KR20160093198A - Method for Processing Mobile Authentication by using Contactless Media - Google Patents

Abstract

The present invention relates to a wireless authentication method using a non-contact medium. The method comprises: a first step of receiving and storing authentication request information from a wireless terminal of a user; a second step of checking that a program installed in the wireless terminal is driven or activated; a third step of providing authentication information (s) and an authentication code (s) to the program; a fourth step of receiving an authentication code (t), dynamically generated by the program, and authentication information (t) for an authentication approval request; a fifth step of requesting authentication unit information, which corresponds to an encoding block, to a designated decoding server; a sixth step of receiving the authentication unit information from the decoding server; a seventh step of transmitting the authentication unit information and the authentication information (t) to a designated authentication server to request an authentication approval; and an eighth step of receiving an authentication approval result from the authentication server and transmitting the authentication approval result to the program.

Description

TECHNICAL FIELD [0001] The present invention relates to a wireless authentication method using a contactless medium,

The present invention stores a designated cipher block among N (N> 1) storage areas on a non-contact medium based on a Near Field Communication (NFC) interfaced with the wireless terminal through a security server designated at the time of authentication request through a user's wireless terminal Accesses a designated storage area (n, 0? N < N), transfers a cipher block read from the noncontact medium to a specified decryption server, and uses the authentication means generated through the decryption server to authenticate .

Recently, a variety of methods have been attempted to utilize the NFC (Near Field Communication) function of a smart phone for various authentication as the smartphone is activated.

However, in the conventional NFC-based authentication using a smartphone which is in service, a method of transmitting the OTP (One Time Password) dynamically generated through the NFC card to the smart phone and transmitting the OTP to the server is used mainly -2014-0089019).

However, the conventional NFC-based authentication using a smart phone has not yet been actively activated because it can be implemented only after issuing a separate NFC card for dynamically generating an OTP or selling it to a user.

On the other hand, most users have contactless financial IC cards such as transportation cards or non-contact / combination credit cards. If the non-contact financial IC card issued to the users is tagged on the smartphone, the authentication service can be provided without issuing a separate card.

However, it is possible to easily tag the smartphone itself as a contactless financial IC card (for example, as a transportation card) to a payment terminal (e.g., bus terminal, subway terminal, etc.) It is possible to read the card, but reading the non-contact type financial IC card issued in the past has a very difficult problem in reality.

The reason for this is that in order to read a traffic card or a contactless financial IC card from a smart phone, a secure application module (SAM) in the form of a security chip must be mounted on the smartphone, and a payment terminal such as a conventional bus terminal or a subway terminal, It is possible to mount a SAM in the form of a security chip, but it is practically impossible to mount a security chip type SAM in a smartphone designed and manufactured as an individual portable communication terminal.

On the other hand, even if a smartphone does not have a SAM, a SAM processing server that performs the same function as a SAM built in a conventional terminal is implemented on the network. Thus, even if a smart phone does not include a security chip SAM, A network SAM technique has been proposed (Patent Registration No. 10-1300817).

However, the conventional network SAM technology merely implements a SAM for a built-in terminal in the form of a conventional security chip in a server on the network, and reads the encrypted card information of the contactless financial IC card through the decryption key provided by the SAM processing server, The card information read from the contactless financial IC card is directly exposed through a very simple smartphone hack when the card information read from the smart phone is decoded at any time.

An object of the present invention to overcome the above problems is to provide a wireless communication system and a wireless communication method capable of solving the above problems by providing an N (N > 1 ) Accesses a designated storage area (n, 0? N < N) for storing a designated cipher block among the cipher blocks stored in the cipher block and transfers the cipher block read from the noncontact medium to a designated decryption server, And a wireless authentication method using a noncontact medium that processes the authentication corresponding to the authentication request using the means.

A wireless authentication method using a noncontact medium according to the present invention is a method executed by an operation server communicating with a wireless terminal of a user having an NFC module, A second step of confirming activation or activation of a program included in the user's wireless terminal for authentication using the NFC; (s) and a dynamically generated authentication code (s) for server authentication through a program of the wireless terminal to a program of the wireless terminal; Based on an authentication result and a result of a medium access procedure performed between a program of the wireless terminal and a designated security server, A password block read from a designated storage area of a noncontact medium supporting NFC through the module and a cipher block read from the program of the wireless terminal and an authentication code dynamically generated through the program of the wireless terminal for authentication of the wireless terminal that drives or activates the program (t) of the authentication information (t) through the validity authentication of the received authentication code (t) and the authentication information (t) for the authentication approval request A fifth step of requesting the specified decryption server in association with the authentication means information corresponding to the cipher block, a sixth step of receiving the authentication means information generated through the cipher block from the decryption server, A step of transmitting authentication information t to a specified authentication server to request authentication approval; and a step of receiving authentication approval result from the authentication server, And a eighth step of delivering into RAM.

According to the present invention, the second step may further include the step of performing a procedure for notifying pushing for program activation or activation to the user's wireless terminal.

According to the present invention, the authentication code (s) may include an authenticable code value through a code verification procedure included in the program of the wireless terminal.

According to the present invention, the wireless authentication method using the noncontact medium is a wireless authentication method that intervenes in a data exchange process between a program of the wireless terminal and a designated security server, and transmits a unique serial number read from the noncontact medium through the NFC module of the wireless terminal (M &lt; = m < N) among the N (N> 1) storage areas provided in the noncontact medium from the security server m), and transmitting the first authentication key to the program of the wireless terminal; checking the authentication code (m) read from the noncontact medium through the NFC module of the wireless terminal; And a second authentication key for reading a cipher block recorded in the designated storage area (n, 0? N <N, n? M) from the security server, And delivering it to the program.

According to the present invention, the wireless authentication method using the noncontact medium includes a step of intervening in a data exchange process between a program of the wireless terminal and a designated security server, receiving an authentication value generated through the security server, The fourth step further includes receiving the authentication value from the program of the wireless terminal, and the fifth step is a step of providing the authentication value to the decryption server and requesting authentication Wherein the authentication value is authenticated via the decryption server, and the authentication means information can be generated using the cipher block as a result of authentication of the authentication value.

According to the present invention, the program of the wireless terminal includes the steps of: receiving authentication information (s) and authentication code (s) from the operation server; authenticating the validity of the received authentication code (s) The method comprising the steps of:

According to the present invention, the medium access procedure further comprises the steps of: the program of the wireless terminal reading a unique serial number from a noncontact medium supporting NFC through an NFC module of the wireless terminal; (M) recorded in a designated storage area (m, 0? M <N) out of N (N> 1) storage areas provided in the noncontact medium, The program of the wireless terminal transfers the first authentication key to the noncontact medium via the NFC module and transmits the first authentication key to the noncontact medium via the authentication code m), and a step of processing the program of the wireless terminal to transmit the read authentication code (m) to the security server, wherein a designated storage area (n, 0? n <N, n? m ) The program of the wireless terminal transfers the second authentication key to the noncontact medium via the NFC module to transmit the second authentication key to the designated storage area (n) of the noncontact medium And reading the recorded cipher block.

According to the present invention, the cipher block can be transmitted to a decryption server having a decryption module for the cipher block.

According to the present invention, the medium access procedure further comprises the step of the program of the wireless terminal receiving the authentication value generated through the security server based on the verification result of the authentication code (m) through the security server, Further comprising the step of processing the authentication code to be transmitted to the decryption server when the program of the wireless terminal transmits the read encrypted block to the designated decryption server so that the authentication value is validated through the decryption server Can be authenticated.

According to the present invention, the authentication information (t) may include at least one of personal information input from the user through the wireless terminal, and secret information of the user corresponding to the authentication means information corresponding to the cipher block.

Meanwhile, a wireless authentication method using a noncontact medium according to the present invention is a method executed through a program provided in a wireless terminal of a user having an NFC module, the method comprising: receiving, from a noncontact medium supporting NFC through the NFC module, (M &lt; m < N) among the N (N &gt; 1) storage areas included in the noncontact medium, A second step of receiving a first authentication key for reading the authentication code (m) recorded on the noncontact medium; a second step of receiving a first authentication key for reading the authentication code (m) recorded on the noncontact medium m) of the noncontact medium; and a third step of reading the authentication code (m) recorded in the noncontact medium (mn) , n &lt;&gt; m) (C) transmitting the second authentication key to the noncontact medium via the NFC module and transmitting the decrypted block recorded in the designated storage area (n) of the noncontact medium to the non- And a sixth step of processing the read cipher block to be transmitted to the designated decryption server.

According to the present invention, the sixth step may transmit the cipher block to an operation server interlocked with the decryption server.

According to the present invention, the wireless authentication method using the noncontact medium includes receiving authentication information (s) for authentication processing from the operation server and authentication code (s) dynamically generated for server authentication through the program of the wireless terminal Further comprising the step of authenticating the validity of the received authentication code (s) through a designated code verification procedure, wherein the first step is to authenticate the NFC through the NFC module upon validation of the authentication code (s) You can read your unique serial number from the supported contactless media.

According to the present invention, the sixth step may further include generating authentication information (t) to be used in the authentication procedure using the cipher block and transmitting the generated authentication information to the operation server.

According to the present invention, the wireless authentication method using the noncontact medium further includes dynamically generating an authentication code (t) for authentication of the wireless terminal that drives or activates the program, And transmitting the authentication code t to the operation server.

According to the present invention, the wireless authentication method using the noncontact medium may further include receiving an authentication value generated through the security server based on the verification result of the authentication code (m) through the security server upon receiving the second authentication key Further comprising the step of processing the authentication value to be transmitted to the decryption server, wherein the authentication value can be authenticated through the designated decryption server.

According to the present invention, the wireless authentication method using the noncontact medium may further include receiving and outputting an authentication approval result of the authentication approval procedure performed using the authentication means information generated through the encryption block.

According to the present invention, an advantage of authenticating a noncontact medium including a noncontact type financial IC card such as a transportation card or a noncontact / combination type credit card, etc., from a wireless terminal of a user who installed the NFC module upon authentication request through a user's wireless terminal .

According to the present invention, there is an advantage that a noncontact medium including a noncontact financial IC card is brought close to a user's wireless terminal, and a cipher block read from the noncontact medium at the time of authentication is not decrypted in the wireless terminal.

According to the present invention, in a process of reading a cipher block from a noncontact medium and performing an authentication process by bringing a noncontact media including a contactless financial IC card into proximity to a user's wireless terminal, the wireless terminal of the user participating in the authentication, And a decryption server mutually authenticate the operation and validity of the other party, thereby processing the authentication securely.

1 is a diagram showing a configuration of a two-channel authentication system using a noncontact medium according to an embodiment of the present invention.
2 is a functional block diagram of a wireless terminal and a program according to an embodiment of the present invention.
3 is a diagram illustrating a server authentication and NFC activation process using a wireless terminal according to an embodiment of the present invention.
4 is a diagram illustrating a process of exchanging primary information between a wireless terminal and a security server for accessing a contactless medium according to an embodiment of the present invention.
5 is a diagram illustrating a process of exchanging secondary information between a wireless terminal and a security server for accessing a contactless medium according to an embodiment of the present invention.
6 is a diagram illustrating a process of exchanging secondary information between a wireless terminal and a security server for accessing a contactless medium according to another embodiment of the present invention.
7 is a diagram illustrating a process of reading a cipher block from a non-contact medium according to an embodiment of the present invention.
8 is a diagram illustrating a process of performing an authentication procedure using a cipher block read from a non-contact medium according to an embodiment of the present invention.
9 is a diagram illustrating a process of performing an authentication procedure using a cipher block read from a non-contact medium according to another embodiment of the present invention.
10 is a diagram illustrating a process of performing an authentication procedure using an authentication unit generated through a cipher block according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In other words, the following embodiments correspond to the preferred embodiment of the preferred embodiment of the present invention. In the following embodiments, a specific configuration (or step) is omitted, or a specific configuration (or step) (Or steps), or an embodiment that incorporates functions implemented in more than one configuration (or step) into any one configuration (or step), a particular configuration (or step) It will be apparent that the present invention is not limited to the embodiments described below. In the following embodiments, a specific configuration unit implemented on the server side is implemented on the terminal side and reference is made on the server side, or conversely, in the following embodiments, a specific configuration unit implemented on the terminal side is implemented on the server side, And all of the embodiments utilizing the same are also included in the scope of the present invention. Therefore, it should be clearly stated that various embodiments corresponding to subsets or combinations based on the following embodiments can be subdivided based on the filing date of the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram showing a configuration of a wireless authentication system using a noncontact medium 100 according to an embodiment of the present invention.

