an example of a case where n (1? N < N), which includes designated information among N (N? 2) pieces of transaction information to be input for non-facing transactions through a first channel connected to a user terminal 100, (M &gt; = 1) transaction information through the ledger system 120 corresponding to the received n pieces of transaction information, and then transmits a second channel different from the first channel And provides at least one of the n pieces of transaction information inputted or selected by the user himself or herself and the m pieces of transaction information searched through the ledger system 120 to the user's wireless terminal 300 for exposure, And transmits the one-time code (1) through the wireless terminal (300) of the user when the validity of the transaction information is authenticated through the authentication information, Output (Nn) pieces of transaction information received through the first channel. The present invention will be described with reference to FIG. 2 and / or modified by those skilled in the art. (E.g., some of the components may be omitted, or fragmented, or combined) with respect to the configuration of the transaction authentication system 200, but the present invention encompasses all of the above- And the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 2, the transaction authentication system 200 receives n (1? N? 1) pieces of transaction information from among N (N? 1) pieces of transaction information to be input for non- N) pieces of transaction information; a transaction information verifying unit 205 for checking m (m? 1) pieces of transaction information searched through the ledger system 120 corresponding to the n pieces of transaction information And m '(1? M'? M) pieces of information among the n pieces of transaction information, n' (1? N'? N) (n (n) + m ') pieces of information to the user's wireless terminal 300, and transmits the n pieces of transaction information and m pieces of transaction information to the user's wireless terminal 300 '+ m') pieces of information.

The user terminal 100 selects a transaction type through an interface displayed through an interface provided by the transaction server 105 (for example, an interface on a web page) or an application provided on the terminal 100. [ By selecting the transaction type, N pieces of transaction information to be input for a non-face-to-face transaction corresponding to the transaction type are determined. The N pieces of transaction information include account information, amount information, and one-time use codes dynamically generated at the time of non-face-to-face transactions.

The user terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type. The interface includes an interface for receiving n pieces of transaction information corresponding to a part of N pieces of transaction information to be input for non-face-to-face transactions corresponding to the selected transaction type, or an interface for receiving the N pieces of transaction information .

When N '(N'≥n) pieces of transaction information are input through the interface, the user terminal 100 transmits N' pieces of transaction information inputted or selected by the user through a designated path. For example, the terminal 100 of the user may transmit the n pieces of transaction information to a server provided with the transaction authentication system 200. Alternatively, the user terminal 100 may transmit the N 'pieces of transaction information to the designated transaction server 105, and the transaction server 105 may transmit n pieces of transaction information based on the N' pieces of transaction information, To the server provided with the authentication system 200.

The transaction information receiving unit 205 receives n pieces of transaction information inputted or selected by the user for the non-face-to-face transaction through the designated path. Preferably, the n pieces of transaction information include transaction information corresponding to the deposit bank and the deposit account number, and transaction information corresponding to a deposit amount (or transfer amount) to be deposited (or transferred) to the deposit account of the deposit bank, Transaction information corresponding to the withdrawal bank and the withdrawal amount (or the withdrawal amount) to be withdrawn (or withdrawn) from the withdrawal account of the withdrawal bank and the transaction information corresponding to the withdrawal account number may be included. Meanwhile, according to the embodiment, the n pieces of transaction information may include transaction information related to deposits and withdrawals, and may include transaction information on any one of deposits and withdrawals.

According to the first transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information inputted or selected through the user's terminal 100 until the one-time use code among the N transaction information for the non- As the n pieces of transaction information.

According to the second transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information inputted or selected through the user terminal 100 until the one-time use code among the N transaction information for the non- The transaction information corresponding to the designated part among the n pieces of transaction information.

According to the third transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information related to the money depositing side transmitted first from the terminal 100 of the user out of the N transaction information for the non-face-to-face transaction As the n pieces of transaction information.

According to the fourth transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information excluding the transaction information used as the disposable code among the N transaction information for the non-face-to-face transaction as the n transaction information can do.

According to the fifth transaction information receiving method of the present invention, the transaction information receiving unit 205 receives the transaction information excluding the transaction information used as the one-time code from the N transaction information for the non-face-to-face transaction, As the n pieces of transaction information.

When the n pieces of transaction information are confirmed, the transaction information verifying unit 210 determines the inquiry target ledger system 120 to inquire m pieces of transaction information using the n pieces of transaction information. Preferably, the inquiry target ledger system 120 includes a depositing bank side ledger system 120 (e.g., an account system), and may include a withdrawal bank side ledger system 120 in accordance with an implementation method.

According to the embodiment of the present invention, the transaction information verifying unit 210 can determine the inquiry target ledger system 120 using the depositing bank and / or the bank account number among the n pieces of transaction information. For example, if the non-face-to-face transaction is a bank transfer transaction between two parties, the transaction information verification unit 210 may connect the transaction information using a deposit bank and / or a deposit account number included in the n transaction information The inquiry target ledger system 120 can determine the ledger system 120 of another line. Or if the non-face-to-face transaction is a inter-company money transfer transaction, the transaction information verification unit 210 determines the current ledger system 120 as the inquiry target ledger system 120 using the deposit bank and / or the deposit account number .

According to another embodiment of the present invention, the transaction information verifying unit 210 can determine the inquiry target ledger system 120 using the withdrawal bank and / or withdrawal account number among the n pieces of transaction information. For example, in the case where the non-face-to-face transaction is a transaction of a collecting method, the ledger system 120 of the other line connected through the common network using the withdrawal bank and / or withdrawal account number included in the n pieces of transaction information, The system 120 can be determined as the inquiry target ledge system 120.

When the inquiry target ledger system 120 is confirmed, the transaction information verifying unit 210 provides the inquiry target ledger system 120 with at least one information required for transaction information inquiry among the n pieces of transaction information, And receives m pieces of transaction information from the target ledger system 120. Preferably, the m pieces of transaction information include a depositor name of the deposit account, and may include a deposit account name of the withdrawal account according to an implementation method.

According to another embodiment of the present invention, when the transaction authentication system 200 is not the transaction server 105, inquiry about the m pieces of transaction information is performed through the transaction server 105, (210) may receive m transaction information as the inquiry result performed through the transaction server (105). Alternatively, if the transaction authentication server 200 is not the transaction server 105, the transaction information verification unit 210 can receive m transaction information through the ledger system 120 .

