KR20160139073A - Method for Authenticating Interlocked Transaction by using One Time Code - Google Patents

Abstract

The present invention relates to a method to interconnect and authenticate a transaction by using a disposable code. According to the present invention, the method, executed by a server communicating with a wireless terminal of a user through a designated channel, includes: a first step of confirming n(1<=n<N) pieces of transaction information, inputted or selected by a user, among N(N>=2) pieces of information to be inputted by the user for a faceless transaction; a second step of confirming m(m>=1) pieces of transaction information, retrieved through a ledger system, by using designated information of the n pieces of transaction information; and a third step of forming transaction authentication information, including the m pieces of transaction information or at least one part of the same, and then providing the information to a program included in the wireless terminal of the user. The retrieved transaction information or a part of the same information is used as a seed of a disposable code, dynamically generated through the wireless terminal of the user. The disposable code is dynamically generated through at least one among the program in the wireless terminal, a security medium in the wireless terminal, and a chip able to be attached to or detached from the wireless terminal.

Description

{Method for Authenticating Interlocked Transaction by using One Time Code}

The present invention relates to a method and system for processing non-face-to-face transactions, which are inquired through a ledger system using N (1? N <N) (m &gt; = 1) pieces of transaction information, and configures transaction authentication information including at least one of the m pieces of transaction information or a part of the transaction information, and provides the transaction authentication information as a program provided in the wireless terminal of the user, And processing the disposable code to be dynamically generated using a part of the inquired transaction information or the inquired transaction information as a seed.

OTP (One Time Password) is known as the most secure authentication method in non-face-to-face financial transactions. However, even with OTP, if you use memory hacking, you can turn normal transactions into fraudulent transactions. That is, at the time when the user inputs normal transaction information, the normal transaction information inputted by the user is transferred to the banking server through the memory hacking as the illegal transaction information (for example, transaction information transferring to the account of the hacker) An illegal transaction is generated by the user's own hand.

Meanwhile, as a method for solving the OTP authentication problem caused by the memory hacking, a transaction-linked OTP method has been proposed in which an OTP is generated by keying all or a part of a transfer account number inputted by a user into an OTP token (Patent Registration Notice 10-0835260). In this case, if the hacker uses the memory hacking to exchange the normal transaction information with the illegal transaction information, since the transaction information inputted by the user is reflected in the OTP generation and authentication, Illegal transactions can be prevented.

However, in the conventionally-proposed transaction-linked OTP method, there is an inconvenience in use because all or part of the transfer account number once input by the user into the banking page must be keyed into the OTP token again, Or a partial mis-input causes a problem that the transaction is not authenticated even though it is a normal transaction.

Meanwhile, when the transaction-based OTP is applied to the OTP using the wireless terminal instead of the OTP token method, since the transaction information inputted by the user can be provided to the wireless terminal through the communication network, the problem that has occurred in the conventional OTP token can be solved . However, if the transaction information provided to the mobile terminal is already distorted / modulated by the memory hacking, the OTP is generated using the up / modulated transaction information, thereby causing a problem that an illegal transaction occurs. Therefore, it is technically more difficult to provide a transaction-oriented OTP that is convenient, reliable, and safe than transaction-based OTP in the conventional re-entry method.

An object of the present invention to solve the above problems is to provide an information processing apparatus and a method of processing the information of n (1 < n &lt; N) transaction information inputted or selected by the user among N (N & (M &gt; = 1) transaction information searched through the ledger system by using the designated information, and constructs transaction authentication information including at least one of the searched m transaction information or a part thereof to be provided to the user's wireless terminal The program of the wireless terminal may dynamically generate a disposable code using a part of the inquired transaction information or the inquired transaction information as a seed or may be detached from a security medium or a wireless terminal mounted on the wireless terminal A part of the inquired transaction information or the inquired transaction information is provided to the chip to be used as a seed of a disposable code dynamically generated through the secure medium or the chip Li a transaction interlocking authentication method using a single-use code to provide for.

A transaction interworking authentication method using a disposable code according to the present invention is a method executed by a server communicating with a wireless terminal of a user via a designated path, the method comprising the steps of: (M &gt; = 1), which is searched through the ledger system using the specified information of the n pieces of transaction information, And a third step of constructing transaction authentication information including at least one of m pieces of transaction information or a part of the transactions, and processing the transaction authentication information so as to be provided as a program provided in the wireless terminal of the user A part of the inquired transaction information or the inquired transaction information is used as a seed of a disposable code dynamically generated through the wireless terminal of the user, Group is in the program, the security medium mounted on the mobile terminal, characterized in that the dynamically generated via at least one of the chips being separated complex in the wireless terminal with a wireless terminal.

According to the present invention, the n pieces of transaction information may include a deposit bank, a deposit account number, and a deposit amount. On the other hand, the ledger system is capable of depositing a ledger system. On the other hand, the m pieces of transaction information can make a depositor's name of the deposit account.

According to the present invention, the transaction authentication information can be m '(1? M'? M) pieces of information among the searched m pieces of transaction information. On the other hand, the transaction authentication information may be a part of at least one of the searched m transaction information. Meanwhile, the transaction authentication information may add the n pieces of transaction information. Meanwhile, the transaction authentication information may include n '(1? N? N) pieces of information among the n pieces of transaction information. Meanwhile, the transaction authentication information may include a part of at least one of the n pieces of transaction information.

According to the present invention, the transaction authentication information may be output through the wireless terminal of the user.

According to the present invention, the transaction authentication information includes T (T? 1) pieces of information. The transaction authentication information is output through a program of the wireless terminal, Information can be input. Meanwhile, the input t information may be transmitted to the server through the program of the wireless terminal, and may be comparatively authenticated through transaction authentication information provided by the server to the program of the wireless terminal. Meanwhile, the input t information may be used as a seed of a disposable code dynamically generated through the wireless terminal.

According to the present invention, the transaction authentication information includes T (T? 1) pieces of information, and t (1? T? T) pieces of information to be used as a seed of the disposable code can be designated.

According to the present invention, the t information may include at least one of a part of the T information and partial information corresponding to a part of at least one piece of the T information.

According to the present invention, the inquired transaction information or a part of the inquired transaction information can be processed to be seeded through the program of the wireless terminal according to a specified rule.

According to the present invention, the transaction interworking authentication method using the disposable code comprises the steps of: receiving a disposable code dynamically generated through the wireless terminal using the inquired transaction information or a part of the inquired transaction information as a seed; And performing an authentication procedure of the received one-time code.

According to the present invention, the disposable code may be received from a program of the wireless terminal, or received via a user terminal that receives or selects the N transaction information. Meanwhile, the disposable code may be encrypted through the secure medium or the chip and provided from the program of the wireless terminal when the wireless terminal is generated through a secure medium mounted on the wireless terminal or a chip detached from the wireless terminal.

According to the present invention, when the validity of the one-time code dynamically generated through the wireless terminal is authenticated using a part of the inquired transaction information or the inquired transaction information as a seed, the transaction interworking authentication method using the one- And performing a non-face-to-face transaction procedure using the N pieces of transaction information.

According to the present invention, it is possible to provide a transaction-linked authentication by dynamically generating a disposable code associated with transaction information through a chip of a noncontact medium that is contactless-interfaced to a user's wireless terminal without having to re- .

According to the present invention, it is possible to transmit a disposable code through a chip of a noncontact medium, which is contactlessly interfaced to a user's wireless terminal, using information searched through a ledger, without using the transaction information inputted by the user (or operated by a hacker) It is possible to block the illegal use of the one-time code authentication by the manipulation of the transaction information and to intuitively recognize and block the transaction information even if the hacker manipulates the transaction information.

1 is a block diagram of a system for providing a transaction interlocking authentication system according to an embodiment of the present invention.
FIG. 2 is a diagram showing a configuration of a transaction interlocking authentication system according to an embodiment of the present invention.
3 is a diagram illustrating a functional configuration of a wireless terminal according to an embodiment of the present invention.
4 is a diagram showing a configuration of a chip for generating a disposable code according to an embodiment of the present invention.
5 is a diagram illustrating a process of exchanging transaction information according to an embodiment of the present invention.
6 is a diagram illustrating a process of dynamically generating a disposable code by a program of a user's wireless terminal according to an embodiment of the present invention.
FIG. 7 is a diagram illustrating a process of dynamically generating a disposable code through a security medium or a chip of a wireless terminal according to another embodiment of the present invention.
FIG. 8 is a diagram illustrating a process of controlling authentication and non-face-to-face transaction of a disposable code according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In other words, the following embodiments correspond to the preferred embodiment of the preferred embodiment of the present invention. In the following embodiments, a specific configuration (or step) is omitted, or a specific configuration (or step) (Or steps), or an embodiment that incorporates functions implemented in more than one configuration (or step) into any one configuration (or step), a particular configuration (or step) It will be apparent that the present invention is not limited to the embodiments described below. In the following embodiments, a specific configuration unit implemented on the server side is implemented on the terminal side and reference is made on the server side, or conversely, in the following embodiments, a specific configuration unit implemented on the terminal side is implemented on the server side, And all of the embodiments utilizing the same are also included in the scope of the present invention. Therefore, it should be clearly stated that various embodiments corresponding to subsets or combinations based on the following embodiments can be subdivided based on the filing date of the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a block diagram of a system for providing a transaction interlocking authentication system 200 according to an embodiment of the present invention.

More specifically, FIG. 1 illustrates an example of a transaction system using N (1 < n &lt; N) transaction information inputted or selected by the user among N (N & (M &gt; = 1) pieces of transaction information searched through the mobile terminal 120 and configures transaction authentication information including at least one of the searched m pieces of transaction information or a part thereof, The program 315 of the wireless terminal 300 dynamically generates a disposable code by using the inquired transaction information or a part of the inquired transaction information as a seed or transmits the disposable code to the wireless terminal 300 It is possible to provide the inquired transaction information or a part of the inquired transaction information to the chip 405 detached from the security medium 310 or the wireless terminal 300, Seeds of dynamically generated disposable code The system configuration for providing the transaction-based authentication system 200 by referring to and / or modifying the drawing 1 if the person skilled in the art is familiar with the present invention. It will be appreciated that various implementations of the scheme (e.g., some schemes may be omitted, or subdivided, or an aggregation scheme) may be inferred, but the present invention encompasses all of the above- And the technical features thereof are not limited only by the illustrated method.