1 is a block diagram illustrating an embodiment of an N (Near Field Communication) based noncontact medium 100 interfaced with the wireless terminal 200 through a security server 150 designated at the time of a payment request by a user's wireless terminal 200 (N &gt; n &lt; N) among the storage areas (N &gt; 1) of the storage areas, 1 is a block diagram illustrating a configuration of a system for processing authentication corresponding to the authentication request through means of the present invention. (For example, some of the components may be omitted, or a subdivided or combined implementation) may be inferred from the various embodiments of the present invention, It becomes to include the place, to which the technical feature that is not limited to the exemplary method shown in the figure 1.

The present invention relates to an NFC-based non-contact medium (100) having N storage areas and storing cipher blocks in a designated storage area (n) among the N storage areas, and a noncontact medium Contacted medium 200 interfaced with the user's wireless terminal 200 when confirming the authentication request using the user's wireless terminal 200. The non-contact media 200 is connected to the wireless terminal 200, (N) of the storage area of the noncontact medium 100 after performing a procedure of accessing the storage area n in which the cipher block is stored among the storage areas of the noncontact medium 100 A security server 150 for providing an authentication key for accessing a storage area n of a contactless medium 100 interfaced with the wireless terminal 200; (N) And the decryption server 160 to generate the authentication method information corresponding to the emitter leading the cipher block, comprises the authentication server 170 to perform an authentication approval process by the authentication information generating means through the encryption block. The operation server 110, the security server 150, the decryption server 160, and the authentication server 170 are interworked with each other through a communication network (e.g., a dedicated line) Server.

The noncontact medium 100 is a general term of a medium for interfacing with the wireless terminal 200 through NFC. The noncontact medium 100 preferably includes a transportation card (for example, T money card) supporting NFC, a noncontact IC card supporting NFC Type transportation card, a credit card supporting NFC, various ID cards supporting NFC, etc.).

According to the embodiment of the present invention, the noncontact medium 100 is loaded with a chip having N storage areas, and decrypted through a decryption server 160 specified in one of the N storage areas (n) Keep a record of possible cipher blocks.

The wireless terminal 200 is a collective term of a wireless communication apparatus having an NFC module 205 for processing NFC and is preferably a wireless terminal 200 connected to a wireless communication network (e.g., a mobile communication network, a portable Internet, ) (For example, a mobile phone, a smart phone, a tablet PC, etc.). However, the wireless terminal 200 is not limited to the wireless terminal 200, and may be any terminal having an NFC module 205 connected to at least one packet-based wireless communication network, Terminal) of a mobile terminal. Hereinafter, the features of the present invention will be described with reference to an embodiment in which the wireless terminal 200 is a wireless terminal 200 such as a smart phone. The wireless terminal 200 communicates with the operation server 110 through at least one of the security server 150 and the decryption server 160 in cooperation with the noncontact medium 100 through the NFC module 205 And a program 210 for directly communicating with each other) is mounted. A preferred embodiment of the program 210 will be described with reference to FIG.

According to an embodiment of the present invention, the wireless terminal 200 can request authentication using the noncontact medium 100 according to the present invention to a designated web server through a wireless communication network. Alternatively, the wireless terminal 200 can request an authentication using the noncontact medium 100 according to the present invention by driving an application of a designated server. The authentication request using the wireless terminal 200 may be directly transmitted to the operation server 110 or may be transmitted to the operation server 110 through a separate relaying institution such as a PG.

The security server 150 operates a security module 155 for managing various authentication keys for reading a cipher block recorded in the storage area n of the contactless medium 100 interfaced with the wireless terminal 200 As a general term of the server, preferably, the security module 155 may include a configuration of a secure application module (SAM) implemented in a server on a network.

According to an embodiment of the first security module 155 of the present invention, the program 210 of the wireless terminal 200 may be transmitted via the operation server 110 or via at least one relay server (not shown) And may communicate with the security server 150.

According to the embodiment of the second security module 155 of the present invention, the program 210 of the wireless terminal 200 sets communication information for communicating with the security server 150, And may communicate with the security server 150.

The decryption server 160 collectively refers to a server that operates a decryption module 165 that decrypts a cipher block recorded in the storage area n of the noncontact medium 100 interfaced with the wireless terminal 200, The decryption module 165 may include a configuration of a SAM implemented in a server on a network.

The program 210 of the wireless terminal 200 may be transmitted via the operating server 110 or via at least one relay server And can communicate with the decryption server 160.

According to the embodiment of the second decoding module 165 of the present invention, the program 210 of the wireless terminal 200 sets communication information for communicating with the decryption server 160, And can communicate with the decryption server 160.

According to an embodiment of the present invention, the security server 150 and the decryption server 160 may be integrated into one server or separately implemented by the respective servers. For the sake of convenience, An embodiment in which the security server 150 and the decryption server 160 are implemented as individual servers will be described.

The authentication server 170 is a generic name of a server that performs an authentication approval procedure using the authentication means information generated through the cipher block recorded in the storage area n of the contactless medium 100 interfaced with the wireless terminal 200 And may preferably include a financial company server including at least one card issuer server, a bank server, etc. In this case, the authentication approval procedure may be performed through the financial company server. Meanwhile, the authentication server 170 may include a payment relay server (e.g., a payment agency, a VAN, etc.) linked with at least one financial company server according to an embodiment of the present invention. In this case, Server can be performed in cooperation with each other.

The operation server 110 collectively refers to a server that communicates with the program 210 of the wireless terminal 200 and performs at least one designated procedure for the authentication process. ), The security server 150, the decryption server 160, and the authentication server 170. [

According to the method of the present invention, the communication between the program 210 of the wireless terminal 200 and the operation server 110 is encrypted and processed according to a predetermined encryption / decryption method, and in the embodiment of the present invention The communication between the program 210 of the wireless terminal 200 and the operation server 110 (and / or communication between the security server 150 and / or the decryption server 160) Decrypted according to the decryption method.

1, the operation server 110 includes an authentication request receiver 112 for receiving authentication request information from the user's wireless terminal 200, an authentication request storage unit 112 for storing the received authentication request information, And an authentication request response unit 114 for processing a response to the authentication request to the wireless terminal 200. [

The authentication request receiving unit 112 accesses a server designated by a web system or an app system through a user's wireless terminal 200 and selects authentication according to the present invention and requests authentication, (E.g., a direct path for communicating, or a relay path via a designated relaying institution).

According to the first authentication requesting method of the present invention, the authentication request information is transmitted from the wireless terminal 200 of the user, and the authentication request receiving unit 112 receives the authentication request information transmitted from the user's wireless terminal 200 Lt; / RTI &gt;

According to the second authentication request method of the present invention, the authentication request information is requested to be transmitted to the web server through the wireless terminal 200 of the user, and the authentication request receiving unit 112 receives the authentication request Information can be received.

According to the third authentication requesting method of the present invention, the authentication request information is requested to be transmitted to the relaying institution through the wireless terminal 200 of the user, and the authentication request receiving unit 112 receives the authentication And can receive the request information.

According to the fourth authentication requesting method of the present invention, the authentication request information is transmitted in a partially combined manner of the first to third authentication requesting methods, and the authentication request receiving unit 112 receives the first to second authentication request The authentication request information can be received in a manner combining the authentication request information and the authentication information. For example, some of the authentication request information may be transmitted from the wireless terminal 200, or some of the authentication request information may be transmitted from a relay agency.

According to the embodiment of the present invention, the authentication request information includes at least one of merchant information (e.g., information identifying an institution / company / server requesting authentication such as a merchant ID and a merchant's name), a transaction number ), An authentication result transmission URL, and an authentication cancellation response URL.

The authentication request storage unit 116 stores the authentication request information received through the authentication request receiving unit 112 in a designated storage medium and holds the authentication request information until the authentication approval result for the authentication request is confirmed or the authentication cancellation is requested .

The authentication request responding unit 114 generates at least one authentication response information for the authentication request information received through the authentication request receiving unit 112 and provides the generated authentication response information to the wireless terminal 200 do. Preferably, the authentication request responding unit 114 provides the authentication result to the wireless terminal 200 or provides various error information to the wireless terminal 200 during the authentication procedure .

1, the operation server 110 includes a communication activation unit 118 for activating communication between the program 210 of the wireless terminal 200 and the operation server 110 via a designated wireless communication network, An activation / activation confirmation unit 120 for confirming activation or activation of a program 210 provided in the wireless terminal 200, authentication information (s) for generating authentication information (s) for authentication processing of the authentication request information (s) generating unit 124 for dynamically generating an authentication code (s) for server authentication through the program 210 of the wireless terminal 200, And an information providing unit 126 for providing the authentication information (s) and the authentication code (s) to the program 210 of the activated wireless terminal 200. Meanwhile, the authentication code (s) generation unit 124 may be implemented as a separate server linked with the operation server 110, and thus the present invention is not limited thereto.

The communication activation unit 118 may be configured to activate (e.g., execute the program 210) or activate (e.g., activate in the background in the background) the program 210 provided in the wireless terminal 200 to the user's wireless terminal 200 The program 210 of the wireless terminal 200 is driven or activated so as to establish a communication connection to the operation server 110 according to a communication macro set in the program 210 Request. Meanwhile, the communication activation unit 118 may be omitted according to the embodiment, and thus the present invention is not limited thereto.

The drive / activity verifying unit 120 checks whether the program 210 installed in the wireless terminal 200 is activated or activated. Preferably, when the program 210 of the wireless terminal 200 is activated or activated and attempts to establish a communication connection with the operation server 110 according to a designated communication macro, the activation / It can be confirmed that the program 210 of the attempting wireless terminal 200 is activated or activated.

At a point in time before transmitting the information designated as the program 210 of the wireless terminal 200 through the information providing unit 126 after the authentication request information is received through the authentication request receiving unit 112, (s) generating unit 122 generates authentication information (s) for authentication processing of the authentication request information. According to an embodiment of the present invention, the authentication information s may include at least one of merchant information and a transaction number.

At a point in time before transmitting the information designated as the program 210 of the wireless terminal 200 through the information providing unit 126 after receiving the authentication request information through the authentication request receiving unit 112, (s) generating unit 124 authenticates the validity of the operation server 110 providing the authentication information through the program 210 of the wireless terminal 200 and additionally authenticates the operation of the wireless terminal 200 (S) for performing validation and / or transaction verification of the program (210) of the terminal (200). The authentication code (s) generation unit 124 may generate a shared value (for example, the MIN of the wireless terminal 200, the exchange / authentication information) exchanged / pre-shared with the program 210 of the wireless terminal 200, (E.g., a shared key value, etc.) and / or a synchronization value (e.g., time, etc.) synchronized with the program 210 of the wireless terminal 200 into a specified code generation algorithm Can be dynamically generated.