The information sorting unit 215 selects each transaction information to be transmitted to the user's wireless terminal 300 among the n transaction information received through the transaction information receiving unit 205 (for example, a deposit bank, a deposit account number, Or the transfer amount), or partial information of each individual transaction information (for example, a partial number of the deposit account number, etc.). The information sorting unit 215 extracts each individual transaction information (for example, a bank account name, a bank account number, etc.) to be transmitted to the user's wireless terminal 300 among the m transaction information confirmed through the transaction information checking unit 210 Or partial information of each individual transaction information (for example, a partial number of the deposit account number, etc.). If the individual transaction information to be transmitted to the user's wireless terminal 300 or partial information of each individual transaction information among the n pieces of transaction information and m pieces of transaction information is predetermined, the information selector 215 can be omitted .

The information transmission unit 220 transmits m 'pieces of information among n pieces of pieces of n pieces of transaction information received through the transaction information receiving unit 205 and m pieces of pieces of transaction information confirmed through the transaction information checking unit 210 (N '+ m') pieces of information each including at least one of them. Preferably, the (n '+ m') pieces of information may include a depositing bank, a deposit account number, a deposit amount (or transfer amount), and a depositor's name. According to the method, the (n '+ m') pieces of information may further include a withdrawal bank or a withdrawal account number. According to the embodiment of the present invention, even though the n pieces of transaction information include the password (e.g., account password, transfer password, etc.) inputted by the user, the (n '+ m' .

The information transmitting unit 220 confirms the user's wireless terminal 300 (or the program 315 provided in the wireless terminal 300) and transmits the (n '+ m &Quot;)&lt; / RTI &gt;

According to an embodiment of the present invention, the information transmitting unit 220 may transmit identification information (e.g., a user ID) for transmitting the (n '+ m') pieces of information to the user's wireless terminal 300 according to a specified messaging procedure. (Or an identifier) for a program 315 provided in the user's wireless terminal 300), and transmits the (n '+) to the designated messaging server, m ') pieces of information to the wireless terminal 300 of the user. When the program 315 included in the user's wireless terminal 300 receives the message in the messaging procedure and requests the (n '+ m') pieces of information, the program (n '+ m' ) &Lt; / RTI &gt; If the program 315 designated by the user's wireless terminal 300 is driven to request the (n '+ m') pieces of information, the information transmitter 220 transmits the (n '+ m' m ') pieces of information. In this case, the encrypted (n '+ m') pieces of information are transmitted to the program 315 included in the user's wireless terminal 300 Lt; / RTI &gt;

According to the embodiment of the present invention, the information transmission unit 220 transmits t (1? T? (N '+ m (n' + m ') Of authentication information, and may transmit to the user's wireless terminal 300 designation information (or a designated interface) for identifying the specified t pieces of authentication information. Meanwhile, t authentication information to be input by the user among the (n '+ m') pieces of information is determined through the program 315 provided in the user's wireless terminal 300, n '+ m') pieces of information, the information transferring unit 220 does not have to transmit the designation information (or designation interface).

According to the method of the present invention, when the server side seed value is required to generate the one-off code through the program 315 of the wireless terminal 300, the information transmission unit 220 transmits the seed value to the wireless terminal 300 Side seed value while transmitting the (n '+ m') pieces of information on the server side seed value, and thus the present invention is not limited thereto.

According to the present invention, the transaction authentication system 200 transmits the (n '+ m') pieces of information to the user's wireless terminal 300 and receives authentication information of t The information transmitter 220 controls the wireless terminal 300 to transmit the disposable code to the user through the wireless terminal 300. In order to display the disposable code through the wireless terminal 300, Lt; RTI ID = 0.0 &gt; of &lt; / RTI &gt; If the guidance information is output through the program 315 included in the user's wireless terminal 300, the guidance information may not be transmitted.

According to the present invention, the transaction authentication system 200 includes a member operation unit (not shown) for subscribing and authenticating a user as a member to control the dynamically generated disposable code to be outputted through the user's wireless terminal 300 A program authentication unit (not shown) for authenticating the validity of the program 315 mounted on the wireless terminal 300 of FIG. 3, information for authenticating the authentication information output through the wireless terminal 300 of FIG. 3 (Not shown) for storing information.

The member operation unit receives a user of the wireless terminal 300 having the program 315 as a member. The subscription may be performed in cooperation with the subscription / authentication unit 320 of the program 315 shown in FIG. 3 or may be performed through the subscriber's terminal 100 other than the mobile terminal 300 of FIG. have.

When the disposable code is outputted through the wireless terminal 300 of the user, the member operation unit interlocks with the member registration / authentication unit 320 of the program 315 provided in the wireless terminal 300, Authentication can be handled.

If the program 315 of the wireless terminal 300 is provided to the code server 110 or the control server 115, the transaction authentication system 200 may be provided only by program authentication or terminal authentication without membership, The member operating section of the transaction authentication system 200 may be omitted.

The program authenticating unit interlocks with the authentication processing unit 325 of the program 315 shown in FIG. 3 to authenticate the validity of the program 315 provided in the wireless terminal 300 according to the first to sixth program authentication methods . If the transaction authentication system 200 is provided in the code server 110 or the control server 115 and the program 315 of the wireless terminal 300 is provided by the transaction server 105, 200 can be omitted.

The information storage unit stores information allocated to the program 315 in the process of authenticating the validity of the program 315 included in the wireless terminal 300 through the program authentication unit, 300 stored in the reading area of the wireless terminal 300 in cooperation with the identification value registration unit 330 of the program 315 shown in FIG. 3 and / or the terminal identification value including at least one of the information stored in the reading area of the wireless terminal 300 At least one of the information stored in the unique storage area of the wireless terminal 300, the information recorded in the H / W configuration of the wireless terminal 300, and the information assigned / assigned in the network to which the wireless terminal 300 is connected , And stores the identified terminal identification value in a designated storage medium.

Meanwhile, the information storage unit may store information for authenticating the disposable code output through the program 315 included in the user's wireless terminal 300 and store the information in a designated storage medium. Preferably, the information storage unit stores a seed value for authenticating the disposable code and stores the seed value in a designated storage medium.

Referring to FIG. 2, the transaction authentication system 200 determines whether t (1? T? (N '+ m')) inputted by the user through the user's wireless terminal 300 among m ') pieces of authentication information, a transaction information authentication unit 230 for authenticating the validity of the received t pieces of authentication information through the n pieces of transaction information or m pieces of transaction information, And a transaction information control unit 235 for controlling to receive (Nn) pieces of transaction information from the terminal 100 of the user when the validity of the t authentication information is authenticated. And a non-face-to-face transaction controller 250 for controlling the process of processing the non-face-to-face transaction using the received N pieces of transaction information.

