KR20150110875A - Total management system and certification for smart card - Google Patents

Abstract

The present invention relates to a system for authenticating and integrally managing a smart card capable of stably operating a smart card which comprises: the smart card to which a one-time retune value generated in meta applet is variably applied; a mobile terminal having check digit data for verification for providing general services of a card connected through a URL of a card benefit guide site; and a financial server for registering the smart card and registering information of a mobile terminal by verifying a hash value and MAC according to card information stored in a database.

Description

[0002] Smart card authentication and integrated management system [0003]

The present invention relates to a smart card authentication and integrated management system, and more particularly, to a smart card authentication and integrated management system that includes an intelligent applet for smart chip activation in a smart card, App is automatically recognized, and important information such as expiration date and CVC is encrypted to prevent leakage of personal information. In intelligent applet, dynamic authentication value generation and transaction counter are increased, And to a smart card authentication and integrated management system capable of blocking transactions.

Further, according to the present invention, smart card issuance, card registration and subscription, simple login, NDEF renewal, automatic login procedure are configured in connection with the operation of the mobile terminal registration and the financial server in issuing the card, The present invention relates to a smart card authentication and integrated management system.

In general, a smart card is an electronic card that can store a large amount of information by mounting an integrated circuit (IC) chip, and is used in various forms such as a credit card, a transportation card, and a medical insurance card.

NFC technology provides various types of services in connection with mobile terminals, but does not secure the use of smart cards and does not meet the needs of users.

In other words, in case of NFC dongle, NFC mobile phone and mobile electronic wallet, the lack of recognition of user, lack of infrastructure and delay of activation of mobile payment caused the ineffective use, and additionally, electronic wallet has limited card storage, coupon / However, the lack of awareness of users, limited cooperation of merchants and affiliates in distributing NFC tags, limited NFC Tag deployment cost and management effectiveness However, there was a problem in the process of generating and issuing NFC Tag, and especially, there was no solution for traffic card and RF collision. It is reality that there is.

Accordingly, the applicant intends to limit the present invention in order to provide a customized service, a one-touch app execution and login, instantaneous interaction, a service at a minimum cost, and a card issuance and use stability.

[Related Technical Literature]

1. Method for managing the authentication number of a smart card and a smart card, a smart card verification apparatus (a patent application No. 10-2010-0065409), a smart card verification apparatus,

2. A smart card identification application system for a sales management system (Patent Application No. 10-2011-0020154)

In order to solve the above problems, an intelligent applet is provided for smart chip activation in a smart card, and only a card number is automatically recognized and validated in an applet by generating a disposable session key when card information is interlocked with a mobile communication terminal The key information such as period and CVC is encrypted to prevent leakage of personal information. Intelligent Applet is a smart card that can block illegal transactions using transactional information through the creation of dynamic authentication value and increase transaction counter in the transaction Authentication and integrated management system.

In addition, smart card issuance, card registration and subscription, simple login, NDEF renewal, and automatic login procedure are configured in connection with the operation of the mobile terminal registration and the financial server in the issuance of the card, thereby ensuring the stable operation of the smart card Authentication and integrated management system.

However, the objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

According to an embodiment of the present invention, there is provided a smart card authentication and integrated management system including a smart card, a mobile terminal, a communication network, a financial server, and a database, , And a smart card authentication and integration management system that provides a series of operations of registering a mobile terminal for automatic login and automatic log-in. The system includes a microprocessor, memory, input / output protocol, Method, it is possible to perform bi-directional communication with mobile terminal through data exchange. The UID value issued by the login applet is returned as a fixed value and the one-time return value generated from the meta applet is issued through the login applet A smart card applied variably; And a check digit data capable of acquiring and verifying smart card information by executing a dedicated app for confirming and registering smart card information through short-range communication with the smart card, A mobile terminal capable of providing all services of the card accessed through the URL of the card benefit information site; And a financial server capable of registering a smart card and information of a mobile terminal through HASH value and MAC verification according to card information stored in the database, in cooperation with the mobile terminal through the communication network and providing card information through wireless communication. And a control unit.

At this time, the smart card authentication and integrated management system according to the present invention is characterized in that the smart card includes a microprocessor, a memory, an input / output (I / O) interface for issuing a smart card, registering and registering a card with a mobile terminal, Protocol, a card control unit for controlling the operation of an application program, a meta applet storing a NDEF Record value, a UID and a login applet storing a key value for issuing a card, A tag applet for generating login data, an issuer information field, a product code field, a card number field, a HASH (validity period) field , A CVC field, a URL field, a PID field, a UID field, a Random field, and a MAC field, A data storage unit for providing membership data and login data to the mobile terminal, including data for issuing a card and data for automatic execution of an APP; a NFC (Near Field Communicaton) A driver configured to activate a smart card through short-range communication with the mobile terminal by using any one of Bluetooth, infrared and infrared communication, and to update MAC creation and NDEF information for security in the smart card; A first verification unit for verifying the MAC information of the smart card generated through the driving unit in response to the control signal or for verifying a corresponding NDEF record value for a signal according to the NDEF update transmitted through the financial server, , An application with the mobile terminal activated through the driving unit according to the control signal of the card control unit Receiving an NDEF request signal of the mobile terminal for card registration / membership registration and simple log-in by a line, receiving a mobile terminal number for registration of a mobile terminal for automatic login, An OTP, a first receiving unit for receiving mobile terminal information, and a card issuer information field for registering / registering a card and a simple login to a mobile terminal performed through the driving unit in response to a control signal of the card control unit, And transmits the NDEF Data composed of the field, the card number field, the HSAH field, the URL field, the PID field, the UID field, the Random field and the MAC field, And a first transmitting unit for transmitting the mobile terminal information and the MAC information to the mobile terminal .