The information providing unit 126 generates the authentication code s generated through the authentication information generating unit 122 and the authentication code s dynamically generated by the authentication code generating unit 124, And provides it to the program 210 of the wireless terminal 200 that has been confirmed to be driven or activated through the drive / activity verifier 120. The authentication information (s) and the authentication code (s) may be transmitted together, or sequentially provided in a specified order.

The program 210 of the wireless terminal 200 receives the authentication information (s) and the authentication code (s) from the operation server 110. Meanwhile, after the program 210 of the wireless terminal 200 is activated or activated, or after receiving the authentication information (s) and / or the authentication code (s), it requests a PIN input of the user, And authenticates the validity of the input PIN. To this end, the program 210 of the wireless terminal 200 may register and manage the PIN of the user in a designated storage area in advance.

When the authentication code (s) is received from the operation server 110, the program 210 of the wireless terminal 200 authenticates the validity of the received authentication code (s) using a specified code verification procedure. For example, the program 210 of the wireless terminal 200 may transmit a shared value (for example, a MIN of the wireless terminal 200, an exchange / shared key value (E.g., a hash algorithm) into a specified code generation algorithm (e.g., a hash algorithm) synchronized with the operating server 110 and / or the synchronization value (e.g., time, etc.) synchronized with the operating server 110, (s) and the generated verification code (s) to verify the validity of the authentication code (s).

When the authentication information s is received from the operation server 110, the program 210 of the wireless terminal 200 outputs the received authentication information s, And generates authentication information (t) for an authentication approval request using a cipher block.

According to the embodiment of the present invention, the program 210 of the wireless terminal 200 may transmit the user's personal information (e.g., the first six digits of the resident registration number) and / or the secret information (e.g., And the authentication information t may include personal information and / or secret information input from the user. Meanwhile, the authentication information (t) may include all or at least a part of the authentication information (s) according to the method.

When the validity of the authentication code (s) is authenticated, the program 210 of the wireless terminal 200 performs a procedure for reading a cipher block from the noncontact medium 100 interfaced with the wireless terminal 200. Preferably, the program 210 of the wireless terminal 200 performs a procedure for activating the NFC module 205 of the wireless terminal 200 (but may be omitted if activated), and the wireless terminal 200 Contact medium 100 proximate to the frequency reaching range is displayed on the NFC module 205 of the wireless terminal 200. The NFC module 205 of the wireless terminal 200 displays guidance information for guiding the non- do.

The program 210 of the wireless terminal 200 may perform a medium access procedure for accessing the storage area of the noncontact medium 100 to read the cipher block recorded in the designated storage area of the recognized noncontact medium 100 And the media access procedure may be processed through communication between the security server 150 and the program 210 of the wireless terminal 200 interfaced with the contactless medium 100. [

According to an embodiment of the present invention, the communication between the security server 150 and the program 210 of the wireless terminal 200 for the media access procedure can be processed via the operation server 110, The operation server 110 accesses a storage area of the noncontact medium 100 interfaced with the NFC module 205 of the wireless terminal 200 and transmits the read data to the wireless terminal 200 for reading the cipher block from the non- And a medium access procedure relay unit 128 for relaying a medium access procedure between the program 210 of the content server 200 and the secure server 150.

The program 210 of the wireless terminal 200 transmits a unique serial number (for example, a card serial number (CSN) of the noncontact medium 100) from the noncontact medium 100 through the NFC module 205 of the wireless terminal 200, Chip serial number), and the like, and processes the unique serial number read from the noncontact medium 100 through the designated path to be transmitted to the designated security server 150. Preferably, the program 210 of the wireless terminal 200 transmits the read unique serial number to the operation server 110, and the media access procedure relay unit 128 of the operation server 110 transmits the unique And may transmit the serial number to the security server 150. Meanwhile, according to the embodiment, the program 210 of the wireless terminal 200 can transmit the unique serial number to the security server 150 through the designated path.

The security server 150 receives a designated storage area m (0? M <N) among N (N> 1) storage areas included in the noncontact medium 100 corresponding to the unique serial number from the security module 155, And transmits the extracted first authentication key to the program 210 of the wireless terminal 200 via the designated path. Preferably, the security server 150 transmits the first authentication key to the operation server 110, and the media access procedure relay unit 128 of the operation server 110 transmits the first authentication key to the wireless To the program 210 of the terminal 200. Meanwhile, the security server 150 may transmit the first authentication key to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

The program 210 of the wireless terminal 200 receiving the first authentication key transmits the first authentication key to the noncontact medium 100 through the NFC module 205 of the wireless terminal 200, (M) recorded in the designated storage area (m) of the medium (100). The noncontact medium 100 authenticates the first authentication key according to a designated authentication procedure and responds to the authentication code m recorded in the storage area m when the authentication is successful. The program 210 reads the authentication code m recorded in the storage area m of the noncontact medium 100. Meanwhile, the non-contact media 100 can respond to the issuer information (Issuer) according to the embodiment, and the program 210 of the wireless terminal 200 can read the issuer information of the non-contact media 100. In this case, the authentication code (m) and the issuer information are preferably read together.

According to the method of the present invention, the authentication code (m) is transmitted to the SAM for reading the cipher block recorded in the storage area (n) of the noncontact medium (100) (Or a chip type of the noncontact medium 100), or may be replaced with another value.

The program 210 of the wireless terminal 200 processes the authentication code m read from the noncontact medium 100 through the designated path to be transmitted to the security server 150. Preferably, the program 210 of the wireless terminal 200 transmits the read authentication code m to the operation server 110, and the media access procedure relay unit 128 of the operation server 110 And may transmit the authentication code m to the security server 150. Meanwhile, the program 210 of the wireless terminal 200 may transmit the authentication code (m) to the security server 150 through a designated path according to an embodiment of the present invention.

The security server 150 authenticates the validity of the authentication code m through the security module 155 and authenticates the validity of the non-contact medium 100 from the security module 155 during validity authentication of the authentication code m. The second authentication key for reading the cipher block recorded in the designated storage area (n, 0? N <N, n? M) is extracted from the program of the wireless terminal 200 210). Preferably, the security server 150 transmits the second authentication key to the operation server 110, and the media access procedure relay unit 128 of the operation server 110 transmits the second authentication key to the wireless To the program 210 of the terminal 200. Meanwhile, the security server 150 may transmit the second authentication key to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

According to an embodiment of the present invention, the security server 150 includes a security server 150 that performs a medium access procedure for reading a cipher block from the noncontact medium 100, Generates an authentication value for verifying validity between the decryption server 160 that decrypts the cipher block read from the medium 100 and transmits the authentication value to the program 210 of the wireless terminal 200 through the designated path .

According to an embodiment of the present invention, the security server 150 may synchronize with the decryption server 160 and / or the shared value (e.g., secret key) exchanged / shared in advance / (E.g., time, random number, etc.) to a designated code generation algorithm (e.g., a hash algorithm) to generate an authentication value. In this case, the security server 150 and the decryption server 160 The validity of the authentication value can be authenticated through a code verification procedure performed by the decryption server 160 even if the authentication value is not shared. Meanwhile, the security server 150 may generate an authentication value through a random number algorithm. In this case, the security server 150 may share the authentication value with the decryption server 160 and process the authentication value.

According to the embodiment of the present invention, the authentication value is included in the one transaction block with the second authentication key and is transmitted to the program 210 of the wireless terminal 200, Sequential) to the program 210 of the wireless terminal 200. When the second authentication key and the authentication value are transmitted to the program 210 of the wireless terminal 200 through one transaction block, the security server 150 transmits the second authentication key and the authentication value to the operation server And the media access procedure relay unit 128 of the operation server 110 may transmit the second authentication key and the authentication value to the program 210 of the wireless terminal 200. [ Meanwhile, the security server 150 may transmit the second authentication key and the authentication value to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

The program 210 of the wireless terminal 200 receiving the second authentication key transmits the second authentication key to the noncontact medium 100 through the NFC module 205 of the wireless terminal 200, And requests the cipher block recorded in the designated storage area (n) of the medium (100). The noncontact medium 100 authenticates the second authentication key according to a specified authentication procedure and responds to the cipher block recorded in the storage area n when the authentication is successful. The program 210 of the wireless terminal 200 ) Reads the cipher block recorded in the storage area (n) of the noncontact medium (100).

When the cipher block is read from the noncontact medium 100, the program 210 of the wireless terminal 200 processes the cipher block read from the noncontact medium 100 through the designated path to be transmitted to the decryption server 160 And transmits the authentication code generated through the program 210 of the wireless terminal 200 to the wireless terminal 200 in order to authenticate the validity of the wireless terminal 200 that has activated or activated the program 210 through the operation server 110 t and the authentication information t for the authentication approval request to the operation server 110. The read cipher block and the generated authentication code t and authentication information t may be included in one transaction block and transmitted to the operation server 110 or may be transmitted in a predetermined order or route .

Meanwhile, when the authentication value generated through the security server 150 is received by the program 210 of the wireless terminal 200, the program 210 of the wireless terminal 200 transmits the authentication value And transmitted to the decryption server 160. The cipher block and the authentication value may be transmitted through one transaction block, or may be transmitted (or sequentially) through a specified sequence or path.

Referring to FIG. 1, the operation server 110 extracts, from a designated storage area (n) of a noncontact medium 100 supporting NFC through a NFC module 205 of the wireless terminal 200, (T) dynamically generated through the program 210 of the wireless terminal 200 for authentication of the wireless terminal 200 that has activated or activated the program 210, (T) authentication unit 132 for authenticating the validity of the received authentication code t, and an authentication unit 130 for authenticating the received authentication code t, (T) authentication unit 134 for authenticating the integrity of the authentication information t and an authentication unit request unit 136 for requesting the specified decryption server 160 to request the authentication means information corresponding to the cipher block do. Meanwhile, the authentication code (t) authentication unit 132 may be implemented as a separate server linked with the operation server 110, and thus the present invention is not limited thereto.

When the program 210 of the wireless terminal 200 transmits a cipher block that is read from the designated storage area n of the noncontact medium 100, the information receiver 130 reads the program of the wireless terminal 200 210, &lt; / RTI &gt; Meanwhile, when the program 210 of the wireless terminal 200 transmits the encryption value and the authentication value, the information receiver 130 receives the encryption block and the authentication value from the program 210 of the wireless terminal 200 .

The program 210 of the wireless terminal 200 generates and transmits an authentication code t for receiving the validity of the wireless terminal 200 that drives or activates the program 210 through the operation server 110 The information receiving unit 130 receives the authentication code t from the program 210 of the wireless terminal 200. Preferably, the program 210 of the wireless terminal 200 includes a shared value (for example, MIN of the wireless terminal 200, exchange / shared key value, etc.) exchanged / shared with the operation server 110 in advance / (E.g., time) synchronized with the operational server 110 and / or the operating server 110 into a designated code generation algorithm (e.g., a hash algorithm).

When the authentication code t is received from the program 210 of the wireless terminal 200, the authentication code (t) authentication unit 132 uses the designated code verification procedure to verify the validity of the received authentication code t . For example, the authentication code (t) authentication unit 132 may determine whether a shared value (for example, the MIN of the wireless terminal 200) exchanged with the program 210 of the wireless terminal 200 in advance / (E.g., a shared key value, etc.) and / or a synchronization value (e.g., time, etc.) synchronized with the program 210 of the wireless terminal 200 into a designated code generation algorithm ), And verify the validity of the authentication code (t) by comparing the received authentication code (t) with the generated verification code (t).