The program 315 included in the user's wireless terminal 300 receives the (n '+ m') pieces of information and displays the t pieces of authentication information among the (n '+ m' Displays the input interface. When designation information designating t authentication information among the (n '+ m') pieces of information is transmitted from the information transmission unit 220, the program 315 included in the user's wireless terminal 300 n '+ m') of pieces of authentication information corresponding to the specified information. Or if a designated interface for specifying and inputting t authentication information out of the (n '+ m') pieces of information is provided through the information transmission unit 220, the program 315 included in the user's wireless terminal 300 ) May display the designated interface. If the designation information (or designation interface) is not provided to the user's wireless terminal 300 through the information transmission unit 220, the program 315 included in the wireless terminal 300 of the user (n '+ m') pieces of information among the (n '+ m') pieces of information and inputting the specified t pieces of authentication information. If it is specified in advance which one of the (n '+ m') pieces of information is to be used as t pieces of authentication information, the program 315 included in the user's wireless terminal 300 may use (n '+ m' ) &Lt; / RTI &gt; pieces of authentication information. For example, if the (n '+ m') pieces of information include the deposit bank, the deposit account number, the deposit amount (or the transfer amount), and the deposit account name of the deposit account, The program 315 may display an interface for inputting the deposit account number (or a part of the deposit account number) and the deposit amount (or the transfer amount) as the t pieces of authentication information. For example, the t authentication information may be designated as the last four digits of the deposit account number, or the second and last three digits before the deposit account number, and such designated dynamically assigned or predefined type .

According to the present invention, the user recognizes (n '+ m') pieces of information displayed on the screen of the wireless terminal 300 and stores t pieces of authentication information displayed on the interface among the (n '+ m' . If (n '+ m') pieces of information displayed on the screen of the wireless terminal 300 include information different from n pieces of transaction information inputted or selected through the user terminal 100, or m pieces of transaction information If it can not be accepted, the user can report (or cancel) the corresponding transaction through the transaction notification (or transaction cancellation) related interface displayed on the interface without inputting the t authentication information.

When the user inputs t specified authentication information through the interface displayed on the screen of the wireless terminal 300 among (n '+ m') pieces of information displayed on the screen of the wireless terminal 300, The program 315 provided to the transaction authentication system 300 transmits the input t authentication information to the transaction authentication system 200. Preferably, the t authentication information is encrypted and transmitted. In this case, the encrypted t authentication information can be decrypted through the authentication information receiving unit 225. [ If the program 315 included in the user's wireless terminal 300 designates the t authentication information out of the (n '+ m') pieces of information, the program 315 included in the user's wireless terminal 300 May transmit designation information for identifying t authentication information among the (n '+ m') pieces of information together with the input t authentication information. If the t authentication information among the (n '+ m') pieces of information is determined through the information transmission unit 220 or is designated in advance, the designation information may be omitted.

The authentication information receiving unit 225 receives the authentication information received from the user through the wireless terminal 300 of the user among the (n '+ m') pieces of information transmitted to the program 315 included in the user's wireless terminal 300 t pieces of authentication information, and can further receive designation information for identifying t pieces of authentication information out of the (n '+ m') pieces of information according to an implementation method.

When t authentication information out of (n '+ m') pieces of information is inputted and received from the program 315 provided in the user's wireless terminal 300, the transaction information authentication unit 230 transmits the received t Confirms information corresponding to n 'pieces of information in the authentication information, verifies whether the verified information matches the n pieces of transaction information (or n' pieces of information), and confirms the result. For example, if the deposit account number is included in the n 'pieces of information and the t four pieces of authentication information includes the last four digits of the deposit account number, the transaction information authenticator 230 may transmit the n transaction information (Or n 'pieces of information), and verify that the last four digits of the deposit account number match the four-digit number included in the t pieces of authentication information. Alternatively, the transaction information authentication unit 230 may check the information corresponding to m 'pieces of the received t pieces of authentication information and determine whether the verified information matches the m pieces of transaction information (or m' pieces of information) do. For example, if the depositor's name is included in the m 'pieces of information and the deposit information name is included in the t pieces of authentication information, the transaction information authentication unit 230 may store the m pieces of transaction information (or m' pieces of information) And confirms that the account holder name matches the account holder name included in the t pieces of authentication information. The validity authentication for the t authentication information may be performed only for n transaction information (or n 'pieces of information) and m pieces of transaction information (or m' pieces of information) according to the t authentication information configuration, Lt; / RTI &gt;

According to the embodiment of the present invention, when the t authentication information is authenticated through a separate server besides the transaction authentication system 200, the transaction information authentication unit 230 transmits the t authentication information through the separate server The authentication result can be confirmed.

The transaction information control unit 235 determines whether to continue or stop the non-face-to-face transaction requested through the terminal 100 of the user. If the information corresponding to the transaction report (or transaction cancel) is received from the program 315 provided in the user's wireless terminal 300 or if the validity of the t authentication information is not authenticated, The controller 235 determines to suspend the non-face-to-face transaction requested through the user terminal 100 and controls the non-face-to-face transaction stop (or termination) procedure through the user terminal 100, And notifies the program 315 provided in the wireless terminal 300 of the user.

Meanwhile, if the validity of t authentication information is authenticated, the transaction information control unit 235 determines that the non-face-to-face transaction requested through the user terminal 100 is continuously performed, (Nn) pieces of transaction information are transmitted from the terminal 100 of the user to the transaction server 105 that processes the non-face-to-face transaction, (E.g., (Nn) pieces of transaction information reception requests to the transaction server 105). Preferably, the (Nn) transaction information includes at least one of a disposable code displayed through the user's wireless terminal 300 to authenticate the non-face-to-face transaction and a signature Lt; RTI ID = 0.0 &gt; electronic signature value. &Lt; / RTI &gt;

According to the embodiment of the present invention, the transaction information control unit 235 may use the disposable code displayed through the user's wireless terminal 300 as (Nn) pieces of transaction information to be input through the user terminal 100 .

According to the first disposable code generation method of the present invention, the disposable code can be dynamically generated through the program 315 provided in the user's wireless terminal 300. In this case, the transaction information control unit 235 requests the program 315 included in the user's wireless terminal 300 to generate the disposable code through the program 315 provided in the user's wireless terminal 300 And the program 315 of the wireless terminal 300 can dynamically generate and output the disposable code based on the program 315. [ According to an embodiment of the present invention, the transaction information control unit 235 determines a server side seed value for dynamically generating a disposable code in the wireless terminal 300, and transmits the determined server side seed value to the program 315). The server-side seed value may be a stored value stored in a DB on the transaction authentication system 200, a randomly generated random number value, a code value generated based on the n pieces of transaction information and m pieces of transaction information (e.g., n And a hash value obtained by hashing specified transaction information out of m transaction information, and the like).

According to the second disposable code generation method of the present invention, the disposable code can be dynamically generated at the server side and provided as a program 315 provided in the user's wireless terminal 300. [ In this case, the transaction information control unit 235 processes the one-time use code to dynamically generate the one-off code through the following code generation unit 240, and transmits the generated one-time code through the code generation unit 240 to the user's wireless terminal A program 315 provided in the mobile terminal 300. The program 315 of the wireless terminal 300 may output the provided disposable code.