Further, in the smart card authentication and integrated management system according to the present invention, the data storage unit may include a issuer information field, a member company information field, a commodity code field, a basic data portion composed of a padding field, A HASH data part composed of CVC and padding information, an APP auto execution to a mobile terminal through a driving part, and an HASH data part composed of an input 3 parameter, an input 2 parameter, an expiration date and padding information, A financial server for providing card benefit information, and an automatic URL (Uniform Resource Locator) connection information. The internal basic information includes an APP data portion including a URL, a PID, and information automatically generated in the Meta applet. A UID field corresponding to the UID value issued by the Login Applet as a number, a meta applet A Random field consisting of Random information of the card necessary for MAC generation, and a MAC generated using UID, Counter, Random information and key value information set in the login applet according to card issuance, And an applet response data portion including a MAC field configured by a value of the MAC address field.

In the smart card authentication and integrated management system according to the present invention, the UID field is a fixed value that is returned to a UID value issued by a login applet, and the Random & MAC field is a return value generated in a Meta applet, and generates a disposable session key by combining smart card information and mobile terminal information in an applet.

The smart card authentication and integrated management system according to an embodiment of the present invention includes an intelligent applet for activating a smart chip in a smart card so that only the card number is automatically transmitted from the application through the card information and the one- And the validity period and the CVC number are inputted by the user, thereby providing the effect of preventing the leakage of the password and personal information per card.

In addition, the smart card authentication and integrated management system according to another embodiment of the present invention is a smart card authentication and integrated management system in which smart card issuance, card registration and member subscription, simple login, NDEF renewal, So that it is possible to secure the stable operation of the smart card.

In addition, the smart card authentication and integrated management system according to another embodiment of the present invention according to another embodiment of the present invention includes an applet in a smart card, as well as a student ID card, a government employee ID card, And can be applied to various industrial fields.

1 is a block diagram of a smart card authentication and integrated management system according to the present invention;
2 is a block diagram showing the internal structure of a smart card of the smart card authentication and integrated management system of FIG.
3 is a block diagram illustrating an internal configuration of a mobile terminal of the smart card authentication and integrated management system of FIG.
4 is a block diagram illustrating an internal configuration of a financial server of the smart card authentication and integrated management system of FIG.
5 is a flowchart illustrating a smart card authentication and integrated management method according to an embodiment of the present invention.
6 is a flowchart illustrating a card registration and membership registration procedure for smart card authentication and integrated management according to an embodiment of the present invention.
7 is a flowchart illustrating a simple log-in procedure between a smart card and a mobile terminal for smart card authentication and integrated management according to an embodiment of the present invention.
8 is a flowchart illustrating a mobile terminal registration procedure for automatic login for smart card authentication and integrated management according to an embodiment of the present invention.
9 is a flowchart illustrating an automatic login procedure for smart card authentication and integrated management according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a detailed description of preferred embodiments of the present invention will be given with reference to the accompanying drawings. In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In the present specification, when any one element 'transmits' data or signals to another element, the element can transmit the data or signal directly to the other element, and through at least one other element Data or signal can be transmitted to another component.

1 is a block diagram of a smart card authentication and integrated management system according to the present invention. The smart card authentication and integrated management system according to the present invention comprises a smart card 100, a mobile terminal 200, a communication network 300, a financial server 400 and a database 500, Authentication and management procedures of the smart card 100 are formed through a subscription, a simple login, an NDEF update, a mobile terminal registration for automatic login, and a series of operations of the financial server.

Detailed configuration and operation for smart card authentication and integrated management according to the present invention will be described. First, the smart card 100 The present invention relates to an interactive smart card capable of exchanging data with a mobile terminal through a short distance communication using a communication method of NFC, Bluetooth, and infrared communication by incorporating a microprocessor, memory, input / output protocol, The UID value issued by the login applet is returned as a fixed value, and the one-time return value generated by the meta applet is variably applied to the security applet (121), which is issued through the login applet (125) instead of being issued through the meta applet . ≪ / RTI >

The mobile terminal 200 executes a dedicated application for confirming and registering smart card information through short-distance communication with the smart card 100 to acquire card information and check digit data And the financial server 400 is provided to register the smart card 100 and provide all services of the card accessed via the URL of the card benefit information site through a browser, and the financial server 400 is connected to the mobile terminal 200 To provide card information through wireless communication, and to register the smart card and the information of the mobile terminal through HASH value and MAC verification according to the card information stored in the database.

Also, the communication network 300 may be a high-speed periodic communication network of a large communication network capable of a large-capacity, long-distance voice and data service, and may be a next generation wired and wireless network for providing Internet or high-speed multimedia service. When the communication network 300 is a mobile communication network, it may be a synchronous mobile communication network or an asynchronous mobile communication network. As an embodiment of the asynchronous mobile communication network, a WCDMA (Wideband Code Division Multiple Access) communication network is exemplified. In this case, although not shown in the drawing, the communication network 300 may include an RNC (Radio Network Controller). Meanwhile, although the WCDMA network is exemplified, it may be a next generation communication network such as a 3G LTE network or a 4G network, or an IP network based on other IP. The communication network 300 interworks with the mobile terminal 200 and the financial server 400 to transmit signals and data between the systems for authentication and integrated management of the smart card 100.

Meanwhile, the database 500 of the present invention stores general reference data for smart card authentication and integrated management, provides necessary data according to requests of the mobile terminal 200 and the financial server 400, . Also, in this specification, the database 500 may mean functional and structural combination of software and hardware that stores information corresponding to each database. The database 100 may be implemented as at least one table, and may further include a separate DBMS (Database Management System) for searching, storing, and managing information stored in the database. Also, it can be implemented in various ways such as a linked-list, a tree, and a relational database, and includes all data storage media and data structures capable of storing information corresponding to a database.