When the authentication information t is received from the program 210 of the wireless terminal 200, the authentication information t authentication unit 134 notifies the information providing unit 126 of the wireless terminal 200 (S) provided in the authentication information (s) 210, and compares the configuration items of the authentication information (s) and the configuration items of the authentication information (t) For example, the authentication information (t) authentication unit 134 can authenticate whether the transaction number of the authentication information (t) matches the transaction number of the authentication information (s). If the configuration items of the authentication information (t) and the authentication information (s) coincide, the authentication information (t) may be authenticated as unmodified without being up / modulated.

When the validity of the authentication code t is authenticated and / or the integrity of the authentication information t is authenticated, the authentication unit request unit 136 requests the encryption block received through the information receiving unit 130 To the decryption server 160 to request the authentication means information corresponding to the cipher block through the decryption module 165 of the decryption server 160. [ Meanwhile, when the authentication value is received from the program 210 of the wireless terminal 200, the authentication means requesting unit 136 transmits the authentication value to the decryption server 160 to the decryption server 160 To authenticate that the cipher block has been read from the contactless medium 100 as a result of the medium access procedure through the secure server 150. [

According to the embodiment of the present invention, the cipher block is encrypted to be decrypted through a decryption key managed through the decryption module 165 of the decryption server 160, and is recorded in the storage area n of the noncontact medium 100 . The cipher block decrypts the block information recorded in the storage area n at the time when the cipher block is read through the medium access procedure through the decryption key managed through the decryption module 165 of the decryption server 160 So that the present invention is not limited thereto.

According to the method of the present invention, the cipher block includes authentication means information (e.g., credit card information, check card information, debit card information, cash card information, prepaid card information, At least one of the card information, the account information, etc.), or may include the identification information for identifying the authentication means to be used in the authentication process. Alternatively, the cipher block may include predetermined block information in addition to the authentication means information and the identification information.

The decryption server 160 identifies the cipher module that is read from the noncontact medium 100 and generates authentication means information corresponding to the cipher block through the decryption module 165. [

According to the first authentication means generation method of the present invention, when the authentication means information is encrypted in the encryption block, the decryption server 160 can generate the authentication means information by decoding the encryption block.

According to the second authentication means generation method of the present invention, when the identification information for identifying the authentication means is encrypted in the cipher block, the decryption server 160 decrypts the cipher block to check the authentication means information, (For example, a SAM storage area of the decoding module 165, a DB of a financial institution, or a safe storage medium permitted to store authentication means information) for storing authentication means information to be used for processing And the mapped authentication means information can be obtained.

According to the third authentication means generation method of the present invention, the encryption block can perform the function of the identifier mapped to the authentication means information. In this case, the decryption server 160 stores the authentication means information to be used for the authentication processing (For example, a SAM storage area of the decryption module 165, a DB of a financial institution, or a secure storage medium permitted to store authentication means information, etc.) have.

According to the fourth authentication means generation method of the present invention, the decryption server 160 decrypts the cipher block and confirms block information (or authentication information, identification information, etc., hereinafter referred to as block information for convenience) The authentication information of the specified information system corresponding to the authentication means can be generated using the block information. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the block information into the designated information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting the partial information of the block information into the designated information system.

According to the fifth authentication means generation method of the present invention, the decryption server 160 can generate the authentication means information of the specified information system corresponding to the authentication means using the cipher block. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the cipher block into the specified information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting some information of the cipher block into the specified information system.

Meanwhile, the decryption server 160 generates the authentication means information by combining two or more of the first to fifth authentication method generation methods, or modifies a part of the first to fifth authentication method generation methods, It is clear that the present invention is not limited thereto. That is, the present invention includes the number of all cases in which the authentication means information to be used for authentication using the cipher block is included in the right range.

The decryption server 160 transmits the authentication means information generated using the cipher block to the operation server 110 based on at least one of the first to fifth authentication method generation methods or a modification method thereof.

Meanwhile, when an authentication value is received from the operation server 110, the decryption server 160 authenticates the validity of the authentication value. Preferably, the decryption server 160 can authenticate the validity of the received authentication code (s) using a specified code verification procedure. For example, the decryption server 160 may transmit a shared value that is pre / real-time exchanged / shared with the security server 150 and / or a synchronization value synchronized with the security server 150, Hash algorithm) to generate a verification value, and compare the verification value with the verification value to verify the validity of the verification code (s). Alternatively, when the authentication value is a random number generated through the security server 150, the decryption server 160 receives the random number from the security server 150, calculates the validity of the authentication value using the shared random number Can be authenticated. Preferably, the decryption server 160 may generate the authentication means information through the cipher block when the validity of the authentication value is authenticated.

1, the operation server 110 includes an authentication unit receiving unit 138 for receiving authentication unit information generated through the encryption block from the decryption server 160, t) to the designated authentication server 170 to request authentication approval, an approval result reception unit 142 for receiving the authentication approval result from the authentication server 170, And an approval result transferring unit 144 for transferring the approval result to the program 210 of the wireless terminal 200.

When the decryption server 160 transmits the authentication means information generated through the encryption block through the decryption module 165, the authentication means receiving unit 138 receives the authentication information from the decryption server 160 through the encryption block And receives the authentication means information.

The authentication approval processing unit 140 receives the authentication means information received from the decryption server 160 and the authentication information t (or authentication information (s)) received from the program 210 of the wireless terminal 200 (T) through the authentication means information, and the authentication server (170) transmits the authentication information (t) to the specified authentication server (170) Perform the certification approval process. For example, when the authentication means information includes card information, and the authentication means is a financial company server, the financial institution server stores card information corresponding to the authentication means information, personal information included in the authentication information t and / Or may use the secret information to perform the authentication approval procedure to determine whether the card corresponding to the card information is effectively issued and operating. If the operation server 110 and the authentication server 170 are implemented as a server of the same company (for example, a financial company) according to another embodiment of the present invention, the authentication approval procedure unit 140 And can perform an authentication approval procedure for the authentication information (t).

The authentication server 170 generates an authentication approval result including the result of performing the authentication approval procedure and transmits the authentication approval result to the operation server 110. The authentication server 170 transmits the approval result reception unit 142 to the authentication server 170, And transmits the approval result to the program 210 of the wireless terminal 200. The approval result transmitting unit 144 transmits the approval result to the program 210 of the wireless terminal 200. [

2 is a functional block diagram of a wireless terminal 200 and a program 210 according to an embodiment of the present invention.

More specifically, FIG. 2 authenticates the access right to the designated storage area (n) of the contactless medium 100 interfaced with the NFC module 205 of the wireless terminal 200 through the specified security server 150 A program 210 for performing an authentication procedure to process a cipher block leading from a storage area n of the noncontact media 100 to be transmitted to a designated decryption server 160 and a configuration of a wireless terminal 200, Those skilled in the art will be able to refer to and / or modify the FIG. 2 to derive various implementations of the functionality of the wireless terminal 200 , The present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG. Preferably, the wireless terminal 200 of FIG. 2 may include at least one of various smart phones, various tablet PCs, various PDAs, and various mobile phones capable of wireless communication.

Referring to FIG. 2, the wireless terminal 200 includes a control unit 201, a memory unit 209, a screen output unit 202, a user input unit 203, a sound processing unit 204, an NFC module 205, A short range wireless communication unit 206, a wireless network communication unit 207, a USIM reader unit 208, and a USIM, and has a battery for power supply.

The control unit 201 is a general term for controlling the operation of the wireless terminal 200. The control unit 201 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 201 loads at least one program code included in the wireless terminal 200 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the wireless terminal 200. Hereinafter, the configuration of the program 210 of the present invention, which is implemented in the form of program code for convenience, will be described in the control unit 201. FIG.

The memory unit 209 is a general term of a nonvolatile memory corresponding to a storage resource of the wireless terminal 200 and includes at least one program code executed through the control unit 201 and at least one Save and maintain the dataset. The memory unit 209 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 200, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 200, The program code and data set corresponding to the program 210 of the present invention are also stored in the memory unit 209. [

The screen output unit 202 includes a screen output unit such as a liquid crystal display (LCD) and a driving module for driving the screen output unit 202. The screen output unit 202 is interlocked with the control unit 201, And outputs an operation result corresponding to the output to the screen output device.

The user input unit 203 includes at least one user input device (e.g., a button, a keypad, a touch pad, a touch screen or the like coupled to the screen output unit 202), and a drive module for driving the touch screen. And inputs a command for instructing various operations of the control unit 201 or data necessary for the operation of the control unit 201. [

The sound processing unit 204 includes a speaker, a microphone, and a driving module for driving the speaker. The sound processing unit 204 decodes sound data corresponding to a sound output from various calculation results of the control unit 201 and outputs the sound data through the speaker Or a sound signal input through the microphone, and transmits the encoded sound signal to the control unit 201.

The NFC module 205 may be a communication resource for processing one or more proximity wireless communications, such as two-way proximity wireless communication, full-duplex proximity wireless communication, and half-duplex proximity wireless communication, using a radio frequency signal as a communication medium at a close distance (e.g., , And is capable of processing proximity wireless communication according to the NFC (Near Field Communication) standard of the 13.56-MHz frequency band. Alternatively, the NFC module 205 may process the proximity wireless communication of the ISO 18000 series standard, in which case it may process the proximity wireless communication for the frequency band other than the 13.56 Mz frequency band. For example, the NFC module 205 may operate in a reader mode, a tag mode, or a bidirectional communication mode. Meanwhile, the NFC module 205 may be included in a communication resource for connecting the wireless terminal 200 to a communication network according to an object to be communicated in close proximity.

The wireless network communication unit 207 and the short-range wireless communication unit 206 are collectively referred to as communication resources for connecting the wireless terminal 200 to a designated communication network. The wireless terminal 200 may include a wireless network communication unit 207 as a basic communication resource, and may include one or more short-range wireless communication units 206.

The wireless network communication unit 207 collectively refers to a communication resource for connecting the wireless terminal 200 to a wireless communication network via a base station. The wireless communication unit 207 includes an antenna, an RF module, a baseband module, And at least one processing module connected to the control unit 201. The control unit 201 transmits the calculation result corresponding to the wireless communication among the various calculation results of the control unit 201 through the wireless communication network or receives data through the wireless communication network To the control unit 201, and performs the connection, registration, communication, and handoff procedures of the wireless communication. According to the present invention, the wireless network communication unit 207 can connect the wireless terminal 200 to a call network including a call channel and a data channel via the exchange, and in some cases, Based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 207 is a mobile communication unit that performs at least one connection, a location registration, a call processing, a call connection, a data communication, and a handoff to a mobile communication network according to the CDMA / WCDMA / &Lt; / RTI &gt; Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 207 may further include a portable Internet communication configuration for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 207. [ That is, the wireless network communication unit 207 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless section, a type of a communication network, or a protocol.

The short-range wireless communication unit 206 is a generic name of communication resources connecting a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connecting the wireless terminal 200 to the communication network based on the communication session , The wireless terminal 200 may be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to an embodiment of the present invention, the short-range wireless communication unit 206 may be integrated with or separated from the wireless network communication unit 207. According to the present invention, the short-distance wireless communication unit 206 connects the wireless terminal 200 to a data network providing packet-based short-range wireless data communication through a wireless AP.

The USIM reader unit 208 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module mounted or detached from the mobile station 200 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is an SIM type card having an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 208, (Or processing) the program code for the IC chip or extracting (or processing) the data set in accordance with at least one command transmitted from the wireless terminal 200 in connection with the input / output interface To the input / output interface.