Referring to FIG. 2, the transaction authentication system 200 includes a code generation unit 240 for dynamically generating a disposable code through a designated code generation rule when dynamically generating a disposable code on the server side, To the program (315) of the wireless terminal (300).

The code generation unit 240 includes the code generation algorithm and includes at least one fixed seed value corresponding to the user's wireless terminal 300 (or the program 315) The dynamic seed value is determined, and the fixed seed value and the dynamic seed value are used as seeds of the code generation algorithm to dynamically generate the one-time code of the designated code system. The dynamic seed value may be a time value confirmed through a timer on the server side or a random number value generated through a specified random number algorithm or a random number generated by a transaction information (or a part of transaction information) among at least one of the n pieces of transaction information and m pieces of transaction information A value corresponding to a corresponding value or a value obtained by processing (e.g., hashing) the transaction information (or a part of transaction information) through a specified algorithm. A value corresponding to the transaction information (or a part of the transaction information) or a value processed through the specified algorithm may be received as the server side seed value. According to an embodiment of the present invention, the code generator 240 can generate a disposable code in a random number format without a separate seed, and thus the present invention is not limited thereto.

The code providing unit 245 transmits the disposable code generated through the code generating unit 240 to the user's wireless terminal 300 and the program 315 provided in the user's wireless terminal 300 The disposable code can be received and output to the screen.

According to the present invention, the disposable code displayed through the wireless terminal 300 is input as one of (Nn) pieces of transaction information input through the terminal 100 of the user, and the terminal 100 of the user transmits the disposable code And transmits (Nn) pieces of transaction information including the code through the designated path.

According to the embodiment of the present invention, the one-time code inputted through the user's wireless terminal 300 and input to the user terminal 100 is transmitted to the user terminal 100 through the user's authorized certificate (E.g., a private key) and signing the specified information. In this case, when the validity of the one-time code is authenticated, the user's terminal 100 has the authorized certificate, and if the validity of the one-time code is not authenticated, the authorized certificate can not be used.

When receiving transaction information of (Nn) in the transaction authentication system 200, the transaction information receiving unit 205 controls the transaction information control unit 235 to input or select (Nn) pieces of transaction information.

When the N transaction information is received from the user terminal 100 through the transaction information receiving unit 205, the non-face transaction controller 250 processes the non-face transaction using the N transaction information . If the non-face-to-face transaction is performed through a separate transaction server 105, the non-face-to-face transaction controller 250 may control the transaction server 105 to process the non-face-to-face transaction. If the (Nn) pieces of transaction information are controlled to be transmitted to the transaction server 105 by the transaction information control unit 235 and the transaction server 105 processes the non-face transaction using the N pieces of transaction information The non-face-to-face transaction controller 250 does not have to perform a separate non-face-to-face transaction control procedure.

Referring to FIG. 2, the transaction authentication system 200 determines whether the validity of the disposable code input through the user terminal 100 after being output through the program 315 provided in the user's wireless terminal 300 (Not shown).

The code authentication processing unit 255 is dynamically generated according to the first or second disposable code generation method and outputted through the user's wireless terminal 300 and inputted through the terminal 100 of the user, And generating a code value for authenticating the validity of the one-time use code by using the same algorithm and seed as the algorithm for generating the one-time use code and dynamically generating the one-time use code, The validity of the disposable code can be verified. If the disposable code is generated on the server side in accordance with the second disposable code generation method, the code authentication processing unit 255 determines whether the disposable code generated through the code generation unit 240 and the disposable code You can compare and authenticate your code.

According to the embodiment of the present invention, when the disposable code is authenticated through a separate code authentication server (not shown) besides the transaction authentication system 200, the code authentication processing unit 255 transmits the disposable code to the code authentication server And confirm the validity of the disposable code through the code authentication server.

When the validity of the one-time code is authenticated or confirmed through the code authentication processing unit 255, the non-face transaction control unit 250 causes the non-face transaction control unit 250 to perform a process of processing the non-face transaction using the N transaction information . When the non-face-to-face transaction procedure is performed through the transaction server 105 in addition to the transaction authentication system 200, the code authentication processing unit 255 can provide the authentication result of the disposable code to the code authentication server .

3 is a functional block diagram of a wireless terminal 300 that displays a disposable code according to an embodiment of the present invention.

3 shows a configuration of a wireless terminal 300 that displays a dynamically generated one-time code in conjunction with an authentication procedure of transaction information and a functional configuration of a program 315 operating in the wireless terminal 300 Those skilled in the art will be able to refer to and modify various aspects of the functional configuration of the wireless terminal 300 with reference to FIG. 3, The present invention is not limited to the above-described embodiments.

3, the wireless terminal 300 includes a control unit 301, a memory unit 309, a screen output unit 302, a user input unit 303, a sound processing unit 304, a wireless network communication unit 307, A short range wireless communication unit 306, a USIM reader unit 308, and a USIM, and has a battery 305 for power supply.

The control unit 301 is a general term for controlling the operation of the wireless terminal 300. The control unit 301 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 301 loads at least one program code included in the wireless terminal 300 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the wireless terminal 300. FIG. Hereinafter, the configuration of the program 315 of the present invention, which is implemented in the form of program code for convenience, is shown in the control unit 301 and will be described.

The memory unit 309 is a generic term of a nonvolatile memory corresponding to a storage resource of the wireless terminal 300 and includes at least one program code executed through the control unit 301 and at least one Save and maintain the dataset. The memory unit 309 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 300, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 300, The program code and data set corresponding to the program 315 of the present invention are also stored in the memory unit 309. The program code and the data set corresponding to the program 315 of the present invention are stored in the memory unit 309. [

The screen output unit 302 is composed of a screen output device (e.g., an LCD (Liquid Crystal Display) corresponding to the output resource of the wireless terminal 300 and a driving module for driving the screen output device) And outputs the calculation result corresponding to the screen output among the various calculation results of the control unit 301 to the screen output device.

The user input unit 303 may include at least one user input device corresponding to the input resource of the wireless terminal 300 such as a button, a keypad, a touch pad, a touch screen interlocked with the screen output unit 302, And inputs a command for instructing various operations of the control unit 301 in cooperation with the control unit 301 or inputs data necessary for the operation of the control unit 301. [

The sound processing unit 304 is composed of a speaker corresponding to the output resource of the wireless terminal 300, a microphone corresponding to the input resource of the wireless terminal 300 and a driving module for driving the microphone, And outputs the operation result corresponding to the sound output from the various operation results of the control unit 301 through the speaker or transmits the sound data inputted through the microphone to the control unit 301. [ The driving module decodes sound data to be outputted through the speaker and converts the sound data into a sound signal or encodes the sound signal inputted through the microphone to encode the sound signal.