FIG. 2 is a block diagram showing the internal structure of the smart card 100 of the smart card authentication and integrated management system of FIG. 1 and includes a card control unit 110, a tag applet 120, a data storage unit 130, A driving unit 140, a first transmitting unit 150, a first verifying unit 160, and a first receiving unit 170.

1 and 2, the card control unit 110 may be configured to issue a smart card 100, register a card with a mobile terminal, Memory, input / output protocol, and application program for easy login, NDEF update and automatic login in conjunction with the financial server, and the tag applet 120 controls the operation of the meta applet storing the NDEF Record value, And a login applet 122 storing a key value according to a UID and a card issuance according to a control signal of the card controller 110. The smart card 100 ), Generates encrypted mobile terminal information, and generates login data to be transmitted to the mobile terminal.

On the other hand, the Meta Applet automatically executes the URL information or the designated App stored in the Android OS without installing and executing a separate APP.

The card information of the present invention can be used for payment of a delinquent amount, prepayment, lump-sum conversion, application of a cash service, application of a credit card, inquiry / change of revolving, use / change of use, registration of a cash card, change of a payment account, , And finding information on ID cards.

The data storage unit 130 is formed of general data of the smart card 100 for membership and log in to the mobile terminal 200 in response to a control signal of the card controller 11, A HASH data portion 133, an APP data portion 135, and an applet response data portion 137. [

The basic data unit 131 includes a issuer information field, a member company information field, a product code field, and a padding field according to the issuance of the smart card 100, and the HASH data unit 133 includes three As the result of HASH, input 1 parameter consists of card number, input 2 parameter is valid period and padding information, and input 3 parameter consists of CVC and padding information.

The APP data unit 135 is connected to a financial server 400 that provides APP auto-execution and card benefit information to the mobile terminal 200 through a driving unit 140 described below, and an automatic URL (Uniform Resource Locator) connection Information, and the internal basic information is composed of a URL and a PID.

The applet response data unit 137 includes information such as a UID field, a counter field, a random field, and a MAC field, which are automatically generated in the Meta applet 121. The UID field is a unique card number of the smart card 100, The Random field corresponds to a UID value issued by the Applet 125 and the Counter field is configured to be incremented in response to the meta applet 121 in order to enhance the security of the smart card 100. The Random field includes a random number , And the MAC field includes a MAC value generated by using UID, Counter, and Random information and key value information set in the login applet 125 according to card issuance.

It is possible to provide a stable transaction through the procedure of verifying whether or not the counter value matches the couter value of the server when a transaction is attempted by hacking in accordance with the increase value of the meta applet of the counter field.

The record data is composed of the issuer information field, the product code field, the card number field, the HASH (valid period) field, the CVC field, the URL field, and the PID field. , The card response data is composed of an issuer information field, a product code field, a card number field, a HASH (valid period) field, a CVC field, a URL field, a PID field, a UID field, a Random field and a MAC field. Is a fixed value returned to the UID value issued by the login applet 125, and the Random & MAC field is a return value generated by the Meta applet 121, and is configured to be one-time.

That is, the meta applet 121 is configured to generate a disposable session key by combining the smart card information and the mobile terminal information.

The driving unit 140 may perform near field communication with the mobile terminal 200 using one of NFC (Near Field Communication), Bluetooth, and infrared communication in accordance with a control signal of the card controller 110 So that the smart card 100 is activated and the MAC generation and NDEF information are updated for security in the smart card 100. [

The first verifying unit 150 verifies the MAC information of the smart card 100 generated through the driving unit 140 in response to the control signal of the card control unit 110 or transmits the MAC information of the smart card 100 through the financial server 400 The NDEF record value is verified for the signal according to the updated NDEF and stored in the Meta applet.

The first receiving unit 160 receives a control signal from the card control unit 110 and registers the card with the mobile terminal 200 activated through the driving unit 140. The first receiving unit 160 registers the card with the mobile terminal 200, Receives an NDEF request signal of the terminal 200, receives a mobile terminal number for registration of the mobile terminal 200 for automatic login, receives a login data generation request, OTP, and mobile terminal information of the mobile terminal for automatic login do.

The first transmitting unit 170 transmits NDEF data to the mobile terminal 200 performed through the driving unit 140 in response to the control signal of the card control unit 110 for card registration / Or to transmit UID, encrypted mobile terminal information and MAC information to the mobile terminal 200 in accordance with receiving the mobile terminal number for registration of the mobile terminal 200 for automatic login.

The NDEF data includes a card issuer information field, a product code field, a card number field, an HSAH field, a URL field, a PID field, a UID field, a random field, and a MAC field.

FIG. 3 is a block diagram illustrating an internal configuration of a mobile terminal of the smart card authentication and integrated management system of FIG. 1 and includes a terminal control unit 210, an execution unit 220, an extraction unit 230, an input unit 240, A display unit 250, a second transmitting unit 260, a second verifying unit 270, a setting unit 280, a second receiving unit 290, and a selecting unit.

1 to 3, the terminal control unit 210 controls the smart card 100 to perform close-range communication according to the execution information of the driven application. It is possible to control the card registration of the smart card 100, membership registration, simple login, registration of the mobile terminal 100 for automatic login, NDEF request to the smart card 100 for the automatic login operation, The server 400 controls the transmission of the card number and the HASH value received from the smart card 100, the information of the encrypted mobile terminal 200, and the MAC information received from the smart card 100, And controls various operations of the mobile terminal 200 to activate the functions of the terminal 200.

