KR20170134857A - Method for Providing Two Channel Certification by using a Separate Signal Device - Google Patents

Abstract

The present invention relates to a two-channel authenticating method using a separate signal device. The two-channel authenticating method using the separate signal device is performed through an authenticating device for performing an authentication process using a signal device having a bidirectional short-distance communications function with Wi-Fi communications, and an asynchronous wireless signal transmitting function. The two-channel authenticating method using the separate signal device receives first side authentication data including first side code data obtained through a first terminal by using one of the bidirectional short-distance communications between the signal device and the first terminal, or recognition of an asynchronous wireless signal through the first terminal; or mixing the bidirectional short-distance communications and the recognition of the asynchronous wireless signal from the first terminal designated for the bidirectional short-distance communications with the signal device in a short distance of the signal device. The two-channel authenticating method using the separate signal device receives second side authentication data including second side code data obtained by recognizing asynchronous wireless signals from the N (N >= 1) number of second terminals receiving the asynchronous wireless signal of the signal device. The two-channel authenticating method using the separate signal device authenticates the second terminal which is adjacent to the first terminal, or the first terminal, which is adjacent to the second terminal, based on an authentication result for comparing the first side code data of the first side authentication data with the second side code data of the second side authentication data received within a predetermined time range. The first side authentication data and the second side authentication data are received depending on temporary order; and are maintained during a designated valid time. According to the present invention, the two-channel authenticating method is advantageous in that the method blocks concerns on violation of privacy, and identifies and authenticates two terminals which can be accessed to the extent that users can face each other automatically without any complex operation of each terminal.

Description

[0001] The present invention relates to a two-channel authentication method using a separate signaling device,

The present invention automatically identifies a first terminal that performs bi-directional short distance communication with the signal device using a signal device having a bidirectional local communication function including Wi-Fi communication and an asynchronous radio signal transmission function, Identifies and authenticates a second terminal that recognizes the same radio signal as the asynchronous radio signal recognized by the first terminal among the N (N > = 1) second terminals capable of recognizing the signal.

A method of authenticating whether two physically separated terminals have approached each other as far as possible is largely classified into a method using a location, a method using a sensor built in each terminal, and a method using a communication function provided in each terminal.

However, the method of authenticating whether each of the two terminals has accessed each other as much as possible by using the location has a problem of having a privacy invasion and providing an unspecified object because it has to transmit its position to the other party.

Meanwhile, a method of authenticating whether each of the two terminals has accessed as much as possible by using a sensor built in each terminal includes a technique of analyzing a sensed value through a sensor provided in each terminal and identifying two terminals in contact with each other , Hucker (Hoccer) and Phrizbe (brisk action recognizing apps, etc.)) are basically based on location information, so there is a possibility of invasion of privacy, And it is inconvenient to use because it must be sensed.

A method of authenticating whether two terminals are approachable to each other by using a communication function provided in each terminal is as follows. For example, the NFC function provided in each terminal is activated, one terminal activates the reader function and the other terminal activates the tag function As a technology to contact by activation, it has a problem that it is inconvenient to use because it has to operate a communication function through a complicated procedure.

In order to solve the above problems, an object of the present invention is to provide a signaling device including a bidirectional local communication function including Wi-Fi communication and an asynchronous radio signal transmission function with bidirectional local communication with any one unique first terminal Wherein the asynchronous radio signal of the signaling device is recognized when the asynchronous radio signal is transmitted from the signaling device, and at the same time, the first unique terminal which performs bidirectional short-range communication with the signaling device is automatically identified, (N > = 1) second terminals that recognize the same radio signal as the asynchronous radio signal recognized by the first terminal, thereby authenticating and authenticating the second terminal by a separate signal device Provides a 2-channel authentication method using a separate signaling device that automatically identifies and authenticates two accessed terminals It is in the cage.

A two-channel authentication method using a separate signaling device according to the present invention is executed through an authentication device performing an authentication process using a signal device having a bidirectional local communication function including Wi-Fi communication and an asynchronous radio signal transmission function The method of any one of the preceding claims, further comprising the steps of: receiving a signal from the first terminal, the second terminal being in the vicinity of the signaling device, A first step of receiving first side authentication data including first side code data obtained through the first terminal by combining the first side code data and a second side code data including N (N > = 1) 2 receiving the second side authentication data including the second side code data obtained by recognizing the asynchronous radio signal from the second terminal And a second side code data of the first side authentication data received within a designated time range and a second side code data of the second side authentication data, And a third step of authenticating a terminal or authenticating a designated first terminal that has accessed the second terminal, wherein the first side authentication data and the second side authentication data are received in an arbitrary order, .

In the two-channel authentication method using a separate signaling device according to the present invention, the signaling device identifies any one of the unique first terminals and performs bi-directional short-range communication.

In the two-channel authentication method using a separate signaling device according to the present invention, the signaling device may be physically separated from the first terminal that performs bi-directional short-range communication, or includes at least a circuit configuration independent of the first terminal- .

In the two-channel authentication method using a separate signaling device according to the present invention, the bi-directional short-range communication includes bi-directional short-range wireless communication based on pairing between the signaling device and the first terminal.

In the two-channel authentication method using a separate signaling device according to the present invention, the bi-directional short-range communication includes bidirectional short-range wireless communication between the signaling device and a first terminal coupled to the signaling device .

In the two-channel authentication method using a separate signaling device according to the present invention, the bi-directional short-range communication includes bidirectional cable communication based on a cable communication between the signaling device and the first terminal.

In the two-channel authentication method using a separate signal device according to the present invention, the asynchronous radio signal includes a radio signal broadcasted from the signal device in a short distance.

In the two-channel authentication method using a separate signaling device according to the present invention, the asynchronous radio signal is received by the second terminal upon being received by the first terminal.

A two-channel authentication method using a separate signaling device according to the present invention, the method comprising the steps of: receiving a key value generated in the signaling device via a first terminal for bi-directional short-distance communication with the signaling device; (Or a key management server), wherein the first step includes the steps of: when the first side authentication data including the first side code data encrypted through the signal device is received, And decrypting the encrypted first side code data through the key value registered in the medium (or the key management server).

A two-channel authentication method using a separate signaling device according to the present invention, the method comprising the steps of: receiving a key value generated in the signaling device via a first terminal for bi-directional short-distance communication with the signaling device; (Or a key management server), and the second step further includes a step of, when receiving the second side authentication data including the second side code data encrypted through the signal device, And decrypting the encrypted second side code data through the key value registered in the medium (or the key management server).

In a two-channel authentication method using a separate signaling device according to the present invention, the signaling device generates a pair of a public key and a private key corresponding to a public key infrastructure, And a public key generated through the public key.

In the two-channel authentication method using a separate signaling device according to the present invention, the code data includes a unique code unique to the signaling device.

In the two-channel authentication method using a separate signaling device according to the present invention, the code data includes a unique code unique to the signaling device and a disposable authentication code dynamically generated in the signaling device.

In the two-channel authentication method using a separate signaling device according to the present invention, the code data includes a unique code set in the signaling device through the bidirectional local area communication at the first terminal.

In the two-channel authentication method using a separate signaling device according to the present invention, the code data includes a unique code peculiar to the signaling device, and a discrete code unique to the signaling device, And a code.

In a two-channel authentication method using a separate signaling device according to the present invention, the code data may include at least one of a unique code set in the signaling device through the bidirectional local area communication at the first terminal, And a disposable authentication code provided to the signaling device through communication.

In a two-channel authentication method using a separate signaling device according to the present invention, when the code data includes a dynamically generated disposable authentication code, the first step may include: a disposable authentication code Wherein the step of authenticating the validity of the disposable authentication code included in the second side code data further comprises the step of performing a procedure of authenticating the validity of the disposable authentication code included in the second side code data, The step (3) includes: if the validity of the disposable authentication code included in the first side code data is authenticated and the validity of the disposable authentication code included in the second side code data is authenticated, Side code data and the second-side code data.

In the two-channel authentication method using a separate signaling device according to the present invention, the first step may include generating a disposable authentication code included in the first side code data through a same code generation algorithm and a seed value And comparing the verification code with the one-time verification code included in the first side code data and performing a procedure for verifying the validity.

In the two-channel authentication method using a separate signaling device according to the present invention, the second step may include generating a disposable authentication code included in the second side code data through a same code generation algorithm and a seed value And comparing the verification code with the one-time verification code included in the second side code data and performing a procedure for verifying validity.

In the two-channel authentication method using a separate signaling device according to the present invention, the first side code data may include code data obtained by bidirectional short distance communication between the signaling device and the first terminal at the first terminal .

In the two-channel authentication method using a separate signaling device according to the present invention, the first side code data includes code data obtained by recognizing the asynchronous radio signal of the signaling device at the first terminal .

In the two-channel authentication method using a separate signaling device according to the present invention, the first side code data may be transmitted by using the code data obtained through bi- directional short distance communication between the signaling device and the first terminal at the first terminal And code data obtained by verifying the code data obtained through the asynchronous radio signal of the signaling device.

In the two-channel authentication method using a separate signaling device according to the present invention, the first side authentication data includes first side code data obtained through the first terminal and first side code data unique to the first terminal, Data is included.

In the two-channel authentication method using a separate signal device according to the present invention, the first side authentication data is automatically discarded or deactivated when a specified effective time elapses.

In the two-channel authentication method using a separate signaling device according to the present invention, the second side authentication data may include second side code data obtained through the second terminal and a second side unique code unique to the second terminal, Data is included.

In the two-channel authentication method using a separate signaling device according to the present invention, the second side authentication data is automatically discarded or deactivated when a specified effective time elapses.

In the two-channel authentication method using a separate signaling device according to the present invention, the second side authentication data includes a first side authentication data when the second terminal receives the asynchronous radio signal of the signaling device and recognizes the second side code data The second terminal is repeatedly received.

In the two-channel authentication method using a separate signaling device according to the present invention, the second side authentication data is generated by receiving the asynchronous radio signal of the signaling device at the second terminal and recognizing the second side code data And if the changed value of the recognized second side code data exists, it is repeatedly or additionally received from the second terminal.

In the two-channel authentication method using a separate signaling device according to the present invention, the second side authentication data may include a second side authentication data, when the reception strength of the asynchronous radio signal of the signaling device at the second terminal is equal to or greater than a predetermined reference strength, And is received from the second terminal.

In the two-channel authentication method using a separate signaling device according to the present invention, the signaling device amplifies the signal strength of the asynchronous radio signal to a specified amplification amount or more and transmits the amplified signal strength.

In the two-channel authentication method using a separate signaling device according to the present invention, the signaling device reduces the signal strength of the asynchronous radio signal to a specified amount or less from a specified signal strength and transmits the reduced signal strength.

In a two-channel authentication method using a separate signaling device according to the present invention, it is possible to use a two-channel authentication method based on a result of authenticating a second terminal accessing the first terminal or authenticating a designated first terminal accessing the second terminal Side mobile station, the method comprising the steps of: confirming whether the valid time has not elapsed before completion of the service, reading the second side code data of the second side authentication data received from the second terminal, 2 < / RTI > terminal to maintain the access state and to process the service so that the service is completed.

According to the present invention, it is possible to automatically identify and authenticate two terminals that are approachable to each other using a separate signal device having a bidirectional local communication function and an asynchronous radio signal transmission function, thereby preventing privacy invasion, There is an advantage of automatically identifying and authenticating two terminals that have approached to the extent that they can automatically face without complicated operations.

According to the present invention, there is an advantage of controlling the signal strength of an asynchronous radio signal transmitted from a separate signaling device and freely controlling a distance for authenticating that two terminals can face each other according to a situation.

1 is a conceptual diagram of a configuration for automatically identifying and authenticating a first terminal 300 and a second terminal 400 using a signaling device 200 according to an embodiment of the present invention.
2 is a functional block diagram of a signaling device 200 according to an embodiment of the present invention.
3 is a functional block diagram of the first terminal 300 according to an embodiment of the present invention.
4 is a diagram showing a functional configuration of a second terminal 400 according to an embodiment of the present invention.
5 is a diagram showing a functional configuration of an authentication apparatus 500 according to an embodiment of the present invention.
6 is a diagram illustrating an initial setting process of the signaling device 200 according to an embodiment of the present invention.
7 is a diagram illustrating a process of registering the first terminal 300 and the signaling device 200 in the authentication device 500 according to an embodiment of the present invention.
8 is a diagram illustrating a process of registering a second terminal 400 in an authentication apparatus 500 according to an embodiment of the present invention.
9 is a diagram illustrating a process of acquiring code data of an asynchronous radio signal transmitted from the signaling device 200 at the first terminal 300 according to an embodiment of the present invention.
10 is a diagram illustrating a process of transmitting first side authentication data including code data acquired by the first terminal 300 to the authentication device 500 and authenticating according to an embodiment of the present invention.
11 is a diagram illustrating a process of acquiring code data of an asynchronous radio signal transmitted from the signaling device 200 at the second terminal 400 according to an embodiment of the present invention.
12 is a diagram illustrating a process of transmitting second side authentication data including code data acquired by a second terminal 400 to an authentication apparatus 500 and authenticating according to an embodiment of the present invention.
13 is a diagram illustrating a process of authenticating the first terminal 300 and the second terminal 400 using the signaling device 200 according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In other words, the following embodiments correspond to the preferred embodiment of the preferred embodiment of the present invention. In the following embodiments, a specific configuration (or step) is omitted, or a specific configuration (or step) (Or steps), or an embodiment that incorporates functions implemented in more than one configuration (or step) into any one configuration (or step), a particular configuration (or step) It will be apparent that the present invention is not limited to the embodiments described below. In the following embodiments, a specific configuration unit implemented on the server side is implemented on the terminal side and reference is made on the server side, or conversely, in the following embodiments, a specific configuration unit implemented on the terminal side is implemented on the server side, And all of the embodiments utilizing the same are also included in the scope of the present invention. Therefore, it should be clearly stated that various embodiments corresponding to subsets or combinations based on the following embodiments can be subdivided based on the filing date of the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a conceptual diagram of a configuration for automatically identifying and authenticating a first terminal 300 and a second terminal 400 using a signaling device 200 according to an embodiment of the present invention.

In more detail, FIG. 1 illustrates a method for automatically identifying a first terminal 300 that performs bi-directional short distance communication with the signaling device 200 using a signal device 200 having a bidirectional local communication function and an asynchronous radio signal transmission function. And recognizes the same radio signal as the asynchronous radio signal recognized by the first terminal 300 among N (N? 1) second terminals 400 capable of recognizing the asynchronous radio signal of the signaling apparatus 200 2 terminal 400 is identified and authenticated. As a person skilled in the art to which the present invention pertains, reference is made to and / or modified with reference to FIG. 1, It should be appreciated that various implementations (e.g., some of the components may be omitted, or fragmented, or combined) to automatically identify and authenticate the terminal 300 and the second terminal 400 may be inferred, All practices And the technical features thereof are not limited only by the method shown in FIG.

The system of the present invention includes a signal device 200 having a bidirectional local communication function and an asynchronous radio signal transmission function, a signal device 200 capable of recognizing an asynchronous radio signal of the signal device 200, (N > = 1) second terminals capable of recognizing the asynchronous radio signal of the signaling device (200) in a bidirectional short distance communication with the signaling device (200) (300) capable of communicating with the first terminal (300) to the second terminal (400) and performing bi-directional short distance communication with the signaling device (200) The second terminal 400 recognizing the same radio signal as the asynchronous radio signal recognized by the first terminal 300 among the N second terminals 400 capable of recognizing the asynchronous radio signal of the second terminal 400 Device 500 as shown in FIG. Hereinafter, the configuration related to the first terminal 300 and the configuration related to the first terminal 300 will be described with reference to the configuration related to the first terminal 300 and the configuration related to the second terminal 400, , And the technical features of the present invention will be described by naming the prefix "second side" with respect to the configuration related to the second terminal 400.