The wireless network communication unit 307 and the short-range wireless communication unit 306 are collectively referred to as communication resources for connecting the wireless terminal 300 to a designated communication network. The wireless terminal 300 may include a wireless network communication unit 307 as a basic communication resource, and may include one or more short-range wireless communication units 306.

The wireless network communication unit 307 is a collective term for a communication resource that connects the wireless terminal 300 to a wireless communication network via a base station and includes an antenna for transmitting and receiving a radio frequency signal of a specific frequency band, And transmits the calculation result corresponding to the wireless communication among the various calculation results of the controller 301 to the controller 301 through the wireless communication network or receives data through the wireless communication network To the control unit 301, and performs connection, registration, communication, and hand-off procedures of the wireless communication. According to the present invention, the wireless network communication unit 307 can connect the wireless terminal 300 to a telephone communication network including a communication channel and a data channel via the exchange, and in some cases, May be connected to a data network providing communication-based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 307 is a mobile communication unit that performs at least one connection, a location registration, a call processing, a call connection, a data communication, and a handoff to a mobile communication network according to the CDMA / WCDMA / &Lt; / RTI &gt; Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 307 may further include a portable internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 307. [ That is, the wireless network communication unit 307 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless zone, a type of a communication network, or a protocol.

The short-range wireless communication unit 306 is a general term for communication resources that connect a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connect the wireless terminal 300 to the communication network based on the communication session , The wireless terminal 300 may be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to an embodiment of the present invention, the short-range wireless communication unit 306 may be integrated with or separated from the wireless network communication unit 307. According to the present invention, the short-range wireless communication unit 306 connects the wireless terminal 300 to a data network providing packet-based short-range wireless data communication through a wireless AP.

The USIM reader unit 308 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module mounted or detached from the mobile station 300 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is an SIM type card provided with an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 308, a program code for at least one IC chip (Or processing) the program code for the IC chip in accordance with at least one command transmitted from the wireless terminal 300, or extracting (or processing) the data set in association with the input / output interface To the input / output interface.

The program 315 of the present invention is downloaded from a program providing server (for example, an Apple App Store or the like) through a data network to which the communication resource can be connected and is stored in the memory unit 309. [ The downloaded program 315 operates in conjunction with the designated transaction authentication system 200 and can be manually driven by a user or activated (or activated) after user confirmation or automatically by receiving a message. Meanwhile, a separate program 315 may be in operation for activating the program 315 after user confirmation or automatically, and thus the present invention is not limited thereto.

Referring to FIG. 3, the program 315 of the wireless terminal 300 accesses a transaction authentication system 200 designated through a data network to which the communication resource is connectable and registers the user as a member, An authentication procedure unit 325 for performing a procedure for authenticating the validity of the program 315 through at least one communication network connectable through the communication resource, And an identification value registration unit 330 for registering the terminal identification values provided or assigned to the wireless terminal 300 in the designated transaction authentication system 200. At least one component of the membership subscription / authentication unit 320, the authentication procedure unit 325, and the identification value registration unit 330 may be omitted according to the method.

The program 315 includes communication connection macro information for connecting to a designated transaction authentication system 200 via a data network to which the communication resource is connectable, and the membership subscription / authentication unit 320 includes a screen output unit 302 (For example, name, resident registration number, etc.) for joining the user as a member via the data network and an interface for inputting the member account, and transmits a user input through the interface to the designated transaction authentication system 200 through the data network And transmits the information and the member account to join the user as a member.

Meanwhile, the subscription of the user can be subscribed through the subscriber terminal 100 in addition to the mobile terminal 300. Accordingly, when the user is already a member or is registered as a member through the terminal 100 of the user, the membership / authentication unit 320 outputs an interface for inputting the user's membership account, And transmits the member account inputted through the interface to the designated transaction authentication system 200 through the data network to authenticate the user as a member.

The authentication procedure unit 325 authenticates the validity of the program 315 to the designated transaction authentication system 200 through at least one communication network among the data network and the telephone communication network to which the communication resource is connectable. According to an embodiment of the present invention, the process of authenticating the program 315 is a process of performing an encryption / decryption communication process agreed between the program 315 and the designated transaction authentication system 200, A detailed description of the decoding process will be omitted.

According to the first program authentication method of the present invention, the program 315 can be downloaded through the program providing server in a state in which a unique value for identifying the program operated by the designated transaction authentication system 200 is set. In this case, the authentication procedure unit 325 transmits the eigenvalue to the designated transaction authentication system 200 or a key exchange procedure based on the specified transaction authentication system 200 and the designated key exchange protocol based on the eigenvalue By doing so, it is possible to verify that the program 315 is a program operated by the designated transaction authentication system 200.

According to the second program authentication method of the present invention, the program 315 is downloaded through the program providing server, and then the token value (e.g., A device token assigned by the APNS, etc.) may be assigned. In this case, the authentication procedure unit 325 transmits the token value to the designated transaction authentication system 200 according to the designated path, thereby authenticating that the program 315 is a program operated by the designated transaction authentication system 200 .

According to the third program authentication method of the present invention, the program 315 constructs hash information by hashing at least one file corresponding to the program 315 according to a specified hash algorithm, System 200 to authenticate that the program 315 is a valid program operated by the designated transaction authentication system 200. [ Meanwhile, the authentication procedure unit 325 can construct the hash information by using the key value internally determined or exchanged with the designated transaction authentication system 200 in the process of constructing the hash information.

According to the fourth program authentication method of the present invention, the program 315 is downloaded through a program providing server in a state in which a certificate for performing a specified authentication procedure is loaded, or after being downloaded through a program providing server, Certificates can be loaded according to roaming procedures. In this case, the authentication procedure unit 325 may selectively use the key exchange protocol and the encryption / decryption rule, the at least one key value set in the certificate according to the authentication procedure defined in the certificate, It can be authenticated that the program is operated by the authentication system 200. The certificate may comprise at least one of a certificate of a specified transaction authorization system 200 or a certificate of a user using the program 315.

According to the fifth program authentication method of the present invention, when the authentication number transmitted from the transaction authentication system 200 designated through the message exchange protocol of the telephone network is received, the wireless terminal 300 inputs the received authentication number And transmits the program 315 to the designated transaction authentication system 200 through the data network, thereby authenticating that the program 315 is a program operated by the designated transaction authentication system 200.

According to the sixth program authentication method of the present invention, the authentication procedure unit 325 receives the program from the designated transaction authentication system 200 through an authentication method that selectively combines at least one of the first to fifth program authentication methods, It is possible to authenticate the validity of the authentication server 315, and thus the present invention is not limited thereto.