The execution unit 220 may operate an APP for card registration and member registration through a short distance communication with the driving unit 140 of the smart card 100 according to a control signal of the terminal control unit 210, Activates the OTP function in the mobile terminal 200 for the log-in procedure of the card 100.

The extraction unit 230 receives the control signal from the smart card 100 received through the second receiving unit 290 to register / join the smart card 100 in response to the control signal of the terminal control unit 210. [ Or transmits it to the smart card 100 in order to compare the card number and the HASH value generated and transmitted by the financial server 400 after the member registration for the simple log-in procedure in association with the financial server 400 (Validity period, CVC) is extracted.

The input unit 240 may include an input unit coupled with a touch pad so that the user of the smart card 100 can access the APP through the execution unit 220 according to the control signal of the terminal control unit 210. [ A card registration password, and user information, and the display unit 250 displays various information and an operation state and a result of the mobile terminal 200, and is coupled with the touch pad so that the display unit and the input unit can be used And executes a dedicated application that can confirm the card information through the short distance communication with the smart card 100 to acquire and display the card information and access the card benefit information site through the URL of the card benefit information site through the browser The web page of the accessed card benefit information site is displayed on the screen. In the present invention, the effective period of the smart card 100, the CVD value, So that the information is displayed.

The second transmission unit 260 operates according to a control signal of the terminal control unit 210 and transmits NDEF information to the smart card 100 for card registration / subscription, simple log-in, or NDEF update of the smart card 100 The mobile terminal 200 transmits the mobile terminal information to the smart card 100 for registration of the mobile terminal 200 for automatic login or transmits the login data generation request information requested by the financial server 400 for automatic login to the smart card 100 Or transmits the card number and the HASH value of the smart card 100 to the financial server 400 for card registration / membership registration or transmits the card number / member registration The HASH value is compared with the HASH value generated in the financial server 400 or the HASH value is compared with the HASH value generated in the financial server 400 by using the UID received in the smart card 100 for registration of the mobile terminal 200 for automatic login, Mobile Terminal number and MAC information to the financial server 400 or transmits the received UID, login data and MAC information to the financial server 400 for automatic login of the smart card 100, It is configured to check whether or not the automatic login is registered according to the random digit value request to the financial server 400. [

The second verification unit 270 operates in accordance with the control signal of the terminal control unit 210 to access the UID field, the Random field, and the MAC field information of the NDEF data for easy log-in of the smart card 100, APP) and the Applet and the setting unit 280 controls the second verification unit 270 to perform self-verification between the APP and the Applet according to the control signal of the terminal control unit 210 The check digit data is set to the value of the UID field, the random field, and the MAC field for easy log-in of the smart card 100, and is verified.

The second receiving unit 290 receives the NDEF data and the application for card registration / membership through the first transmitting unit 170 of the smart card 100 according to a control signal of the terminal control unit 210 And receives the NDEF data for the simple log-in of the smart card 100 after card registration / membership, or receives the NDEF data for the simple log-in of the smart card 100 after the card registration / Or the card number of the smart card 100 transmitted to the financial server 400 or the HASH value of the smart card 100 transmitted to the financial server 400 The UID, the encrypted mobile terminal number, and the MAC information received by the smart card 100 for registration of the mobile terminal 200 for automatic login to the financial server 200, Lt; RTI ID = 0.0 > MAC < / RTI & And receives the OTP activation command as a result of the information registration of the mobile terminal 200 or transmits the received UID, login data and MAC information to the financial server 400 for automatic login of the smart card 100, As a result of the verification, the OTP verification result is configured to be received.

4 is a block diagram illustrating an internal configuration of a financial server 400 of the smart card authentication and integrated management system of FIG. 1 and includes a server control unit 410, a generation unit 420, a third reception unit 430, A third verification unit 440, a registration unit 450, an authentication unit 460, and a third transmission unit 470.

1 through 4, the server control unit 410 may interwork with the mobile terminal 200 through the communication network 300 to transmit the smart card 400, The authentication process of the smart card 100 and the mobile terminal 200 by decrypting the login data of the mobile terminal 200 or by checking the HASH value and MAC verification for card registration / And controls various operations of the financial server 400.

The generation unit 420 generates the HASH value extracted from the mobile terminal 200 for card registration / membership of the smart card 100 according to a control signal of the server control unit 410, HASH value, MAC generation for verification for the NDEF updata of the smart card 100, or encrypted mobile terminal 200 information received via the third receiver 430 for automatic login, MAC transmission information And generates a Derived Key for the MAC verification procedure through the third verification unit.

The third receiving unit 430 receives a control signal of the smart card 100 from the mobile terminal 200 in accordance with a control signal of the server control unit 410, The mobile terminal 200 receives data necessary for log-in, compares the HASH value generated by the extracting unit 230 of the mobile terminal 200 with the received data, The mobile terminal 200 receives the UID, the encrypted mobile terminal information and the MAC information transmitted from the smart card 100 through the second transmission unit 260 of the mobile terminal 200 or transmits the UID, Login Data, MAC information, and OTP generation information through the second transmission unit 260 of the mobile terminal 200.

The third verifying unit 440 may compare the HASH value generated in the generating unit 420 and the extracting unit 230 of the mobile terminal 200 in order to register or join the card according to the control signal of the server control unit 410. [ Card number and HASH value transmitted from the first transmitting unit 170 of the smart card 100 for the second login or the second authentication to verify the HASH value extracted and transmitted from the smart card 100, The third receiver unit 430 determines whether the user is authentic through the HASH value and the MAC verification for the UID / Random / MAC information that is verified and transmitted in step 270, (MAC) information based on the Derived Key generated by the generation unit 420 with respect to the encrypted mobile terminal information and the MAC transmission information that is received through the third receiving unit 430, 200) in the second transmission unit 260 The UID, the login data, the MAC, and the OTP generation information, and decrypts the login data to verify the Random verification and the OTP.