The signaling device 200 is a collective term of a bidirectional local communication function for performing bidirectional data communication in a short distance and an asynchronous radio signal transmitting function for broadcasting a radio signal in a short distance, 300 for two-way LAN communication. For example, it is preferable that the signaling device 200 is set to perform bi-directional short-distance communication with any one of the first terminals 300 even if there are a plurality of devices capable of bidirectional short-range communication with the first terminal 300. In the present invention, the signaling device 200 and the first terminal 300 form one pair of bidirectional near-field communication.

According to an embodiment of the present invention, the signaling device 200 may include a cigar jack device type inserted into a cigar jack insertion port of a vehicle, an interlock device type (e.g., ODB interlocking with OBD (On-Board Diagnostics) A wristwatch type, a portable article type, a first terminal 300, and a bidirectional short distance communication terminal 300. The first terminal 300 is connected to the first terminal 300 through a communication line, And a device type that is made to communicate. That is, it is evident that the signaling device 200 of the present invention is not limited by the form or type being implemented.

The signaling device 200 may be physically separated from the first terminal 300 in bi-directional short distance communication or may be implemented in the housing of the first terminal 300 even if the signaling device 200 is implemented in the housing of the first terminal 300. [ It is preferable to include a circuit configuration independent of the circuit configuration on the host 300 side. Hereinafter, the features of the present invention will be described focusing on an embodiment in which the signal device 200 and the first terminal 300 are physically separated.

According to the first bi-directional short-range communication of the present invention, the bi-directional short-range communication is a bidirectional short-range wireless communication in which bidirectional wireless communication is performed in short distance based on pairing between the signaling device 200 and the first terminal 300 . For example, the bi-directional local area communication may include pairing based Wi-Fi communication. Meanwhile, according to an embodiment of the present invention, the signaling device 200 may transmit a radio frequency signal strength for the bidirectional short-range wireless communication to control the distance for processing the pairing-based bidirectional short-range wireless communication with the first terminal 300 It may be reduced below a specified reduction in the specified signal strength (e.g., signal strength in the specification) or vice versa. For example, if the radio frequency reachable range of the specified signal strength of the pairing-based bidirectional local area wireless communication is 30 m to 100 m, the signaling device 200 may determine that the radio frequency reachable range is within the range of 1 m to 2 m, The radio frequency signal strength for wireless communication can be reduced. This signal strength control may be set in the signaling device 200 with a pre-computed design signal strength or may be controlled via the first terminal 300 based on bidirectional local communication with the first terminal 300 Can be set by data.

According to a second bi-directional short-range communication embodiment of the present invention, the bi-directional short-range communication may include bi-directional short-range wireless communication with the first terminal 300 coupled to the signaling device 200. For example, information for forming a mapping relationship between the signaling device 200 and the first terminal 300 is registered in a designated server (for example, the authentication device 500) Directional short distance communication between the terminal 300 and the first terminal 300 through the server. Or the signaling device 200 when the bidirectional short distance communication between the signaling device 200 and the first terminal 300 is established after storing information for identifying and authenticating the first terminal 300 to the signaling device 200, The first terminal 300 may be identified and authenticated to connect the bi-directional local area communication. The first terminal 300 may store information for identifying and authenticating the signaling device 200 and may be connected to the first terminal 300 when the signaling device 200 and the first terminal 300 are connected in a two- The user can identify and authenticate the signaling device 200 to connect the bidirectional local area communication. Or the first terminal 300 and the signaling device 200 after storing the information for identifying and authenticating the other party in the bidirectional short distance communication between the signaling device 200 and the first terminal 300, It is possible to identify and authenticate the signaling device 200 in the signaling device 300 and identify and authenticate the first terminal device 300 in the signaling device 200 to connect the bi-directional local area communication. Meanwhile, the radio frequency signal strength of the signaling device 200 may be controlled for coupling between the signaling device 200 and the first terminal 300.

According to the third bidirectional local area communication method of the present invention, the bidirectional local area communication may include a bidirectional cable communication based on a cable communication between the signaling device 200 and the first terminal 300. For example, the signaling device 200 and the first terminal 300 can perform a bidirectional cable communication based on a cable communication by connecting a USB cable.

According to a fourth bidirectional local area communication embodiment of the present invention, the bidirectional local area communication may include at least a combination of at least two of the first to third bidirectional local area communication embodiments, The present invention is not limited thereto. According to an embodiment of the present invention, bidirectional short-range communication corresponding to at least one of the first to fourth bidirectional short-range communication embodiments includes end-to-end encryption decryption based security between the signaling device 200 and the first terminal 300 Communication between the signaling device 200 and the authentication device 500 using the first terminal 300 as a communication node according to an embodiment of the present invention.

The signaling device 200 further includes an asynchronous radio signal transmitting function for broadcasting a radio signal of a specified standard at a short distance in addition to bidirectional short-range communication with the first terminal 300. The asynchronous radio signal includes a radio signal broadcasted from the signal device 200 in a short distance.

The asynchronous radio signal according to the embodiment of the present invention can be transmitted to a transmitting side that transmits a radio signal of a specified standard and a receiving side that receives the radio signal in advance without pairing or identifying / (= Broadcast) a radio signal including information of a designated data structure to be transmitted, receives the asynchronous radio signal transmitted from the unspecified receiver, and transmits the asynchronous radio signal to the non- At least one designated receiver capable of reading the data structure can recognize and use the information of the designated data structure included in the asynchronous radio signal. That is, the transmitting side transmits information (= broadcasting) including the information of the data structure specified in the asynchronous radio signal of the specified standard that can be received at the unspecified receiving side without specifying or identifying the receiving side in advance, and transmits the asynchronous radio signal The information included in the asynchronous radio signal can be recognized and used only by at least one designated receiving side that can read the information included in the asynchronous radio signal from the receiving side. The asynchronous radio signal according to an exemplary embodiment of the present invention may include an asynchronous radio signal based on a WiFi standard. However, the asynchronous wakeup signal of the present invention is not limited to the asynchronous wireless signal based on the Wi-Fi standard, and it is obvious that it can include asynchronous wireless signals of various standards (for example, Bluetooth 4.0 standard) according to the intention of the person skilled in the art I will. For example, if it is a broadcast signal which can be simultaneously received by the first terminal 300 to the N second terminals 400 and recognized simultaneously, it is obvious that the present invention corresponds to the asynchronous radio signal of the present invention.

According to the embodiment of the present invention, the signaling device 200 controls the signal strength of the asynchronous radio signal to be amplified to a specified amplification amount or more by a specified signal strength (for example, the signal strength of a specific mode defined in the specification) . For example, when the signal device 200 is implemented in the form of a cigar jack device or an inter-vehicle device, the asynchronous radio signal transmitted from the signal device 200 may be transmitted from a metal material of the vehicle body constituting the vehicle, It is difficult to reach a specified distance outside the vehicle by a film material or the like attached to the vehicle. In this case, the signaling device 200 can control to reach a specified distance outside the vehicle (for example, 30 meters outside the vehicle) by amplifying the signal strength of the asynchronous radio signal. When the signal strength of the asynchronous radio signal is amplified, the signal device 200 may amplify the signal strength of the asynchronous radio signal using an external power source (e.g., vehicle power source). If the signal strength of the asynchronous radio signal is amplified by using a charging power source such as a battery, the signaling device 200 may perform the input operation to the signaling device 200 or the first terminal 300 The signal strength of the asynchronous radio signal can be amplified for a predetermined time according to the input operation.

Alternatively, the signaling device 200 may control the signal strength of the asynchronous radio signal to be reduced to a specified amount or less from the designated signal strength and transmitted. For example, the first terminal 300 may be implemented by a user of the first terminal 300 carrying the signaling device 200 (for example, a card type, a wristwatch type, a portable type, etc.) When the distance between the couple of the signaling devices 200 and the second terminal 400 is within 1m to 2m and the authentication of the present invention is to be performed, the signaling device 200 determines that the signal strength of the asynchronous radio signal is 1m (Up to 2 m).

The signaling device 200 can transmit the designated code data via the asynchronous radio signal in a short distance. The code data includes a unique code having a unique value, and a disposable authentication code generated by substituting one or more seeds including a seed value specified in a code generation algorithm (for example, a hash algorithm or the like) .

According to the first code data embodiment of the present invention, the code data may include a unique code (e.g., an ID set in the signaling device 200) that is unique to the signaling device 200.

According to the second code data embodiment of the present invention, the code data may include a unique code unique to the signaling device 200 and a disposable authentication code dynamically generated in the signaling device 200. To this end, the signaling device 200 stores a code generation algorithm for dynamically generating the disposable authentication code in addition to the unique code, and at least one seed value to be applied to the code generation algorithm may be stored according to the method. On the other hand, according to the method, at least one seed value can be provided from the first terminal 300 through the bi-directional local area communication. The signaling device 200 may apply one or more fixed seed values and at least one dynamic seed value (e.g., time or challenge) to the code generation algorithm to dynamically generate the disposable authentication code.

According to the third code data embodiment of the present invention, the code data may include a unique code set in the signaling device 200 through bidirectional local area communication at the designated first terminal 300. In this case, the code data may include the unique code set by the first terminal 300 instead of the unique code unique to the signaling device 200 according to the first code data embodiment, And the unique code set by the first terminal 300 can be included in the code data at the same time.

According to the fourth code data embodiment of the present invention, the code data is transmitted to the signaling device 200 through a bi-directional short distance communication at a designated first terminal 300 with a unique code unique to the signaling device 200 And may include a disposable authentication code. In this case, the one-time authentication code provided from the first terminal 300 to the signaling device 200 may include a disposable authentication code generated dynamically by the first terminal 300, an authentication device 500 or a discrete authentication code dynamically generated via a dedicated server (or a separate designated server).

According to the fifth code data embodiment of the present invention, the code data may include a unique code set in the signaling device 200 through bidirectional local area communication at the designated first terminal 300, And may include a disposable authentication code provided to the signaling device 200 via bidirectional local area communication.

According to the sixth code data embodiment of the present invention, the code data may be at least partially combined with at least two of the first to fifth code data embodiments, and thus the present invention is not limited thereto . According to an embodiment of the present invention, code data corresponding to at least one of the first to sixth code data embodiments (e.g., at least one of a unique code and a disposable authentication code) May be decrypted only through the device 500, the first terminal 300, the second terminal 400 specified among the N second terminals 400, and then transmitted through the asynchronous radio signal.

According to an embodiment of the present invention, the signaling device 200 may generate a key value for encryption of the code data and exchange the key value with a designated target, and the key value may be transmitted to the bidirectional local area communication Can be used for encryption and decryption.

According to an embodiment of the present invention, the signaling device 200 generates one or more key values according to a designated key generation algorithm, and transmits at least one key value of the generated key values to the first terminal 300 through bidirectional short- The first terminal 300 may store the key value in a designated storage area of the first terminal 300 and use it as a decryption key for the data encrypted in the signaling device 200, To the device 500 (or the key management server) so as to be used as a decryption key for the data encrypted in the signaling device 200. For example, the signaling device 200 may generate a key pair of a private key and a public key according to a key generation algorithm of a public key infrastructure (e.g., an Elliptic Curve Cryptosystem (ECC) algorithm or an RSA algorithm) The first terminal 300 may store the public key in a designated storage area of the first terminal 300 and transmit the public key to the first terminal 300 through the two- (Or a key management server) to be used as a decryption key for the data encrypted in the signaling device 200 or to be used as a decryption key for the data encrypted in the signaling device 200 have. According to an embodiment of the present invention, when generating the key pair of the public key infrastructure in the signaling device 200, it is preferable to generate the key pair based on the ECC algorithm capable of being encrypted through the low-speed processor. Meanwhile, the signaling device 200 can generate a key value of a symmetric key scheme according to an embodiment, and thus the present invention is not limited thereto. The present invention generates a key value to be used for encryption / decryption in the signaling device 200, so that at least a key value used for encryption of the signaling device 200 is not exposed.

The first terminal 300 is a collective name of a terminal that is capable of receiving an asynchronous radio signal of the signaling device 200 and performs bidirectional short-distance communication with the signaling device 200. Preferably, Directional short distance communication with the signaling device 200 according to at least one embodiment of the communication embodiment. The first terminal 300 may include a wireless terminal (e.g., a mobile phone, a smart phone, a tablet PC, etc.) owned or portable by a user who owns the signaling device 200, The first terminal 300 and the signal device 200 may move together to access the second terminal 400. [ The first terminal 300 is not limited to a wireless terminal but may be a wired terminal (such as a personal computer) that owns the signaling device 200 or an offline terminal (E.g., CAT, POS, computer, smart phone, tablet PC, etc.) of the merchant. In this case, the second terminal 400 may move to access the first terminal 300 . That is, the present invention is not limited by the type of terminal.

According to an embodiment of the present invention, the first terminal 300 performs bidirectional short-range communication with the signaling device 200 and transmits an application-type program 325 for communicating with the specified authentication device 500 via a designated communication path And the program 325 can recognize the asynchronous radio signal of the signaling device 200 according to the method of operation. In the present invention, the description of the first terminal 300 as a main body is implemented through the program 325 installed and operated in the first terminal 300 without any other instruction.

The first terminal 300 may combine either or both of bi-directional short-range communication with the signaling device 200 and asynchronous radio signal recognition transmitted from the signaling device 200, Side code data corresponding to the code data to be transmitted through the signal.

According to the first code data acquiring embodiment of the present invention, the first terminal 300 transmits code data to be transmitted through the asynchronous radio signal in the signaling device 200 through bidirectional short-range communication with the signaling device 200 The first side code data corresponding to the code data to be transmitted through the asynchronous radio signal in the signaling device 200 can be obtained.

According to the second code data acquisition embodiment of the present invention, the first terminal 300 receives the asynchronous radio signal transmitted from the signaling device 200. The first side code data corresponding to the code data to be transmitted through the asynchronous radio signal in the signaling device 200 can be obtained by reading the received asynchronous radio signal and checking the code data included in the asynchronous radio signal have.

According to the third code data acquisition embodiment of the present invention, the first terminal 300 transmits code data (hereinafter referred to as " code data ") transmitted from the signaling device 200 via the asynchronous radio signal through bidirectional short- (Or at least a part of code data of the code data), receives and reads the asynchronous radio signal transmitted from the signaling device 200, recognizes the code data included in the asynchronous radio signal, And comparing the received code data (or at least a part of the code data of the code data) with the code data recognized through the asynchronous radio signal to determine whether or not the code data matches the code data, Side code data.

According to the fourth code data acquisition embodiment of the present invention, the first terminal 300 transmits code data (hereinafter referred to as " code data ") to be transmitted from the signaling device 200 via the asynchronous radio signal through bidirectional short- Receives the asynchronous radio signal transmitted from the signaling device (200), recognizes the code data included in the asynchronous radio signal, and transmits the verification value received via the bidirectional local communication To obtain the verified code data as the first side code data if the code data is verified by verifying the code data recognized via the asynchronous radio signal through the asynchronous radio signal.

According to the fifth code data acquisition embodiment of the present invention, the first terminal 300 acquires the first side code data by at least partially combining at least two of the first through fourth code data acquisition embodiments The present invention is not limited thereto.