The authentication procedure unit 325 may control the memory unit 309 or the SE of the wireless terminal 300 at any time before, during, or after the process of performing the first to sixth program authentication schemes, Unique information stored in a security storage area of at least one of a Universal Subscriber Identify Module (USIM), an Integrated Circuit (IC) chip, and an embedded chip of an external memory (eg, SD memory) mounted on or detached from the terminal 300, Or transmits the unique information allocated by the communication company side resource to the designated transaction authentication system 200 in the process of connecting or holding the wireless terminal 300 to the designated communication network through the wireless network communication unit 307, 315 may be a program operated by the designated transaction authentication system 200 and at the same time that the program 315 is running in the wireless terminal 300.

The identification value registration unit 330 registers information stored in the reading area of the wireless terminal 300, information stored in the unique storage area of the wireless terminal 300, information recorded in the H / W configuration of the wireless terminal 300 A terminal identification value including at least one of information assigned / assigned in the network to which the wireless terminal 300 is connected, and / or a program authentication process or authentication performed through the first to sixth program authentication methods. As a result, it is possible to identify the terminal identification value including at least one of the information allocated to the program 315 and the information stored in the wireless terminal 300 by the program 315, And transmits it to the specified transaction authentication system 200 for registration.

Referring to FIG. 3, the program 315 of the wireless terminal 300 includes an information receiver 335 for receiving (n '+ m') pieces of information from the transaction authentication system 200 shown in FIG. 2 (N '+ m') pieces of information through the user input unit 303, an information display unit 340 displaying the received (n '+ m') pieces of information through the screen output unit 302, An input processing unit 345 for inputting t authentication information items, and a transmission procedure execution unit 350 for performing a procedure for transmitting the input t authentication information items to the transaction authentication system 200. [

When the transaction authentication system 200 transmits (n '+ m') pieces of information including at least one n 'pieces of information and m' pieces of information, the information receiving unit 335 acquires (n '+ m' m ') pieces of information, and the information display unit 340 displays the received (n' + m ') pieces of information through the screen output unit 302, And displays an interface for receiving t authentication information among the information from the user.

(N '+ m') pieces of information, when designation information designating t authentication information among the (n '+ m') pieces of information is received from the transaction authentication system 200, An interface for receiving the t pieces of authentication information corresponding to the designation information can be displayed. Or when the designation information is designated through the program 315, the information display unit 340 determines designation information corresponding to t authentication information out of the (n '+ m') pieces of information, It is possible to display the interface for receiving the authentication information of the authentication information. If the information to be used as t authentication information among the (n '+ m') pieces of information is designated, the information display unit 340 inputs the specified t pieces of authentication information among (n '+ m' You can display the interface to receive.

When the interface for receiving t authentication information out of the (n '+ m') pieces of information is displayed, the input processing unit 345 performs a procedure for receiving the t authentication information through the user input unit 303 And the transmission procedure performing unit 350 performs a procedure of transmitting the inputted t pieces of authentication information to the transaction authentication system 200.

The program 315 of the wireless terminal 300 may generate the one-off code through the program 315 of the wireless terminal 300 according to the first disposable code generation method of the present invention, An authentication result receiving unit (355) for receiving an authentication result obtained by authenticating the transaction information through the t authentication information from the authentication information receiving unit (200), a code generating unit (360) for dynamically generating a disposable code based on the authentication result, And a code output unit 370 for outputting the disposable code, and a code transmission unit 375 for transmitting the generated disposable code to the specified authentication server.

After the transmission procedure performing unit 350 transmits the input t authentication information to the transaction authentication system 200, the authentication result receiving unit 355 receives the t authentication information from the transaction authentication system 200, And receives the authentication result that the transaction information is authenticated through. The authentication result receiving unit 355 may receive a server side seed value to be used as a seed to generate a disposable code from the transaction authentication system 200. [ Meanwhile, the server side seed value may be received together with the (n '+ m') pieces of information, and thus the present invention is not limited thereto.

When the transaction information is authenticated through the t authentication information, the code generation unit 360 dynamically generates a disposable code as one of (Nn) pieces of transaction information input through the terminal 100 of the user. According to the method of the present invention, when the disposable code is generated through the program 315 of the wireless terminal 300 according to the first disposable code generation method, the memory unit 309 (or the memory of the USIM) A fixed seed value to be used for dynamically generating the disposable code is stored. The fixed seed value may include a value assigned from the transaction authentication system 200 or a value stored in the wireless terminal 300 (or USIM).

The code generation unit 360 includes the code generation algorithm, identifies the stored one or more fixed seed values, determines at least one dynamic seed value, and then transmits the fixed seed value and the dynamic seed value to the code generation algorithm To generate the one-off code of the specified code system dynamically. The dynamic seed value may be a time value confirmed through a timer of the wireless terminal 300 or a random number generated through a specified random number algorithm or at least one transaction information among the n transaction information and m transaction information (Or hash) value of the transaction information (or part of the transaction information) through a specified algorithm. A value corresponding to the transaction information (or a part of the transaction information) or a value processed through the specified algorithm may be received as the server side seed value.

The code output unit 370 outputs the one-time code dynamically generated through the code generation unit 360 through the screen output unit 302. And is input as one of (Nn) pieces of transaction information input through the output terminal 100 of the user. If the user terminal 100 and the wireless terminal 300 are identical, the code transmitting unit 375 transmits the identified one-time use code to the transaction authentication system 200 designated as one of (Nn) pieces of transaction information .

The program 315 of the wireless terminal 300 may generate the one-off code through the program 315 of the wireless terminal 300 according to the second one-off code generation method of the present invention, A code receiving unit 365 for receiving an authentication result obtained by authenticating the transaction information through the t authentication information and a one-time use code dynamically generated by the server side from the server 200, a code output unit 370 for outputting the received disposable code, And a code transmission unit 375 for transmitting the generated one-time code to the designated authentication server.

When the transaction information is authenticated through the t authentication information, the transaction authentication system 200 may determine whether the transaction information corresponding to the user's wireless terminal 300 (or program 315) Determining at least one dynamic seed value, and dynamically generating the one-time code of the designated code system using the fixed seed value and the dynamic seed value as a seed of the code generation algorithm. The dynamic seed value may be a time value confirmed through a timer on the server side or a random number value generated through a specified random number algorithm or a random number generated by a transaction information (or a part of transaction information) among at least one of the n pieces of transaction information and m pieces of transaction information A value corresponding to a corresponding value or a value obtained by processing (e.g., hashing) the transaction information (or a part of transaction information) through a specified algorithm. A value corresponding to the transaction information (or a part of the transaction information) or a value processed through the specified algorithm may be received as the server side seed value. According to an embodiment of the present invention, the transaction authentication system 200 can generate a disposable code in a random number format without a separate seed, and thus the present invention is not limited thereto.