The registration unit 450 operates in accordance with the control signal of the server control unit 410 and transmits the encrypted data received from the third receiving unit through the third verification unit 440 for automatic log- And registers the information of the mobile terminal 200 according to the MAC information that has been verified based on the Derived Key generated by the generator 420 with respect to the mobile terminal information and the MAC transmission information.

The third transmitting unit 460 operates according to the control signal of the server control unit 410 and determines the authenticity of the MAC information registered in the registration unit 450 through the third verifying unit 440, Or transmits the verification result according to the NDEF update of the simple log-in to the mobile terminal 200 through the third verification unit 440 or transmits the verification result to the mobile terminal 200 via the third verification unit 440 The mobile terminal 200 transmits the result of the MAC information that has been verified based on the Derived Key generated by the generation unit 420 to the encrypted mobile terminal information and MAC transmission information that is automatically logged in or the registration unit 450 The OTP activation command to the mobile terminal 200 in accordance with the information registration of the mobile terminal 200 verified through the third receiver 430 or the UID login, MAC, OTP And outputs the generated information to the third verification unit 440 To decrypt the Random verify the login data, and is configured to transmit the OTP OTP verified result to the mobile terminal 200.

FIG. 5 is a flowchart illustrating a smart card authentication and integrated management method according to an embodiment of the present invention. Referring to FIGS. 1 to 5, The mobile terminal 200 moves to the download page when the smart card application APP is not installed and transmits the tagging signal via the APP of the smart card 100 to the mobile terminal 200 (S20)

The smart card 100 requests card information such as a card number and an expiration date to the mobile terminal 200 through the first transmission unit 170 in step S30. The mobile terminal 200 inquires of the card information of the smart card 100 to generate the authentication information at step S40 and requests the financial server 400 to transmit the authentication information to the financial server 400 via the communication network 300. [ The financial server 400 transmits the card information authentication request information such as the card number and the validity period to the database 500 in step S60 according to the login request information of the card 500, The financial server 400 checks the card information such as the card number and the expiration date in the information authentication request, extracts the data according to the authentication (S70), and transmits a response signal to the card information authentication to the financial server 400 Using the mobile terminal information according to the card information authentication response signal Determine whether the login authentication (S80), and sends the authentication signal to the mobile terminal (200). (S90)

FIG. 6 is a flowchart illustrating a card registration and membership registration procedure for smart card authentication and integrated management according to an embodiment of the present invention. When an application of the mobile terminal 200 according to the issuance of the smart card 100 is activated Referring to FIGS. 1 to 6, when the smart card 100 driver 140 transmits the tagging signal via the short-range communication to the mobile terminal 200 (refer to step S100) The mobile terminal 200 transmits an NDEF request signal to the Meta applet 121 of the mobile terminal 200 through the second transmitter 260 in step S110, The login applet 125 generates MAC by using the UID, Counter, Random information and the key information set in the card information, and generates UID, MAC Information to the Meta applet 121. (Step 130: article)

Then, NDEF data including the transmitted UID and MAC information is configured to transmit the corresponding NDEF data to the mobile terminal 200 through the first transmission unit 170 (refer to step S140)

The extracting unit 230 of the mobile terminal 200 extracts the NDEF data according to the control signal of the terminal control unit 210 and transmits the NDEF data to the smart card 100 through a dedicated application (APP) (step S145)

The executed app app is displayed on the display unit 250 and a membership registration / card registration request signal is transmitted to the first receiving unit 160 of the mobile terminal 100 through the second transmitting unit 260 (Refer to step S150), transmits the card number display information, and displays the result of the request information on the display unit 250 (refer to step S160)

When the valid period and the CVC value of the smart card 100 are input by the user of the smart card 100 in step S170, the information is transmitted to the financial server 200 via the second transmission unit 260 through the communication network 300, (400) and executes a card registration request (refer to step S180)

The third verification unit 440 of the financial server 400 verifies the HASH value in accordance with the card registration request signal of the mobile terminal 200. If there is no abnormality, the card verification / registration procedure is executed (refer to step S185) And transmits the executed result to the mobile terminal 200 through the third transmission unit S460, thereby completing the card registration and membership process.

7 is a flowchart illustrating a simple log-in procedure between a smart card and a mobile terminal for smart card authentication and integrated management according to an embodiment of the present invention. When the smart card 100 is activated according to the application of the mobile terminal 200, 1 to 7, when the tagging signal through the short distance communication of the smart card 100 driving unit 140 is transmitted to the mobile terminal 200 (refer to step 2100) The Meta applet 121 transmits an NDEF request signal to the Meta applet 121 of the mobile terminal 200 through the second transmission unit 260 in step S210, The login applet 125 generates a MAC by using UID, Counter, Random information and key information set in the card information, and transmits the UID and MAC information to the login applet 125 To the Meta applet 121 (S230) Reference)

Then, NDEF data including the transmitted UID and MAC information is configured, and the corresponding NDEF data is transmitted to the mobile terminal 200 through the first transmission unit 170 (refer to step S240)

The extracting unit 230 of the mobile terminal 200 extracts the NDEF data according to the control signal of the terminal control unit 210 and transmits the NDEF data through the execution unit 220 to the smart card 100, ) (Step S245)