The program 210 of the present invention is downloaded from a program providing server (for example, an Apple App Store or the like) through a data network to which the communication resource is connectable, and is stored in the memory unit 209. The downloaded program 210 operates in conjunction with the operation server 110, and may be manually operated by a user, or may be activated (or activated) automatically after user confirmation or automatically by receiving a message. Meanwhile, a separate program 210 may be in operation for activating the program 210 after user confirmation or automatically, and thus the present invention is not limited thereto.

Referring to FIG. 2, a program 210 of the wireless terminal 200 includes a user who uses the wireless terminal 200 that is operating the program 210 through a data network to which the communication resource is connectable, (210) corresponding to the wireless terminal (200) running the program (210) through at least one communication network connectable through a communication resource, the subscriber / authentication processing unit And a terminal medium authentication unit 220 for performing a procedure for authenticating the terminal.

The program 210 includes communication connection macro information to access the operation server 110 via a data network connectable through the communication resource. The subscription / authentication processing unit 215 includes a screen output unit 202 (E.g., name, resident registration number, etc.) for joining the user as a member via the data network and an interface for inputting the member account through the data network, And transmits the member account to join the user as a member.

Meanwhile, the subscription of the user can be subscribed through a separate user terminal other than the mobile terminal 200. In order to authenticate that the subscribed user is a user using the wireless terminal 200 driving the program 210, the subscription / authentication processing unit 215 outputs an interface for inputting a pre-registered member account , A user using the wireless terminal 200 operating the program 210 can be registered as a member by transmitting the member account input through the interface to the operation server 110 through the data network.

In the case of authenticating the subscribed user, the subscription / authentication processing unit 215 outputs an interface for inputting a pre-registered member account and / or a password, and transmits the member account and / To the operation server 110 through the network, thereby authenticating the user using the wireless terminal 200 driving the program 210. [

The terminal medium authenticator 220 authenticates the validity of the program 210 through the at least one communication network among the data network and the telecommunication network to which the communication resource is connectable, to the operating server 110. According to the embodiment of the present invention, the process of authenticating the program 210 is performed through an arm / decryption communication process previously agreed upon between the program 210 and the operation server 110, A detailed description of the process will be omitted.

According to the first terminal medium authentication method of the present invention, the program 210 is downloaded through the program providing server in a state in which a unique key value that identifies the program is operated by the operating server 110, In this case, the terminal medium authentication unit 220 can authenticate that the program 210 is a program operated by the operation server 110 by transmitting the inherent key value to the operation server 110. [ Meanwhile, the terminal medium authentication unit 220 transmits at least one unique information, which is stored in the wireless terminal 200 or allocated to the communication network in the process of transmitting the unique key value to the operation server 110, The program 210 may be a program operated by the operation server 110 and may simultaneously authenticate that the program 210 is running in the wireless terminal 200. [

According to the second terminal medium authentication method of the present invention, after the program 210 is downloaded through the program providing server, an application identification value (for example, , The device token allocated by the APNS of the Apple company, etc.) may be allocated to the terminal 200. In this case, the terminal medium authentication unit 220 transmits the application identification value to the operation server 110, Can be authenticated as a program operated by the operating server 110. Meanwhile, the terminal medium authenticator 220 may transmit at least one unique information, which is stored in the wireless terminal 200 or allocated to the communication network in the process of transmitting the app ID value to the operation server 110, The program 210 may be a program operated by the operation server 110 and may simultaneously authenticate that the program 210 is running in the wireless terminal 200. [

According to the third terminal medium authentication method of the present invention, the program 210 defines at least one key value, a key exchange protocol and an encryption / decryption rule, and an authentication procedure for authenticating the program 210 using the key exchange protocol and encryption / The terminal medium authenticator 220 may transmit the at least one key value set in the certificate and the key value set in the certificate according to the authentication procedure defined in the certificate, Exchange protocol and the encryption / decryption rule to selectively authenticate that the program 210 is a program operated by the operation server 110. [ Meanwhile, the terminal medium authenticator 220 may further use at least one unique information stored in the wireless terminal 200 or allocated to the communication network in the authentication procedure in the course of using the certificate, It is possible to simultaneously authenticate that the program 210 is running in the wireless terminal 200 while being a program operated by the operation server 110.

According to the fourth terminal medium authentication method of the present invention, when the authentication number transmitted from the operation server 110 is received through the message exchange protocol of the communication network, the wireless terminal 200 transmits the received authentication number And transmits the program to the operation server 110 through the data network, thereby authenticating that the program 210 is a program operated by the operation server 110. Meanwhile, the terminal medium authentication unit 220 transmits at least one unique information, which is stored in the wireless terminal 200 or allocated to the communication network in the process of transmitting the authentication number to the operation server 110, together with the authentication number The program 210 may be a program operated by the operation server 110 and may simultaneously authenticate that the program 210 is running in the wireless terminal 200. [

According to the fifth terminal medium authentication method of the present invention, the terminal medium authenticator 220 receives authentication information from the operation server 110 through an authentication method selectively combining at least one of the first through fourth terminal medium authentication methods It is possible to authenticate the validity of the program 210, and thus the present invention is not limited thereto.

Referring to FIG. 2, the program 210 of the wireless terminal 200 may be configured such that when the program 210 is activated or activated according to a designated procedure, the program 210 is activated or activated And a drive / activation processing unit 225 for recognizing the fact that it has been activated.

If the program 210 is driven or activated by push notification or the program 210 is driven or activated by a user operation through the key input unit, the drive / activation processing unit 225 may control the operation / And requests the operation server 110 to establish a communication connection with the operation server 110 through at least one communication unit of the short range wireless communication unit 206 and the wireless network communication unit 207, (210). &Lt; / RTI &gt;

2, the program 210 of the wireless terminal 200 includes a receiving unit 230 for receiving authentication information (s) for authentication processing and authentication code (s) dynamically generated for server authentication, (S) authentication unit (235) for authenticating the validity of the received authentication code (s) through a designated code verification procedure. The validity of the authentication code (s) An NFC activating unit 240 for confirming or activating the activation and a medium recognizing unit 245 for recognizing the proximity of the noncontact medium 100 through the NFC module 205. [

After the program 210 is activated or activated, if the operation server 110 transmits the authentication information s for authentication processing and the dynamically generated authentication code s for server authentication, (S) and the authentication code (s) through at least one communication unit of the short-distance wireless communication unit 206 and the wireless network communication unit 207. [ The authentication information (s) and the authentication code (s) may be received together or separately (or sequentially) according to a specified procedure.

Meanwhile, when the authentication information (s) and the authentication code (s) are received from the operation server 110, the drive / activation processing unit 225 requests the PIN input of the user and the validity of the PIN input from the user Authentication. For this, the drive / activation processor 225 may register the PIN of the user in advance and store the PIN in the designated storage area.

When the authentication code (s) is received from the operation server 110, the authentication code (s) authentication unit 235 authenticates the validity of the received authentication code (s) using a designated code verification procedure. For example, the authentication code (s) authentication unit 235 may obtain a shared value (for example, a MIN of the wireless terminal 200, a key value exchanged / shared with the operating server 110) (E.g., a hash algorithm) into a specified code generation algorithm (e.g., a hash algorithm) synchronized with the operating server 110 and / or the synchronization value (e.g., time, etc.) synchronized with the operating server 110, (s) and the generated verification code (s) to verify the validity of the authentication code (s).

When the validity of the authentication code (s) is authenticated, the NFC activation unit 240 determines whether the NFC module 205 of the wireless terminal 200 is in an activated state so as to be able to interface with the noncontact medium 100. If the NFC module 205 is not activated, the NFC module 240 activates the NFC module 205 to interface with the noncontact media 100 through the NFC module 205 according to a designated procedure. .

When the NFC module 205 is activated, the medium recognition unit 245 confirms whether the noncontact medium 100 is close to the designated proximity and is interfaced through the NFC module 205. The medium recognition unit 245 displays induction information for inducing the noncontact medium 100 to approach the NFC module 205 through the screen output unit 202. The NFC module 205, Contact medium 100 that is close to the frequency reaching range.

Referring to FIG. 2, the program 210 of the wireless terminal 200 communicates with the security server 150 through a designated path to determine a designated storage area n (n) among N storage areas included in the non- ) Of the noncontact medium (100) through the NFC module (205) as a result of the medium access procedure, the medium access processing part (250) And an authentication code (t) for generating an authentication code (t) for authenticating the validity of the wireless terminal (200) that drives or activates the program (210) (t) generation unit 260 for generating authentication information t corresponding to the authentication information s, an authentication information generation unit 265 for generating authentication information t corresponding to the authentication information s, And transmits the authentication code (t) to the operation server 110 And an authentication result processing unit (275) having a transmitting unit (270) for receiving the authentication result of the authentication information (t) using the authentication means information generated by using the cipher block on the designated path and outputting the authentication result do.

The medium access processing unit 250 reads the unique serial number from the noncontact medium 100 through the NFC module 205 when the noncontact medium 100 near the frequency reaching range is recognized through the NFC module 205 Contacted medium 100 via the communication unit of at least one of the short-distance wireless communication unit 206 and the wireless network communication unit 207 to be transmitted to the specified security server 150. Preferably, the medium access processing unit 250 transmits the read unique serial number to the operation server 110, and the operation server 110 may transmit the unique serial number to the security server 150 . Meanwhile, the medium access processing unit 250 may transmit the unique serial number to the security server 150 according to an embodiment of the present invention.

The security server 150 receives from the security module 155 an authentication code that is recorded in a designated storage area (m, 0? M < N) out of N storage areas provided in the noncontact medium 100 corresponding to the unique serial number, (m) to be transmitted to the program 210 of the wireless terminal 200 through the designated path. Preferably, the security server 150 transmits the first authentication key to the operation server 110, and the operation server 110 transmits the first authentication key to the program 210 of the wireless terminal 200, . Meanwhile, the security server 150 may transmit the first authentication key to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

The medium access processing unit 250 receives the first authentication key through the communication unit of at least one of the short range wireless communication unit 206 and the wireless network communication unit 207. When the first authentication key is received, the medium access processing unit 250 transmits the first authentication key to the noncontact medium 100 through the NFC module 205, (m) recorded in the memory m. The noncontact medium 100 authenticates the first authentication key according to a specified authentication procedure and responds to the authentication code m recorded in the storage area m when the authentication is successful. (M) recorded in the storage area (m) of the noncontact medium (100). The medium access processing unit 250 may further read the issuer information recorded in the storage area m of the noncontact medium 100 according to an embodiment of the present invention. have.

The program 210 of the wireless terminal 200 may transmit an authentication code (for example, an authentication code) read from the noncontact medium 100 via a specified path through at least one communication unit of the near field wireless communication unit 206 and the wireless network communication unit 207 m to be forwarded to the security server 150. Preferably, the medium access processing unit 250 transmits the read authentication code m to the operation server 110, and the operation server 110 transmits the authentication code m to the security server 150, . Meanwhile, the medium access processing unit 250 may transmit the authentication code m to the security server 150 according to an embodiment of the present invention.

The security server 150 authenticates the validity of the authentication code m through the security module 155 and authenticates the validity of the non-contact medium 100 from the security module 155 during validity authentication of the authentication code m. The second authentication key for reading the cipher block recorded in the designated storage area (n, 0? N <N, n? M) is extracted from the program of the wireless terminal 200 210). The security server 150 transmits the second authentication key to the operation server 110 and the operation server 110 transmits the second authentication key to the program 210 of the wireless terminal 200. [ . Meanwhile, the security server 150 may transmit the second authentication key to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

According to an embodiment of the present invention, the security server 150 includes a security server 150 that performs a medium access procedure for reading a cipher block from the noncontact medium 100, Generates an authentication value for verifying validity between the decryption server 160 that decrypts the cipher block read from the medium 100 and transmits the authentication value to the program 210 of the wireless terminal 200 through the designated path .