The first terminal 300 transmits the first side authentication data including the first side code data obtained according to the first to fifth embodiments to the specified authentication apparatus 500. [ According to an embodiment of the present invention, the first MS 300 transmits first side authentication data including the obtained first side code data and first side unique data set unique to the first MS 300, To the authentication device 500. Preferably, the first side unique data is used as an identification means for identifying an authentication object, and the first side code data is used as an authentication means for authenticating the identification means. The authentication device 500 maintains the received first side authentication data for a specified effective time (e.g., 5 seconds, 10 seconds, etc.), and automatically updates the first side authentication data when the valid time elapses Discarded or deactivated. The authentication according to the present invention can be effectively handled during the valid time period in which the first side authentication data is held in the authentication device 500. [ Meanwhile, according to an embodiment of the present invention, the first terminal 300 periodically repeatedly acquires the first side code data and repeatedly transmits the first side code data to the authentication device 500, or repeatedly transmits at least a part of the code data (For example, a disposable authentication code or the like) is changed, and transmits the changed first-side code data to the authentication device 500. [

The second terminal 400 is a general term of a terminal capable of receiving an asynchronous radio signal of the signaling device 200 and does not perform bi-directional short-distance communication with the signaling device 200. The second terminal 400 may include a wireless terminal (e.g., a cellular phone, a smart phone, a tablet PC, etc.) owned or portable by a user who owns the signaling device 200, 2 terminal 400 may move and access a couple of the signaling device 200 and the first terminal 300. The second terminal 400 is not limited to a wireless terminal but may be a wired terminal (for example, a personal computer or the like) that owns the signaling device 200 or an offline And may include a merchant terminal (for example, a CAT, a POS, a computer, a smart phone, a tablet PC, etc.) of the merchant. In this case, a couple of the signal device 200 and the first terminal 300 may move, Lt; RTI ID = 0.0 > 400 < / RTI > That is, the present invention is not limited by the type of terminal.

According to an embodiment of the present invention, the second terminal 400 receives and recognizes the asynchronous radio signal of the signaling device 200 and transmits an application-type program for communicating with the specified authentication device 500 via a designated communication path (425). The description of the second terminal 400 as a main body is implemented through the program 425 installed and operated in the second terminal 400 without any other instruction.

The signal device 200 and the first terminal 300 are moved and the second terminal 400 is accessed and / or the second terminal 400 is moved to move the signal device 200 and the first When the second terminal 400 is able to receive an asynchronous radio signal transmitted from the signaling device 200 by accessing a couple of the terminal 300, And acquires second side code data corresponding to code data to be transmitted through the asynchronous radio signal.

The second terminal 400 transmits the second side authentication data including the obtained second side code data to the specified authentication apparatus 500. According to an embodiment of the present invention, the second terminal 400 includes the second side authentication data including the obtained second side code data and including the second side unique data set unique to the second terminal 400, To the authentication device 500. Preferably, the second side unique data is used as an identification means for identifying an authentication object, and the second side code data is used as an authentication means for authenticating the identification means. The authentication device 500 maintains the received second side authentication data for a specified effective time (e.g., 5 seconds, 10 seconds, etc.), and automatically transmits the second side authentication data when the valid time elapses Discarded or deactivated. The authentication according to the present invention can be effectively handled during the valid time period in which the second side authentication data is held in the authentication device 500. [ Meanwhile, the second terminal 400 periodically repeats the acquisition of the second side code data and repeatedly transmits the second side code data to the authentication device 500 according to an embodiment of the present invention, or repeatedly transmits at least a part of the code data (E.g., a one-time authentication code) is changed, and transmits the changed second-side code data to the authentication device 500. [

The authentication device 500 is capable of communicating with the first terminal 300 to the second terminal 400 and includes first side authentication data including first side code data acquired by the first terminal 300 And receives the second side authentication data including the second side code data acquired by the second terminal (400). The first side authentication data and the second side authentication data are arbitrarily received irrespective of the order, and the authentication device 500 maintains the received first side authentication data and the second side authentication data respectively for the specified valid time .

According to the method of the present invention, when the code data (or at least a part of the code data) is encrypted through the signaling device 200, the authentication device 500 transmits the encrypted code data At least a portion of the data).

If the code data includes the dynamically generated disposable authentication code, the authentication device 500 authenticates the validity of the disposable authentication code included in the first side code data received from the first terminal 300 And / or to authenticate the validity of the disposable authentication code included in the second side code data received from the second terminal 400. [0064] The authentication procedure of the disposable authentication code may be performed by the authentication device 500 or may be performed through a separate code authentication server (not shown). According to the method of the present invention, when the code data includes the generated one-time authentication code, when the validity of the disposable authentication code included in each code data is authenticated, The first side code data of the first side authentication data received from the second terminal 300 and the second side code data of the second side authentication data received from the second terminal 400 are compared and authenticated.

The authentication apparatus 500 is configured to receive the first side authentication data received from the first terminal 300 and the second side authentication data received from the second terminal 400, 1-side code data and the second side code data of the second side authentication data. For example, when the first side authentication data is received from the first terminal 300, the authentication device 500 determines that the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Side authentication data is received from the second terminal 400, the authentication device 500 determines whether or not the second-side authentication data has been received within the valid period of holding the second- The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

Meanwhile, the first terminal 300 is limited to a terminal that performs bi-directional short distance communication with the signaling device 200, but the second terminal 400 may be plural. The present invention controls the signal strength of the asynchronous radio signal transmitted through the signaling device 200 to specify one of the plurality of the second terminals 400, The second terminal 400 closest to the couple of the first terminal 300 may be specified. Alternatively, when the second terminal 400 transmits the second side authentication data, the second side authentication data may include information capable of discriminating the signal strength of the asynchronous radio signal from the second side authentication data, The signal intensity of the asynchronous radio signal may be read and a second terminal 400 transmitting the second side authentication data including the largest signal strength may be specified. Alternatively, after the asynchronous radio signal of the signaling device 200 is received, the second terminal 400, which is to be included in the authentication target among the second terminal 400, performs the specified input operation, By including information corresponding to the operation, one second terminal 400 that has undergone the specified input operation in the authentication apparatus 500 can be specified.

According to an embodiment of the present invention, the authentication apparatus 500 may further include first side code data of the first side authentication data received from the first terminal 300 which performs bidirectional short distance communication with the signal device 200, The first side code data and the second side code data can be compared with the second side code data of the second side authentication data received from the second terminal 400, The second terminal 400 that has accessed the terminal 300 can be authenticated or the designated first terminal 300 that has accessed the second terminal 400 can be authenticated. The authentication apparatus 500 may transmit information obtained by authenticating the access of the first terminal 300 and the second terminal 400 to the first terminal 300 and the second terminal 400, respectively.

2 is a functional block diagram of a signaling device 200 according to an embodiment of the present invention.

2 shows a configuration of a signal device 200 including a bidirectional local communication function and an asynchronous radio signal transmission function. If the person skilled in the art is familiar with the present invention, 2 may be referenced and / or modified to infer various implementations of the configuration of the signaling device 200 (e.g., some configuration portions may be omitted, or subdivided, or aggregated) And the technical features thereof are not limited only by the method shown in FIG.

The signaling device 200 of the present invention includes a bidirectional local communication function and an asynchronous radio signal transmission function, and can be manufactured by incorporating a chip module 230 therein. However, the signal device 200 is not limited to the chip module 230. Hereinafter, the features of the present invention will be described with reference to an embodiment in which a functional structure implemented in the signaling device 200 is implemented through the chip module 230 for authentication of the present invention.

According to the embodiment of the present invention, the signal device 200 includes a terminal for receiving external power in addition to the chip module 230, a power supply unit 205 for receiving external power through the terminal, A power conversion unit 210 for converting external power to a designated power source, a power charging unit 215 for charging the external power source, an operation unit 225 for input operation of the chip module 230, And a connector unit 220 for cable communication. For example, when the signal device 200 is manufactured in the form of a cigar jack device, when the cigar jack device is inserted into the cigar jack insertion port of the vehicle, the power supply part 205 uses the terminal to power the vehicle power The power converter 210 converts the vehicle power into a USB power (e.g., DC 5V) and / or an operating power of the chip module 230, and the power charging unit 215 may charge the power supplied through the power supply unit 205 and / or the power converted through the power conversion unit 210. In this case, the chip module 230 of the signaling device 200 operates through the external power supplied through the power supply unit 205 according to the supply of the external power, or alternatively operates the charging power supplied to the power charging unit 215 Lt; / RTI > Meanwhile, when the chip module 230 operates in response to an external power supply, the chip module 230 can amplify the asynchronous radio signal using an external power source (for example, amplify it to a maximum signal strength) and transmit it. For example, when the signal device 200 is manufactured in the form of a cigar jack device and is provided in the vehicle, the chip module 230 may be connected to the asynchronous wireless device 200 using external power supplied from the vehicle through the cigarette- The signal can be amplified to a specified signal intensity and transmitted, thereby overcoming signal interference caused by the metallic material of the vehicle body or the glass material of the window (in particular, the glass material provided with the ultraviolet protection film) It is possible to reach the specified external distance.

The chip module 230 of the signaling device 200 may be connected to the first terminal 300 and the cable communication base 300 through the connector unit 220. In the case where the signal unit 200 is provided with the connector unit 220, Way cable communication with the mobile terminal.

The operation unit 225 of the signal device 200 processes an input operation for controlling the operation of the chip module 230. For example, the operation unit 225 may process an input operation for 'on' to transmit the asynchronous radio signal for a predetermined period of time. In this case, the chip module 230 of the signal device 200 transmits a signal And automatically stop transmitting the asynchronous radio signal after transmitting the asynchronous radio signal. According to the embodiment of the present invention, the operation unit 225 can selectively operate (or toggle) the operation of 'On' or 'Off' of the various operations of the chip module 230. For example, when the operation unit 225 has processed an input operation for 'transmitting' an asynchronous radio signal, it processes an input operation for 'off' the transmission of the asynchronous radio signal by the next operation (or toggle) The chip module 230 may transmit the asynchronous radio signal. Alternatively, the operation unit 225 can input a predetermined input value. For example, the operation unit 225 can input various information necessary for setting the chip module 230. Alternatively, the operation unit 225 can set various dynamics of the chip module 230 through an input operation of a predetermined operation pattern. For example, the operation unit 225 may display various patterns such as a time input pattern input at a predetermined time interval or more, a simultaneous operation pattern for simultaneously operating two or more switches / buttons, and a time difference operation pattern operated at a predetermined time difference So that various operations of the chip module 230 can be set.

2, the chip module 230 includes a control unit 245 for controlling the operation of the chip module 230, a data set (or [program] code) necessary for the operation of the chip module 230, A radio frequency (RF) processor 240 for performing bidirectional short-range wireless communication and RF processing for transmitting asynchronous radio signals, and an antenna unit for transmitting and receiving a radio frequency signal corresponding to the RF processing. And a cable processing unit (not shown) that is electrically connected to the connector unit 220 according to an embodiment of the present invention to process bi-directional cable communication.

The chip module 230 may include at least one SMD (Surface Mount Device) for bidirectional local communication and asynchronous radio signal transmission to a PCB (Printed Circuit Board), and the controller 245 ), The memory unit 235, and the RF processor 240 may be implemented in the form of an integrated chip, an individual device mounted on a PCB, or a combination of an integrated chip and each device. It should be apparent that the invention is not limited by the manner in which the chip module 230 is implemented within the signaling device 200.

The control unit 245 is a general term for controlling the operation of the chip module 230. The control unit 245 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 245 loads at least one [program] code included in the chip module 230 into the execution memory through the processor, and outputs the result to at least one To control the operation of the chip module 230. Hereinafter, a [program] configuration implemented in the chip module 230 in the form of [program] code will be described in the control unit 245 for convenience.

The memory unit 235 is a general term of the nonvolatile memory included in the chip module 230 and includes at least one program code executed through the control unit 245 and at least one program code And stores the data set. The memory unit 235 basically stores a system [program] code and a system data set corresponding to the operating system of the chip module 230, and at least one application [program] code and an application data set. The [program] code and data set corresponding to [program] are also stored in the memory unit 235.

According to the method of the present invention, the memory unit 235 may be provided at the time of making the signal device 200 (or the chip module 230) (or at the time of the initial operation or before storing the unique code in the memory unit 235) And stores the unique code for the signaling device 200 (or the chip module 230) in a designated storage area.

The RF processor 240 is a collective term for RF processing (e.g., radio frequency signal modulation and the like) for broadcasting an asynchronous radio signal and / or RF processing for bidirectional short-range wireless communication through an antenna unit, And performs RF processing for communication-based bidirectional short-range wireless communication and asynchronous wireless signal transmission. Here, the transmission of the asynchronous radio signal includes a radio signal transmitted without identifying or pairing the receiving side that receives the radio signal. For example, the RF processor 240 may perform Wi-Fi-based bidirectional short-range wireless communication and RF processing for transmitting a specified standard asynchronous radio signal.

According to the method of the present invention, the chip module 230 processes bi-directional short-range communication with the first terminal 300 that is paired / coupled, and the RF processor 240 processes the first terminal 300 and the RF And performs RF processing (e.g., radio frequency modulation / demodulation, etc.) for communication-based bidirectional short-range wireless communication.

Meanwhile, when the chip module 230 is provided with a cable processing unit, the chip module 230 processes the bidirectional cable communication with the first terminal 300 connected to the cable unit 220 through the connector unit 220 using the cable processing unit can do. The bidirectional cable communication includes a packet communication function for transmitting and receiving a predetermined packet, and the cable processing unit allows the first terminal 300 connected to the connector unit 220 to detect the chip module 230 and perform cable communication And the like.

According to the embodiment of the present invention, the cable processing unit remains electrically connected to the connector unit 220, but the bidirectional cable communication function of the cable processing unit can be selectively activated or deactivated according to a designated condition, It is preferable to process the bidirectional cable communication with the first terminal 300 connected to the connector unit 220 when the bidirectional cable communication function is activated and if the bidirectional cable communication function is inactivated, Way cable communication even if the first terminal 300 is connected to the first terminal 300. [

Referring to FIG. 2, the chip module 230 of the signaling device 200 includes a communication identifier 250 for identifying a first terminal 300 to communicate using bi-directional short-range wireless communication, And a communication connection unit 255 for connecting bidirectional short-range wireless communication with the terminal 300. According to an embodiment of the present invention, when the cable processing unit is provided in the chip module 230, Directional cable communication with the first terminal 300, which is connected through a cable.

The communication identification unit 250 identifies the first terminal 300 to be connected to the first module 300 in the initial operation of the chip module 230 Way short range wireless communication between the chip module 230 and the nearest terminal capable of performing bidirectional short-range wireless communication with the chip module 230 at a predetermined input operation through the operation unit 225, (300). ≪ / RTI > Here, it is preferable that the first terminal 300 is a terminal owned (or possessed or possessed) by the owner of the signaling device 200. For example, when the RF processor 240 performs RF processing for Wi-Fi based bidirectional short-range wireless communication, the communication identifier 250 determines whether the owner of the signal device 200 The first terminal 300 to which the WiFi-based bidirectional short-range wireless communication is to be connected can be identified by performing the pairing procedure with the first terminal 300 possessed (or possessed or possessed). According to an embodiment of the present invention, the communication identification unit 250 identifies communication identification information for connecting the first terminal 300 to the first terminal 300 as a result of identifying the first terminal 300 Directional short-range wireless communication with the first terminal 300 using the communication identification information. In this case, the communication connection unit 255 can connect the first terminal 300 to the first terminal 300 via the network.

Meanwhile, the communication connection unit 255 can identify the first terminal 300 connected to the connector unit 220 by the cable processing unit, and connect the first terminal 300 with the first terminal 300 through the two-way cable communication. According to an embodiment of the present invention, the communication connection unit 255 may acquire communication identification information for identifying the first terminal 300 among devices connected to the connector unit 220 by cable, and may store the communication identification information in the memory unit 235, In this case, the communication connection unit 255 can establish a two-way cable communication with the first terminal 300 corresponding to the communication identification information.

According to the embodiment of the present invention, the communication identifying unit 250 performs a designated information exchange procedure with the identified first terminal 300 (or the first terminal 300 connected with the cable) (For example, a device serial number of a communication object, an identification key value exchanged in accordance with a specified key exchange procedure, and the like) to be stored in a designated storage area of the memory unit 235 In this case, the communication connection unit 255 can authenticate the first terminal 300 connecting the bi-directional short distance communication using the communication authentication information. The first terminal 300 can also store communication authentication information for authenticating the chip module 230 of the signaling device 200 according to an embodiment of the present invention. Information can be used to authenticate the chip module 230 of the signaling device 200 to which bidirectional short-range communication is connected.