The transaction authentication system 200 dynamically generates a disposable code to be displayed through the wireless terminal 300, transmits an authentication result obtained by authenticating the transaction information through the t authentication information and the generated disposable code, The code receiving unit 365 receives the authentication result obtained by authenticating the transaction information through the t authentication information from the transaction authentication system 200 and the one-time use code dynamically generated by the server side.

The code output unit 370 outputs the disposable code received from the transaction authentication system 200 through the code receiving unit 365 through the screen output unit 302. [ And is input as one of (Nn) pieces of transaction information input through the output terminal 100 of the user. If the user terminal 100 and the wireless terminal 300 are identical, the code transmitting unit 375 transmits the identified one-time use code to the transaction authentication system 200 designated as one of (Nn) pieces of transaction information .

4 is a diagram illustrating a process of transmitting and receiving n pieces of transaction information according to an embodiment of the present invention.

In more detail, FIG. 4 is a diagram illustrating transmission and reception of n pieces of transaction information including designated information among N pieces of transaction information to be input for non-face-to-face transactions, and m transactions through the ledger system 120 corresponding to the n pieces of transaction information (N ') including at least one of the n pieces of transaction information inputted or selected by the user himself or herself and the m pieces of transaction information searched through the ledger system 120 to the user's wireless terminal 300, + m ') pieces of information, and receiving and authenticating t pieces of authentication information from the user's wireless terminal 300. As a person skilled in the art to which the present invention pertains, Referring to and / or modified with reference to FIG. 4, it will be appreciated that various implementations of the transaction information transmission and reception process (for example, some steps may be omitted or the sequence may be changed) Said composed, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 4.

Referring to FIG. 4, the user terminal 100 performs a non-face authentication procedure for non-face-to-face transactions (400) and selects a transaction type from a user (405). The user terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type (410). When the transaction information is inputted through the interface, the user terminal 100 transmits n transaction information including the designated information among the n transaction information for the non-face-to-face transaction on the designated channel, i.e., the first channel (415). The process of transmitting and receiving the -n pieces of transaction information may be sequentially performed according to a sequence corresponding to a non-face-to-face transaction procedure, or may be batch-processed.

The transaction authentication system 200 receives n transaction information (420) through a designated path (first channel), and transmits m transaction information searched through the ledger system 120 corresponding to the n transaction information (425). If the m transaction information is confirmed, the transaction authentication system 200 determines m 'pieces of information among n pieces of transaction information and m pieces of transaction information among n pieces of transaction information (430) (n '+ m') pieces of information including at least one m 'pieces of information (435). The transaction authentication system 200 identifies the user's wireless terminal 300 corresponding to the second channel for transmitting the (n '+ m') pieces of information (440). The user's wireless terminal 300 can be identified based on information stored in a designated database or through information received from the terminal 100 of the user. If the user's wireless terminal 300 corresponding to the second channel to be transmitted is confirmed, the transaction authentication system 200 transmits the program (n '+ m (m)) to the program 315 provided in the user's wireless terminal 300 ') Information (445).

The user's wireless terminal 300 receives (n '+ m') pieces of information (n '+ m') through the second channel 450 and outputs the received n ' + m &apos;) pieces of authentication information (455).

When the designated authentication information among the (n '+ m') pieces of information is inputted through the interface, the program 315 included in the user's wireless terminal 300 confirms the inputted t pieces of authentication information (460 ) And transmits the identified t authentication information via the second channel (465).

The transaction authentication system 200 receives t authentication information on the second channel 470 and transmits n transactions corresponding to (n '+ m') pieces of information transmitted to the user's wireless terminal 300 The validity of the t authentication information is authenticated through information and / or m transaction information (475). If the validity authentication for the t authentication information fails or the information corresponding to the transaction report or transaction report is received from the user's wireless terminal 300 instead of the t authentication information, 200 generates an authentication error for the transaction information without transmitting the disposable code to the user's wireless terminal 300 and transmits the authentication error to the user's wireless terminal 300 in operation 480, 300 receives and outputs the authentication error (485). If the validity of the t authentication information is authenticated, control is performed such that a procedure of inputting or selecting (Nn) pieces of transaction information through the user's terminal 100 is performed (490).

5 is a diagram illustrating a process of dynamically generating a disposable code through a user's wireless terminal 300 and outputting the disposable code according to a first embodiment of the present invention.

In more detail, FIG. 5 dynamically generates a one-time use code through a program 315 provided in a user's wireless terminal 300 in conjunction with the transaction information authentication procedure shown in FIG. 4, A user may be a person skilled in the art to refer to and / or modify the FIG. 5 to perform various methods of generating and outputting the disposable code It is to be understood that the present invention is not limited to the above-described embodiments, but may be modified in various ways, all without departing from the spirit and scope of the present invention. .

Referring to FIG. 5, when the validity of the transaction information inputted or selected through the terminal 100 of the user through the t authentication information in the transaction authentication system 200 is authenticated, The program 315 of the wireless terminal 300 receives a request (approval) for generating a disposable code using the program 315 of the wireless terminal 300 from the transaction authentication system 200 via the second channel 500 ).

The program 315 of the wireless terminal 300 identifies one or more fixed seed values for dynamically generating the disposable code, determines at least one dynamic seed value (505), and then determines the fixed seed value and the dynamic seed value Is used as a seed of the designated code generation algorithm to generate the one-time code dynamically (510). If the one-time code is dynamically generated, the program 315 of the wireless terminal 300 displays the generated one-time code on the screen (515).

6 is a diagram illustrating a process of dynamically generating a disposable code at a server side according to a second embodiment of the present invention and outputting the generated disposable code through a wireless terminal 300 of a user.

In more detail, in FIG. 6, when the server 311 dynamically generates the one-time code in cooperation with the transaction information authentication procedure shown in FIG. 4 and provides the generated code to the program 315 provided in the user's wireless terminal 300, The program 315 of the terminal 300 receives the disposable code and displays the disposable code on the screen. It will be understood by those skilled in the art that reference is made to and / It will be appreciated that the various embodiments of the disposable code generation and output process (e.g., some steps may be omitted or the procedures may be changed) may be inferred, but the present invention includes all of the above- The technical features are not limited only by the implementation method shown in FIG.

Referring to FIG. 6, when the validity of the transaction information inputted or selected through the terminal 100 of the user through the t authentication information in the transaction authentication system 200 is authenticated, The transaction authentication system 200 identifies 600 the one or more fixed seed values corresponding to the user's wireless terminal 300 (or program 315) or corresponding to the user, and receives at least one dynamic seed value (E.g., a time value or a random number value) (605), and then uses the fixed seed value and the dynamic seed value as a seed of the designated code generation algorithm to dynamically generate the disposable code of the designated code system (610).