According to an embodiment of the present invention, the security server 150 may synchronize with the decryption server 160 and / or the shared value (e.g., secret key) exchanged / shared in advance / (E.g., time, random number, etc.) to a designated code generation algorithm (e.g., a hash algorithm) to generate an authentication value. In this case, the security server 150 and the decryption server 160 The validity of the authentication value can be authenticated through a code verification procedure performed by the decryption server 160 even if the authentication value is not shared. Meanwhile, the security server 150 may generate an authentication value through a random number algorithm. In this case, the security server 150 may share the authentication value with the decryption server 160 and process the authentication value.

According to the embodiment of the present invention, the authentication value is included in the one transaction block with the second authentication key and is transmitted to the program 210 of the wireless terminal 200, Sequential) to the program 210 of the wireless terminal 200. When the second authentication key and the authentication value are transmitted to the program 210 of the wireless terminal 200 through one transaction block, the security server 150 transmits the second authentication key and the authentication value to the operation server 110, and the operating server 110 may transmit the second authentication key and the authentication value to the program 210 of the wireless terminal 200. Meanwhile, the security server 150 may transmit the second authentication key and the authentication value to the program 210 of the wireless terminal 200 according to an embodiment of the present invention.

The medium access processing unit 250 receives the second authentication key through the communication unit of at least one of the short-range wireless communication unit 206 and the wireless network communication unit 207. When the second authentication key is received, the medium access processing unit 250 transmits the second authentication key to the noncontact medium 100 through the NFC module 205, (n). &lt; / RTI &gt; The noncontact medium 100 authenticates the second authentication key according to a specified authentication procedure, and responds to the cipher block recorded in the storage area (n) when authentication is successful. The cipher block identification unit (255) Reads the cipher block recorded in the storage area (n) of the noncontact medium (100) through the NFC module (205) as a result of the medium access procedure performed through the medium access processing part (250).

The authentication code (t) generating unit 260 generates an authentication code (t) for authenticating the validity of the wireless terminal 200 that drives or activates the program 210 through the operation server 110. The authentication code (t) generating unit 260 may generate a shared value (for example, a MIN of the wireless terminal 200, a key value exchanged / shared, etc.) exchanged / shared with the operation server 110 (E.g., time) synchronized with the operational server 110 and / or the operating server 110 into a designated code generation algorithm (e.g., a hash algorithm).

The authentication information (t) generation unit 265 generates authentication information (t) for an authentication approval request using the cipher block read from the noncontact medium 100.

According to the embodiment of the present invention, the authentication information (t) generation unit 265 generates the authentication information (t) by using the personal information of the user (for example, the first six digits of the resident registration number) and / And the authentication information t may include personal information and / or secret information input from the user. Meanwhile, the authentication information (t) may include all or at least a part of the authentication information (s) according to the method.

The transmitting unit 270 transmits a cipher block that is read from the noncontact medium 100 through at least one communication unit of the short-distance wireless communication unit 206 and the wireless network communication unit 207, (T) generated by the authentication code (t) generating unit 260 and authentication information (t) for the authentication approval request to the operation server 110, Lt; / RTI &gt; The read cipher block and the generated authentication code t and authentication information t may be included in one transaction block and transmitted to the operation server 110 or may be transmitted in a predetermined order or route .

Meanwhile, when the authentication value generated through the security server 150 is received, the transmission unit 270 may process the encryption block and the authentication value to be transmitted to the decryption server 160. The cipher block and the authentication value may be transmitted through one transaction block, or may be transmitted (or sequentially) through a specified sequence or path.

The encryption block is transmitted to the decryption server 160 through a designated path, and the decryption server 160 generates authentication information corresponding to the encryption block and transfers the generated information to the operation server 110, (E.g., an authentication approval request to the authentication server 170) with respect to the authentication information t using the authentication means information generated through the encryption block, And transmits the authentication result to the program 210 of the wireless terminal 200. The authentication result processing unit 275 receives the authentication approval result through at least one communication unit of the short- And outputs it.

FIG. 3 is a diagram illustrating a server authentication and NFC activation process using the wireless terminal 200 according to an embodiment of the present invention.

3 illustrates an example of the authentication information (s) and authentication code (s) transmitted from the operation server 110 to the user's wireless terminal 200 having the NFC module 205 when the authentication request is made through the user's wireless terminal 200 and activating the NFC module 205 of the wireless terminal 200 after authenticating the operation server 110 by the wireless terminal 200. In the present invention, Those skilled in the art will be able to refer to and / or modify Figure 3 to infer various implementations of the server authentication and NFC activation process (e.g., omitting some steps or changing the order) However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 3, when a user accesses a server designated by a web system or an app system, purchases goods / services from a user's wireless terminal 200, selects an authentication method according to the present invention and requests transmission of authentication request information 300 ), The operation server 110 receives the authentication request information through the designated path (305) and stores the received authentication request information (310).

The operation server 110 performs a procedure for notifying a push for activating or activating the program 210 designated to the wireless terminal 200 in operation 315. The user's wireless terminal 200 receives the push notification The program 210 of the wireless terminal 200 is activated or activated according to a designated procedure by driving or activating 325 the program 210 corresponding to the push notification according to a designated procedure, The operation server 110 determines that the program 210 of the wireless terminal 200 is activated or activated based on an access attempt of the program 210 of the wireless terminal 200 (335).

If the program 210 of the wireless terminal 200 is activated or activated, the operation server 110 generates authentication information (s) for authentication processing of the received authentication request information (340) After generating the authentication code s for authenticating the server through the program 210 of the terminal 200 in step 345 and then transmitting the authentication information s and the authentication code s to the program of the wireless terminal 200 210 (350).

The program 210 of the wireless terminal 200 receives the authentication information s and the authentication code s through the designated path 355 and transmits the authentication code s (360) to authenticate the validity of the operation server (110) that transmitted the authentication information (s). Meanwhile, the authentication code (s) authenticates the validity of the operation server 110 through the program 210 of the wireless terminal 200. However, if the operation server 110 is an authentic server (= not a phishing server , And may also perform the function of verifying the wireless terminal 200 in the presence of the operation server 110. According to the embodiment of the present invention, the program 210 of the wireless terminal 200 receives the PIN of the user at a point in time during the process of receiving the authentication code (s) after activating or activating the program 210 A PIN authentication procedure for authenticating the user can be performed.

If the validity of the authentication code (s) is not authenticated, the program 210 of the wireless terminal 200 transmits an error code according to the authentication failure of the authentication code (s) to the operation server 110, The operation server 110 receives the error code and performs the designated internal procedure (365).

If the validity of the authentication code (s) is authenticated, the program 210 of the wireless terminal 200 confirms activation of the NFC module 205 included in the wireless terminal 200 (375) If the NFC module 205 is not activated, the program 210 of the wireless terminal 200 performs a procedure for activating the NFC module 205 (380). If the NFC module 205 of the wireless terminal 200 is activated or activated, the program 210 of the wireless terminal 200 may use the NFC module 205 as shown in FIGS. .

4 is a diagram illustrating a process of exchanging primary information between the wireless terminal 200 and the security server 150 for accessing the noncontact media 100 according to an embodiment of the present invention.

4 illustrates a case where the security server 150 reads the unique serial number from the noncontact medium 100 through the NFC module 205 in the user's wireless terminal 200 and transmits the unique serial number to the security server 150. [ (M) recorded in the storage area (m) of the noncontact medium (100) corresponding to the unique serial number is provided in the technical field of the present invention It is possible to refer to and / or modify the FIG. 4 to infer various implementations of the primary information exchange process (e.g., omitting some of the steps or changing the sequence) However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 4, the program 210 of the wireless terminal 200 recognizes that the non-contact medium 100 recognizes the proximity of the wireless terminal 200 at a designated distance (for example, within 1 cm, etc.) through the NFC module 205 (400). If the noncontact medium 100 is recognized, the program 210 of the wireless terminal 200 requests the reading of the noncontact medium 100 through the NFC module 205 (405) A serial number (e.g., CSN, etc.) is identified (410) and provided to the wireless terminal (200) via NFC (415).

The program 210 of the wireless terminal 200 reads the unique serial number from the noncontact medium 100 through the NFC module 205 and processes the unique serial number to be transmitted to the security server 150 And requests a first authentication key for the non-contact medium 100 (425). According to the embodiment of FIG. 4, the unique serial number is transmitted to the security server 150 via the operation server 110.

The operation server 110 receives a unique serial number from the program 210 of the wireless terminal 200 and transmits the unique serial number to the designated security server 150 to thereby transmit the unique serial number to the non- A first authentication key is requested (435).

The security server 150 confirms the first authentication key for the storage area m of the noncontact medium 100 through the security module 155 in operation 440. If the first authentication key is not confirmed (for example, the noncontact medium 100 corresponding to the unique serial number is not a valid noncontact medium 100), the security server 150 transmits an error The operation server 110 receives the error code and performs the designated internal procedure and provides the error code to the wireless terminal 200 in operation 445 and transmits the program 210 of the wireless terminal 200 Receives and outputs the error code (450).

Meanwhile, when the first authentication key is confirmed, the security server 150 transmits the first authentication key to the operation server 110 (455), and the operation server 110 receives the first authentication key The program 210 of the wireless terminal 200 receives the first authentication key for the noncontact medium 100 through the designated path (step 465).

5 is a diagram illustrating a process of exchanging secondary information between the wireless terminal 200 and the security server 150 for accessing the noncontact media 100 according to an embodiment of the present invention.

5, the authentication code m recorded in the storage area m of the noncontact medium 100 is read by the user's wireless terminal 200 through the first authentication key and transmitted to the security server 150 A process of authenticating the authentication code m at the security server 150 and providing a second authentication key for reading a cipher block recorded in the storage area n of the contactless medium 100 Those skilled in the art will appreciate that reference to and / or modification of FIG. 5 may be used to implement various embodiments of the secondary information exchange process (e.g., some steps may be omitted, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 5, when the first authentication key is received through the process shown in FIG. 4, the program 210 of the wireless terminal 200 transmits the first authentication (500). The non-contact medium 100 receives the first authentication key and authenticates the validity (505). If the validity of the first authentication key is not authenticated, the noncontact medium 100 responds with an error code via NFC, and the program 210 of the wireless terminal 200 transmits an error code (510).

Meanwhile, if the validity of the first authentication key is authenticated, the noncontact medium 100 confirms (515) the authentication code m recorded in the storage area m corresponding to the first authentication key, To the wireless terminal 200 (520). Meanwhile, the noncontact medium 100 further confirms (515) the issuer information for the noncontact medium 100 based on the authentication result of the first authentication key, and provides the issuer information to the wireless terminal 200 (520).

The program 210 of the wireless terminal 200 reads the authentication code m from the noncontact medium 100 through the NFC module 205 and reads the issuer information according to an implementation method 525). The program 210 of the wireless terminal 200 requests the second authentication key for the noncontact medium 100 by processing the authentication code m to be transmitted to the security server 150 in operation 530. According to the embodiment of FIG. 5, the authentication code m is transmitted to the security server 150 via the operation server 110. FIG.

The operation server 110 receives the authentication code m from the program 210 of the wireless terminal 200 and transmits the authentication code m to the designated security server 150 0.0 &gt; 540). &Lt; / RTI &gt;

The security server 150 authenticates the validity of the authentication code m through the security module 155 (545). If the validity of the authentication code m is not authenticated, the security server 150 transmits an error code to the operation server 110, and the operation server 110 receives an error code, The wireless terminal 200 provides the error code to the wireless terminal 200. The program 210 of the wireless terminal 200 receives and outputs the error code in operation 555.