The system configuration of the present invention includes a terminal 100 of a user who inputs or selects transaction information from a user and information on n (1? N <N) transaction information that the user inputs or selects (M &gt; = 1) pieces of transaction information searched from the ledger system 120, or a part of at least one transaction information or a part of the searched transaction information or the searched transaction information, Or a part of the inquired transaction information or the inquired transaction information to the secure medium 310 mounted on the wireless terminal 300 or the chip 405 detached from the wireless terminal 300, And a wireless terminal 300 of a user to install / operate a program 315 for processing a disposable code to be used as a seed of a dynamically generated code through the chip 310 or the chip 405, (M &gt; = 1) which is searched through the ledger system 120 using N (1 &lt; n &lt; N) ) Transaction information and then construct transaction authentication information including at least one of the searched m transaction information or a part thereof to provide the transaction authentication information to the program 315 provided in the user's wireless terminal 300, At least one of the program 315, the security medium 310 and the chip 405 of the terminal 300 is used for authentication of the one-time code dynamically generated by using the inquired transaction information (or a part of the inquired transaction information) At least one server or a combination of two or more servers implementing the transaction-based authentication system 200 performing the procedures. 1, the transaction interlocking authentication system 200 includes a transaction server 105 that receives transaction information from the terminal 100 of the user and processes non-face-to-face transactions based on the transaction information, A separate control server 115 for controlling the non-face-to-face transaction of the transaction server 105 by performing an information authentication procedure, a program 315 of the user's wireless terminal 300, a secure medium 310, 405), and / or a code server (110) for performing a procedure related to authentication of the generated one-time use code, the method comprising the steps of: .

The terminal 100 of the user is a general term of a terminal used by a user for non-face-to-face transactions, and is preferably a wired terminal including a computer, a notebook, or the like used by a user and a mobile terminal, a smart phone, And may include a wireless terminal 300. The terminal 100 of the user inputs or selects N pieces of transaction information for non-face-to-face transactions from the user and transmits the N pieces of transaction information through a designated path. Before the transaction is completed by transmitting all the N pieces of transaction information, It is desirable that an interlocking authentication procedure be performed.

According to the method of the present invention, the non-face-to-face transaction includes all transactions that can be provided via a communication network using a disposable code and is preferably used for various non-face financial transactions (for example, Internet banking, mobile banking, (Such as online credit card payment, online check card payment, online debit card payment, online prepayment card payment, online account transfer payment, mobile credit card payment, mobile check card payment, mobile debit card payment, mobile prepaid card payment, Mobile bank transfer, mobile bank transfer, etc.), various non-face authentication (e.g., online personal authentication, mobile personal authentication, 2-channel authentication, etc.). That is, the non-face-to-face transaction of the present invention can assign everything that can be processed via the communication network using the one-time code to the right scope.

The mobile terminal 300 of the mall user is a collective term of a terminal used by a user for transaction authentication, and may preferably include a mobile terminal 300 such as a user's mobile phone, a smart phone, a tablet PC, and the like. The user's wireless terminal 300 accesses at least one of the m transaction information searched from the ledger system 120 using the specified information of n transaction information inputted or selected by the user through the terminal 100 of the user (Or a part of the inquired transaction information) included in the transaction authentication information to the program 315 of the wireless terminal 300, the security medium 310, the chip 405 The program 315 may be installed / operated so as to be used as a seed of a dynamically generated disposable code.

According to the first embodiment of the present invention, the user's wireless terminal 300 may be loaded with a program 315 for dynamically generating a disposable code. In this case, the program 315 of the wireless terminal 300 can dynamically generate the disposable code using the inquired transaction information included in the transaction authentication information (or a part of the inquired transaction information) as a seed.

According to a second embodiment of the present invention, the user's wireless terminal 300 includes a security medium 310 corresponding to a security area for blocking access to an unauthorized application, A program 315 may be loaded. The secure medium 310 of the wireless terminal 300 may include a secure element (SE), a trust zone, and the like. The secure medium 310 may include inquired transaction information included in the transaction authentication information Or a part of the inquired transaction information) as a seed to dynamically generate a disposable code.

have.

According to the third embodiment of the present invention, the user's wireless terminal 300 is detached from the chip 405 that blocks access to an unauthorized application, and a program 315 linked with the chip 405 Lt; / RTI &gt; The chip 405 detached from the wireless terminal 300 may include a USIM 400 or an SD memory 400. The chip 405 may transmit the inquired transaction included in the transaction authentication information There is provided a program code for dynamically generating a disposable code by using information (or a part of the inquired transaction information) as a seed. The chip 405 detached from the wireless terminal 300 is not limited to the USIM 400 or the SD memory 400 but may be connected to the wireless terminal 300 in the form of an IC chip 405, Any chip 405 may be used as far as the chip 405 is used. Hereinafter, a feature of the present invention will be described by way of an embodiment, which is a USIM 400 in which a chip 405 deviating from the wireless terminal 300 is detached from the wireless terminal 300 for convenience.

According to the embodiment of the present invention, the user terminal 100 and the user's wireless terminal 300 can communicate directly with the transaction interlocking authentication system 200 through different communication networks (or different kinds of communication channels) And may include heterogeneous terminals that comply with channel separation for relay communication. For example, the user terminal 100 is a wired terminal of a user who processes a non-face-to-face transaction corresponding to Internet banking through a wired network, and the user's wireless terminal 300 includes, in addition to the wired terminal of the user, Owned wireless terminal 300 that handles transaction-based authentication according to the present invention. The user terminal 100 and the user's wireless terminal 300 may be a user's own wireless terminal 300 that is in direct communication or relay communication with the transactional authentication system 200 as one terminal have. For example, the user's wireless terminal 300 processes non-face-to-face transactions corresponding to mobile banking (e.g., mobile app based banking or mobile web based banking) through a wireless network, Owned wireless terminal 300 that handles authentication. Hereinafter, the features of the present invention will be described with reference to an embodiment in which the user terminal 100 and the user terminal 300 are heterogeneous terminals, but it should be apparent that the present invention is not limited thereto.

The transaction server 105 is a generic name of a server that processes a non-face-to-face transaction using the transaction information entered or selected by the user through the terminal 100 of the user. Preferably, the type of non-face trades A server provided in various financial institutions such as a banking server of a bank, an electronic financial server, a payment server of various card companies, a payment approval server, or a server of a securities company. Non-face-to-face transactions include non-face-to-face banking transactions using an account opened in a bank (for example, real account or virtual account), non-face credit card payment using a credit card issued by a credit card company, Non-face-to-face prepayment using prepaid cards issued by non-face-to-face check-card payments linked to opened accounts, non-face-to-face debit card payments or cash card transactions linked to bank-issued debit or cash cards and accounts opened at banks Card transaction may include at least one non-face-to-face transaction. According to an embodiment of the present invention, at least some components of the transaction interlocking authentication system 200 or the transaction interlocking authentication system 200 can be implemented through the transaction server 105.

The code server 110 may be configured to perform a process of controlling the one-time use code to be generated dynamically through at least one of the program 315, the secure medium 310 and the chip 405 of the wireless terminal 300 and / A general term of a server that performs a procedure related to authentication of a code, checks m transaction information searched through the ledger system 120 using designated information of n transaction information inputted or selected by a user for non-face-to-face transaction The transaction authentication information including at least one of the searched m transaction information or a part of the transaction authentication information is provided to a program 315 provided in the user's wireless terminal 300 and / At least one of the program 315, the security medium 310 and the chip 405 of the terminal 300 authenticates the one-time code dynamically generated by using the inquired transaction information (or a part of the inquired transaction information) as a seed Procedure can be performed. Meanwhile, the procedure for authenticating the disposable code according to the embodiment may be performed through a separate authentication center (not shown). According to an embodiment of the present invention, at least some components of the transaction-based authentication system 200 or the transaction-based authentication system 200 can be implemented through the code server 110.

The control server 115 is a generic name of a server capable of implementing at least some components of the transaction interlocking authentication system 200 or the transaction interlocking authentication system 200 in addition to the transaction server 105 and the code server 110, And provides the availability of implementing the present invention without implementing the transactional authentication system 200 in the transaction server 105 and / or the code server 110. [ When the transaction interlocking authentication system 200 is implemented through the control server 115, the control server 115 operates in conjunction with the transaction server 105 and / or the code server 110. However, the present invention is not limited to the case where at least one or more of the transaction server 105 and the code server 110 are combined to implement the present invention.

The general ledger system 120 is a general term for a system for managing a ledger such as an account or a card provided in at least one financial institution associated with a non-face-to-face transaction, and is an account or card opened / issued to the user for the non- (For example, transferring money from one bank to another bank, etc.) in the case where the non-face-to-face transaction is performed through interworking with another financial institution, the lending system 120 May include a ledger system 120 of another financial institution that interfaces with a user side financial institution for a non-face-to-face financial transaction through a joint network (e.g., a financial joint network, etc.). Meanwhile, if the non-face-to-face transaction is not linked to the ledger (e.g., in the case of non-face-to-face authentication), the ledger system 120 may include a database that stores information that is viewable in the non-face-to-face authentication process.

Hereinafter, technical features of the present invention will be described with reference to an embodiment in which the non-face-to-face transaction is a non-face-to-face banking transaction.

2 is a diagram illustrating a configuration of a transaction interlocking authentication system 200 according to an embodiment of the present invention.

More specifically, FIG. 2 shows m transaction information searched through the ledger system 120 using N information, which is inputted by the user or selected from n transaction information, And forms transaction authentication information including at least one of the searched m transaction information or a part thereof and provides the transaction authentication information to a program 315 provided in the user's wireless terminal 300, 315 dynamically generates a disposable code by using the inquired transaction information or a part of the inquired transaction information as a seed or is detached from the security medium 310 or the wireless terminal 300 mounted on the wireless terminal 300 The chip 405 provides a part of the inquired transaction information or the inquired transaction information so as to perform a procedure related to the authentication of the dynamically generated disposable code through the secure medium 310 or the chip 405, The present invention relates to a configuration of a system for carrying out a procedure related to a transaction using a one-time code, and it is possible to refer to and / or modify the FIG. 2 by a person skilled in the art, It will be appreciated that various implementations of the configuration (e.g., some configurations may be omitted, or subdivided, or combined) may be inferred from the present invention, The technical characteristics are not limited only by the method shown in FIG.

Referring to FIG. 2, the transaction interlocking authentication system 200 is a transaction interlocking system in which n (1 < n &lt; N) transactions inputted or selected by the user out of N An inquiry information verifying unit 205 for verifying m (m &gt; = 1) pieces of transaction information searched through the ledger system 120 using the specified information of the n pieces of transaction information, 210), an information constructing unit (215) for constructing transaction authentication information including at least one of the m transactions information or a part of the transaction information searched for, and a program (200) provided in the user's wireless terminal 315 of the information providing unit 220. The information providing unit 220 performs the process of processing the information.