The app is displayed on the display unit 250 according to the execution of the APP and is displayed on the first receiving unit 160 of the smart card 100 through the second transmitting unit 260, When the password of the smart card 100 is input by the user of the smart card 100 (refer to step S250), a password input signal for login is transmitted and the result of the request information is displayed on the display unit 250. [

The second verification unit 270 operates in accordance with the control signal of the terminal control unit 210 to access the UID field, the Random field, and the MAC field information of the NDEF data for easy log-in of the smart card 100, APP) and APPLET,

The setting unit 280 sets Check Digit data in the values of the UID field, the Random field, and the MAC field for the simple log-in of the smart card 100 so that the UID field of the NDEF data, Field and the MAC field of the smart card 100 is verified between the APP and the Applet 121 in step S260 and the card number and HASH value of the smart card 100 are transmitted through the second transmission unit 260 To the financial server 400 (step S270)

The third verification unit 440 of the financial server 400 determines the card number of the smart card transmitted through the third reception unit 430, the HASH value for the HASH value, the authenticity of the user through the MAC verification (S280 , The mobile terminal 200 proceeds with the verification process of the password transmitted by the user of the smart card 100 and the verification of the mobile terminal 200 (refer to step S285)

If there is no abnormality, the simple login procedure is completed by transmitting the simple login result to the mobile terminal 200 through the third transmission unit S460 (refer to step S290)

FIG. 8 is a flowchart illustrating a mobile terminal registration procedure for automatic login for smart card authentication and integrated management according to an embodiment of the present invention. After the smart card 100 is simply logged in, 1 to 8, the mobile terminal 200 receives the tagging signal via the short distance communication of the smart card 100 driving unit 140, The mobile terminal 200 executes the APP (refer to step S300), and the mobile terminal 200 transmits the first login information of the smart card 100 through the second transmission unit 260 to register the automatic login terminal information The ID / PW input signal requested by the user of the smart card 100 is transmitted to the first transmission unit 170 of the smart card 100, The input to the mobile terminal 200 is confirmed (Refer to step S320)

Thereafter, the mobile terminal 200 performs automatic login terminal use registration through the execution unit 220 (refer to step S325), displays the execution information on the display unit 250, and transmits the execution information via the second transmission unit 260 And transmits the mobile terminal information to the smart card 100 (refer to step S330)

The first verification unit 150 of the smart card 100 encrypts the transmitted mobile terminal information and generates a MAC through the login applet 125 in step S340, And transmits the encrypted terminal information and MAC information to the terminal 200 (step S345)

The mobile terminal 200 transmits the encrypted terminal information and the MAC information transmitted to the smart card 100 to the financial server 400 through the second transmission unit 260 The generation unit 420 generates MAC information based on the encrypted mobile terminal information and the MAC transmission information transmitted for the mobile terminal registration based on the Derived Key and transmits the MAC information through the third verification unit 440, (Refer to step S360)

Thereafter, when the OTP activation request signal is transmitted to the mobile terminal 200 through the third transmission unit 460 of the financial server 400 (refer to step S370), the mobile terminal 200 executes the OTP activation request signal The mobile terminal 200 activates OTP and completes the mobile registration procedure (step S380)

FIG. 9 is a flowchart illustrating an automatic login procedure for smart card authentication and integrated management according to an embodiment of the present invention. Referring to FIG. 9, after the registration process of the smart card 100 of FIG. 8, The mobile terminal 200 receives the tagging signal via the short distance communication of the smart card 100 driving unit 140 and the mobile terminal 200 transmits the tagging signal via the automatic login To execute the procedure, the corresponding APP (APP) is executed and it is confirmed whether or not the automatic login is registered (refer to step S400)

When a random digit value request signal is transmitted to the financial server 400 through the second transmission unit 260 of the mobile terminal 200 to verify the login data at the time of automatic login (refer to step S410), the generation of the financial server 400 The controller 420 generates random data for verifying the login data and stores the corresponding time information through the register 450 in step S420 and then transmits the random data to the mobile terminal 200 through the third transmitter 460 A return value for the random data is transmitted (refer to step S425)

Then, the execution unit 220 of the mobile terminal 200 generates an OTP in the mobile (refer to step S430), and transmits login data request information and OTP, terminal information, and return value for automatic login to the smart card 100 (Refer to step S440)

The first verification unit 150 of the smart card 100 encrypts the mobile terminal information with respect to the login data request information, the OTP, the terminal information, and the return value for the automatic login, and generates the MAC through the login applet 125 (Refer to step S450), and transmits login data and MAC information to the mobile terminal 200 through the first transmission unit 170 (refer to step S445)

At this time, the login data includes Random, OTP, mobile terminal information, and Derived key information.

The mobile terminal 200 transmits the login data and MAC information transmitted to the smart card 100 to the financial server 400 through the second transmission unit 260 (420) generates a Derived Key for the login data and MAC transmission information transmitted for automatic login and decrypts the login data (refer to step S470). The third verification unit (440) And the OTP of the mobile terminal (see step 480)

Then, the automatic login procedure is completed by transmitting the login result to the mobile terminal 200 through the third transmission unit 460 of the financial server 400 (refer to step S490)

As described above, preferred embodiments of the present invention have been disclosed in the present specification and drawings, and although specific terms have been used, they have been used only in a general sense to easily describe the technical contents of the present invention and to facilitate understanding of the invention , And are not intended to limit the scope of the present invention. It is to be understood by those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.