2, the chip module 230 of the signaling device 200 includes a first terminal 300 connected to the bidirectional local area communication through the communication connection unit 255, a communication processing unit 260 for processing bidirectional local area communication And a key processing unit 265 for generating one or more key values through a designated key generation algorithm and providing at least one key value of the generated key values to the first terminal 300 through bidirectional local area communication do.

The communication processing unit 260 is connected to the first terminal 300 connected to the bidirectional local area communication through the communication connection unit 255 and to the first terminal 300 connected to the bidirectional local area communication via the communication connection unit 255, Handles short-range communications.

Directional short distance communication with the first terminal 300 through the communication processing unit 260, the key processing unit 265 determines whether a key value for encryption / decryption is stored in a designated storage area of the memory unit 235 Check. If the key value for encryption / decryption is not stored in the designated storage area, the key processing unit 265 may perform a procedure for generating one or more key values through a designated key generation algorithm. Or the control information requesting to generate a key value for encryption / decryption is provided from the first terminal 300 designated through the communication processing unit 260, or a key value for encryption / decryption through the input operation through the operation unit 225 The key processing unit 265 may perform a procedure of generating one or more key values through a designated key generation algorithm.

The key processing unit 265 generates one or more key values according to a designated key generation algorithm and stores the generated key value in a designated storage area of the memory unit 235. The generated key value is stored in the designated storage area of the memory unit 235, And provides at least one key value among the key values to the first terminal 300. For example, the key processing unit 265 generates a key pair of a private key and a public key according to a public key infrastructure key generation algorithm (e.g., an Elliptic Curve Cryptosystem (ECC) algorithm or an RSA algorithm) The public key of the generated key pair may be provided to the first terminal 300 through the communication processing unit 260 after storing the generated private key (which may include the public key) in the designated storage area. According to an embodiment of the present invention, when the key processing unit 265 generates a key pair of a public key infrastructure, it is preferable to generate a key pair based on an ECC algorithm capable of being encrypted through a low-speed processor. Meanwhile, the key processing unit 265 can generate the key value of the symmetric key method according to the embodiment, and thus the present invention is not limited thereto.

Referring to FIG. 2, the chip module 230 of the signaling device 200 includes a code checking unit 270 for checking code data to be transmitted through an asynchronous radio signal, And a code generating unit (275) for generating a one-time authentication code among the code data to be included in the asynchronous radio signal, wherein the code generating unit (275) includes a signal transmitting unit (285) for transmitting an asynchronous radio signal including the code data, And an encryption processing unit 280 for encrypting the code data (or at least a part of the code data) using the key value generated through the key generation unit 265.

The code checking unit 270 checks code data of a designated code structure to be transmitted in the asynchronous radio signal, and the signal transmitting unit 285 transmits the asynchronous radio signal to the RF processing unit 240, Thereby processing the asynchronous radio signal to be transmitted. If the chip module 230 receives external power or receives control information related to signal amplification from the first terminal 300 through the communication processing unit 260 or receives the control signal from the operation unit 225 The signal transmitting unit 285 amplifies the signal strength of the asynchronous radio signal by a predetermined amplification amount or more at a designated signal strength (for example, the signal strength of the specific mode defined in the specification) So that it can be controlled to be transmitted. Meanwhile, according to the embodiment, the signal transmitting unit 285 may control the signal strength of the asynchronous radio signal to be reduced to a specified amount or less from the designated signal strength and transmitted. Meanwhile, when the key processing unit 265 generates and stores a key value to be used for encryption / decryption, the encryption processing unit 280 encrypts the code data (or at least a part of the code data) In this case, the signal transmitting unit 285 may process the RF processor 240 to transmit the asynchronous radio signal including the encrypted code data.

According to the first asynchronous radio signal transmitting embodiment of the present invention, the code verifying unit 270 receives a unique code (e. G., Signal device 200) unique to the signaling device 200 (or the chip module 230) And the signal transmitting unit 285 processes the asynchronous radio signal including the confirmed code data to be transmitted through the RF processor 240 at a designated signal strength have.

The code generation unit 275 may generate information on the information (e.g., seed value) stored in the memory unit 235 of the chip module 230, the chip module 230, (For example, a time value counted using the charging power source of the power charging unit 215) is counted using the charging power source after the time synchronization with the first terminal 300 through the communication processing unit 260 Time value received from the first terminal 300 through the communication processing unit 260 and information received from the first terminal 300 through the bidirectional local area communication through the communication processing unit 260. [ A random number, a device ID value of the first terminal 300, a value received from the server (or the authentication device 500) provided by the first terminal 300, and the like, One-off authentication code in the form of one-off code by applying it to the algorithm Can be dynamically generated. According to an embodiment of the present invention, the code generation unit 275 can generate a random number type disposable authentication code, and thus the present invention is not limited thereto. The code verifying unit 270 verifies the code data including the unique code unique to the signal device 200 (or the chip module 230) and the disposable authentication code dynamically generated through the code generating unit 275 And the signal transmitting unit 285 may process the asynchronous radio signal including the confirmed code data to be transmitted with the designated signal strength through the RF processor 240.

According to the third asynchronous radio signal transmission embodiment of the present invention, the communication processing unit 260 can receive a predetermined unique code from the designated first terminal 300 through bidirectional local area communication. In this case, the code checking unit 270 checks the code data including the unique code received from the first terminal 300, and the signal transmitting unit 285 transmits the identified code An asynchronous radio signal containing data can be processed to be sent out at a specified signal strength. The fraudulent code verification unit 270 may generate code data including a unique code provided from the first terminal 300 instead of a unique code unique to the signaling device 200 (or the chip module 230) Or the code data including both the unique code unique to the signaling device 200 (or the chip module 230) and the unique code provided from the first terminal 300 can be confirmed.

According to the fourth asynchronous radio signal transmission embodiment of the present invention, the communication processing unit 260 can receive the disposable authentication code from the designated first terminal 300 through bidirectional local area communication. Here, the disposable authentication code provided from the first terminal 300 may include a disposable authentication code dynamically generated in the first terminal 300, an authentication device 500 communicating with the first terminal 300 And a disposable authentication code that is dynamically generated through a designated server (e.g., a designated server). The code checking unit 270 includes a unique code unique to the signaling device 200 (or the chip module 230) and a disposable authentication code provided from the first terminal 300 through the communication processing unit 260 And the signal transmitting unit 285 may process the asynchronous radio signal including the confirmed code data to be transmitted with the designated signal strength through the RF processor 240. [

According to the fifth asynchronous radio signal transmission embodiment of the present invention, the communication processing unit 260 receives a predetermined unique code from the designated first terminal 300 through bidirectional local area communication, receives the predetermined unique code from the first terminal 300 A disposable authentication code can be provided. Here, the disposable authentication code provided from the first terminal 300 may include a disposable authentication code dynamically generated in the first terminal 300, an authentication device 500 communicating with the first terminal 300 And a disposable authentication code that is dynamically generated through a designated server (e.g., a designated server). The code verifying unit 270 verifies the code data including the unique code and the disposable authentication code received from the first terminal 300 through the communication processing unit 260 and the signal transmitting unit 285 transmits the RF The processing unit 240 may process the asynchronous radio signal including the checked code data so as to be transmitted with the designated signal strength.

According to the sixth asynchronous radio signal transmitting embodiment of the present invention, the code checking unit 270 checks the code data in a form in which at least two of the first to fifth asynchronous radio signal transmitting embodiments are at least partially combined In this case, the signal transmitting unit 285 can process the asynchronous radio signal including the confirmed code data to be transmitted with the designated signal strength through the RF processor 240.

Meanwhile, according to the embodiment of the present invention, the encryption processing unit 280 encrypts the encryption key using the key value (e.g., a private key generated according to an ECC algorithm) stored in the designated storage area through the key processing unit 265, It is possible to encrypt the code data (or at least a part of the code data) confirmed by the code checking unit 270 according to at least one of the first to sixth asynchronous radio signal transmitting embodiments, The transmitting unit 285 may process the asynchronous radio signal including the encrypted code data to be transmitted at a designated signal strength through the RF processor 240.

Referring to FIG. 2, the chip module 230 of the signaling device 200 includes a code checking unit 270 for checking code data to be transmitted through an asynchronous radio signal, (Or at least a part of the code data) using the key value generated through the key processing unit 265. The encryption processing unit 265 encrypts the code data (280), or a request confirmation unit (290) for checking a code data request from the first terminal (300) designated through the bi-directional short distance communication.

The code verifying unit 270 checks the code data of the designated code structure to be included in the asynchronous radio signal based on at least one of the first to sixth asynchronous radio signal transmitting embodiments. The encryption processing unit 280 may encrypt the checked code data (or at least a part of the code data) according to the method.

Directional short-range communication with the first terminal 300 through the communication connection unit 255, the code transmission unit 295 transmits the confirmed (or encrypted) code data to the communication terminal through the communication processing unit 260 To the first terminal (300). That is, according to the embodiment of the present invention, the code data confirmed through at least one of the first to sixth asynchronous radio signal transmitting embodiments is included in the asynchronous radio signal through the signal transmitting unit 285 And transmitted to the first terminal 300 through the code transmission unit 295. [

Meanwhile, according to the method of the present invention, the transmission of the code data through the bidirectional local area communication can be selectively performed. For example, when the code request information requesting the code data is received through the bidirectional short-range communication at the first terminal 300, the chip module 230 of the signaling device 200 transmits the code data to the first And selectively transmit the data to the terminal 300. To this end, the request confirmation unit 290 checks whether the code request information requesting the code data is received from the first terminal 300 through the communication processing unit 260. If the code data is received from the first terminal 300, the code transmission unit 295 transmits the confirmed (or encrypted) code data to the first terminal 300 through the communication processing unit 260, Lt; / RTI >

According to another embodiment of the present invention, the code transmitting unit 295 transmits a verification value (for example, the code data (or at least a part of the code data) for verifying the code data confirmed through the code checking unit 270 (Or at least a part of the code data)), and transmits the generated hash value to the first terminal 300 through the communication processing unit 260 The generated / verified verification value can be transmitted.

3 is a diagram illustrating a functional configuration of a first terminal 300 according to an embodiment of the present invention.

3 shows a functional configuration of a first terminal 300 capable of bi-directionally communicating with a chip module 230 of a signaling device 200 and recognizing an asynchronous radio signal transmitted from the chip module 230 Those skilled in the art will be able to refer to and / or modify Figure 3 to derive various implementations of the first terminal 300 functionality, All of the above-described embodiments are included, and the technical features of the present invention are not limited only by the method shown in FIG. For convenience, the first terminal 300 of FIG. 3 is shown in the form of a wireless terminal such as a cellular phone, a smart phone, or a tablet PC having a network communication function, a bidirectional local communication function, and a unidirectional wireless signal receiving function. However, The terminal 300 is not limited to the form of the wireless terminal shown in FIG.

3, the first terminal 300 includes a control unit 302, a memory unit 320, a screen output unit 304, an input processing unit 306, a sound processing unit 316, a cable communication unit 310, A short range wireless communication unit 308, a short range wireless communication unit 312, a wireless network communication unit 314, a USIM reader unit 318, and a USIM, and has a battery for power supply.

The controller 302 is a generic term for controlling the operation of the first terminal 300. The controller 302 includes at least one processor and an execution memory. Bus (BUS). According to the present invention, the control unit 302 loads at least one [program] code included in the first terminal 300 through the processor and loads the program code into the execution memory, And controls the operation of the first terminal (300). Hereinafter, the configuration of the program 325 of the present invention, which is implemented in the form of a [program] code for convenience, will be described in the control unit 302. FIG.

The memory unit 320 is a generic term of a nonvolatile memory corresponding to a storage resource of the first terminal 300 and includes at least one [program] code executed through the control unit 302, And stores at least one data set used by the at least one data set. The memory unit 320 basically includes a system [program] code and a system data set corresponding to the operating system of the first terminal 300, a communication [program] code for processing a wireless communication connection of the first terminal 300 A program code and a data set corresponding to the program 325 of the present invention are also stored in the memory unit 320. The program code and data set corresponding to the program 325 of the present invention are stored in the memory unit 320. [

The screen output unit 304 includes a screen output unit (e.g., an LCD (Liquid Crystal Display) or the like) and a driving module for driving the screen output unit 304. The screen output unit 304 is connected to the control unit 302, And outputs an operation result corresponding to the output to the screen output device.

The input processing unit 306 is composed of one or more input devices (e.g., a button, a keypad, a touch pad, a touch screen etc. interlocked with the screen output unit 304) and a drive module for driving the input screen, And inputs a command for commanding various operations of the control unit 302 or data necessary for the operation of the control unit 302. [

The sound processing unit 316 includes a speaker, a microphone, and a driving module for driving the speaker. The sound processing unit 316 decodes sound data corresponding to the sound output from the various calculation results of the control unit 302 and outputs the sound data through the speaker Or a sound signal input through the microphone, and transmits the encoded sound signal to the controller 302. [

The cable communication unit 310 is a component that receives power using a cable or provides bidirectional cable communication, and the power supplied through the cable is charged in the battery. The cable communication unit 310 determines whether USB-based short-range cable communication is available when the cable is connected, and USB-based short-range cable communication when the USB-based short-range cable communication is available.

The short-range wireless communication unit 308 is a unit for processing bidirectional short-range wireless communication with the chip module 230 of the signaling device 200 and capable of receiving an asynchronous radio signal transmitted from the chip module 230 of the signaling device 200. [ And may include a Wi-Fi component that preferably handles Wi-Fi based bi-directional short-range wireless communication and receives an asynchronous wireless signal of a specified standard. However, the communication standard and the signal standard of the short-range wireless communication unit 308 are not limited to the Wi-Fi. The wireless communication unit 308 may perform bidirectional short-range wireless communication with the chip module 230 of the signal device 200, It is evident that any communication standard or signal standard is applicable to the scope of the present invention if it is possible to receive the asynchronous radio signal transmitted from the module 230. [

The wireless network communication unit 314 and the short-range network communication unit 312 are collectively referred to as communication resources for connecting the first terminal 300 to a designated communication network. The first terminal 300 may include a wireless network communication unit 314 as a basic communication resource and may include one or more short-range network communication units 312.

The wireless network communication unit 314 collectively refers to a communication resource for connecting the first terminal 300 to a wireless communication network via a base station. The wireless communication unit 314 may include an antenna, an RF module, a baseband module, And a signal processing module. The controller 302 is connected to the controller 302 and transmits the operation result corresponding to the wireless communication among the various operation results of the controller 302 through the wireless communication network or transmits the data through the wireless communication network And transmits it to the control unit 302, and performs the connection, registration, communication, and handoff procedures of the wireless communication. According to the present invention, the wireless network communication unit 314 can connect the first terminal 300 to a call network including a call channel and a data channel via an exchange, and in some cases, May be connected to a data network providing communication-based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 314 is a mobile communication unit that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to the CDMA / WCDMA / ≪ / RTI > Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 314 may further include a portable internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 314. [ That is, the wireless network communication unit 314 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless section, a type of a communication network, or a protocol.

The short-range network communication unit 312 is a generic term of communication resources for connecting a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connecting the first terminal 300 to the communication network The first terminal 300 can be connected to the communication network through at least one of Wi-Fi communication, public wireless communication, and UWB. According to an embodiment of the present invention, the local area network communication unit 312 may be integrated with or separated from the wireless network communication unit 314. According to an embodiment of the present invention, the short-range network communication unit 312 connects the first terminal 300 to a data network providing packet-based short-range wireless data communication through a wireless AP. According to another embodiment of the present invention, the short-range network communication unit 312 may include the short-range wireless communication unit 308, and thus the present invention is not limited thereto.