The user terminal 100 receives a transaction type through an interface displayed through an interface provided by the transaction server 105 (for example, a web page interface for Internet banking) or an application provided in the terminal. By selecting the transaction type, N pieces of transaction information to be input for a non-face-to-face transaction corresponding to the transaction type are determined. Here, the N pieces of transaction information means all information that the user has to input or select for the non-face-to-face transaction. Before the transaction is completed, that is, when n pieces of transaction information are inputted or selected, A procedure corresponding to the authentication can be performed.

According to the embodiment of the present invention, in the case of a non-face-to-face financial transaction, the N pieces of transaction information include various account information (for example, user's own account information, withdrawal account information for account transfer, ), Amount information, and various secret information (for example, an account password, a transfer password, a certificate password, etc.), and may include a dynamically generated disposable code at the time of non-face-to-face transaction according to the method. If the created disposable code is not input through the user terminal 100 but directly transmitted to the designated server through the user's wireless terminal 300 according to the embodiment of the present invention, The above disposable code may be omitted in the transaction information of the number of transactions.

The user terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type. The interface includes an interface for receiving n pieces of transaction information corresponding to a part of N pieces of transaction information to be input for non-face-to-face transactions corresponding to the selected transaction type, or an interface for receiving the N pieces of transaction information .

When N '(N'≥n) pieces of transaction information are input through the interface, the user terminal 100 transmits N' pieces of transaction information inputted or selected by the user through a designated path. For example, the terminal 100 of the user may transmit the n pieces of transaction information to the server in which the transaction-based authentication system 200 is implemented. Alternatively, the user terminal 100 may transmit the N 'pieces of transaction information to the designated transaction server 105, and the transaction server 105 may transmit n pieces of transaction information based on the N' pieces of transaction information, To the server in which the interworking authentication system 200 is implemented.

The transaction information verifying unit 205 confirms n pieces of transaction information inputted or selected by the user for the non-face-to-face transaction through the designated path. Preferably, the n pieces of transaction information may include transaction information corresponding to the deposit bank and the deposit account number, and transaction information corresponding to the deposit amount (or transfer amount) to be deposited (or transferred) to the deposit account of the deposit bank And may include transaction information corresponding to the withdrawal bank and the withdrawal account number, and transaction information corresponding to the withdrawal amount (or the withdrawal amount) from the withdrawal account of the withdrawing bank in accordance with the method of operation. Meanwhile, according to the embodiment, the n pieces of transaction information may include transaction information related to deposits and withdrawals, and may include transaction information on any one of deposits and withdrawals.

According to the first transaction information confirming method of the present invention, the transaction information verifying unit 205 identifies the transaction information inputted or selected through the user terminal until the one-time use code among the N pieces of transaction information for the non- Transaction information.

According to the second transaction information confirming method of the present invention, the transaction information identifying unit 205 identifies the transaction information inputted or selected through the user terminal until the one-time use code among the N transaction information for the non- Can be confirmed as the n pieces of transaction information.

According to the third transaction information checking method of the present invention, the transaction information verifying unit 205 may identify the transaction information related to the fund depositing unit, which is transmitted from the user terminal, among the N pieces of transaction information for the non-face- It can be confirmed as transaction information.

According to the fourth transaction information checking method of the present invention, the transaction information verifying unit 205 identifies the transaction information excluding the transaction information used as the one-time code among the N pieces of transaction information for the non-face-to-face transaction as the n pieces of transaction information Can be confirmed.

According to the fifth transaction information checking method of the present invention, the transaction information checking unit 205 determines whether transaction information other than the transaction information used as the one-time code among the N transaction information for the non-face-to- The transaction information related to the deposited money depositing side can be confirmed as the n pieces of transaction information.

If the n pieces of transaction information are confirmed, the inquiry information verifying unit 210 determines the inquiry target ledger system 120 to inquire m pieces of transaction information using the specified information of the n pieces of transaction information. Preferably, the inquiry target ledger system 120 includes a depositing bank side ledger system 120 (e.g., an account system) and may include a withdrawal bank side ledger system 120 (e.g., The bank side ledger system 120 can not be confirmed, etc.).

According to the embodiment of the present invention, the inquiry information verifying unit 210 can determine the inquiry target ledger system 120 using the depositing bank and / or the bank account number among the n pieces of transaction information. For example, if the non-face-to-face transaction is a bank transfer transaction between the parties, the inquiry information confirmation unit 210 may connect the contact information through a joint network using a deposit bank and / or a deposit account number included in the n pieces of transaction information The inquiry target ledger system 120 can determine the ledger system 120 of another line. Or if the non-face-to-face transaction is a inter-company money transfer transaction, the inquiry information verification unit 210 determines the current ledger system 120 as the inquiry target ledger system 120 using the deposit bank and / or the bank account number .

According to another embodiment of the present invention, the inquiry information verifying unit 210 can determine the inquiry target ledger system 120 using the withdrawal bank and / or withdrawal account number among the n pieces of transaction information. For example, in the case where the non-face-to-face transaction is a transaction of a collecting method, the ledger system 120 of the other line connected through the common network using the withdrawal bank and / or withdrawal account number included in the n pieces of transaction information, The system 120 can be determined as the inquiry target ledge system 120.

When the inquiry target ledger system 120 is confirmed, the inquiry information verifying unit 210 provides the designated information of the n pieces of transaction information to the inquiry target ledger system 120, And receives the m transaction information searched from the inquiry target ledger system 120 using the specified information. Here, the m pieces of transaction information are collectively referred to as information that can be confirmed through the ledger system 120 in addition to the transaction information input by the user. Preferably, the m pieces of transaction information include a depositor's name or a collecting institution name . According to an embodiment of the present invention, the m pieces of transaction information include a depository code for identifying a depository account of an inquiry target account, a collection agency code for identifying a depository institution, information for identifying the kind of an inquiry target account, And may include various information that can be inquired.

According to another embodiment of the present invention, when the transaction interlocking authentication system 200 is not the transaction server 105, the inquiry about the m pieces of transaction information is performed through the transaction server 105, Unit 210 may receive m transaction information as the inquiry result performed through the transaction server 105. [ Alternatively, if the transaction interlocking authentication system 200 is not the transaction server 105, the inquiry information checking unit 210 may request m transaction information through the ledger system 120 and receive the transaction information have.

The information construction unit 215 may include at least one of the m pieces of transaction information confirmed through the inquiry information confirmation unit 210 and / or a part corresponding to a part of at least one of the confirmed m pieces of transaction information, The information configuring unit 215 configures the transaction information including the transaction information (n), which is confirmed through the transaction information checking unit 205, in addition to the m transaction information or a part thereof a part of n pieces of transaction information).

According to the first transaction authentication information configuration method of the present invention, the information configuration unit 215 can configure transaction authentication information including m transaction information confirmed through the inquiry information verification unit 210. [

In accordance with the second transaction authentication information configuration method of the present invention, the information configuration unit 215 determines m '(1? M'? M) pieces of information among the m pieces of transaction information confirmed through the inquiry information verification unit 210 As shown in FIG.

According to the third transaction authentication information configuration method of the present invention, the information construction unit 215 generates a transaction authentication information for a part of at least one (or two or more) of the m pieces of transaction information confirmed through the inquiry information confirmation unit 210 It is possible to configure the transaction authentication information including the corresponding partial information.

According to the fourth transaction authentication information configuration method of the present invention, the information configuration unit 215 can configure transaction authentication information including n transaction information confirmed through the transaction information confirmation unit 205, The information configuration unit 215 may configure transaction authentication information in a form that the transaction information further includes the n pieces of transaction information in the transaction authentication information configured according to the first to third transaction authentication information configuration methods. Meanwhile, according to another embodiment of the present invention, the information configuration unit 215 can configure transaction authentication information including the n transaction information without being linked with the first through third transaction authentication information configuration methods , Whereby the present invention is not limited thereto.

According to the fifth transaction authentication information configuration method of the present invention, the information configuration unit 215 determines n '(1? N? N) pieces of information among the n pieces of transaction information confirmed through the transaction information determination unit 205 The information configuration unit 215 may configure the transaction authentication information including the n 'pieces of information in the transaction authentication information configured according to the first to third transaction authentication information configuration methods The transaction authentication information can be configured. According to another embodiment of the present invention, the information configuring unit 215 can configure the transaction authentication information including the n 'pieces of information without being linked with the first to third transaction authentication information configuration methods , Whereby the present invention is not limited thereto.

According to the sixth transaction authentication information configuration method of the present invention, the information construction unit 215 generates a transaction authentication information in accordance with at least one (or two or more) pieces of information among the n pieces of transaction information confirmed through the transaction information confirmation unit 205 The information configuring unit 215 may configure the transaction authentication information including the corresponding partial information, and the information configuring unit 215 may configure the transaction authentication information configured according to the first to third transaction authentication information configuration methods, The transaction authentication information may be configured to include partial information corresponding to at least one (or two or more) pieces of information. Meanwhile, according to another embodiment of the present invention, the information construction unit 215 does not associate with the first to third transaction authentication information configuration schemes, and a part of at least one (or two or more) pieces of the n pieces of transaction information It is possible to construct the transaction authentication information including the partial information corresponding to the transaction information, and thus the present invention is not limited thereto.

According to the seventh transaction authentication information configuration method of the present invention, the information configuration unit 215 may combine two or more of the first to third transaction authentication information configuration schemes and / or the fourth to sixth transaction authentication information It is possible to configure the transaction authentication information in such a manner that two or more configuration methods are combined and / or a combination of two or more of the first to sixth transaction authentication information configuration methods is combined. The present invention is characterized in that all the transaction authentication information configuration examples derivable based on the first to seventh transaction authentication information configuration modes are attributed to the scope of the present invention.

According to an embodiment of the present invention, the information configuration unit 215 may configure transaction authentication information including T (T? 1) pieces of information on the basis of the first through seventh transaction authentication information configuration schemes. Meanwhile, the information configuration unit 215 may be used as the authentication information of the non-facing transaction among the T information included in the transaction authentication information, and / or used as the program 315 of the wireless terminal 300, the security medium 310, (1? T? T) pieces of information to be used as a seed of a one-time code generated through at least one of the chips 405 and 405. [ In this case, the transaction authentication information may include an identifier (or a flag) for specifying t information among the T information. Here, the t information includes T pieces of information included in the transaction authentication information, or at least one (or a combination of two or more) of the T pieces of information and / It may be specified to include partial information corresponding to a part. On the other hand, according to the embodiment, the transaction information may not specify the t information, and thus the present invention is not limited thereto.