If the validity of the authentication code m is authenticated, the security server 150 confirms the second authentication key for the storage area n of the noncontact medium 100 through the security module 155 , And transmits the confirmed second authentication key to the operation server 110 (565). The operation server 110 receives the second authentication key and provides the second authentication key to the wireless terminal 200 in step 570. The program 210 of the wireless terminal 200 transmits the second authentication key to the non- Lt; RTI ID = 0.0 &gt; 575 &lt; / RTI &gt;

6 is a diagram illustrating a process of exchanging secondary information between the wireless terminal 200 and the security server 150 for accessing the noncontact media 100 according to another embodiment of the present invention.

6, the authentication code m recorded in the storage area m of the noncontact medium 100 is read by the user's wireless terminal 200 through the first authentication key and transmitted to the security server 150 A second authentication key for authenticating the authentication code m at the security server 150 and generating an authentication value and for reading a cipher block recorded in the storage area n of the noncontact medium 100 It will be appreciated by those skilled in the art that reference is made to and / or modified by reference to FIG. 6 to illustrate various embodiments of the secondary information exchange process (e.g., It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. No.

Referring to FIG. 6, when the first authentication key is received through the process shown in FIG. 4, the program 210 of the wireless terminal 200 transmits the first authentication (600), and the noncontact medium 100 receives the first authentication key and authenticates the validity (605). If the validity of the first authentication key is not authenticated, the noncontact medium 100 responds with an error code via NFC, and the program 210 of the wireless terminal 200 transmits an error code (610).

Meanwhile, when the validity of the first authentication key is authenticated, the non-contact medium 100 confirms the authentication code m recorded in the storage area m corresponding to the first authentication key 615, To the wireless terminal 200 (620). The noncontact medium 100 further checks the issuer information of the noncontact medium 100 based on the authentication result of the first authentication key 615 and provides the issuer information to the wireless terminal 200 (620).

The program 210 of the wireless terminal 200 reads the authentication code m from the noncontact medium 100 through the NFC module 205 and reads the issuer information according to the method 625). The program 210 of the wireless terminal 200 requests the second authentication key for the noncontact medium 100 by processing the authentication code m to be transmitted to the security server 150 in operation 630. According to the embodiment of FIG. 6, the authentication code m is transmitted to the security server 150 via the operation server 110.

The operation server 110 receives the authentication code m from the program 210 of the wireless terminal 200 and transmits the authentication code m to the designated security server 150 to transmit the authentication code m to the non- 100) (640).

The security server 150 authenticates the validity of the authentication code m through the security module 155 (645). If the validity of the authentication code m is not authenticated, the security server 150 transmits an error code to the operation server 110, and the operation server 110 receives an error code, The error code is provided to the wireless terminal 200 at step 650 and the program 210 of the wireless terminal 200 receives and outputs the error code at step 655.

If the validity of the authentication code m is authenticated, the security server 150 checks the second authentication key for the storage area n of the noncontact medium 100 through the security module 155 (660 After generating the authentication value (665), the authentication server transmits the confirmed second authentication key and the generated authentication value to the operation server (670). The operation server 110 receives the second authentication key and the authentication value and provides the authentication value to the wireless terminal 200 in step 675. The program 210 of the wireless terminal 200 transmits the non- (680) the second authentication key for the authentication server 100 and the authentication value.

7 is a diagram illustrating a process of reading a cipher block from the noncontact medium 100 according to an embodiment of the present invention.

7 shows a process of reading a cipher block recorded in the storage area n of the noncontact medium 100 by the user's wireless terminal 200 through the second authentication key. Those skilled in the art will be able to refer to and / or modify Figure 7 to infer various implementations of the cryptographic block reading process (e.g., omitting some steps or changing the order) However, the present invention is not limited to the technical features of the present invention.

Referring to FIG. 7, when the second authentication key is received through the process shown in FIG. 5 or 6, the program 210 of the wireless terminal 200 is transmitted to the noncontact medium 100 through the NFC module 205 The non-contact medium 100 receives the second authentication key and authenticates the validity (Step 705). If the validity of the second authentication key is not authenticated, the noncontact medium 100 responds with an error code through NFC, and the program 210 of the wireless terminal 200 transmits an error code (710).

Meanwhile, if the validity of the second authentication key is authenticated, the non-contact medium 100 identifies a cipher block recorded in the storage area n corresponding to the first authentication key (715) The program 210 of the wireless terminal 200 reads the cipher block from the noncontact medium 100 through the NFC module 205 (725).

FIG. 8 is a diagram illustrating a process of performing an authentication procedure using a cipher block read from a non-contact medium 100 according to an embodiment of the present invention.

More specifically, FIG. 8 shows a cipher block read from the storage area n of the non-contact medium 100 at the user's wireless terminal 200, a verification code t generated at the wireless terminal 200, When the authentication information t is transmitted to the operation server 110, the decryption server 160 associated with the operation server 110 generates the authentication means information through the cipher block. Those skilled in the art will be able to refer to and / or modify this FIG. 8 to infer various implementations of the authentication procedure (e.g., omitting some steps or changing the sequence) However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 8, when the cipher block is read from the storage area n of the noncontact medium 100 through the process shown in FIG. 7, the program 210 of the wireless terminal 200 transmits the program 210 (800) to generate authentication code (t) for authenticating the wireless terminal (200) in the activated or activated state. The authentication code (t) And generates authentication information t (805).

The program 210 of the wireless terminal 200 transmits the cipher block and the authentication code t and the authentication information t to the operation server 110 through a designated path 810, (T) and the authentication information (t) (815).

The operation server 110 authenticates the validity of the authentication code t according to a designated code verification procedure (820). If the validity of the authentication code t is not authenticated, the operation server 110 transmits an error code to the wireless terminal 200, and the program 210 of the wireless terminal 200 transmits the error code A code is received and output (825).

Meanwhile, when the validity of the authentication code t is authenticated, the operation server 110 transmits authentication information t using the authentication information s provided to the mobile terminal 200 through the process shown in FIG. (830). &Lt; / RTI &gt; If the integrity of the authentication information t is not authenticated, the operation server 110 transmits an error code to the wireless terminal 200, and the program 210 of the wireless terminal 200 transmits the error code A code is received and output (835).

The operation server 110 requests the designated decryption server 160 for the authentication means information corresponding to the cipher block 840 and the decryption server 160 receives the cipher block 845, To generate authentication means information (850).

According to the first authentication means generation method of the present invention, when the authentication means information is encrypted in the encryption block, the decryption server 160 can generate the authentication means information by decoding the encryption block.

According to the second authentication means generation method of the present invention, when the identification information for identifying the authentication means is encrypted in the cipher block, the decryption server 160 decrypts the cipher block to check the authentication means information, (For example, a SAM storage area of the decoding module 165, a DB of a financial institution, or a safe storage medium permitted to store authentication means information) for storing authentication means information to be used for processing And the mapped authentication means information can be obtained.

According to the third authentication means generation method of the present invention, the encryption block can perform the function of the identifier mapped to the authentication means information. In this case, the decryption server 160 stores the authentication means information to be used for the authentication processing (For example, a SAM storage area of the decryption module 165, a DB of a financial institution, or a secure storage medium permitted to store authentication means information, etc.) have.

According to the fourth authentication means generation method of the present invention, the decryption server 160 decrypts the cipher block and confirms block information (or authentication information, identification information, etc., hereinafter referred to as block information for convenience) The authentication information of the specified information system corresponding to the authentication means can be generated using the block information. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the block information into the designated information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting the partial information of the block information into the designated information system.

According to the fifth authentication means generation method of the present invention, the decryption server 160 can generate the authentication means information of the specified information system corresponding to the authentication means using the cipher block. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the cipher block into the specified information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting some information of the cipher block into the specified information system.

Meanwhile, the decryption server 160 generates the authentication means information by combining two or more of the first to fifth authentication method generation methods, or modifies a part of the first to fifth authentication method generation methods, It is clear that the present invention is not limited thereto. That is, the present invention includes the number of all cases in which the authentication means information to be used for authentication using the cipher block is included in the right range.

If the authentication means information is not generated, the decryption server 160 transmits an error code to the operation server 110. The operation server 110 receives the error code and performs the designated internal procedure, The error code is provided to the wireless terminal 200 (855), and the program 210 of the wireless terminal 200 receives and outputs the error code (860).

Meanwhile, when the authentication means information is generated using the cipher block, the decryption server 160 transmits the authentication means information to the operation server 110 (865), and the operation server 110 transmits the authentication information And the generated authentication means information is received (870).

FIG. 9 is a diagram illustrating a process of performing an authentication procedure using a cipher block read from a non-contact medium 100 according to another embodiment of the present invention.

9 is a diagram illustrating an authentication value received through a process shown in FIG. 6 and a cipher block read from a storage area (n) of the noncontact medium 100 in the wireless terminal 200 of the user, (T) generated in the authentication server 110 and the authentication information t for authentication processing to the operation server 110, the authentication server 200 authenticates the authentication value in the decryption server 160 associated with the operation server 110 It will be appreciated by those skilled in the art that various modifications and variations may be made in the method of the present invention without departing from the spirit and scope of the present invention. (For example, an operation method in which some steps are omitted or the order is changed). However, the present invention includes all of the above-described embodiments, and the technical method This is not limited.

9, when the cipher block is read from the storage area n of the noncontact medium 100 through the process shown in FIG. 7, the program 210 of the wireless terminal 200 transmits the program 210 (900) for generating an authentication code (t) for authenticating the wireless terminal (200) in the activated or activated state, and generating (900) an authentication code And generates authentication information t (905).

The program 210 of the wireless terminal 200 transmits the cipher block, the authentication value, the authentication code t and the authentication information t to the operation server 110 through a designated path (910) (110) receives the cipher block, the authentication value, the authentication code (t), and the authentication information (t) (915).

The operation server 110 authenticates the validity of the authentication code t according to a designated code verification procedure (920). If the validity of the authentication code t is not authenticated, the operation server 110 transmits an error code to the wireless terminal 200, and the program 210 of the wireless terminal 200 transmits the error code A code is received and output (925).

Meanwhile, when the validity of the authentication code t is authenticated, the operation server 110 transmits authentication information t using the authentication information s provided to the mobile terminal 200 through the process shown in FIG. Lt; RTI ID = 0.0 &gt; (930). &Lt; / RTI &gt; If the integrity of the authentication information t is not authenticated, the operation server 110 transmits an error code to the wireless terminal 200, and the program 210 of the wireless terminal 200 transmits the error code A code is received and output (935).

The operation server 110 provides the cryptographic block and the authentication value to the designated decryption server 160 to request the authentication means information corresponding to the cryptographic block 940. The decryption server 160 decrypts the cryptographic block, An authentication value is received (945) and the validity of the authentication value is authenticated (950). If the validity of the authentication value is not authenticated, the decryption server 160 transmits an error code to the operation server 110. The operation server 110 receives the error code and performs the designated internal procedure The error code is provided to the wireless terminal 200 in step 955, and the program 210 of the wireless terminal 200 receives and outputs the error code in step 960.

Meanwhile, when the validity of the authentication value is authenticated, the decryption server 160 generates the authentication means information using the cipher block (965).

According to the first authentication means generation method of the present invention, when the authentication means information is encrypted in the encryption block, the decryption server 160 can generate the authentication means information by decoding the encryption block.