The USIM reader 318 includes a universal subscriber identity module (Universal Subscriber Identity Module) that is mounted on or removed from the first MS 300 based on the ISO / IEC 7816 standard and a configuration for exchanging at least one data set As a generic term, the data set is exchanged in a half-duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is an SIM type card provided with an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 318, A program code for the IC chip according to at least one command transmitted from the first terminal 300 and connected to the input / output interface, or extracts the data set (Or processing) the data to the input / output interface.

The control unit 302 downloads a program 325 linked with the chip module 230 of the signaling device 200 through the data network to which the communication resource is connectable and stores the downloaded program 325 in the memory unit 320, The program 325 may be driven to perform operations according to the present invention.

Referring to FIG. 3, the program 325 of the first terminal 300 is connected to the chip module 230 of the signaling device 200 based on the bidirectional short-range wireless communication in cooperation with the short-range wireless communication unit 308 And a chip module connection unit 335 for linking bidirectional short-range wireless communication with the chip module 230 of the identified signaling device 200 in cooperation with the short-range wireless communication unit 308 And the chip module connection unit 335 can couple the bidirectional cable communication with the signal device 200 connected to the cable communication unit 310 in accordance with the method.

The chip module identification unit 330 identifies the first terminal 300 connected to the bi-directional short-range wireless communication at the initial operation of the chip module 230 of the signaling device 200 Or before the communication identification information for the first terminal 300 is stored in the chip module 230 or during the input operation through the operating unit 225 of the signaling device 200) 308 to identify the chip module 230 of the signaling device 200 among the devices capable of bidirectional short-range wireless communication. For example, when the short-range wireless communication unit 308 processes a Wi-Fi-based bidirectional short-range wireless communication, the chip module identification unit 330 performs a pairing procedure with the signaling device 200 according to a specified pairing procedure To identify the chip module 230 of the signaling device 200 to connect the WiFi-based bidirectional short-range wireless communication. According to the embodiment of the present invention, the chip module identification unit 330 identifies the communication identification information for connecting the bidirectional short-range wireless communication with the signaling device 200 as a result of identifying the signaling device 200, And can be stored in the memory unit 320.

The chip module connection unit 335 refers to the identification result of the signal device 200 through the chip module identification unit 330 or the communication identification information stored in the memory unit 320, Directional short-range wireless communication with the chip module 230.

The chip module connection unit 335 checks the chip module 230 of the signal device 200 connected to the cable communication unit 310 and connects the chip module 230 of the signal device 200 Two-way cable communication can be connected. According to an embodiment of the present invention, the chip module connection unit 335 may acquire communication identification information for identifying the chip module 230 of the signal device 200 among the devices to which the cable is connected and store the acquired communication identification information in the memory unit 320 In this case, the chip module connection unit 335 can connect bidirectional cable communication with the signaling device 200 corresponding to the communication identification information.

According to an embodiment of the present invention, the chip module identification unit 330 performs a designated information exchange procedure with the chip module 230 of the identified signaling device 200 (or the cabled signaling device 200) (For example, the serial number of the chip module 230, the identification key value exchanged in accordance with the specified key exchange procedure, etc.) for authenticating the chip module 230 of the signaling device 200, (Not shown). In this case, the chip module connection unit 335 may be connected to the chip module 230 of the signaling device 200 that connects the bidirectional local area communication using the communication authentication information, Can be authenticated. Meanwhile, according to an embodiment of the present invention, the chip module 230 of the signal device 200 may store communication authentication information for authenticating the chip module 230 of the signal device 200. In this case, The chip module 230 of the first terminal 300 can authenticate the first terminal 300 to which bidirectional local area communication is connected using the communication authentication information.

3, the program 325 of the first terminal 300 includes a chip module communication unit 340 for processing bidirectional short distance communication with the chip module 230 of the signaling device 200 to which bidirectional short-range communication is connected A chip module management unit 345 for performing bidirectional short distance communication with the chip module 230 of the signal device 200 through the chip module communication unit 340 to manage the chip module 230 of the signal device 200, Respectively.

The chip module communication unit 340 processes bi-directional short-range wireless communication with the chip module 230 of the signaling device 200 communicatively coupled with the short-range wireless communication unit 308 through the chip module connection unit 335. The chip module management unit 345 controls various types of control information for managing the chip module 230 of the signal device 200 or various kinds of information necessary for the operation of the chip module 230 through the chip module communication unit 340 Or the chip module 230 of the signal device 200 or the chip module 230 of the signal device 200 through the chip module communication unit 340 And the like) can be received and output. For example, the chip module management unit 345 may selectively control the asynchronous radio signal to be transmitted from the chip module 230 of the signaling device 200. Or the chip module management unit 345 can check various information necessary for generating the disposable authentication code in the chip module 230 of the signal device 200 and provide the information to the chip module 230 of the signal device 200 have. Or the chip module management unit 345 identifies a unique code and / or a disposable authentication code that can be included in the asynchronous radio signal transmitted from the chip module 230 of the signal device 200, (230).

3, the program 325 of the first terminal 300 receives a key value generated through the chip module 230 from the signaling device 200 to which the bi-directional local area communication is connected, Or transmits the received key value to the designated authentication device 500 (or the key management server) and requests registration.

After generating one or more key values according to the key generation algorithm specified by the chip module 230 of the signaling device 200 and providing at least one key value among the generated key values through bidirectional local area communication, Receives the key value from the chip module 230 of the signaling device 200 through the chip module communication unit 340. The key registrar 350 stores the key value received from the chip module 230 of the signaling device 200 in a designated storage area and stores the received key value in the chip module of the signaling device 200 230 as a decryption key for decrypting the encrypted data. Meanwhile, the key registration unit 350 transmits the key value received from the chip module 230 of the signaling device 200 to the designated authentication device 500 (or the key management server) And may be used as a decryption key for decrypting the encrypted code data through the device 200. [

3, the program 325 of the first terminal 300 receives an asynchronous radio signal transmitted from the chip module 230 of the signaling device 200 in cooperation with the short-range wireless communication unit 308 And a signal recognition unit (355) for recognizing code data included in the asynchronous radio signal.

The signal recognition unit 355 receives an asynchronous radio signal transmitted from the chip module 230 of the signal device 200 in conjunction with the short range wireless communication unit 308 and receives the asynchronous wireless signal through the short range wireless communication unit 308 The asynchronous radio signal transmitted from the asynchronous radio signal transmitted from the chip module 230 of the signal device 200 according to at least one of the first through sixth asynchronous radio signal transmitting embodiments of the present invention, Code data (e.g., unique code and / or disposable authentication code).

Referring to FIG. 3, a program 325 of the first terminal 300 receives code data transmitted via the asynchronous radio signal from the chip module 230 of the signaling device 200 through bidirectional local area communication (Or a verification value) received through the code receiving unit 360 according to an embodiment of the present invention. The code receiving unit 360 receives the code data transmitted through the asynchronous radio signal, And a code verification unit 365 for verifying the code data recognized by the signal recognition unit 355. [

The code receiving unit 360 receives the code data from the chip module of the signal device 200 through the chip module communication unit 340 at any time before, Way short distance communication with the signaling unit 230 to receive the same code data as the code data included in the asynchronous radio signal transmitted from the chip module 230 of the signaling device 200. [

According to the embodiment of the present invention, the code receiving unit 360 can receive code data transmitted from the chip module 230 of the signaling device 200 through the chip module communication unit 340. The code receiving unit 360 transmits code request information for requesting code data to the chip module 230 of the signaling device 200 through the chip module communication unit 340, (230). ≪ / RTI >

Meanwhile, the code receiving unit 360 performs bidirectional short-range communication with the chip module 230 of the signaling device 200 through the chip module communication unit 340 and transmits the asynchronous signal to the chip module 230 of the signaling device 200 And may receive a verification value for verifying the code data included in the wireless signal.

If the code data transmitted from the chip module 230 of the signal device 200 through the asynchronous radio signal is recognized through the signal recognition unit 355 and the signal device 200 is received through the code reception unit 360, Directional short-distance communication with the chip module 230 of the base station 200, the code verification unit 365 receives the code data received through the bidirectional local area communication and the code recognized through the signal recognition unit 355 The validity of the code data can be verified by comparing the data. If the code data is encrypted, the code verification unit 365 can decrypt the encrypted code data using the key value stored in the key registration unit 350, and verify the encrypted code data.

The code data transmitted from the chip module 230 of the signal device 200 through the asynchronous radio signal is recognized through the signal recognition unit 355 and the verification value of the code data The code verification unit 365 can verify the validity of the code data recognized through the signal recognition unit 355 through the verification value received via the bidirectional local area communication.

Referring to FIG. 3, the program 325 of the first terminal 300 includes code data recognized through the signal recognition unit 355, code data of a chip module of the signal device 200 through the code receiving unit 360, A data generation unit (370) for generating first side authentication data including any one of the first side code data among the code data received from the code verification unit (230) and the code data verified through the code verification unit (365) And a data transfer unit 375 for transferring the generated first side authentication data to the specified authentication apparatus 500. The second terminal 400 accesses the first terminal 300 from the authentication apparatus 500, And a result information processing unit 380 for receiving and outputting result information including a result of authenticating the first terminal 300 that has accessed the second terminal 400.

The data generating unit 370 can generate the first side authentication data including the first side code data corresponding to the recognized code data through the signal recognizing unit 355. [ Alternatively, the data generating unit 370 may receive the first side authentication data including the first side code data corresponding to the code data received from the chip module 230 of the signaling device 200 through the code receiving unit 360 Can be generated. Alternatively, the data generating unit 370 may generate the first side authentication data including the first side code data corresponding to the verified code data through the code verifying unit 365.

According to an embodiment of the present invention, the data generating unit 370 includes the first side code data, and at the same time, generates a first side unique data set unique to the first terminal 300, Authentication data can be generated.

The first side unique data is used as identification means for uniquely identifying the first terminal 300, and the first side code data is used as authentication means (or authentication information) for authenticating the identification means.

According to the first specific data embodiment of the present invention, the unique data may include unique information that physically uniquely identifies the first terminal 300. For example, the unique data is unique to a designated storage area (e.g., a memory area, a protected storage area, etc.) of the first terminal 300 before the program 325 is installed in the first terminal 300 And may include unique information such as stored terminal serial number, telephone number, IMEI, IMSI, MSISDN, USIM serial number, MAC address, and various configuration module serial numbers.

According to the second specific data embodiment of the present invention, the unique data may include unique information logically uniquely identifying the first terminal 300 on the communication network. For example, the unique data may include unique information such as an IP address, a subscriber number, and network identification information uniquely assigned to the first MS 300.

According to the third specific data embodiment of the present invention, the unique data includes identification information that uniquely identifies the state in which the program 325 is driven after the program 325 is downloaded to the first terminal 300 . For example, the unique data may include identification information such as token information, unique identification code value, UUID, and UDID generated by the program 325 after the program 325 is installed in the first terminal 300 And the identification information may be encrypted and stored in a designated storage area of the first terminal 300.

According to the fourth characteristic data embodiment of the present invention, the unique data may include verification information generated by the program 325 at the first terminal 300. [ For example, the unique data may include verification information generated by hashing the program (325) itself (or designated data or a designated file) driven by the first terminal (300). At this time, the verification information may not be generated in advance and stored in the first terminal 300, and the program 325 may be generated and transmitted at the time of transmitting the unique data to the authentication apparatus 500.

According to the fifth eigenvalue data embodiment of the present invention, the inherent data may be in the form of at least partially combining two or more of the first to fourth eigenvalue data embodiments, and thus the present invention is not limited thereto. That is, the unique data may be in any form as long as it can be used as an identification means for uniquely identifying the first terminal 300 in any form.

The data transmitting unit 375 transmits the generated first side authentication data to the specified authentication device 500. Preferably, the data transmitting unit 375 can automatically transmit the generated first side authentication data to the authentication device 500 at the same time that the first side authentication data is generated through the data generating unit 370 , Or may transmit the first side authentication data to the authentication device 500 as a result of a specified input operation to the first terminal 300. [

According to the embodiment of the present invention, the signal recognition unit 355 can recognize the code data every time the asynchronous radio signal of the signal device 200 is received and recognized. In this case, the data transmission unit 375 May transmit the first side authentication data including the first side code data corresponding to the code data recognized through the signal recognition unit 355 to the authentication device 500 more than a specified number of times / repetitively. Alternatively, the code receiving unit 360 may periodically / repeatedly receive the code data from the chip of the signaling device 200 through bidirectional local area communication. In this case, the data transmitting unit 375 may receive the code data from the code receiving unit 360, Side authentication data including the first-side code data corresponding to the code data received through the authentication-use device 500 periodically / repetitively.

On the other hand, when the code data includes the one-time authentication code, the signal recognition unit 355 periodically / repeatedly receives and recognizes the asynchronous radio signal of the signal device 200, and temporarily stores the previously recognized code data If the one-time authentication code of the next recognized code data is changed, the changed code data can be processed as a valid recognized code data. In this case, the data transmitting unit 375 may transmit the changed code data Side authentication data including the first side code data corresponding to the first side code data to the authentication device 500. [ Alternatively, the code receiving unit 360 periodically / repeatedly receives the code data from the chip of the signaling device 200 through bidirectional local area communication, temporarily stores and stores the previously received code data, In this case, the data transmitting unit 375 may transmit the first side code data corresponding to the changed code data, and the first side code data corresponding to the changed code data, To the authentication device 500. The first authentication data may be transmitted to the authentication device 500 through the first authentication data.

The authentication device 500 receives the first side authentication data and stores and retains the first side authentication data for a specified effective time. If the first side code data of the first side authentication data includes the one-time authentication code, the authentication device 500 can perform a procedure for authenticating the validity of the one-time authentication code. Meanwhile, the authentication device 500 can receive second side authentication data including predetermined second side code data from the second terminal 400 that has recognized the asynchronous radio signal of the signaling device 200, The first side code data of the first side authentication data is compared with the second side code data of the second side authentication data to authenticate the second terminal 400 which has approached the first terminal 300, After authenticating the designated first terminal 300 accessing the terminal 400 and transmitting result information including the result to the first terminal 300. [ On the other hand, if the access of the first terminal 300 and the second terminal 400 is not authenticated, the authentication apparatus 500 need not provide separate result information.

The result information processor 380 may authenticate the second terminal 400 accessing the first terminal 300 from the authentication device 500 or may authenticate the second terminal 400 accessing the designated first terminal 300 ), And output the result information.

4 is a functional block diagram of a second terminal 400 according to an embodiment of the present invention.

4 shows a functional configuration of a second terminal 400 for recognizing an asynchronous radio signal transmitted from the chip module 230 of the signaling device 200. In the present invention, It will be appreciated that those skilled in the art will be able to deduce various implementations of the second terminal 400 functionality by referring to and / or modifying FIG. 4, but the present invention includes all of the above- , The technical features thereof are not limited only by the method shown in FIG. For convenience, the second terminal 400 of FIG. 4 is shown as a wireless terminal such as a mobile phone, smart phone, or tablet PC having a network communication function, a bidirectional local communication function, and a unidirectional wireless signal receiving function. However, The terminal 400 is not limited to the form of the wireless terminal shown in FIG.

4, the second terminal 400 includes a control unit 402, a memory unit 420, a screen output unit 404, an input processing unit 406, a sound processing unit 416, a cable communication unit 410, A short range wireless communication unit 408, a short range wireless communication unit 412, a wireless network communication unit 414, a USIM reader unit 418, and a USIM, and has a battery for power supply. A detailed description of each component will be made with reference to FIG. 3, and the same components as those of FIG. 3 will not be described.