The information providing unit 220 performs a procedure for processing the transaction authentication information configured through the information construction unit 215 to be provided to the specific program 315 provided in the user's wireless terminal 300. [

According to an embodiment of the present invention, the information providing unit 220 transmits the transaction authentication information to the user (for example, a messaging procedure via a messaging center of a mobile communication company or a messaging procedure for push notification) (E.g., a telephone number of the wireless terminal 300 held by the user, a push token (or an identifier) for the program 315 provided in the user's wireless terminal 300, ), Etc.) and may request messaging to transfer the transaction authentication information to the user's wireless terminal 300 with a designated messaging server (not shown).

The user's wireless terminal 300 receives the message according to the messaging procedure and the program 315 of the wireless terminal 300 is driven according to a designated procedure The information providing unit 220 may request transaction authentication information corresponding to the message according to a designated procedure and the information providing unit 220 may transmit the transaction authentication information to the program 315 of the wireless terminal 300. [ If the program 315 is driven by the user's wireless terminal 300 without the messaging, the program 315 transmits an app drive signal for identifying its own operation according to a designated procedure, The information providing unit 220 may request the provision of the transaction authentication information to the wireless terminal 300 or request the provision of the transaction authentication information according to a user operation. In this case, the information providing unit 220 may transmit the transaction authentication information to the program 315 of the wireless terminal 300 Information can be transmitted. Preferably, the information providing unit 220 decrypts the transaction authentication information in a decryptable manner in the program 315 of the wireless terminal 300, and the program 315 of the wireless terminal 300 encrypts the transaction authentication information And receive and decrypt the received transaction authentication information.

The program 315 of the wireless terminal 300 receives (or decodes) the transaction authentication information and outputs T information included in the transaction authentication information using the output means provided in the wireless terminal 300 . At this time, the transaction authentication information includes the transaction information (or a part of the inquired information) inquired through the ledger in addition to the information inputted or selected by the user. The transaction information (or a part of the inquired information) inquired through the ledger is not the information directly inputted or selected by the user. Therefore, even if the terminal 100 of the user to which the n pieces of transaction information is input is hacked or up / modulated, the transaction information (or a part of the inquired information) inquired through the ledger can not be arbitrarily manipulated. If the user terminal 100 is hacked or tampered with or tampered with by a method that the terminal authentication system 200 can not recognize (e.g., memory hacking, etc.) When n pieces of transaction information (or a part thereof) are transmitted / modulated, valid information is not retrieved from the ledger through such information, and even if there is any information retrieved from the ledger, It is not input or selected information. However, the transaction information input through the terminal 100 of the user in the non-face-to-face transaction process is mostly in the form of a number. Therefore, even if the transaction information (or a part thereof) of the number type is exposed to the user in a state where the hacker is up / modulated, it is difficult for the user to intuitively recognize whether the number is up / modulated. If the above-mentioned transaction information is not the account number of the user (if the account number of the user is the account number of the user), it is highly likely that the account information is memorized. The account number of the depositor (if the hacker inputs Or if the transaction information that is selected is tampered with or tampered with, the account number of the depositor is most likely to be tampered with), most of the users do not memorize the account number of the depositor. Therefore, even if such transaction information is exposed to the user It is difficult to recognize whether it is up / modulated. However, according to the present invention, the information retrieved from the ledger includes information that can be intuitively perceived by the user, such as a depositor's name in addition to the number. Therefore, even if n pieces of transaction information (or a part thereof) input or selected through the user's terminal 100 are up / modulated and information inquired from the ledger exists based on the up / modulated transaction information, The user can intuitively recognize whether the transaction information is up / modulated based on the information retrieved from the ledger when the transaction authentication information including information on the transaction information is output to the user's wireless terminal 300. [

According to an embodiment of the present invention, the program 315 of the wireless terminal 300 may output T information included in the transaction authentication information, &Lt; / RTI &gt; T) &lt; / RTI &gt; In this case, the user inputs the specified t information through the information input interface displayed on the wireless terminal 300. Here, the t information includes T pieces of information included in the transaction authentication information, or at least one (or a combination of two or more) of the T pieces of information and / And may include partial information corresponding to a part thereof.

If the transaction authentication information includes an identifier (or flag) designating the t information, the program 315 of the wireless terminal 300 displays an information input interface for receiving the specified t information , And can receive the specified t information through the information input interface. On the other hand, when the t information is not specified in the transaction authentication information, the t information may be manually specified by the user or automatically specified through the program 315, The control unit 315 may display an information input interface for receiving the manual / t designated beams, and receive the designated t information through the information input interface.

If t pieces of information among the T pieces of information included in the transaction authentication information are inputted, the program 315 of the wireless terminal 300 forms authentication information including the inputted t pieces of information, To the server in which the transaction interlocking authentication system 200 is implemented.

Or if t information out of the T pieces of information included in the transaction authentication information is input, the program 315 of the wireless terminal 300 uses the inputted t pieces of information (or a part thereof) as a seed, Or may be provided to the security medium 310 or the chip 405 of the wireless terminal 300 so as to be used as a seed of a disposable code. Meanwhile, according to the method, the program 315 of the wireless terminal 300 processes (e.g., hash) the t pieces of information (or a part thereof) in a seed in accordance with a specified rule, Code may be dynamically generated or provided to the security medium 310 or the chip 405 of the wireless terminal 300 to be used as a seed of a disposable code.

According to another embodiment of the present invention, when the transaction authentication information includes an identifier (or flag) designating the t information, the program 315 of the wireless terminal 300 is included in the transaction authentication information (Or a part thereof) is used as a seed to dynamically generate a disposable code, or to generate the disposable code from the security medium 310 of the wireless terminal 300 Chip 405 to be used as a seed of disposable code. At this time, the program 315 of the wireless terminal 300 preferably outputs the transaction authentication information. Meanwhile, according to the method, the program 315 of the wireless terminal 300 processes (e.g., hash) the t pieces of information (or a part thereof) in a seed in accordance with a specified rule, Code may be dynamically generated or provided to the security medium 310 or the chip 405 of the wireless terminal 300 to be used as a seed of a disposable code. However, if t information among the transaction authentication information is predetermined, the program 315 of the wireless terminal 300 may not output the transaction authentication information according to the method.

According to another embodiment of the present invention, the program 315 of the wireless terminal 300 dynamically generates a one-time code using the T information included in the transaction authentication information as a seed, To the secure medium 310 or the chip 405 of the mobile communication terminal 300 and used as a seed of the disposable code. At this time, the program 315 of the wireless terminal 300 preferably outputs the transaction authentication information. Meanwhile, according to the embodiment, the program 315 of the wireless terminal 300 processes (e.g., hash) the T pieces of information in a usable manner according to a specified rule, and then dynamically generates a one- Or may be provided to the security medium 310 or the chip 405 of the wireless terminal 300 so as to be used as a seed of a disposable code. However, when T information included in the transaction authentication information is used as a seed of the disposable code, the program 315 of the wireless terminal 300 may not output the transaction authentication information according to the method.

Meanwhile, the program 315 of the wireless terminal 300 may dynamically generate a one-time code using the inquired transaction information (or a part of the inquired transaction information) as a seed, And other information included in the transaction authentication information, a time value counted by the wireless terminal 300, a unique value (e.g., And the server-side seed value provided from the server side to be used as a seed in addition to the transaction authentication information, to be used as a seed of a disposable code.

At least one of the program 315, the secure medium 310 and the chip 405 of the wireless terminal 300 transmits a seed including the inquired transaction information (or a part of inquired transaction information) You can dynamically generate one-off code by substituting. At least one seed value for generating the one-time code may be stored in the memory unit 309, the security medium 310 and the chip 405 of the wireless terminal 300. In this case, The program 315, the secure medium 310, the chip 405 and the like of the wireless terminal 300 can send the disposable code as a dynamic by substituting the information provided from the wireless terminal 300 and the stored seed value into a designated code generation algorithm Can be generated.

The program 315 of the wireless terminal 300 confirms the generated one-time code and performs a procedure for providing the identified one-time code to the transaction-related authentication system 200. [

According to the first disposable code providing method of the present invention, the program 315 of the wireless terminal 300 can display the disposable code on the screen. In this case, The one-off code can be input to the terminal 100 of the user who is used for the non-face-to-face transaction. If the wireless terminal 300 and the user terminal 100 are capable of short range wireless communication, the program 315 of the wireless terminal 300 transmits the disposable You can provide code. The terminal 100 of the user performs a procedure for transferring the inputted / provided disposable code to the transaction interlocking authentication system 200 according to a specified security procedure. Preferably, the terminal 100 of the user may transmit the disposable code to (N-n) pieces of transaction information to be provided to the server side corresponding to the transaction interlocking authentication system 200.

According to the second disposable code providing method of the present invention, the program 315 of the wireless terminal 300 can transmit the disposable code to the server side corresponding to the transaction interlocking authentication system 200 via the designated communication path . The program 315 of the wireless terminal 300 may encrypt the disposable code according to a security procedure agreed with the server side and transmit the encrypted one-off code. Meanwhile, when the disposable code is generated through the secure medium 310 or the chip 405 of the wireless terminal 300, the secure medium 310 or the chip 405 decrypts the generated disposable code on the server side And may provide the encrypted one-off code to the program 315 of the wireless terminal 300 after possible encryption (e.g., encryption using the security rules and keys agreed between the server side) The program 315 of the terminal 300 may transmit the encrypted one-time code to the transaction interlocking authentication system 200 via a designated communication path. The encrypted disposable code in the secure medium 310 or the chip 405 may be secondarily encrypted through the program 315 of the wireless terminal 300 and transmitted to the server side.

According to the third disposable code providing method of the present invention, the disposable code can be transmitted to the server side corresponding to the transaction interlocking authentication system 200 in a form of combining the first and second disposable code providing methods. For example, some of the disposable codes may be input / provided to the terminal 100 of the user and transmitted to the server side, while others may be transmitted from the program 315 of the wireless terminal 300 to the server side.

The transaction interlocking authentication system 200 performs a procedure for authenticating the validity of the disposable code provided according to the first to third disposable code providing schemes, and the disposable code is a transaction information for the non- Some of which are generated using seeds, so that the authentication is interlocked with the non-face-to-face transaction.

Referring to FIG. 2, the transaction interlocking authentication system 200 includes a program 315 of the wireless terminal 300, authentication information including t information input from a user among T information included in the transaction authentication information, An authentication information receiving unit 225 for receiving the authentication information including the t information input by the user and an authentication information receiving unit 225 for receiving the authentication information using the transaction authentication information provided by the program 315 of the wireless terminal 300 A secure medium 310 and a chip 405 of the wireless terminal 300 when the validity of the authentication information is authenticated. And a transaction information control unit 235 for controlling the generated one-time code to be dynamically generated or controlling the generated one-time code to be received via the designated path.