According to the second authentication means generation method of the present invention, when the identification information for identifying the authentication means is encrypted in the cipher block, the decryption server 160 decrypts the cipher block to check the authentication means information, (For example, a SAM storage area of the decoding module 165, a DB of a financial institution, or a safe storage medium permitted to store authentication means information) for storing authentication means information to be used for processing And the mapped authentication means information can be obtained.

According to the third authentication means generation method of the present invention, the encryption block can perform the function of the identifier mapped to the authentication means information. In this case, the decryption server 160 stores the authentication means information to be used for the authentication processing (For example, a SAM storage area of the decryption module 165, a DB of a financial institution, or a secure storage medium permitted to store authentication means information, etc.) have.

According to the fourth authentication means generation method of the present invention, the decryption server 160 decrypts the cipher block and confirms block information (or authentication information, identification information, etc., hereinafter referred to as block information for convenience) The authentication information of the specified information system corresponding to the authentication means can be generated using the block information. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the block information into the designated information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting the partial information of the block information into the designated information system.

According to the fifth authentication means generation method of the present invention, the decryption server 160 can generate the authentication means information of the specified information system corresponding to the authentication means using the cipher block. For example, the decryption server 160 may generate the authentication means information by substituting the hash value generated by hashing the cipher block into the specified information system. In this case, the authentication means information may be a function of the disposable authentication means Can be performed. Alternatively, the decryption server 160 may generate the authentication means information by substituting some information of the cipher block into the specified information system.

Meanwhile, the decryption server 160 generates the authentication means information by combining two or more of the first to fifth authentication method generation methods, or modifies a part of the first to fifth authentication method generation methods, It is clear that the present invention is not limited thereto. That is, the present invention includes the number of all cases in which the authentication means information to be used for authentication using the cipher block is included in the right range.

If the authentication means information is not generated, the decryption server 160 transmits an error code to the operation server 110. The operation server 110 receives the error code and performs the designated internal procedure, The error code is provided to the wireless terminal 200 (970), and the program 210 of the wireless terminal 200 receives and outputs the error code (975).

Meanwhile, when the authentication means information is generated using the cipher block, the decryption server 160 transmits the authentication means information to the operation server 110 (980), and the operation server 110 transmits the authentication information to the operation server 110 And the generated authentication means information is received (985).

FIG. 10 is a diagram illustrating a process of performing an authentication approval procedure using an authentication unit generated through a cipher block according to an embodiment of the present invention.

In more detail, FIG. 10 illustrates a process of allowing an operation server 110 to perform an authentication approval process using authentication unit information using a cipher block through a decryption server 160, and FIG. Those skilled in the art will be able to refer to and / or modify this drawing 10 to infer various implementations of the authentication procedure (e.g., omitting some steps or changing the order) The present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 10, when the authentication means information generated using the cipher block is confirmed through the process shown in FIG. 8 or FIG. 9, the operation server 110 transmits the authentication means information generated through the cipher block, The authentication server 170 requests authentication approval 170 from the authentication server 170 using the received authentication information t shown in FIG. 8 or 9, and the authentication server 170 receives the authentication approval request 1005 ). And performs an authentication approval procedure for the authentication information (t) using the authentication means information (1010). For example, when the authentication means information includes card information, and the authentication means is a financial company server, the financial institution server stores card information corresponding to the authentication means information, personal information included in the authentication information t and / Or may use the secret information to perform the authentication approval procedure to determine whether the card corresponding to the card information is effectively issued and operating.

If the authentication approval process is completed, the authentication server 170 generates an authentication approval result for the authentication approval procedure 1015 and transmits the authorization approval result to the operation server 110 (1020) The wireless terminal 200 receives the authentication approval result (1025), performs the designated internal procedure and provides the authentication approval result to the wireless terminal 200 (1030), and the program 210 of the wireless terminal 200 And receives and outputs the authentication approval result (1035).

100: non-contact medium 105: first terminal
110: Operation server 112: Authentication request receiver
114: authentication request response unit 116: authentication request storage unit
118: communication activation unit 120: drive / activity confirmation unit
122: authentication information (s) generation unit 124: authentication code (s) generation unit
126: Information providing unit 128: Medium access procedure relay unit
130: information receiving unit 132: authentication code (t)
134: authentication information (t) authentication unit 136: authentication means request unit
138: Authentication means receiving section 140: Authentication approval procedure section
142: Approval result reception unit 144: Approval result delivery unit
150: Security server 155: Security module
160: Decryption server 165: Decryption module
170: Authentication server 200: Second terminal
205: NFC module 210: program
215: Subscription / Authentication Processing Unit 220: Terminal Media Authentication Unit
225: drive / active processing unit 230:
235: authentication code (s) authentication unit 240: NFC activation unit
245: medium recognition unit 250: medium access processing unit
255: cipher block verification unit 260: authentication code (t) generation unit
265: authentication information (t) generating unit 270:
275: Authentication result processor

Claims (18)

CLAIMS What is claimed is: 1. A method executed via an operating server communicating with a wireless terminal of a user having an NFC module,
A first step of receiving and storing authentication request information from a user's wireless terminal;
A second step of confirming activation or activation of a program included in the user's wireless terminal for authentication using the NFC;
(S) for authentication processing of the authentication request information and a dynamically generated authentication code (s) for server authentication through the program of the wireless terminal when the program is activated or activated by the wireless terminal, To a third step;
A non-contact supporting NFC through an NFC module of the wireless terminal based on an authentication result of an authentication code (s) through a program of the wireless terminal and a result of a medium access procedure performed between a program of the wireless terminal and a designated security server (T) dynamically generated through the program of the wireless terminal for authentication of a wireless terminal which drives or activates the program, and a cipher block which is read from a designated storage area of the medium into a program of the wireless terminal, A fourth step of receiving authentication information t;
A fifth step of requesting the specified decryption server for the authentication means information corresponding to the cipher block in conjunction with the validity authentication of the received authentication code t and the integrity authentication of the authentication information t through the authentication information s, ;
A sixth step of receiving authentication means information generated from the decryption server through the encryption block;
A seventh step of transmitting the authentication means information and the authentication information (t) to a specified authentication server to request authentication approval; And
And receiving the authentication approval result from the authentication server and transmitting the authentication approval result to the program of the wireless terminal.
2. The method according to claim 1,
Further comprising the step of performing a procedure for notifying the user's wireless terminal of a push for activating or activating a program.
2. The method of claim 1, wherein the authentication code (s)
And a code value that can be authenticated through a code verification procedure included in the program of the wireless terminal.
The method according to claim 1,
Intervening in a data exchange process between the program of the wireless terminal and a designated security server to identify a unique serial number read from the noncontact medium through an NFC module of the wireless terminal and provide the unique serial number to a designated security server;
A first authentication key for reading an authentication code (m) recorded in a designated storage area (m, 0? M &lt; N) among N (N> 1) storage areas provided in the non- To a program of the wireless terminal;
Checking the authentication code (m) read from the noncontact medium through the NFC module of the wireless terminal and providing the authentication code to the designated security server;
Receiving a second authentication key for reading a cipher block recorded in the designated storage area (n, 0? N <N, n? M) from the security server and delivering the second authentication key to the program of the wireless terminal And the wireless authentication method using the noncontact medium.
The method according to claim 1,
Further comprising the step of intervening in a process of exchanging data between the program of the wireless terminal and a designated security server and receiving an authentication value generated through the security server and delivering the authentication value to the program of the wireless terminal,
The fourth step may further include receiving the authentication value from the program of the wireless terminal,
The fifth step may further include providing the authentication value to the decryption server and requesting authentication,
Wherein the authentication value is authenticated through the decryption server,
Wherein the authentication means information is generated using the cipher block as the authentication result of the authentication value.
The wireless terminal according to claim 1,
Receiving authentication information (s) and authentication code (s) from the operating server; And
And authenticating the validity of the received authentication code (s) through a designated code verification procedure.
2. The method of claim 1,
The program of the wireless terminal reading a unique serial number from a noncontact medium supporting NFC through an NFC module of the wireless terminal;
Wherein the program of the wireless terminal processes the read unique serial number to be transmitted to the specified security server and transmits the read unique serial number to a designated storage area m (0? M <N) among N (N> 1) Receiving a first authentication key for reading the recorded authentication code (m);
The program of the wireless terminal carries the first authentication key to the noncontact medium through the NFC module and reads the authentication code (m) recorded in the designated storage area (m) of the noncontact medium;
The program of the wireless terminal processes the read authentication code m to be transmitted to the security server and reads the cipher block recorded in the designated storage area of the noncontact medium (n, 0? N <N, n? M) Receiving a second authentication key for authentication; And
And the program of the wireless terminal transfers the second authentication key to the noncontact medium via the NFC module to read the cipher block recorded in the designated storage area (n) of the noncontact medium. A wireless authentication method using a noncontact medium.
8. The method according to claim 7,
To the decryption server having the decryption module for the cipher block.
8. The method of claim 7,
Further comprising the step of the program of the wireless terminal receiving the authentication value generated through the security server based on the verification result of the authentication code (m) through the security server,
Further comprising processing the program of the wireless terminal to transmit the authentication value to the decryption server when processing the leading encrypted block to be transmitted to the designated decryption server,
And the validity of the authentication value is authenticated through the decryption server.
The method according to claim 1, wherein the authentication information (t)
And at least one of personal information input from the user through the wireless terminal and secret information of a user corresponding to the authentication means information corresponding to the cipher block.
A method executed by a program installed in a wireless terminal of a user having an NFC module,
A first step of reading a unique serial number from a noncontact medium supporting NFC through the NFC module;
(M (0? M <N)) among the N (N> 1) storage areas provided in the noncontact medium to transmit the read unique serial number to the designated security server A second authentication key for reading the first authentication key;
A third step of transferring the first authentication key to the noncontact medium through the NFC module and reading the authentication code (m) recorded in the designated storage area (m) of the noncontact medium;
(N, 0? N <N, n? M) to be transmitted to the security server and to read a cipher block recorded in a designated storage area of the contactless medium A fourth step of receiving the second signal;
A fifth step of transferring the second authentication key to the noncontact medium through the NFC module and reading the cipher block recorded in the designated storage area (n) of the noncontact medium; And
And a sixth step of processing the read cipher block to be transmitted to the designated decryption server.
12. The method of claim 11,
And transmitting the cipher block to an operation server interlocked with the decryption server.
12. The method of claim 11,
Receiving authentication information (s) for authentication processing from an operation server and a dynamically generated authentication code (s) for server authentication through a program of the wireless terminal; And
Authenticating the validity of the received authentication code (s) through a designated code verification procedure,
Wherein the first step reads a unique serial number from a noncontact medium that supports NFC through the NFC module upon validation of the authentication code (s).
14. The method as claimed in claim 13,
And generating authentication information (t) to be used in the authentication procedure using the cipher block, and transmitting the authentication information (t) to the operation server.
14. The method of claim 13,
Further comprising the step of dynamically generating an authentication code (t) for authentication of a wireless terminal that has activated or activated said program,
Wherein the step (6) further comprises transmitting the generated authentication code (t) to the operation server.
12. The method of claim 11,
To the decryption server having the decryption module for the cipher block.
12. The method of claim 11,
Further comprising receiving an authentication value generated through the security server based on a verification result of the authentication code (m) through the security server upon receiving the second authentication key,
The sixth step may further include processing the authentication value to be transmitted to the decryption server,
And the validity of the authentication value is authenticated through the specified decryption server.
12. The method of claim 11,
Further comprising receiving and outputting an authentication approval result of the authentication approval procedure performed using the authentication means information generated through the cipher block.

Images