Directional short-range wireless communication with the chip module 230 of the signaling device 200 is not performed, although the short-range wireless communication unit 408 can perform bidirectional short-range wireless communication and asynchronous wireless signal reception. Also, the cable communication unit 410 does not connect the cable to the signal device 200. The control unit 402 downloads a program 425 capable of recognizing the asynchronous radio signal of the signaling device 200 via the data network to which the communication resource is connectable and stores the program 425 in the memory unit 420, 425 are driven to perform operations according to the present invention.

4, the program 425 of the second terminal 400 receives an asynchronous radio signal transmitted from the chip module 230 of the signaling device 200 in cooperation with the short-range wireless communication unit 408 And a signal recognizer 430 for recognizing code data included in the asynchronous radio signal.

The signal recognition unit 430 receives the asynchronous radio signal transmitted from the chip module 230 of the signal device 200 in cooperation with the short range wireless communication unit 408 and receives the asynchronous wireless signal through the short range wireless communication unit 408 The asynchronous radio signal transmitted from the asynchronous radio signal transmitted from the chip module 230 of the signal device 200 according to at least one of the first through sixth asynchronous radio signal transmitting embodiments of the present invention, Code data (e.g., unique code and / or disposable authentication code).

According to an embodiment of the present invention, the signal recognition unit 430 may set a reference strength for effectively recognizing the unidirectional wireless signal of the signal device 200. In this case, The asynchronous radio signal of the signaling device 200 is received through the short-range wireless communication unit 408 to determine whether the received strength of the asynchronous radio signal is greater than or equal to the preset reference strength, The code data included in the signal can be recognized effectively.

Referring to FIG. 4, a program 425 of the second terminal 400 receives second side authentication data including second side code data corresponding to code data recognized through the signal recognition unit 430 And a data transmission unit 440 for transmitting the generated second side authentication data to the specified authentication apparatus 500. The authentication apparatus 500 transmits the generated second side authentication data to the first terminal 300 And a result information processor 445 for receiving and outputting result information including a result of authenticating the second terminal 400 that has accessed the second terminal 400 or the first terminal 300 that has accessed the second terminal 400, ).

The data generating unit 435 may generate the second side authentication data including the second side code data corresponding to the code data recognized through the signal recognizing unit 430. [ According to an embodiment of the present invention, the data generation unit 435 includes the second side code data, and at the same time, generates a second side unique data that is unique to the second terminal 400 Authentication data can be generated.

The second side unique data is used as identification means for uniquely identifying the second terminal 400, and the second side code data is used as authentication means (or authentication information) for authenticating the identification means.

According to the first unique data embodiment of the present invention, the unique data may include unique information that physically uniquely identifies the second terminal 400. For example, the unique data may be stored in a designated storage area (e.g., a memory area, a protected storage area, etc.) of the second terminal 400 before the program 425 is installed in the second terminal 400 And may include unique information such as stored terminal serial number, telephone number, IMEI, IMSI, MSISDN, USIM serial number, MAC address, and various configuration module serial numbers.

According to the second specific data embodiment of the present invention, the unique data may include unique information logically uniquely identifying the second terminal 400 on the communication network. For example, the unique data may include unique information such as an IP address, a subscriber number, and network identification information uniquely assigned to the second terminal 400.

According to the third specific data embodiment of the present invention, the unique data may include identification information that uniquely identifies the state in which the program 425 is driven after the program 425 is downloaded to the second terminal 400 . For example, after the program 425 is installed in the second terminal 400, the unique data may include identification information such as token information, unique identification code value, UUID, and UDID generated by the program 425 And the identification information may be ciphered and stored in a designated storage area of the second terminal (400).

According to the fourth characteristic data embodiment of the present invention, the unique data may include verification information generated by the program 425 at the second terminal 400. [ For example, the unique data may include verification information generated by hashing the program 425 (or designated data or a designated file) driven by the second terminal 400 by hashing. At this time, the verification information may not be generated in advance and stored in the second terminal 400, and the program 425 may be generated and transmitted at the time of transmitting the unique data to the authentication apparatus 500.

According to the fifth eigenvalue data embodiment of the present invention, the inherent data may be in the form of at least partially combining two or more of the first to fourth eigenvalue data embodiments, and thus the present invention is not limited thereto. That is, the unique data may be in any form as long as it can be used as an identification means for uniquely identifying the second terminal 400 in any form.

The data transmitting unit 440 transmits the generated second side authentication data to the specified authentication device 500. Preferably, the data transmitting unit 440 can automatically transmit the generated second side authentication data to the authentication device 500 at the same time that the second side authentication data is generated through the data generating unit 435 Or to transmit the second side authentication data to the authentication device 500 as a result of a specified input operation to the second terminal 400. [

According to the embodiment of the present invention, the signal recognition unit 430 can recognize the code data whenever it receives and recognizes the asynchronous radio signal of the signaling device 200. In this case, the data transmission unit 440 May transmit the second side authentication data including the second side code data corresponding to the code data recognized through the signal recognizing unit 430 to the authentication device 500 more than a specified number of times / repetitively.

Meanwhile, when the code data includes the one-time authentication code, the signal recognition unit 430 periodically / repeatedly receives and recognizes the asynchronous radio signal of the signal device 200, and temporarily stores the previously recognized code data If the one-time authentication code of the next recognized code data is changed, it is possible to process the changed code data as valid recognition. In this case, the data transmitting unit 440 may transmit the changed code data Side authentication data including the second side code data corresponding to the second side code data to the authentication device 500. [

The authentication device 500 receives the second side authentication data and stores and maintains the second side authentication data for a specified valid time. If the disposable authentication code is included in the second side code data of the second side authentication data, the authentication device 500 may perform a procedure for authenticating the validity of the disposable authentication code. Meanwhile, the authentication device 500 can receive the first side authentication data including the predetermined first side code data from the first terminal 300 that has recognized the asynchronous radio signal of the signaling device 200, The second side code data of the second side authentication data is compared with the second side code data of the second side authentication data to authenticate the second terminal 400 that has approached the first terminal 300, After authenticating the first terminal 300 that has accessed the terminal 400, the second terminal 400 can transmit the result information including the result to the second terminal 400. On the other hand, if the access of the second terminal 400 and the second terminal 400 is not authenticated, the authentication apparatus 500 may not provide separate result information.

The result information processing unit 445 authenticates the second terminal 400 accessing the first terminal 300 from the authentication device 500 or accesses the first terminal 300 ), And output the result information.

5 is a functional block diagram of an authentication apparatus 500 according to an embodiment of the present invention.

5 is a block diagram of an asynchronous radio communication system according to an embodiment of the present invention. In more detail, FIG. 5 automatically identifies a first terminal 300 that performs bidirectional short distance communication with a signaling device 200, The second terminal 400 recognizing the same radio signal as the first terminal 400 and authenticating the second terminal 400 accessing the first terminal 300 or the first terminal 400 accessing the second terminal 400 300 of the authentication apparatus 500 according to an exemplary embodiment of the present invention. Referring to FIG. 5 and / or modified by the person skilled in the art, However, the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the scope of the present invention.

The authentication apparatus 500 may be implemented as a server on a network that communicates with the first terminal 300 through the second terminal 400 through a communication network or may be implemented as a server on the network through the first terminal 300, The present invention is not limited to the embodiment in which the authentication apparatus 500 is implemented.

5, the authentication device 500 includes a signal device 200 having a bidirectional local communication function and an asynchronous radio signal transmission function, and a first terminal (not shown) And a first side registering unit 505 for registering a couple of the first side registering unit 503 and the second side registering unit 503.

When the program 325 designated to the first terminal 300 is installed and executed, the first terminal 300 transmits the first side unique IDs corresponding to at least one of the first through fifth eigen data embodiments of the present invention, The first side registration unit 505 receives the first side unique data from the first terminal 300 and stores the first side unique data in a designated storage medium. Meanwhile, when the authentication of the present invention identifies and authenticates the user of the first terminal 300, the first terminal 300 can perform a procedure of registering the user of the first terminal 300. In this case, The first side registration unit 505 receives user information about the user of the first terminal 300 from the first terminal 300 and registers and stores the user information in a designated storage medium Linkage storage).

Directional local area communication corresponding to at least one of the first to fourth bidirectional local area communication embodiments of the present invention is connected between the first terminal 300 and the signal device 200, (For example, a unique code unique to the signaling device 200 or a unique code unique to the first terminal 300) included in the code data to be transmitted through the asynchronous radio signal in the signaling device 200 through the bidirectional local area communication, The first side registering unit 505 registers the asynchronous radio signal of the signaling device 200 from the first terminal 300. The first side registering unit 505 registers the asynchronous radio signal of the signaling device 200, And registers and stores the received unique code in a designated storage medium. The first side registering unit 505 may store the first side unique data and the unique code of the signaling device 200 by mapping and storing the first side unique data and the unique code of the signaling device 200, You can register.

Meanwhile, when the code data of the asynchronous radio signal transmitted from the chip module 230 of the signaling device 200 performing bi-directional short distance communication with the first terminal 300 includes the one-time authentication code, the first side registration part 505, (For example, a seed value) necessary for generating the disposable authentication code and provides the information to the first terminal 300 so that the chip module of the signal device 200 230 of the signaling device 200 or receives predetermined information from the chip module 230 of the signaling device 200 through the first terminal 300 and transmits the unique code and the unique code of the signaling device 200 Or in association with the first side unique data of the first terminal 300 in a designated storage medium. If the validity authentication of the disposable authentication code is performed through a separate code authentication server, the first side registration unit 505 performs a procedure of registering various information necessary for generating the disposable authentication code in the code authentication server can do.

Meanwhile, one or more key values may be generated according to a key generation algorithm specified by the chip module 230 of the signaling device 200 performing bi-directional short-distance communication with the first terminal 300, and at least one of the generated key values The first terminal 300 performs a procedure of registering a key value provided from the signaling device 200 when the key value of the signaling device 200 is provided to the first terminal 300, 1 side registration unit 505 may receive the key value from the first terminal 300 and store the received key value in a designated key storage medium. Preferably, the first side registering unit 505 stores the key value in association with the unique code of the signaling device 200 and / or the unique data of the first terminal 300 coupled with the signaling device 200 . Meanwhile, the first terminal 300 or the first side registration unit 505 can register the key value in the designated key management server according to the embodiment, and in this case, the key value can be confirmed through the key management server.

5, the authentication device 500 includes N (N > = 1) devices capable of recognizing an asynchronous radio signal transmitted from a signal device 200 having a bidirectional local communication function and an asynchronous radio signal transmission function, And a second side registration unit 510 for registering the second terminal 400. [

When the program 425 specified in the second terminal 400 is installed and executed, the second terminal 400 can access the second side unique to the second terminal 400 corresponding to at least one of the first through fifth eigen data embodiments of the present invention, The second side registration unit 510 receives the second side unique data from the second terminal 400 and stores the second side unique data in a designated storage medium. Meanwhile, when the authentication of the present invention identifies and authenticates the user of the second terminal 400, the second terminal 400 may perform a procedure of registering the user of the second terminal 400. In this case, The second side registration unit 510 receives the user information about the user of the second terminal 400 from the second terminal 400 and registers and stores the second side unique data and the user information in a designated storage medium Linkage storage).

Referring to FIG. 5, the authentication apparatus 500 includes a bi-directional short distance communication between the signaling device 200 and the first terminal 300 from the first terminal 300, A first side receiver (515) for receiving first side authentication data including first side code data obtained through the first terminal (300) in combination of any one or two of radio signal recognition, Side authentication unit 520 for identifying and authenticating the validity of the authentication data.

The first terminal 300 may be included in the asynchronous radio signal of the signaling device 200 coupled with the first terminal 300 according to at least one of the first through fifth code data acquisition embodiments of the present invention. Corresponding to at least one of the first through fifth eigen data embodiments of the present invention, the first side code data corresponding to the first code data corresponding to the first code data, And transmits the first side authentication data including the unique data to the authentication device 500. The first side receiving unit 515 receives the first side authentication data from the first terminal 300. [

According to the embodiment of the present invention, the first side receiver 515 stores and maintains the first side authentication data received from the first terminal 300 for a valid period of time. Meanwhile, the first side receiving unit 515 checks whether the designated valid time elapses while the first side authentication data is held, and if the valid time of the first side authentication data has elapsed, Data can be automatically discarded or disabled to avoid being used for authentication procedures.

When the first side authentication data includes the first side unique data, the first side authentication unit 520 identifies the first side unique data included in the first side authentication data, Side unique data included in the first side authentication data by comparing the first side unique data registered through the first side unique data registration unit 505 with the first side unique data.

If the first side code data (or at least a part of the code data) included in the first side authentication data is encrypted, the first side authentication unit 520 transmits the first side code data (Or key management server) associated with the first side unique data included in the first side authentication data or associated with the unique code of the first side code data among the registered information stored in the key storage medium Confirms the corresponding decryption key, and decrypts the encrypted first side code data through the decryption key.

On the other hand, if the first side code data (or the decrypted first side code data) included in the first side authentication data includes the one-time authentication code, the first side authentication unit 520 may determine that the first side registration unit (E.g., a seed value, etc.) associated with the first side unique data included in the first side authentication data or associated with the unique code of the first side code data among the information registered in the storage medium through the first side authentication data 505, The validity of the disposable authentication code included in the first side code data is verified by using the generated verification code.

According to the method of the present invention, the first side authentication unit 520 may have the same code generation algorithm as the algorithm used to generate the disposable authentication code included in the first side code data. In this case, the first side authentication unit 520 may generate various kinds of information associated with the first side unique data included in the first side authentication data or associated with the unique code of the first side code data (E.g., time and the like) dynamically determined, and then substituting the identified one or more seed values into the code generation algorithm to generate a verification code, The validity of the disposable authentication code included in the first side code data can be verified by comparing the generated validation code with the one-time authentication code included in the one-side code data. Meanwhile, according to another embodiment of the present invention, the validity authentication of the disposable authentication code can be performed through a separate code authentication server. In this case, the first-side authentication unit 520 may transmit the disposable authentication code to the code authentication server The authentication result of the disposable authentication code can be received from the code authentication server after providing the code.

If the disposable authentication code is included in the first side code data (or the decrypted first side code data) included in the first side authentication data, the authentication device 500 determines that the validity of the disposable authentication code is valid It is preferable to perform a procedure of comparing and authenticating the first side code data with the second side code data included in the second side authentication data received from the second terminal 400. [

5, the authentication device 500 recognizes the asynchronous radio signal of the signaling device 200 from the second terminal 400 and transmits second side authentication data including the second side code data A second side receiving unit 525 for receiving the second side authentication data, and a second side authentication unit 530 for identifying and authenticating the validity of the second side authentication data.

When the signal device 200 and the first terminal 300 are moved and the second terminal 400 is moved and / or the second terminal 400 is moved and the signal device 200 and the first terminal 300 are moved, The second terminal 400 may access the asynchronous radio signal of the signaling device 200 when the asynchronous radio signal transmitted from the signaling device 200 can be received from the second terminal 400, Corresponding to at least one of the first to fifth eigenvalue data embodiments of the present invention, the second side code data corresponding to the code data included in the second side code data, Side inherent data to the authentication apparatus 500. The second side receiving unit 525 receives the second side authentication data from the second terminal 400 .

According to the embodiment of the present invention, the second side receiver 525 stores and maintains the second side authentication data received from the second terminal 400 for a valid period of time. On the other hand, the second side receiving unit 525 checks whether the designated valid time elapses while the second side authentication data is held, and if the valid time of the second side authentication data has elapsed, Data can be automatically discarded or disabled to avoid being used for authentication procedures.

When the second side authentication data includes the second side unique data, the second side authentication unit 530 identifies the second side unique data included in the second side authentication data, Side unique data included in the second side authentication data by comparing the first side unique data with the second side unique data registered through the second side unique data.