When the program 315 of the wireless terminal 300 receives t information from among T pieces of information included in the transaction authentication information and composes and transmits authentication information including the inputted t pieces of information, (225) receives the authentication information through a communication channel connected to the wireless terminal (300). When the authentication information is encrypted and transmitted, the authentication information receiver 225 decrypts the encrypted authentication information.

The transaction information authentication unit 230 compares the t information included in the authentication information with the transaction authentication information configured by the information configuration unit 215, And verifies the validity of the t pieces of information by comparing with the transaction information or the m pieces of inquiry information confirmed through the inquiry information verifying unit 210. [

When the validity of the authentication information including the t information is authenticated, the transaction information control unit 235 provides the authentication result of the authentication information to the program 315 of the wireless terminal 300, The secure medium 310, and the USIM 400 to generate the one-time use code. If the program 315 of the wireless terminal 300 transmits the one-off code, the transaction information control unit 235 interlocks with the program 315 of the wireless terminal 300 to securely receive the disposable code So that the security procedures for performing the authentication are performed. The transaction information control unit 235 may perform the procedure of providing the server side seed value to the program 315 of the wireless terminal 300 according to the method. The server side seed value may be a value stored in the DB on the transaction interlocking authentication system 200, a randomly generated random number value, a code value generated based on the n pieces of transaction information and m pieces of transaction information a hash value obtained by hashing n specified transaction information and m specified transaction information among the m transaction information, and the like).

Meanwhile, if the one-time code generated by the wireless terminal 300 is received through the terminal 100 of the user, the transaction information controller 235 receives the one-time code through the terminal 100 of the user And / or to perform a security procedure for securely receiving the one-time code input via the code input interface.

Referring to FIG. 2, the transaction interlocking authentication system 200 transmits the inquired transaction information (or the transaction information) through at least one of the program 315, the secure medium 310, and the chip 405 of the wireless terminal 300 A disposable code authentication unit 240 for identifying a one-time use code dynamically generated using a seed as a seed, a disposable code authentication unit 245 for performing an authentication procedure for authenticating the validity of the disposable code, And a transaction control unit 250 for controlling the non-face-to-face transaction to be performed based on the authentication result of the disposable code.

(Or part of the transaction information that has been inquired) through at least one of the program 315, the secure medium 310 and the chip 405 of the wireless terminal 300 as a seed, If the code is provided to the server side according to the first to third disposable code providing methods, the disposable code verifying unit 240 generates the one-time code using the inquired transaction information (or a part of the inquired transaction information) as a seed (Or receives) the disposable code transmitted to the server according to the first to third disposable code providing schemes. The disposable code may be included in (N-n) pieces of transaction information transmitted from the terminal 100 of the user and / or transmitted through the program 315 of the wireless terminal 300.

When the disposable code is confirmed through the disposable code verification unit 240, the disposable code authentication unit 245 performs an authentication procedure for authenticating the validity of the disposable code.

According to the embodiment of the present invention, the one-time code authentication unit 245 confirms the transaction authentication information provided to the program 315 of the wireless terminal 300 and / (A part of the inquired transaction information) and confirms the seed value to be used as the seed, and then generates the one-time code as the same as the code generation algorithm in which the one-time code is generated The validity of the disposable code can be verified by comparing the disposable code with the verification code by inserting various information used as the seed into the code generation algorithm to generate a verification code.

Meanwhile, the disposable code authentication unit 245 may perform the authentication of the disposable code by a separate authentication center (not shown) associated with the transaction-based authentication system 200. In this case, (E.g., a part of the inquired transaction information or the inquired transaction information) necessary for authenticating the one-time use code in the authentication center, thereby authenticating the one-time code through the authentication center And receives an authentication result of the disposable code from the authentication center.

According to the present invention, since the disposable code is generated by using the inquired transaction information (or a part of the inquired transaction information) including the transaction information for the non-face-to-face transaction as a seed, do.

When the validity of the one-time code is authenticated, the transaction control unit 250 receives remaining transaction information for processing the non-face-to-face transaction from the terminal 100 of the user, Checks N transaction information provided from the terminal 100, and controls the non-face-to-face transaction requested from the user terminal 100 based on the N transaction information.

FIG. 3 is a diagram illustrating a functional configuration of a wireless terminal 300 according to an embodiment of the present invention.

In more detail, FIG. 3 illustrates a configuration of a wireless terminal 300 that dynamically generates a one-time code using a transaction information inquired through a ledger or a part of the inquired transaction information as a seed, 3 is a block diagram illustrating a functional configuration of the wireless terminal 300 according to an exemplary embodiment of the present invention. Referring to FIG. 3 and / or modified by a person skilled in the art, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

3, the wireless terminal 300 includes a control unit 301, a memory unit 309, a screen output unit 302, a user input unit 303, a sound processing unit 304, a wireless network communication unit 307, A local communication unit 306, an NFC unit 305, a USIM reader unit 308, and a USIM 400, and has a battery for power supply. Meanwhile, according to an embodiment, the wireless terminal 300 may include a secure medium 310 that is not accessible in an unauthorized application.

The control unit 301 is a general term for controlling the operation of the wireless terminal 300. The control unit 301 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 301 loads at least one program code included in the wireless terminal 300 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the wireless terminal 300. FIG. Hereinafter, the configuration of the program 315 of the present invention, which is implemented in the form of program code for convenience, is shown in the control unit 301 and will be described.

The memory unit 309 is a generic term of a nonvolatile memory corresponding to a storage resource of the wireless terminal 300 and includes at least one program code executed through the control unit 301 and at least one Save and maintain the dataset. The memory unit 309 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 300, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 300, The program code and data set corresponding to the program 315 of the present invention are also stored in the memory unit 309. The program code and the data set corresponding to the program 315 of the present invention are stored in the memory unit 309. [

The screen output unit 302 is composed of a screen output device (e.g., an LCD (Liquid Crystal Display) corresponding to the output resource of the wireless terminal 300 and a driving module for driving the screen output device) And outputs the calculation result corresponding to the screen output among the various calculation results of the control unit 301 to the screen output device.

The user input unit 303 may include at least one user input device corresponding to the input resource of the wireless terminal 300 such as a button, a keypad, a touch pad, a touch screen interlocked with the screen output unit 302, And inputs a command for instructing various operations of the control unit 301 in cooperation with the control unit 301 or inputs data necessary for the operation of the control unit 301. [

The sound processing unit 304 is composed of a speaker corresponding to the output resource of the wireless terminal 300, a microphone corresponding to the input resource of the wireless terminal 300 and a driving module for driving the microphone, And outputs the operation result corresponding to the sound output from the various operation results of the control unit 301 through the speaker or transmits the sound data inputted through the microphone to the control unit 301. [ The driving module decodes sound data to be outputted through the speaker and converts the sound data into a sound signal or encodes the sound signal inputted through the microphone to encode the sound signal.

The NFC unit 305 collectively refers to a communication resource for processing one or more NFCs among a bidirectional NFC, a full-duplex NFC, and a half-duplex NFC using a radio frequency signal as a communication medium at a close distance (e.g., about 10 cm) NFC can be processed according to the near field communication (NFC) standard of the frequency band. For example, the NFC unit 305 can operate in a reader mode, a tag mode, or a bidirectional communication mode. Meanwhile, the NFC unit 305 may be included in a communication resource for connecting the wireless terminal 300 to a communication network according to an object to be communicated nearby.

The wireless network communication unit 307 and the short range communication unit 306 are collectively referred to as communication resources for connecting the wireless terminal 300 to a designated communication network. Preferably, the wireless terminal 300 may include a wireless network communication unit 307 as a basic communication resource, and may include one or more local communication units 306.

The wireless network communication unit 307 is a collective term for a communication resource that connects the wireless terminal 300 to a wireless communication network via a base station and includes an antenna for transmitting and receiving a radio frequency signal of a specific frequency band, And transmits the calculation result corresponding to the wireless communication among the various calculation results of the controller 301 to the controller 301 through the wireless communication network or receives data through the wireless communication network To the control unit 301, and performs connection, registration, communication, and hand-off procedures of the wireless communication. According to the present invention, the wireless network communication unit 307 can connect the wireless terminal 300 to a telephone communication network including a communication channel and a data channel via the exchange, and in some cases, May be connected to a data network providing communication-based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 307 performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication and handoff according to a mobile communication standard such as CDMA / WCDMA / LTE Lt; / RTI &gt; Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 307 may further include a portable internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 307. [ That is, the wireless network communication unit 307 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless zone, a type of a communication network, or a protocol.

The short-range communication unit 306 collectively refers to a communication resource for connecting a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connecting the wireless terminal 300 to the communication network based on the communication session, Preferably, the wireless terminal 300 can be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to the embodiment of the present invention, the short range communication unit 306 may be implemented in a form integrated or separated from the wireless network communication unit 307. According to the present invention, the short-range communication unit 306 connects the wireless terminal 300 to a data network providing packet-based short-range wireless data communication through a wireless AP.

The USIM reader 308 exchanges at least one data set with a universal subscriber identity module 400 that is mounted or detached from the wireless terminal 300 based on the ISO / IEC 7816 standard As a generic term for the configuration, the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

According to the embodiment of the present invention, the USIM 400 can dynamically generate a disposable code by using a part of the transaction information or transaction information inquired through the ledger among the information included in the transaction authentication information as a seed .

The secure medium 310 corresponds to a secure area that blocks access of an unauthorized application among applications of the wireless terminal 300. Preferably, the secure medium 310 of the wireless terminal 300 is a medium corresponding to various SE Secure Element), a trust zone, and the like.

The program 315 of the present invention (hereinafter also referred to as &quot; application &quot; for convenience) is downloaded from a program providing server (for example, Apple's App Store or the like) via a data network to which the communication resource is connectable and stored in the memory unit 309 . The downloaded program 315 operates in conjunction with the transaction-based authentication system 200.

Referring to FIG. 3, the program 315 of the wireless terminal 300 accesses the transaction interlocking authentication system 200 through a data network to which the communication resource is connectable, thereby joining the user as a member, An application authentication procedure unit 325 for performing a procedure for authenticating the validity of the program 315 through at least one communication network connectable through the communication resource, And an identification value registration unit (330) for registering a unique identification value provided or assigned to the wireless terminal (300) in the transaction interlocking authentication system (200), wherein the transaction interlocking authentication system (200) (Not shown) that operates in conjunction with at least one component of the authentication information registration unit 320, the application authentication procedure unit 325, and the identification value registration unit 330. At least one component of the membership subscription / authentication unit 320, the application authentication procedure unit 325, and the identification value registration unit 330 may be omitted according to the embodiment.