The transaction authentication system 200 transmits the generated disposable code to the program 315 included in the user's wireless terminal 300 through the second channel 615 and transmits the program 315 of the wireless terminal 300 Receives the disposable code on the second channel (620), and displays the received disposable code on the screen (625).

FIG. 7 is a diagram illustrating a process of transmitting and receiving (Nn) pieces of transaction information according to an embodiment of the present invention to process non-face-to-face transactions.

In more detail, FIG. 7 illustrates a process of authenticating n transaction information transmitted and received through the process shown in FIG. 4, and the process of FIG. 5 or FIG. 6 is performed through the user's wireless terminal 300 (Nn) pieces of transaction information including the disposable code displayed on the screen of the wireless terminal 300 to process the non-face-to-face transaction when the one-off code is outputted, Those skilled in the art will be able to refer to and / or modify the FIG. 7 to understand various methods of transmitting and receiving transaction information and processing non-face-to-face transactions (for example, The present invention is not limited to the embodiment shown in FIG. 7, Only not exclusively those technical features.

Referring to FIG. 7, the terminal 100 of the user accesses the wireless terminal 300 through the process shown in FIG. 5 or FIG. 6 among N pieces of transaction information for non- (Nn) pieces of transaction information including the disposable code displayed on the screen of FIG.

If (Nn) pieces of transaction information including the disposable code are inputted or selected, the user terminal 100 transmits (Nn) pieces of transaction information including the disposable code on the first channel (705) , The transaction authentication system 200 receives the (Nn) pieces of transaction information through the first channel (715). The process of transmitting and receiving the (Nn) pieces of transaction information may be sequentially performed in accordance with the order of the non-facing transaction procedure, or may be collectively processed.

The transaction authentication system 200 performs an authentication procedure corresponding to the disposable code among the (Nn) pieces of transaction information (715). If the validity of the disposable code is not authenticated, the transaction authentication system 200 transmits an authentication error for the disposable code to the user terminal 100 (720), and the user terminal 100 And receives and outputs the authentication error (725). Meanwhile, if the validity of the disposable code is authenticated, the transaction authentication system 200 transmits N pieces of transaction information (for example, n pieces of transaction information and the number of pieces of transaction information) received from the terminal 100 of the user based on the authentication result of the one- (Nn) pieces of transaction information) is performed (730). If the non-face-to-face transaction procedure is performed, the transaction authentication system 200 transmits the non-face-to-face transaction result to the user terminal 100 (735) Face transaction result, and outputs the result (740).

100: user's terminal 105: transaction server
110: code server 115: control server
200: transaction authentication system 205: transaction information receiving unit
210: transaction information confirmation unit 215: information selection unit
220: information transmission unit 225: authentication information reception unit
230: transaction information authentication unit 235: transaction information control unit
240: code generation unit 245: code preparation unit
250: Non-face-to-face transaction control unit 255: Code authentication processing unit
300: wireless terminal 315:

Claims (15)

A transaction using transaction information executed by a server communicating with a user terminal through a first channel including a designated path and communicating with a user's wireless terminal through a second channel different from the first channel, In the authentication method,
A first step of receiving n (1? N <N) pieces of transaction information that the user inputs or selects among N (N? 2) pieces of transaction information to be input for non-face-to-face transactions from a user terminal;
A second step of checking m (m? 1) pieces of transaction information searched through the ledger system corresponding to the n pieces of transaction information;
(N '+ m (n' + m) ') pieces of information of n' (1? N'? N) ') Information to the user's wireless terminal;
A fourth step of receiving t (1? T? (N '+ m')) pieces of authentication information inputted by the user through the user's wireless terminal among the (n '+ m') pieces of information;
A fifth step of authenticating the validity of the received t pieces of authentication information through the n pieces of transaction information or m pieces of transaction information; And
When validity of the t authentication information is authenticated, accepts generation or output of a disposable code through the wireless terminal of the user, and (Nn) pieces of transaction information including the disposable code output through the wireless terminal are transmitted to the user terminal And a sixth step of controlling the transaction information to be received and input through the mobile terminal.
The method according to claim 1,
A deposit bank, a deposit account number, and a deposit amount. The transaction authentication method using the transaction information and the mobile disposable code.
The system according to claim 1, wherein the ledger system corresponding to the n pieces of transaction information comprises:
And a banking system of the depositing bank. The transaction authentication method using the transaction information and the mobile disposable code.
The method according to claim 1,
And a name of a depositor of the deposit account. The transaction authentication method using the transaction information and the mobile disposable code.
The method of claim 1, wherein the n '
And n 'pieces of information among the individual transaction information included in the n pieces of transaction information or partial information of each individual piece of transaction information.
The method of claim 1, wherein the m '
And m 'pieces of information of each individual transaction information included in the m pieces of transaction information or partial information of each piece of individual transaction information.
2. The method according to claim 1,
Specifying t authentication information to be input by the user among the (n '+ m') pieces of information;
And transmitting the designation information designating the t authentication information to the wireless terminal of the user. The transaction authentication method using the transaction information and the mobile disposable code.
The method as claimed in claim 1,
If t authentication information out of the (n '+ m') pieces of information is designated through the wireless terminal of the user,
Further comprising receiving designation information specifying t authentication information out of the (n '+ m') pieces of information from the user's wireless terminal.
The method of claim 1,
Is dynamically generated through a program provided in the user's wireless terminal, or
Wherein the transaction information is generated by a server and provided as a program of the mobile terminal.
The method of claim 1,
A value corresponding to at least one of the n pieces of transaction information and m pieces of transaction information (or a part of the transaction information) or a value obtained by processing the transaction information (or a part of the transaction information) is dynamically generated And a transaction authentication method using mobile one-off codes.
The method according to claim 1,
Further comprising receiving (Nn) pieces of transaction information from the terminal of the user if the validity of the t authentication information is authenticated.
The method of claim 1,
Wherein the transaction information is used as an authentication value for using the user's authorized certificate at the user terminal.
The method as claimed in claim 1,
And controlling the procedure of using the user's authorized certificate to be performed when the validity of the one-time code is authenticated.
The method according to claim 1,
Further comprising the step of processing the disposable code included in the (Nn) pieces of transaction information to be authenticated when the (Nn) pieces of transaction information are received, using the transaction information and the mobile disposable code.
The method according to claim 1,
Further comprising the step of controlling to perform a process of processing the non-face-to-face transaction using the N pieces of transaction information received from the terminal of the user when the (Nn) pieces of transaction information are received And transaction authentication method using mobile one - time code.

Images