If the second side code data (or at least a part of the code data) included in the second side authentication data is encrypted, the second side authentication unit 530 transmits the second side code data (Or the key management server) associated with the unique code of the second side code data among the information registered in the second side code data and confirms the decryption key corresponding to the key value registered in the specified key storage medium Side code data.

On the other hand, when the one-use authentication code is included in the second side code data (or the decrypted second side code data) included in the second side authentication data, the second side authentication unit 530 authenticates the first side registration unit (E.g., seed value, etc.) associated with the unique code of the second side code data among the information stored in the storage medium via the second side code data Authenticate the validity of the disposable authentication code.

According to the method of the present invention, the second side authentication unit 530 may have the same code generation algorithm as the algorithm used to generate the disposable authentication code included in the second side code data. In this case, the second side authentication unit 530 identifies a seed value corresponding to various information (e.g., seed value, etc.) associated with the unique code of the second side code data, and generates at least one seed value dynamically determined (E.g., time, etc.), then substituting the identified one or more seed values into the code generation algorithm to generate a verification code, and comparing the generated verification code with the one-time verification code included in the second side code data And validate the validity of the disposable authentication code included in the second side code data. Meanwhile, according to another embodiment of the present invention, the validity authentication of the disposable authentication code can be performed through a separate code authentication server. In this case, the second side authentication unit 530 transmits the one- The authentication result of the disposable authentication code can be received from the code authentication server after providing the code.

If the disposable authentication code is included in the second side code data (or the decrypted second side code data) included in the second side authentication data, the authentication device 500 determines whether the validity of the disposable authentication code is authenticated It is preferable to perform a procedure for comparing and authenticating the second side code data with the first side code data included in the first side authentication data received from the first terminal 300. [

5, the authentication device 500 compares the first side code data of the first side authentication data received within the designated time range with the second side code data of the second side authentication data, And an authentication processing unit (535) for authenticating a second terminal (400) accessing the first terminal (300) or authenticating a designated first terminal (300) accessing the second terminal (400) The second terminal 400 accesses the terminal 300 or authenticates the first terminal 300 that has accessed the second terminal 400 to construct the resultant information, And an authentication result processing unit 540 for providing the authentication result to the second terminal 400.

The authentication processing unit 535 receives the first side authentication data received from the first terminal 300 and the second side authentication data received from the second terminal 400, 1-side code data and the second side code data of the second side authentication data. For example, when receiving the first side authentication data from the first terminal 300, the authentication processing unit 535 stores the first side authentication data at the time when the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Or the second terminal 400, the authentication processing unit 535 determines whether or not the second authentication data is received from the second terminal 400 based on the time when the second side authentication data is received within the valid time for holding the second side authentication data The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

Meanwhile, the first terminal 300 is limited to a terminal that performs bi-directional short distance communication with the signaling device 200, but the second terminal 400 may be plural. The present invention controls the signal strength of the asynchronous radio signal transmitted through the signaling device 200 to specify one of the plurality of the second terminals 400, The second terminal 400 closest to the couple of the first terminal 300 may be specified. Alternatively, when transmitting the second side authentication data from the second terminal 400, the second side authentication data may include information capable of discriminating the signal strength of the asynchronous radio signal, so that the authentication processing unit 535 The signal intensity of the asynchronous radio signal may be read and a second terminal 400 transmitting the second side authentication data including the largest signal strength may be specified. Alternatively, after the asynchronous radio signal of the signaling device 200 is received, the second terminal 400, which is to be included in the authentication target among the second terminal 400, performs the specified input operation, By including information corresponding to the operation, the authentication device 500 can specify one second terminal 400 that has undergone the specified input operation.

According to an embodiment of the present invention, the authentication processing unit 535 generates first-side authentication data of the first side authentication data received from the first terminal 300, which performs bidirectional short-distance communication with the signal device 200, The first side code data and the second side code data can be compared with the second side code data of the second side authentication data received from the second terminal 400, The second terminal 400 that has accessed the terminal 300 can be authenticated or the designated first terminal 300 that has accessed the second terminal 400 can be authenticated. The authentication result processing unit 540 may transmit the result information obtained by authenticating the access of the first terminal 300 and the second terminal 400 to the first terminal 300 and the second terminal 400, respectively.

According to the embodiment of the present invention, when a result of authenticating the second terminal 400 accessing the first terminal 300 or authenticating the designated first terminal 300 accessing the second terminal 400 Based on the results, a designated service (e.g., payment, point accumulation, coupon provision, etc.) may be provided. In this case, the authentication result processing unit 540 may configure the service information for the service and provide the first terminal 300 and the second terminal 400 with a terminal or a terminal to be provided with a service . According to an embodiment of the present invention, the service information may be included in the result information and transmitted. Alternatively, the authentication result processing unit 540 may configure service information for the service through a separate service provision server (not shown) to provide a service among the first terminal 300 and the second terminal 400 The present invention is not limited to this.

Meanwhile, when the second terminal 400 accesses the first terminal 300 or the first terminal 300 accesses the second terminal 400, The authentication processing unit 535 checks whether the valid time of each of the first side authentication data has elapsed or the valid time of the second side authentication data has elapsed before the service is completed, If the time has not elapsed, the service can be processed to be finally completed.

Or a result of authenticating the second terminal 400 accessing the first terminal 300 or authenticating the designated first terminal 300 accessing the second terminal 400 The authentication processing unit 535 reads the second side code data of the second side authentication data repeatedly / additionally received through the second side receiving unit 525 and transmits the second side code data to the first terminal 300 and the second terminal It is possible to confirm whether the first terminal 300 and the second terminal 400 are approaching within the effective distance and when the first terminal 300 and the second terminal 400 are maintained within the effective distance, .

6 is a diagram illustrating an initial setting process of the signaling device 200 according to an embodiment of the present invention.

6, the chip module 230 of the signaling device 200 identifies / connects bidirectional local communication with the designated first terminal 300 and generates one or more key values for encryption / decryption according to the method 6 is a flowchart illustrating a process of registering at least one key value of the signal device 200 according to an exemplary embodiment of the present invention. Referring to FIG. 6 and / or modified by the person skilled in the art, It will be understood that various implementations of the present invention (e.g., some steps omitted or alternatives in which the order is changed) may be deduced, but the present invention includes all of the above- The technical features are not limited by the method alone.

6, when the chip module 230 of the signaling device 200 receives power from at least one of an external power source and a charging power source 600, the chip module 230 of the signaling device 200 It is determined whether to transmit the asynchronous radio signal (605). The chip module 230 of the signaling device 200 may transmit the asynchronous radio signal through an operation unit 225 to the first terminal 300 regardless of whether the first terminal 300 is in two- It is possible to send out. If it is determined that the asynchronous radio signal is to be transmitted, the chip module 230 of the signal device 200 may transmit the asynchronous radio signal according to at least one possible embodiment among the first to sixth asynchronous radio signal transmission embodiments of the present invention. Signal can be transmitted.

Meanwhile, the chip module 230 of the signaling device 200 confirms whether the first terminal 300 to be connected with bidirectional local area communication is communicated (Step 610). The chip module 230 of the signaling device 200 transmits the signal to the first terminal 300 in cooperation with the designated first terminal 300. If the first terminal 300 is connected to the second terminal 300, The first terminal 300 may perform a communication identification procedure for connecting the bidirectional short distance communication with the signaling device 200 in cooperation with the chip module 230 of the signaling device 200. [ A communication identification procedure for connecting the communication is performed (615).

If the communication identification procedure for connecting the bidirectional short distance communication between the chip module 230 of the signaling device 200 and the first terminal 300 is successful, the chip module 230 of the signaling device 200 can always identify Directional short distance communication with the first terminal 300 of the identified signaling device 200 at step 620. The first terminal 300 may also perform a bidirectional short distance communication with the first module 300 of the identified signaling device 200, (620). ≪ / RTI >

If bi-directional short distance communication between the chip module 230 of the signaling device 200 and the first terminal 300 is connected, the chip module 230 of the signaling device 200 generates a key value for encryption / decryption (630). For example, the chip module 230 of the signaling device 200 may determine to generate the key value if the key generation value of the designated storage area is not registered. Or to generate the key value based on the input operation through the operation unit 225 of the signaling device 200 or the control information of the first terminal 300 through the bidirectional local area communication.

If it is determined to generate the key value, the chip module 230 of the signaling device 200 generates one or more key values (e.g., an ECC algorithm-based private key and a public key) using a designated key generation algorithm, The generated key value is held until completion of registration (635). Meanwhile, the chip module 230 of the signaling device 200 provides at least one designated key value (e.g., a public key) of the generated key values to the first terminal 300 through the bidirectional local area communication (640) The first terminal 300 receives the key value generated in the signaling device 200 through the bidirectional local area communication in step 645 and transmits the key value generated in the signaling device 200 to the designated storage area of the first terminal 300, 200) may be stored (650).

The first terminal 300 requests the designated authentication apparatus 500 to register the key value in step 655. The authentication apparatus 500 receives the key value from the first terminal 300 in step 660, The key value is registered and stored in the designated key storage medium (or key management server) (665), and the registration result of the key value is returned to the first terminal (670).

The first terminal 300 receives the key value registration result from the authentication device 500 and relays the key value registration result to the signal device 200 through the bidirectional local area communication 675, The controller 230 receives the key value registration result from the first terminal 300 through the bidirectional local area communication (680), stores the key value in a designated storage area of the chip module 230 based on the registration result (685).

7 is a diagram illustrating a process of registering a first terminal 300 and a signaling device 200 in an authentication device 500 according to an embodiment of the present invention.

7 shows a process of registering a pair of the signal device 200 and the first terminal 300 to which the bidirectional local area communication is connected to the authentication device 500. In the conventional technology, It will be understood by those skilled in the art that various embodiments of the registration process of the first terminal 300 and the signaling device 200 (e.g., some steps may be omitted, However, the present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

Referring to FIG. 7, when a program 325 designated to the first terminal 300 is installed and operated (700), the first terminal 300 determines that at least one of the first through fifth unique data embodiments of the present invention Side unique data corresponding to the embodiment (705), and requests registration of the first side unique data to the specified authentication device (710). The authentication device 500 receives the first side unique data from the first terminal 300 in step 715 and stores the first side unique data in a designated storage medium in step 720 and then transmits the first side unique data to the first terminal 300, Side unique data (725).

Meanwhile, the first terminal 300 determines whether bidirectional local area communication with the designated signal device 200 is connected (730), and if the bidirectional local area communication with the signal device 200 is connected, Requests a unique code to the device 200 (725). The chip module 230 of the signaling device 200 checks the unique code request through the bidirectional local area communication in step 740 and checks the unique code of the signaling device 200, The first terminal 300 receives the unique code of the signaling device 200 through the bidirectional local area communication and then transmits the unique code to the designated authentication device 500 And requests registration of the inherent code (755). The authentication device 500 receives the unique code of the signaling device 200 from the first terminal 300 and stores the unique code in a designated storage medium (for example, mapping and storing it with the first side unique data) (Step 765), and transmits the registration result of the unique code to the first terminal 300 (step 725).

Meanwhile, the first terminal 300 checks whether the code data of the asynchronous radio signal transmitted from the signaling device 200 includes the disposable authentication code (775). If the code data of the asynchronous radio signal transmitted from the signaling device 200 includes the one-time authentication code, the first terminal 300 transmits the asynchronous radio signal to the signaling device 200, The chip module 230 of the signaling device 200 repeats the process of exchanging various information for generation / authentication of the disposable authentication code 780, and the chip module 230 of the signaling device 200 generates a disposable authentication code for generating the disposable authentication code (E.g., a seed value, etc.) and stores it in a designated storage area of the chip module 230 (785), and the authentication device 500 confirms the disposable authentication code And registers and stores various information in a designated storage medium (or a separate code authentication server) (790).

FIG. 8 is a diagram illustrating a process of registering a second terminal 400 in an authentication apparatus 500 according to an embodiment of the present invention.

8 shows a process of registering a second terminal 400 capable of recognizing an asynchronous radio signal of the signaling device 200 in the authentication device 500. In the technology field of the present invention, It is possible to refer to and / or modify the FIG. 8 to infer the various methods of performing the registration process of the second terminal 400 (e.g., omitting some steps or changing the order) However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 8, when the program 425 designated to the second terminal 400 is installed (800), the second terminal 400 receives at least one of the first through fifth unique data embodiments of the present invention The second side unique data corresponding to the embodiment is checked (805), and the second side unique data is requested to be registered (810) to the specified authentication device (500). The authentication apparatus 500 receives the second side unique data from the second terminal 400 in step 815 and stores the second side unique data in a designated storage medium 820 and transmits the second side unique data to the second terminal 400 Side unique data (825). The second terminal 400 receives and outputs the registration result (830).

9 is a diagram illustrating a process of acquiring code data of an asynchronous radio signal transmitted from the signaling device 200 at the first terminal 300 according to an embodiment of the present invention.

9 is a diagram illustrating a bidirectional local area communication between the signaling device 200 and the first terminal 300 in the first terminal 300 designated for bi-directional short distance communication with the signaling device 200, And the asynchronous radio signal recognition through the signal device 200 to obtain the code data included in the asynchronous radio signal transmitted from the signal device 200 and to identify the code data as the first side code data. Those skilled in the art will be able to refer and / or modify FIG. 9 to illustrate various implementations of the first side code data acquisition process (e.g., some steps may be omitted, However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are limited only by the method shown in FIG. 9 No.

9, when the asynchronous radio signal is transmitted from the chip module 230 of the signaling device 200, the chip module 230 of the signaling device 200 receives the first to sixth code data of the present invention Code data corresponding to at least one of the examples is identified (900). Meanwhile, if the code data is confirmed, the chip module 230 of the signaling device 200 can encrypt the confirmed code data (or at least a part of the code data) using the designated key value (905).

Meanwhile, when the code data is confirmed, the chip module 230 of the signaling device 200 may include the code data according to at least one of the first to sixth asynchronous radio signal transmission embodiments of the present invention. The first terminal 300 receives the asynchronous radio signal of the signaling device 200 and recognizes the code data (step 915). The asynchronous radio signal is amplified or reduced according to a designated method, ). According to an embodiment of the present invention, the first terminal 300 can identify the code data recognized through the asynchronous radio signal with the first side code data (step 920).

Meanwhile, when bidirectional short-range communication between the chip module 230 of the signaling device 200 and the first terminal 300 is connected at the time of transmitting the asynchronous radio signal from the signaling device 200, 200 can transmit the code data (or the verification value of the code data) included in the asynchronous radio signal to the first terminal 300 through the bidirectional local area communication (925), and in this case The first terminal 300 may receive the code data (or the verification value of the code data) from the chip module 230 of the signaling device 200 through the bi-directional short distance communication (step 930). According to an embodiment of the present invention, the first terminal 300 can identify the code data received through the bidirectional local area communication with the first side code data (935).

Meanwhile, the first MS 300 may verify the code data recognized through the asynchronous radio signal through the code data (or the verification value) received through the bidirectional local area communication (step 940). If the code data is not verified, the first terminal 300 may output a code data error (945), and the process of FIG. 9 may be repeated. Meanwhile, when the code data is verified, the first terminal 300 can confirm the verified code data with the first side code data (950).

FIG. 10 is a diagram illustrating a process of transmitting first side authentication data including code data acquired by a first terminal 300 to an authentication device 500 according to an embodiment of the present invention and performing authentication.

In more detail, FIG. 10 shows the first side authentication data including the first side code data acquired by the first terminal 300 designated for bi-directional short distance communication with the signaling device 200 to the authentication device 500, If the person skilled in the art realizes the validity of the first side authentication data, it is possible to refer to and / or modify the first side authentication data, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention may be practiced otherwise than as specifically described herein, Its technical characteristics are not limited.