The program 315 includes communication connection macro information to be connected to the transaction interlocking authentication system 200 via the data network to which the communication resource is connectable and the member subscription / authentication unit 320 includes the screen output unit 302 (For example, name, resident registration number, etc.) for joining the user as a member via the data network, and transmits the user input through the interface to the transaction interlocking authentication system 200 via the data network, The user can be subscribed as a member by transmitting the information and the member account.

Meanwhile, the subscription of the user can be subscribed through a separate user terminal other than the mobile terminal 300. Accordingly, when the user is already registered as a member or is registered as a member through the user terminal, the membership registration / authentication unit 320 outputs an interface for inputting the user account of the user, And transmits the member account input through the interface to the transaction interlocking authentication system 200 to authenticate the user as a member.

The application authentication processing unit 325 authenticates the validity of the program 315 to the transaction interlocking authentication system 200 through at least one communication network among the data network and the telephone communication network to which the communication resource is connectable. According to the embodiment of the present invention, the process of authenticating the validity of the program 315 is carried out in the arm / decryption communication process agreed beforehand between the program 315 and the transactional authentication system 200, A detailed description of the decoding process will be omitted.

According to the first program authentication method of the present invention, the program 315 can be downloaded through the program providing server in a state in which a unique value for identifying the program operated by the transaction-linked authentication system 200 is set. In this case, the app authentication procedure unit 325 transmits the eigenvalue to the transaction-based authentication system 200 or the key exchange procedure according to the transaction-based authentication system 200 and the designated key exchange protocol based on the eigenvalue The program 315 can authenticate that it is a program operated by the transaction interlocking authentication system 200.

According to the second program authentication method of the present invention, the program 315 is downloaded through the program providing server, and then, according to a designated procedure, a token value (e.g., A device token assigned by the APNS, etc.) may be assigned. In this case, the application authentication processing unit 325 transmits the token value to the transaction interlocking authentication system 200 according to the designated path, thereby confirming that the program 315 is a program operated by the transaction interlocking authentication system 200 .

According to the third program authentication method of the present invention, the program 315 constructs hash information by hashing at least one file corresponding to the program 315 according to a specified hash algorithm, System 200 to authenticate that the program 315 is a valid program operated by the transaction interlocking authentication system 200. [ Meanwhile, the application authentication procedure unit 325 can construct hash information by using the key value internally determined in the process of constructing the hash information or exchanged with the transaction-based authentication system 200.

According to the fourth program authentication method of the present invention, the program 315 is downloaded through a program providing server in a state in which a certificate for performing a specified authentication procedure is loaded, or after being downloaded through a program providing server, Certificates can be loaded according to roaming procedures. In this case, the application authentication processing unit 325 may selectively use the at least one key value set in the certificate, the key exchange protocol and the encryption / decryption rule according to the authentication procedure defined in the certificate, It is possible to authenticate that the program is operated by the interworking authentication system 200. The certificate may include at least one of a certificate of the transactional authentication system 200 or a certificate of the user using the program 315. [

According to the fifth program authentication method of the present invention, when the authentication number transmitted from the transaction interlocking authentication system 200 is received through the message exchange protocol of the telephone network, the wireless terminal 300 inputs the received authentication number And transmits the program 315 to the transaction interlocking authentication system 200 through the data network to authenticate that the program 315 is a program operated by the transaction interlocking authentication system 200.

According to the sixth program authentication method of the present invention, the application authentication procedure unit 325 receives from the transaction interlocking authentication system 200 an authentication method that selectively combines at least one of the first through fifth program authentication methods It is possible to authenticate the validity of the program 315, and thus the present invention is not limited thereto.

The application authentication procedure unit 325 may access the memory unit 309 or SE (Secure Element) of the wireless terminal 300 at any specified time before, during, or after the process of performing the first to sixth program authentication schemes, Or the unique information allocated by the communication company's resources in the process of connecting or holding the wireless terminal 300 to the communication network designated through the wireless network communication unit 307 to the transaction interlocking authentication system 200 The program 315 is a program operated by the transaction interlocking authentication system 200 and can concurrently authenticate that the program 315 is running in the wireless terminal 300. [

The identification value registration unit 330 registers information stored in the reading area of the wireless terminal 300, information stored in the unique storage area of the wireless terminal 300, information recorded in the H / W configuration of the wireless terminal 300 A unique identification value including at least one of information assigned / assigned in the network to which the wireless terminal 300 is connected, and / or a program authentication process or authentication performed through the first to sixth program authentication methods. As a result, it is possible to identify a unique identification value including at least one of information allocated to the program 315 and information stored in the wireless terminal 300 by the program 315, To the transaction interlocking authentication system (200).

3, the program 315 of the wireless terminal 300 includes an information receiving unit 335 that receives transaction authentication information from the transaction interlocking authentication system 200 shown in FIG. 2, And displays the received transaction authentication information through the screen output unit 302. The user input unit 303 receives t information among the T information included in the transaction authentication information through the user input unit 303, and an information authentication procedure unit (340) for performing a procedure of transmitting authentication information including t information to the transaction interlocking authentication system (200).

The transaction interlocking authentication system 200 uses the specified information of the n pieces of transaction information inputted or selected by the user for the non-face-to-face transaction, and transmits the transaction information including at least one And the information receiving unit 335 receives the transaction authentication information through the wireless network communication unit 307 or the local communication unit 306. [

When the transaction authentication information is received through the information receiving unit 335, the information authentication processing unit 340 displays T information included in the received transaction authentication information on the screen output unit 302 And the information authentication procedure unit 340 receives t information out of the T information items output on the screen. The information authentication procedure unit 340 forms authentication information including the input t information and transmits the authentication information to the transaction interlocking authentication system 200 so that a transaction received by the program 315 of the wireless terminal 300 And to confirm the user's approval of T information included in the certification. The transaction interlocking authentication system 200 verifies the validity of t information included in the received authentication information using the transaction information provided to the program 315 of the wireless terminal 300, It can be considered that the user has approved that the transaction information corresponding to the transaction authentication information provided to the program 315 of the wireless terminal 300 is valid. The information authentication processing unit 340 can receive the authentication result obtained by verifying the validity of the authentication information from the transaction-based authentication system 200. [

Referring to FIG. 3, the program 315 of the wireless terminal 300 transmits t information to be used as a seed of a disposable code among T information included in the transaction authentication information received through the information receiver 335 And a code generation unit 350 for dynamically generating a disposable code by using the seed information when the program 315 generates a disposable code, do.

When the transaction authentication information is received via the information receiving unit 335 and / or the transaction authentication information is output through the screen output unit 302, the seed confirmation unit 345 transmits T The seed information including t pieces of information to be used as a seed of the disposable code can be confirmed.

According to the first seed checking method of the present invention, the seed identifying unit 345 can identify T information included in the transaction authentication information as at least one of seed information to be used as a seed of the disposable code.

According to the second seed identification method of the present invention, when an identifier (or flag) for identifying t information included in the transaction authentication information to be used as a seed is included, the seed identification unit 345 identifies the transaction authentication information (Or flag) contained in the seed information, and confirms t information to be used as a seed of the disposable code, and confirms the confirmed t information as at least one of the seed information.

According to the third seed identification method of the present invention, when t information among the T information is input from the user after T information included in the transaction authentication information is output, the seed identification unit 345 identifies the input T information, and confirms the confirmed t information as at least one of the seed information.

According to the method of the present invention, when information to be used as a seed of the one-time code among the transaction authentication information is confirmed according to the first to third seed identification methods, the seed identification unit 345 identifies The information confirmed through the transaction authentication information can be processed (e.g., hashed) so as to be usable as a seed of the disposable code.

In addition to the inquired transaction information (or a part of the inquired transaction information), the seed confirmation unit 345 may include other transaction information included in the transaction authentication information, a time value counted through the wireless terminal 300, (For example, device ID, UUID, IMEI, IMSI, telephone number, etc.) uniquely assigned / stored in the server 300, and a server side seed value provided from the server side to be used as a seed other than the transaction authentication information Seed information can be further confirmed. Meanwhile, the seed information is not limited to the above-described example, and may include any value as long as it is a value that can be confirmed by the wireless terminal 300 to generate a disposable code.

When generating the disposable code through the program 315 of the wireless terminal 300, the code generation unit 350 has the code generation algorithm (for example, a hash algorithm or the like) designated by the code generation unit 350 , And the seed information confirmed through the seed confirmation unit 345 is substituted into the seed of the code generation algorithm to dynamically generate the disposable code of the designated code system. Meanwhile, when the seed value to be used as a seed of the code generation algorithm is stored in the memory unit 309, the code generation unit 350 outputs the seed value and the seed information stored in the memory unit 309 to the code generation algorithm To generate the one-off code of the specified code system dynamically.

According to another embodiment of the present invention, the code generation unit 350 may be provided on the program code of the secure medium 310 mounted on the wireless terminal 300 or may be detached from the wireless terminal 300 May be provided on the program code of the chip 405.

3, when the one-time use code is dynamically generated through the secure medium 310 or the chip 405 mounted on the wireless terminal 300, the program 315 of the wireless terminal 300 may include the security A seed providing unit 355 for providing seed information confirmed through the seed confirmation unit 345 to the medium 310 or the chip 405; A code output unit 365 for outputting the disposable code through the screen output unit 302 and / or a code output unit 365 for outputting the disposable code through the screen output unit 302 and / From the transaction interlocking authentication system (200).

When the one-time use code is dynamically generated through the secure medium 310 or the chip 405 mounted on the wireless terminal 300, the inquiry transaction information (or the inquired transaction information through the seed confirmation unit 345) The seed supplier 355 transmits the seed information including the inquired transaction information (or a part of the inquired transaction information) to the secure medium 310 or the chip 405, Lt; / RTI &gt;

The security medium 310 or the chip 405 can dynamically generate the one-time code by substituting the information provided from the wireless terminal 300 into a designated code generation algorithm using a seed. The secure medium 310 or the chip 405 may store at least one seed value for generating the one-time code in the secure medium 310 or the chip 405. In this case, ) And the stored seed value into a designated code generation algorithm using a seed to dynamically generate a single use code. The secure medium 310 or the chip 405 provides the generated disposable code to the program 315 of the wireless terminal 300. The code verification unit 360 receives the disposable code through the NFC unit 305, The security medium 310 or the chip 405 is provided with the generated one-time code using the inquired transaction information (or a part of the inquired transaction information) as a seed.