100: Smart card
110: card control unit 120: tag applet
121: Meta applet 125: Login applet
130: Data storage unit 131: Basic data unit
133: HASH data part 135: APP data part
137: Applet response data part 140:
150: first verification unit 160: first reception unit
170: first transmission unit 200: mobile terminal
210: terminal control unit 220:
230 extracting unit 240 inputting unit
250: display unit 260: second transmission unit
270: second verification unit 280: setting unit
290: second receiving unit 300:
400: Financial Server 410: Server Control
420: Generation unit 430: Third reception unit
440: Third verification section 450: Registration section
460: Third Transmission Unit 500: Database

Claims (5)

A smart card 100, a mobile terminal 200, a communication network 300, a financial server 400 and a database 500, and is provided with a mobile terminal for smart card issuance, card registration and member registration, A smart card authentication and integration management system for providing a series of operations of registration, automatic login,
Built-in microprocessor, memory, input / output protocol, application program, it is possible to exchange data through mobile communication with mobile terminal using NFC, Bluetooth, infrared communication method, and issued via login applet (125) A UID value issued from a login applet is returned to a fixed value, and a one-time return value generated in a meta applet is variably applied;
The smart card 100 is provided with check digit data capable of acquiring and verifying smart card information by executing a dedicated app for confirming and registering smart card information through short-distance communication with the smart card 100, A mobile terminal 200 capable of providing all the services of the card accessed through the URL of the card benefit information site through the registration and browser of the card benefit information site; And
The card information is provided through the wireless communication in cooperation with the mobile terminal 200 through the communication network 300 and the registration of the smart card and the information of the mobile terminal are registered through HASH value and MAC verification according to the card information stored in the database And a financial server (400) capable of managing the smart card.
The method according to claim 1,
The smart card (100)
A card controller 110 for controlling operations of a microprocessor, a memory, an input / output protocol, and an application program for issuing a smart card 100, registering and registering a card with a mobile terminal,
A meta applet 121 storing an NDEF Record value, a login applet 122 storing a UID and a key value for issuing a card, and issuing a card according to a control signal of the card controller 110 A tag applet 120 for generating a MAC for the smart card 100, generating encrypted mobile terminal information, and login data for member registration and log-in,
A card number field, a HASH (valid period) field, a CVC field, a URL field, a PID field, a UID field, a random field, and a MAC field, and outputs a control signal to the card control section 11 A data storage unit 130 for providing membership data and login data to the mobile terminal 200 including information on the issuance of the response and data for automatic execution of the APP,
The smart card 100 may be connected to the mobile terminal 200 through short-range communication using one of NFC (Near Field Communication), Bluetooth, and infrared communication in accordance with the control signal of the card controller 110 A driving unit 140 configured to activate the MAC card and update NDEF information for security in the smart card 100,
In response to the control signal from the card controller 110, the MAC information of the smart card 100 generated through the driving unit 140 is verified or the signal corresponding to the NDEF update signal transmitted through the financial server 400 A first verification unit 150 for verifying the NDEF record value and storing it in a Meta applet,
An NDEF request signal of the mobile terminal 200 for registering / joining a card or a simple login by executing an application with the mobile terminal 200 activated through the driving unit 140 according to a control signal of the card control unit 110 A first receiving unit 160 for receiving a mobile terminal number for receiving or registering the mobile terminal 200 for automatic login or receiving a login data creation request, OTP, and mobile terminal information of the mobile terminal for automatic login, and
A card issuer information field, a commodity code field, a card number field, and a card number field for card registration / membership registration and simple log-in to the mobile terminal 200 performed through the driving unit 140 in response to the control signal of the card control unit 110, The mobile terminal 200 transmits the NDEF Data composed of the HSAH field, the URL field, the PID field, the UID field, the Random field, and the MAC field, And a first transmission unit (170) for transmitting the MAC information to the mobile terminal (200).
The method according to claim 1,
The mobile terminal 200
Registration of the smart card 100 with respect to the smart card 100, registration of the smart card 100, membership registration, simple log-in, registration of the mobile terminal 100 for automatic log-in, And transmits the card number and HASH value received from the smart card 100 to the financial server 400, the information of the encrypted mobile terminal 200, and the MAC information to the financial server 400 A terminal control unit 210 for controlling various operations of the mobile terminal 200 in order to activate the function of the mobile terminal 200 through login and OTP generation of the smart card 100 by controlling transmission,
The APP may be operated in a short distance communication with the driver 140 of the smart card 100 according to the control signal of the terminal control unit 210 to register the card or join the application, An execution unit 220 for activating the OTP function in the mobile terminal 200 for the purpose of activating the OTP function,
In response to the control signal from the terminal control unit 210, NDEF data of the smart card 100 is extracted for card registration / membership of the smart card 100, or in connection with the financial server 400, An extracting unit 230 for extracting a HASH value transmitted to the smart card 100 to compare the card number and the HASH value generated and transmitted by the financial server 400 after the member registration,
A card registration password, a user ID, a password, and the like, on the application (APP) driven through the execution unit 220 according to the control signal of the terminal control unit 210. [ An input unit 240 configured to input information,
Operates according to a control signal of the terminal control unit 210 and requests NDEF information to the smart card 100 for card registration / membership registration and simple log-in of the smart card 100, or registers the mobile terminal for automatic login The smart card 100 may be requested to transmit the login data to the smart card 100 or to request the login data generation request from the financial server 400 for automatic login to the smart card 100, 100 to the financial server 400 or compares the HASH value extracted after card number / member registration with the HASH value generated in the financial server to the extraction unit 220 for the simple login procedure And transmits the UID, the encrypted mobile terminal number, and the MAC information received in the smart card 100 to the financial server for registration of the mobile terminal 200 for automatic login, The UID, the login data, and the MAC information received for the automatic log-in of the card 100 to the financial server 400 or to the financial server 400 in order to verify the login data at the time of automatic login, A second transmitting unit 260 for confirming whether or not to register the login,