Referring to FIG. 10, when first terminal 300 acquires first side code data by combining one or both of bi-directional local communication with signaling device 200 and asynchronous radio signal recognition, 300 generates the first side authentication data including the first side code data and including the first side unique data corresponding to at least one of the first through fourth unique data embodiments of the present invention 1000). When the first side authentication data is generated, the first terminal 300 transmits the first side authentication data to the specified authentication device 500 (1005).

The authentication device 500 receives the first side authentication data from the first terminal 300 and maintains the first side authentication data for a designated valid time (1010). The authentication apparatus 500 determines whether the first side unique data included in the first side authentication data received from the first terminal 300 is unique data of the first terminal 300 registered through the process of FIG. (1015). If the first side unique data is not identified and authenticated, the authentication device 500 may provide an authentication error to the first terminal 300 (1045). Meanwhile, the first side unique data authentication process may be omitted according to the method.

Meanwhile, when the first side code data (or at least a part of the code data) included in the first side authentication data received from the first terminal 300 is encrypted, the authentication device 500 performs the process of FIG. 7 The decrypted first side code data is decrypted through the registered key value (1020). If the first side code data is encrypted but is not decrypted, the authentication apparatus 500 may provide an authentication error to the first terminal 300 (1045). On the other hand, if the first side code data is not encrypted, the decryption process may be omitted.

On the other hand, when the first side code data includes the disposable authentication code, the authentication device 500 confirms the disposable authentication code included in the first side code data (1025) and verifies the validity of the disposable authentication code (1030). ≪ / RTI > If the validity of the disposable authentication code is not authenticated, the authentication device 500 may provide an authentication error to the first terminal 300 (1045). On the other hand, if the first side code data does not include the disposable authentication code, the authentication process of the disposable authentication code may be omitted.

Meanwhile, when the specified authentication procedure is completed during the authentication procedure, the authentication apparatus 500 checks whether the valid time of the first side authentication data has elapsed (1035), and if the valid time has not elapsed Side authentication code and the second side code data of the second side authentication data received from the second terminal 400. [ Meanwhile, when the effective time of the first side authentication data has elapsed, the authentication device 500 may discard or disable the first side authentication data (1040).

11 is a diagram illustrating a process of acquiring code data of an asynchronous radio signal transmitted from a signaling device 200 at a second terminal 400 according to an embodiment of the present invention.

11 shows a process of recognizing an asynchronous radio signal of the signaling device 200 and confirming second side code data in the asynchronous radio signal range of the signaling device 200 at the second terminal 400 Those skilled in the art will appreciate that various modifications and variations of the method of the present invention (e.g., some steps may be omitted, or alternatively, However, the present invention is not limited to the above-described embodiments, and it is to be understood that the invention is not limited to the disclosed embodiments.

11, when the asynchronous radio signal is transmitted from the chip module 230 of the signaling device 200, the chip module 230 of the signaling device 200 receives the first to sixth code data of the present invention Code data corresponding to at least one of the examples is confirmed (1100). If the code data is confirmed, the chip module 230 of the signaling device 200 may encode the confirmed code data (or at least a part of the code data) using the designated key value (1105).

Meanwhile, when the code data is confirmed, the chip module 230 of the signaling device 200 may include the code data according to at least one of the first to sixth asynchronous radio signal transmission embodiments of the present invention. The signal strength of the asynchronous radio signal is amplified or reduced according to the designated method and transmitted (1110). The second terminal 400 receives the asynchronous radio signal of the signaling device 200 and recognizes the code data (1115), and identifies the code data recognized through the asynchronous radio signal with the second side code data (1120).

FIG. 12 is a diagram illustrating a process of transmitting second side authentication data including code data acquired by a second terminal 400 to an authentication apparatus 500 according to an embodiment of the present invention and performing authentication.

In more detail, FIG. 12 shows the second side authentication data including the second side code data acquired by the second terminal 400 within the asynchronous radio signal range of the signaling device 200 to the authentication device 500 If the person skilled in the art realizes the validity of the second side authentication data, it is possible to refer to and / or modify the second side authentication data in the second side authentication process It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it will be appreciated that the invention may be practiced otherwise than as specifically described herein, The technical characteristics thereof are not limited.

Referring to FIG. 12, when the second terminal 400 recognizes the asynchronous radio signal of the signaling device 200 and acquires the second side code data, the second terminal 400 transmits the second side code data And generates second side authentication data including the second side unique data corresponding to at least one of the first through fourth unique data embodiments of the present invention (1200). When the second side authentication data is generated, the second terminal 400 transmits the second side authentication data to the specified authentication device 500 (1205).

The authentication device 500 receives the second side authentication data from the second terminal 400 and maintains the second side authentication data for a designated valid time period (1210). The authentication apparatus 500 determines whether the second side unique data included in the second side authentication data received from the second terminal 400 is unique data of the second terminal 400 registered through the process of FIG. (1215). If the second side unique data is not identified and authenticated, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). Meanwhile, the second side unique data authentication process may be omitted according to the embodiment.

Meanwhile, when the second side code data (or at least a part of the code data) included in the second side authentication data received from the second terminal 400 is encrypted, the authentication device 500 performs the process of FIG. 7 And decrypts the encrypted second side code data through the registered key value (1220). If the second side code data is encrypted but not decrypted, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). On the other hand, if the second side code data is not encrypted, the decryption process can be omitted.

On the other hand, if the second side code data includes the disposable authentication code, the authentication device 500 confirms the disposable authentication code included in the second side code data (1225) and verifies the validity of the disposable authentication code (1230). ≪ / RTI > If the validity of the disposable authentication code is not authenticated, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). Meanwhile, if the second side code data does not include the disposable authentication code, the authentication process of the disposable authentication code may be omitted.

Meanwhile, when the designated authentication procedure is completed, the authentication apparatus 500 checks whether the valid time of the second side authentication data has elapsed (1235), and if the valid time period has not elapsed, Side authentication data with the first side code data of the first side authentication data received from the first terminal 300. [ Meanwhile, when the effective time of the second side authentication data has elapsed, the authentication device 500 may discard or disable the second side authentication data (1240).

FIG. 13 is a diagram illustrating a process of authenticating a first terminal 300 and a second terminal 400 using a signaling device 200 according to an embodiment of the present invention.

13 shows the first side code data of the first side authentication data received from the first terminal 300, which performs bi-directional short distance communication with the signaling device 200 within the time range designated by the authentication device 500, The second side code data of the second side authentication data received from the second terminal 400 that has recognized the asynchronous radio signal of the apparatus 200 is compared and authenticated and the first terminal 300 is accessed based on the comparison result A process of authenticating a second terminal 400 or authenticating a designated first terminal 300 that has accessed the second terminal 400 is disclosed in the related art. (See, for example, FIG. 13) may be referred to and / or modified to implement various methods of authenticating the first terminal 300 and the second terminal 400 using the signaling device 200 The method of implementation) It is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 13.

Referring to FIG. 13, the authentication apparatus 500 receives the first side authentication data received from the first terminal 300 through the process of FIG. 9 to the authentication apparatus 500 and authenticated through the process of FIG. 10, The first side authentication data received from the second terminal 400 through the process of FIG. 11 to the authentication device 500 and received within the designated authentication time out of the second side authentication data authenticated through the process of FIG. 12, Side authentication data (1300), and compares the first side code data of the first side authentication data received within the specified authentication time with the second side code data of the second side authentication data to authenticate whether the matching is performed (1305). For example, when the first side authentication data is received from the first terminal 300, the authentication device 500 determines that the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Side authentication data is received from the second terminal 400, the authentication device 500 determines whether or not the second-side authentication data has been received within the valid period of holding the second- The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

If the first side code data of the received first side authentication data and the second side code data of the second side authentication data are not matched with each other within the specified authentication time, Can be repeated. On the other hand, if the first side code data of the received first side authentication data and the second side code data of the second side authentication data are matched with each other in the designated authentication time, the asynchronous radio of the signal device 200 of the authentication device 500 The first terminal 300 and the second terminal 400 within the signal range are uniquely identified and authenticated, and the result information is generated (operation 1310). The authentication apparatus 500 provides the result information to the authenticated first terminal 300 in step 1315 and the first terminal 300 transmits the result information to the second terminal 400 And receives and outputs the result information (operation 1320). Meanwhile, the authentication apparatus 500 provides the result information to the authenticated second terminal 400 in step 1315, and the second terminal 400 transmits the result information to the first terminal 400 300), and outputs the received information (1325).

200: Signal device 230: Chip module
250: communication identification unit 255: communication connection unit
260: communication processing unit 265: key processing unit
270: code verification unit 275: code generation unit
280: encryption processing unit 285: signal transmission unit
290: Request confirmation unit 296: Code transmission unit
300: first terminal 400: second terminal
500: Authentication device 505: First side registration
510: second side registering unit 515: first side registering unit
520: first side authentication unit 525: second side reception unit
530: second side authentication unit 535: authentication processing unit
540: Authentication result processing unit

Claims (32)

1. A method for performing an authentication procedure using an authentication device using a signal device having a bi-directional local communication function including Wi-Fi communication and an asynchronous radio signal transmission function,
Directional short distance communication between the signaling device and the first terminal and the asynchronous radio signal recognition through the first terminal from a first terminal designated for bidirectional short distance communication with the signaling device in the vicinity of the signaling device A first step of receiving first side authentication data including first side code data obtained through the first terminal;
A second step of receiving second side authentication data including second side code data obtained by recognizing the asynchronous radio signal from N (N? 1) second terminals that have received the asynchronous radio signal of the signaling device; And
A second terminal accessing the first terminal based on the authentication result obtained by comparing the first side code data of the first side authentication data received within the designated time range with the second side code data of the second side authentication data And authenticating a designated first terminal that accesses the second terminal,
Wherein the first side authentication data and the second side authentication data are received in an arbitrary order and held for a specified effective time.
2. The apparatus of claim 1,
And a bidirectional short-range communication is performed by identifying any one of the unique first terminals.
2. The apparatus of claim 1,
Wherein the second terminal is physically separated from the first terminal that performs bi-directional short distance communication, or at least includes a circuit configuration independent of the first terminal side circuit configuration.
The method as claimed in claim 1, wherein the bidirectional short-
Wherein the signaling device and the first terminal include bidirectional short-range wireless communication based on pairing between the signaling device and the first terminal.
The method as claimed in claim 1, wherein the bidirectional short-
And a bi-directional short-range wireless communication between the signaling device and a first terminal coupled to the signaling device.
The method as claimed in claim 1, wherein the bidirectional short-
And a bi-directional cable communication based on a cable communication between the signaling device and the first terminal.
2. The method of claim 1,
And a wireless signal broadcast from the signaling device in a short distance.
2. The method of claim 1,
And the second terminal is received by the second terminal at the same time as the first terminal receives the second terminal.
The method according to claim 1,
Receiving a key value generated in the signaling device via a first terminal for bidirectional short-distance communication with the signaling device; And
And registering the received key value in a designated key storage medium (or a key management server)
Wherein the first step comprises the steps of: when the first side authentication data including the first side code data encrypted through the signal device is received, encrypting the encrypted side key data via the key value registered in the key storage medium (or the key management server) And decoding the one-side code data by using the additional signal device.
The method according to claim 1,
Receiving a key value generated in the signaling device via a first terminal for bidirectional short-distance communication with the signaling device; And
And registering the received key value in a designated key storage medium (or a key management server)
The second step may include the step of, when receiving the second side authentication data including the second side code data encrypted through the signaling device, encrypting the encrypted side key data through the key value registered in the key storage medium (or the key management server) And decoding the two-side code data by using the additional signal device.
11. The method according to claim 9 or 10,
The signaling device generates a pair of a public key and a private key corresponding to the public key infrastructure,
Wherein the received key value includes a public key generated through the signaling device.
2. The method according to claim 1,
And a unique code unique to the signaling device is included in the signaling device.
2. The method according to claim 1,
Wherein the signaling device comprises a unique code unique to the signaling device and a disposable authentication code dynamically generated in the signaling device.
2. The method according to claim 1,
And a unique code set in the signaling device through the bidirectional local area communication at the first terminal.
2. The method according to claim 1,
And a unique code set to the signaling device and a disposable authentication code provided to the signaling device through the bidirectional local area communication at the first terminal.
2. The method according to claim 1,
A unique code set in the signaling device through the bidirectional local area communication in the first terminal and a disposable authentication code provided in the signaling device in the bidirectional local area communication in the first terminal. 2 - channel authentication method using signaling device.
The method according to claim 1,
If the code data includes a dynamically generated disposable authentication code,
Wherein the first step further comprises performing a procedure for authenticating the validity of the disposable authentication code included in the first side code data,
Wherein the second step further comprises performing a procedure for authenticating the validity of the disposable authentication code included in the second side code data,
The third step includes a step of, when the validity of the disposable authentication code included in the first side code data is authenticated and the validity of the disposable authentication code included in the second side code data is authenticated, Further comprising the step of comparing the first side code data with the second side code data.
18. The method of claim 17,
A verification code generated through the same code generation algorithm and the seed value as the algorithm for generating the one-time verification code included in the first side code data is compared with the one-time verification code included in the first side code data, The method comprising the steps of: receiving a signal from a signaling device;
18. The method according to claim 17,
The verification code generated through the same code generation algorithm and the seed value as the algorithm for generating the one-time authentication code included in the second side code data is compared with the one-time authentication code included in the second side code data to authenticate the validity The method comprising the steps of: receiving a signal from a signaling device;
2. The apparatus of claim 1, wherein the first-
Wherein the second terminal includes code data obtained through bi-directional local communication between the signaling device and the first terminal in the first terminal.
2. The apparatus of claim 1, wherein the first-
Wherein the second terminal includes code data obtained by recognizing an asynchronous radio signal of the signaling device in the first terminal.
2. The apparatus of claim 1, wherein the first-
And code data obtained by verifying the code data obtained through the asynchronous radio signal of the signaling device using the code data obtained through bidirectional local communication between the signaling device and the first terminal at the first terminal. A two-channel authentication method using a separate signaling device.
2. The authentication system according to claim 1,
Wherein the first side code data obtained through the first terminal and the first side unique data unique to the first terminal are included.
24. The method according to claim 1 or 23,
Wherein the second signal is automatically discarded or deactivated when a specified effective time elapses.
2. The authentication system according to claim 1, wherein the second-
Wherein the second side code data obtained through the second terminal and the second side unique data set for the second terminal are different from each other.
The authentication method according to claim 1 or 25,
Wherein the second signal is automatically discarded or deactivated when a specified effective time elapses.
The authentication method according to claim 1 or 25,
Wherein the second terminal receives the asynchronous radio signal of the signaling device at the second terminal and repeatedly receives the asynchronous radio signal from the second terminal every time the second terminal code recognizes the second side code data.
The authentication method according to claim 1 or 25,
Receiving an asynchronous radio signal of the signaling device at the second terminal, recognizing the second side code data, and thereafter repeating or receiving the second side code data from the second terminal if there is a changed value of the recognized second side code data And a second channel authentication method using a separate signal device.
The authentication method according to claim 1 or 25,
Wherein the second terminal receives the asynchronous radio signal of the signaling device from the second terminal when the received strength is equal to or greater than a predetermined reference strength.
2. The apparatus of claim 1,
Wherein the signal strength of the asynchronous radio signal is amplified to a specified amplification amount or more and then transmitted.
2. The apparatus of claim 1,
Wherein the signal strength of the asynchronous radio signal is reduced to a specified amount or less at a specified signal strength and transmitted.
The method according to claim 1,
When providing a designated service based on a result of authenticating a second terminal accessing the first terminal or authenticating a designated first terminal accessing the second terminal, the valid time does not elapse before completion of the service Or reads the second side code data of the second side authentication data received from the second terminal to check whether the first terminal and the second terminal maintain the access state and processes the service so that the service is completed Further comprising the step of determining whether the two-channel authentication method is used.

Images