The code output unit 365 outputs the one-time code generated through at least one of the code generation unit 350, the security medium 310 and the chip 405 through the screen output unit 302. [ The output one-off code can be input as one of (N-n) pieces of transaction information input through the terminal 100 of the user.

Meanwhile, the code transmitting unit 370 transmits the one-time code generated through at least one of the code generating unit 350, the security medium 310, and the chip 405 to the transaction interlocking authentication system 200. Preferably, the code transmitting unit 370 may transmit the disposable code to the transaction interlocking authentication system 200 according to a bore procedure agreed with the transaction interlocking authentication system 200. Meanwhile, the secure medium 310 or the chip 405 can decrypt the disposable code through the transaction-based authentication system 200, and in this case, the code transmission unit 370 may transmit the one- And transmits the disposable code encrypted in the secure medium 310 or the chip 405 to the transaction interlocking authentication system 200 via the security procedure agreed with the transaction interlocking authentication system 200 And transmits the encrypted data to the transaction interlocking authentication system 200.

4 is a diagram showing a configuration of a chip 405 for generating a disposable code according to an embodiment of the present invention.

In more detail, FIG. 4 illustrates a functional configuration for generating a disposable code in a chip 405 detached from the wireless terminal 300. As long as those skilled in the art are familiar with the present invention, 4 may be referenced and / or modified to approximate various implementations of the configuration of the chip 405 (e.g., some configuration portions may be omitted, or subdivided, or aggregated implementations) And the technical features thereof are not limited only by the method shown in FIG. Meanwhile, a person skilled in the art will be able to deduce the configuration of the secure medium 310 installed in the wireless terminal 300 with reference to FIG. 4, It is evident that the security medium 310 belongs to the scope of the present invention in addition to the chip 405 detached from the security chip 300. [

The chip 405 for generating a disposable code in the present invention may be in the form of a USIM 400 or an SD memory 400 detached from the wireless terminal 300 and desirably detached from the wireless terminal 300. [ Hereinafter, the configuration of the chip 405 will be described based on the USIM 400 detached from the wireless terminal 300 for convenience.

Referring to FIG. 4, the chip 405 receives seed information from the wireless terminal 300, dynamically generates a disposable code based on the seed information, and provides the generated code to the wireless terminal 300 And a memory unit 435 for storing at least one program code or data set necessary for the control of the controller 410. The controller unit 410 forms a contact interface with the wireless terminal 300 And an interface unit 440. The USIM 400 or the SD memory 400 on which the chip 405 is mounted has a contact point 445 (for example, COB (Chip On Board)) electrically connected to the interface unit 440 at a designated position on the surface And the contact point 445 may be electrically connected to the contact point of the wireless terminal 300 to interface the chip 405 with the wireless terminal 300.

The memory unit 435 is a collective term of a nonvolatile memory corresponding to a storage resource of the chip 405. The memory unit 435 preferably includes a ROM (Read Only Memory), an EEPROM (Electrically Erasable and Programmable Read Only Memory) And the like. Preferably, the memory unit 435 includes both a NAND-type memory and a NOR-type memory. And may be included in the category of the memory unit 435 as a RAM (Random Access Memory) provided in the chip 405 according to an implementation method. According to the embodiment of the present invention, the memory unit 435 stores a program code corresponding to a COS (Chip Operating System), and a program code corresponding to an applet corresponding to a service to be provided through the chip 405 .

According to the embodiment of the present invention through the NFC, the memory unit 435 may receive and store a seed value used as a seed for dynamically generating a disposable code. Meanwhile, the memory unit 435 may receive and store a PIN authentication value for PIN authentication. The memory unit 435 may store unique identification information that uniquely identifies the chip 405 according to an implementation method.

The controller 410 is a collective term for controlling the operation of the chip 405. The controller 410 preferably controls the operation of one or more of a central processing unit (CPU), a micro processing unit (MPU), and a coprocessor Lt; / RTI &gt; According to the embodiment of the present invention, the control unit 410 can define a state in which the program code corresponding to the COS recorded in the memory unit 435 is loaded into the execution memory and operated by the processor, FIG. 4 is a block diagram illustrating a configuration of a program code corresponding to an applet operating on the application program according to an exemplary embodiment of the present invention.

4, the chip 405 includes an information receiving unit 415 for receiving seed information from the program 315 of the wireless terminal 300, a code generation unit 415 for dynamically generating a single use code using the seed information, And a code providing unit (425) for providing the generated one-time use code to the program (315) of the wireless terminal (300), wherein the authentication processing unit (430).

The information receiving unit 415 receives the seed information from the program 315 of the wireless terminal 300. Preferably, the seed information includes m transaction information searched through the ledger system 120 or at least one transaction authentication information including at least one part of the transaction information using the specified information of the n transaction information inputted / selected by the user for non- (Or part of the transaction information). Meanwhile, the seed information may include a time value counted by the wireless terminal 300, a unique value (e.g., a device ID, a UUID, an IMEI, an IMSI, a phone number, etc.) ) And a value of at least one of a server side seed value provided from the server side to be used as a seed in addition to the transaction authentication information. Meanwhile, the seed information is not limited to the above-described example, and any value that can be input from the wireless terminal 300 to generate the disposable code may be included.

The code generation unit 420 includes a designated code generation algorithm (for example, a hash algorithm), substitutes the seed information received through the information reception unit 415 with the seed of the code generation algorithm, Dynamically generate code. Meanwhile, when the seed value to be used as a seed of the code generation algorithm is stored in the memory unit 435, the code generation unit 420 generates seed value stored in the memory unit 435 and seed value stored in the memory unit 435 through the information receiving unit 415 The received seed information can be substituted into the seed of the code generation algorithm to dynamically generate the disposable code of the designated code system.

When the disposable code is dynamically generated through the code generating unit 420, the code providing unit 425 provides the generated disposable code to the program 315 of the wireless terminal 300. Meanwhile, when the disposable code is transmitted to the transaction interlocking authentication system 200 through the program 315 of the wireless terminal 300, the code providing unit 425 transmits the disposable code to the transaction interlocking authentication system 200, And provides the decrypted data to the program 315 of the wireless terminal 300. [ Meanwhile, according to the embodiment, the code providing unit 425 may provide the unique identification information for the chip 405 stored in the memory unit 435 together with the disposable code, so that the present invention is not limited thereto .

Meanwhile, the authentication processing unit 430 may process the PIN authentication for dynamically generating the disposable code at a designated point in the process of receiving the seed information from the wireless terminal 300 and generating the disposable code. The authentication processing unit 430 stores a PIN authentication value for PIN authentication, receives a PIN value from the wireless terminal 300, and can authenticate the received PIN value using the PIN authentication value. The disposable code can be dynamically generated through the code generator 420 when the PIN is authenticated.

5 is a diagram illustrating a process of exchanging transaction information according to an embodiment of the present invention.

FIG. 5 illustrates m transaction information or a transaction authentication information including at least one transaction information, which is partially retrieved through the ledger system 120, using the n pieces of transaction information input or selected by the user for non-face- To the user's wireless terminal 300. It will be understood by those skilled in the art that reference is made to and / It is to be understood that the present invention is not limited to the embodiment (s), but it is to be understood that the invention may be practiced otherwise than as specifically described herein, Technical features are not limited.

Referring to FIG. 5, a user terminal 100 performs a non-face authentication process for non-face-to-face transactions (500) and selects a transaction type from a user (505). The user terminal 100 displays an interface for receiving transaction information corresponding to the selected transaction type (510). When the transaction information is inputted through the interface, the user terminal 100 transmits n transaction information including specified information to be used for the lie-down inquiry among the n transaction information for the non-face-to-face transaction to the transaction interlocking authentication system 200 (515). The process of transmitting and receiving the n pieces of transaction information between the terminal 100 of the user and the transaction interlocking authentication system 200 may be performed sequentially or in a batch process according to the order corresponding to the non-facing transaction procedure .

The transaction interlocking authentication system 200 receives n pieces of transaction information through a designated path 520 and checks m transaction information searched through the ledger system 120 using the specified information of the n pieces of transaction information (525). If the m transaction information is confirmed, the transaction interlocking authentication system 200 configures the transaction authentication information to be provided to the user's wireless terminal 300 according to the first through seventh transaction authentication information configuration methods of the present invention (530). Preferably, the transaction authentication information may include m pieces of the transaction information searched or a part of the transaction information searched.

If the transaction authentication information is configured, the transaction interlocking authentication system 200 confirms the user's wireless terminal 300 to provide the transaction authentication information (535). The user's wireless terminal 300 can be identified based on information stored in a designated database or through information received from the terminal 100 of the user. If the user's wireless terminal 300 is confirmed, the transaction interlocking authentication system 200 performs a procedure of providing the transaction authentication information to the program 315 provided in the user's wireless terminal 300 540).

The program 315 included in the user's wireless terminal 300 receives the transaction authentication information according to a designated procedure (545) and outputs T information included in the received transaction authentication information according to the method of operation (550). According to an embodiment of the present invention, the program 315 of the wireless terminal 300 receives the designated t information among the T information (555). If the t information is input, the program 315 of the wireless terminal 300 transmits authentication information including the t information (560), and the transaction interlocking authentication system 200 transmits the t information (540). &Lt; / RTI &gt; The transaction interlocking authentication system 200 checks the validity of t information included in the authentication information using transaction authentication information provided to the user's wireless terminal 300 in operation 570. If the validity of the authentication information is not authenticated, the transaction interlocking authentication system 200 transmits an authentication error for the authentication information to the program 315 of the wireless terminal 300 (575) The program 315 of the server 300 receives and outputs the authentication error (580). Meanwhile, when the validity of the authentication information is authenticated, the transaction interlocking authentication system 200 provides the authentication result obtained by authenticating the validity of the authentication information to the wireless terminal 300 (585) A procedure for receiving the dynamically generated one-time code at the terminal 300 side may be performed (585).

FIG. 6 is a diagram illustrating a process in which a program 315 of a user's wireless terminal 300 dynamically generates a one-off code according to an embodiment of the present invention.

FIG. 6 shows a program 315 of the wireless terminal 300, which has received the transaction authentication information, transmits the inquired transaction information (or a part of the inquired transaction information) contained in the transaction authentication information as a seed, Those skilled in the art will be able to refer to and / or modify FIG. 6 to illustrate the various embodiments of the disposable code generation process It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention is not limited to the disclosed embodiments, .