The UID field, the Random field, and the MAC field of the NDEF data for the simple login of the smart card 100 in accordance with the control signal of the terminal control unit 210, A second verification unit 270 for proceeding with the second verification process,
In response to the control signal from the terminal control unit 210, the second verification unit 270 may provide a UID field, a Random field, a MAC (Medium Access Control) field for easy login of the smart card 100 for self verification between the APP and the Applet A setting unit 280 for setting Check Digit data in a field value, and
In accordance with the control signal of the terminal control unit 210, the NDEF data, the valid period of the smart card 100 according to the application activation, Card of the smart card 100 transmitted to the financial server 400 for card registration / membership, or receives the NDEF data for the simple log-in of the smart card 100 after registering / HASH value and MAC verification information verified by the financial server 400 for the HASH value extracted after card number / member registration in the extracting unit 220 for the simple login procedure, And transmits the UID, the encrypted mobile terminal number, and the MAC information received by the smart card 100 to the financial server 400 for registration of the mobile terminal 200 for automatic login, In the mobile terminal 200 information registration As a result of the RTP verification, the OTP activation command is received or the UID, login data, and MAC information received for automatic login of the smart card 100 are transmitted to the financial server 400. As a result, And a reception unit (290).
The method according to claim 1,
The financial server (400)
A HASH value and a MAC verification for card registration / member registration, a simple login, an automatic login of the smart card 100, or a login verification of the login data of the mobile terminal 200 by interlocking with the mobile terminal 200 through the communication network 300 A server control unit 410 for controlling various operations of the financial server 400 for the authentication procedure of the smart card 100 and the mobile terminal 200,
Generates a self HASH value for verification of the HASH value extracted from the mobile terminal 200 for card registration / membership of the smart card 100 according to the control signal of the server control unit 410, 100) for generating the MAC key for verification for the NDEF updata of the mobile terminal 200, the encrypted mobile terminal 200 information received through the third receiver 430 for automatic login, and a generating unit 420),
The mobile terminal 200 receives data necessary for card registration / membership, simple login, mobile terminal registration for automatic login, and automatic login of the smart card 100 from the mobile terminal 200 according to a control signal of the server control unit 410, The mobile terminal 200 receives the corresponding data to compare the HASH value generated by the extracting unit 230 of the mobile terminal 200 or transmits the UID transmitted from the smart card 100 for the mobile terminal registration for automatic login, The UID, the login data, the MAC information, and the OTP generation information transmitted from the smart card 100 for automatic login to the mobile terminal 200 through the second transmission unit 260 of the mobile terminal 200, (200), a third receiving unit 430,
The HASH value generated in the generating unit 420 and the HASH value extracted and transmitted from the extracting unit 230 of the mobile terminal 200 may be verified according to the control signal of the server control unit 410 Card number and HASH value transmitted from the first transmission unit 170 of the smart card 100 for easy log-in of the smart card 100 to the UID / The HASH value for the Random / MAC information, the authenticity of the user through the MAC verification, or the encrypted mobile terminal information and the MAC transmission information received from the third receiver 430 for registering the mobile terminal for automatic login The UID transmitted from the second transmitting unit 260 of the mobile terminal 200 received through the third receiving unit 430 for automatic login, , Login data, MAC, and OTP generation information Register third verification unit 440 decodes the data which validate the Random verification, OTP,
And transmits the encrypted mobile terminal information and MAC transmission information received from the third receiver for automatic login through the third verifying unit 440 in order to automatically log in the smart card 100. [ A registration unit 450 for registering the mobile terminal 200 information according to the verified MAC information based on the Derived Key generated by the generation unit 420,
The server 300 operates according to the control signal of the server control unit 410 and determines the authenticity of the MAC information registered in the registration unit 450 through the third verification unit 440 and transmits the result to the mobile terminal 200 Or transmits the verification result according to the NDEF update of the simple login to the mobile terminal 200 through the third verification unit 440 or transmits the encrypted mobile terminal information automatically logged in and received through the third verification unit 440, The result of the MAC information verified based on the Derived Key generated by the generation unit 420 for the MAC transmission information is transmitted to the mobile terminal 200 or the registered information of the mobile terminal 200 through the registration unit 450 And transmits the OTP activation command to the mobile terminal 200 or receives the UID login, MAC, and OTP generation information transmitted from the mobile terminal 200 received through the third receiver 430, ) To decrypt the login data to generate R and a third transmission unit (460) for transmitting the OTP verification result and the OTP verification result to the mobile terminal (200).
3. The method of claim 2,
The data storage unit
A basic data portion 131 composed of a issuer information field, a member company information field, a product code field, and a padding field according to issuance of the smart card 100,
A HASH data portion 133 consisting of a card number, an input 2 parameter, an expiration period and padding information, and an input 3 parameter, which are CVC and padding information, as result values for HASH for the three input parameters,
(Uniform Resource Locator) connection information to the financial server 400 that provides APP automatic execution and card benefit information to the mobile terminal 200 through the driver 140. The internal basic information includes an APP Data portion 135, and
A UID field corresponding to a UID value issued by the Login Applet 125 as a unique card number of the smart card 100; a UID field corresponding to a UID field issued by the meta applet 121 in order to enhance the security of the smart card 100; a Random field consisting of Random information of a card necessary for MAC generation, and a UID, Counter, Random information and a key value set in a login applet 125 according to card issuance Further comprising an applet response data part (137) including a MAC field composed of MAC values generated using the information,
The UID field is a fixed value returned to the UID value issued by the login applet 125. The Random & MAC field is a return value generated by the Meta applet 121, And generating a one-time session key by combining the mobile terminal information and the mobile terminal information.

Images