Referring to FIG. 6, transaction authentication information is received from the transaction interlocking authentication system 200, and / or t information among the transaction authentication information is input, and / When the validity of the transaction information included in the authentication information is authenticated, the program 315 of the wireless terminal 300, which has received the transaction authentication information, generates a seed for generating the one- (600), and configures seed information including t information confirmed from the transaction authentication information (605). The program 315 of the wireless terminal 300 may transmit other transaction information included in the transaction authentication information in addition to the inquired transaction information (or a part of the inquired transaction information) through the wireless terminal 300 (E.g., device ID, UUID, IMEI, IMSI, telephone number, etc.) uniquely assigned / stored to the wireless terminal 300, a server side At least one of the seed values can be further confirmed by the seed information.

If the seed information including the inquired transaction information (or a part of the inquired transaction information) is constructed, the program 315 of the wireless terminal 300 substitutes the seed information configured as seed of the designated code generation algorithm The one-off code of the designated code system is dynamically generated (610).

When the disposable code is generated, the program 315 of the wireless terminal 300 outputs the generated disposable code to the terminal 100 of the user who processes the non-facing transaction (step 615a) And / or send the identified disposable code to the transactional authentication system 200 via a designated path (615b).

FIG. 7 is a diagram illustrating a process of dynamically generating a one-time use code through a secure medium 310 or a chip 405 of a wireless terminal 300 according to another embodiment of the present invention.

7 is a flowchart illustrating a method of transmitting transaction authentication information to the wireless terminal 300 through the security medium 310 mounted on the wireless terminal 300 or the chip 405 detached from the wireless terminal 300, The process of dynamically generating the disposable code by using the inquired transaction information (or a part of the inquired transaction information) as a seed, and if the person skilled in the art is familiar with the present invention, (E.g., omitting some steps or changing the order) of the disposable code generation process, it will be understood that the present invention includes all such contemplated embodiments, And the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 7, transaction authentication information is received from the transaction-based authentication system 200, and / or t information among the transaction authentication information is input, and / When the validity of the transaction information included in the authentication information is authenticated, the program 315 of the wireless terminal 300, which has received the transaction authentication information, generates a seed for generating the one- (700), and configures seed information to be provided to the secure medium 310 or the chip 405 including t information confirmed from the transaction authentication information (705). The program 315 of the wireless terminal 300 may transmit other transaction information included in the transaction authentication information in addition to the inquired transaction information (or a part of the inquired transaction information) through the wireless terminal 300 (E.g., device ID, UUID, IMEI, IMSI, telephone number, etc.) uniquely assigned / stored to the wireless terminal 300, a server side At least one of the seed values may be further identified as seed information to be provided to the secure medium 310 or the chip 405. [ Meanwhile, the seed information is not limited to the above-described example, and may include any value as long as it is a value that can be provided by the wireless terminal 300 to generate a disposable code in the secure medium 310 or the chip 405 .

If the seed information including the inquired transaction information (or a part of the inquired transaction information) is configured, the program 315 of the wireless terminal 300 is transmitted to the secure medium 310 or the chip 405, The secure medium 310 or the chip 405 receives the seed information from the wireless terminal 300 in step 715. The seed information is provided to the secure medium 310 or the chip 405 in step 710.

The secure medium 310 or the chip 405 dynamically generates the disposable code of the designated code system by substituting the received seed information into the seed of the designated code generation algorithm (720). The secure medium 310 or the chip 405 substitutes the received seed information and the seed value pre-stored in the secure medium 310 or the chip 405 into a seed of a designated code generation algorithm according to the method, The system's one-off code can be dynamically generated 720.

When the disposable code is generated, the secure medium 310 or the chip 405 provides the disposable code to the wireless terminal 300 (725). According to an embodiment of the present invention, the secure medium 310 or the chip 405 can decrypt the disposable code through the transaction-based authentication system 200 to provide it.

The program 315 of the wireless terminal 300 identifies the one-time use code dynamically generated in the secure medium 310 or the chip 405 (step 730), and outputs the determined disposable code on the screen (step 735a) (735b), and / or transmit the identified disposable code to the transactional authentication system 200 via a designated path.

FIG. 8 is a diagram illustrating a process of controlling authentication and non-face-to-face transactions of a disposable code according to an embodiment of the present invention.

FIG. 8 is a flow chart illustrating the process of the wireless terminal 300 of FIG. 6 based on the transaction authentication information provided to the user's wireless terminal 300 through the process illustrated in FIG. FIG. 8 is a flowchart illustrating a process of authenticating a one-time code generated in the process of FIG. 8 to control a non-face-to-face transaction procedure to be performed. Referring to FIG. 8, It will be appreciated that various implementations (e.g., some steps omitted or reordered) of the authentication and non-facing transaction control processes of the disposable code may be inferred, but the present invention encompasses all of the above- And the technical features thereof are not limited only by the method shown in FIG.

Referring to FIG. 8, the UE 100 of the user uses the displayed interface for non-face-to-face transactions, and then, among the N pieces of transaction information for the non-face-to-face transaction, (Nn) pieces of transaction information to be input to the transaction interlocking authentication system 200 (800), and transmits the input or selected transaction information to the transaction interlocking authentication system 200 (805). Meanwhile, when a disposable code is generated from the wireless terminal 300 through the process shown in FIG. 6 or FIG. 7 and output through the wireless terminal 300, the user terminal 100 includes the disposable code (Nn) pieces of transaction information are input or selected (800), and the input or selected transaction information is transmitted to the transaction interlocking authentication system 200 (805). The process of inputting or selecting and transmitting the (N-n) pieces of transaction information is sequentially performed according to a designated procedure until the non-face-to-face transaction is completed.

The transaction interlocking authentication system 200 receives (Nn) pieces of transaction information inputted or selected through the user's terminal 100 (810) and checks the disposable code included in the (Nn) pieces of transaction information 815). If the disposable code transmitted from the user terminal 100 is confirmed or the disposable code transmitted through the designated path in the program 315 of the wireless terminal 300 through the process shown in FIG. The transaction interlocking authentication system 200 transmits the transaction authentication information provided to the program 315 of the wireless terminal 300 (or a transaction inquired from the transaction information or ledger received from the user terminal 100) Information on the one-time use code) and various pieces of information previously registered for authenticating the one-time use code (step 820).

If the validity of the disposable code is not authenticated, the transaction interlocking authentication system 200 transmits (825) an authentication error for the disposable code to the user terminal 100, and the user terminal 100 And receives and outputs the authentication error (830).

Meanwhile, if the validity of the disposable code is authenticated, the transaction interlocking authentication system 200 controls to perform a non-face-to-face transaction procedure using the N transaction information based on the authentication result of the disposable code (835). If the procedure of the non-face-to-face transaction is completed or stopped, the transaction interlocking authentication system 200 transmits the non-face-to-face transaction result of the non-face-to-face transaction to the user terminal 100 (840) The user terminal 100 receives and outputs the non-facing transaction result (845).

100: user's terminal 105: transaction server
110: code server 115: control server
200: Transaction interlocking authentication system 205: Transaction information confirmation unit
210: inquiry information confirmation unit 215: information configuration unit
220: Information providing unit 225: Authentication information receiving unit
230: transaction information authentication unit 235: transaction information control unit
240: Disposable code verification unit 245: Disposable code authentication unit
250: transaction control unit 300: wireless terminal
310: Secure Media 315: Program
400: USIM 405: Chip

Claims (20)

10. A method executed by a server communicating with a wireless terminal of a user via a designated path,
A first step of checking n (1? N <N) pieces of transaction information inputted or selected by the user among N (N? 2) pieces of transaction information to be input from the user for non-face-to-face transactions;
A second step of checking m (m? 1) pieces of transaction information retrieved through the ledger system using the specified information of the n pieces of transaction information; And
And processing the transaction authentication information including at least one of the inquired m transaction information or a part thereof to be provided as a program included in the wireless terminal of the user,
A part of the inquired transaction information or the inquired transaction information is used as a seed of a disposable code dynamically generated through the wireless terminal of the user,
Wherein the one-time code is dynamically generated through at least one of a program provided to the wireless terminal, a secure medium mounted on the wireless terminal, and a chip detached from the wireless terminal. .
The method according to claim 1,
A bank account number, a deposit account number, and a deposit amount.
2. The system of claim 1,
And a depositing side ledger system.
The method according to claim 1,
And a deposit account name of the deposit account.
The information processing apparatus according to claim 1,
And m '(1? M'? M) pieces of information among the searched m transaction information.
The information processing apparatus according to claim 1,
And a part of at least one of the searched m pieces of transaction information.
The information processing apparatus according to claim 1,
And further comprising the n pieces of transaction information.
The information processing apparatus according to claim 1,
And n '(1? N? N) pieces of information among the n pieces of transaction information.
The information processing apparatus according to claim 1,
And further includes a part of at least one of the n pieces of transaction information.
The information processing apparatus according to claim 1,
And outputting the same through a wireless terminal of the user.
The information processing apparatus according to claim 1,
T (T &gt; = 1) pieces of information,
Wherein the information of t (1? T? T) pieces of information among the T pieces of information is outputted through a program of the wireless terminal and then received by a user.
12. The method of claim 11, wherein the input t information comprises:
Wherein the transaction is transmitted to the server through the program of the wireless terminal, and is compared and authenticated through transaction authentication information provided by the server to the program of the wireless terminal.
12. The method of claim 11, wherein the input t information comprises:
Wherein the one-time code is used as a seed of a one-time code dynamically generated through the wireless terminal.
The information processing apparatus according to claim 1,
T (T &gt; = 1) pieces of information,
And t (1? T? T) pieces of information to be used as a seed of the disposable code are designated.
The method as claimed in claim 11 or 14,
Some of the T information,
And partial information corresponding to a part of at least one piece of information among the T pieces of information.
The information processing apparatus according to claim 1, wherein the inquired transaction information or a part of the inquired transaction information includes:
Wherein the program is processed to be usable as a seed through a program of the wireless terminal according to a specified rule.
The method according to claim 1,
Receiving the transactionally-generated disposable code dynamically generated through the wireless terminal using a part of the inquired transaction information or the inquired transaction information as a seed; And
The method of claim 1, further comprising: performing an authentication procedure for the received one-time code.
18. The method of claim 1 or 17,
Received from the program of the wireless terminal, or
Wherein the transaction information is input and received through a user terminal that receives or selects the N pieces of transaction information.
18. The method of claim 1 or 17,
When the wireless terminal is generated through a security medium mounted on the wireless terminal or a chip detached from the wireless terminal,
And encrypted by the secure medium or the chip and provided from the program of the wireless terminal.
19. The method of claim 18,
When the validity of the one-time code dynamically generated through the wireless terminal is authenticated using a part of the inquired transaction information or the inquired transaction information as a seed, control is performed so that the procedure of the non-face transaction using the N transaction information is performed The method of claim 1, further comprising the steps of:

Images