KR20180056493A - Method for Providing Two Channel Certification by using a Black Box Device - Google Patents

Abstract

The present invention relates to a two-channel authentication method using a black box apparatus. According to the present invention, the two-channel authentication method is executed by an authentication apparatus which executes an authentication procedure by using the black box apparatus with multiple functions including bidirectional short-range communication functions and one-way wireless signal transmission functions. The two-channel authentication method includes: a first step of receiving first side authentication data including first side code data obtained through a first terminal, which is designated to communicate with the black box apparatus in a bidirectional short-range communication manner within a short range from the black box apparatus, by combining one or both of the bidirectional short-range communication between the first terminal and the black box apparatus and the one-way wireless signal recognition through the first terminal from the first terminal; a second step of receiving second side authentication data including second side code data obtained by recognizing the one-way wireless signals from second terminals in the number of N receiving the one-way wireless signals of the black box apparatus whereas N is a number equal to one or greater; and a third step of authenticating the designated first terminal approaching the second terminal or authenticating the second terminals approaching the first terminal based on an authentication result generated by comparing the second code data of the side authentication data and the first side code data of the first side authentication data received within a designated time range. The first and second side authentication data can be received in a random sequence to maintain the designated valid time.

Description

[0001] The present invention relates to a two-channel authentication method using a black box device,

The present invention automatically identifies a first terminal that performs bi-directional short distance communication with the black box device using a black box device having a bidirectional local communication function and a unidirectional radio signal transmission function, and transmits the unidirectional wireless signal of the black box device Identifies and authenticates a second terminal that recognizes the same radio signal as the unidirectional radio signal recognized by the first terminal among the recognizable N (N? 1) second terminals.

A method of authenticating whether two physically separated terminals have approached each other as far as possible is largely classified into a method using a location, a method using a sensor built in each terminal, and a method using a communication function provided in each terminal.

However, the method of authenticating whether each of the two terminals has accessed each other as much as possible by using the location has a problem of having a privacy invasion and providing an unspecified object because it has to transmit its position to the other party.

Meanwhile, a method of authenticating whether each of the two terminals has accessed as much as possible by using a sensor built in each terminal includes a technique of analyzing a sensed value through a sensor provided in each terminal and identifying two terminals in contact with each other , Hucker (Hoccer) and Phrizbe (brisk action recognizing apps, etc.)) are basically based on location information, so there is a possibility of invasion of privacy, And it is inconvenient to use because it must be sensed.

A method of authenticating whether two terminals are approachable to each other by using a communication function provided in each terminal is as follows. For example, the NFC function provided in each terminal is activated, one terminal activates the reader function and the other terminal activates the tag function As a technology to contact by activation, it has a problem that it is inconvenient to use because it has to operate a communication function through a complicated procedure.

SUMMARY OF THE INVENTION An object of the present invention to solve the above problems is to set a black box device having a bidirectional local area communication function and a unidirectional radio signal transmission function to perform bidirectional local area communication with any one unique first terminal, Wherein when the unidirectional radio signal is transmitted from the black box device, the unidirectional radio signal of the black box device is automatically recognized and the first unidirectional communication device that performs bi-directional short distance communication with the black box device is automatically identified, (N > = 1) second terminals recognizing the same radio signal as the unidirectional radio signal recognized by the first terminal, thereby authenticating and authenticating the second terminal, And a two-channel authentication method using a black box device for automatically identifying and authenticating one or two terminals.

A two-channel authentication method using a black box device according to the present invention is implemented by an authentication device for performing an authentication process using a black box device having a bidirectional local communication function and a unidirectional radio signal transmission function, Directional local communication between the black box device and the first terminal and the unidirectional radio signal recognition through the first terminal from a first terminal designated for bidirectional short distance communication with the black box device in the vicinity of the black box device, A first step of receiving first side authentication data including first side code data obtained through a first terminal and a first side authentication data including N (N > = 1) A second step of receiving second side authentication data including second side code data obtained by recognizing the unidirectional radio signal from a second terminal A second terminal that accesses the first terminal based on the authentication result obtained by comparing the first side code data of the first side authentication data received within the designated time range with the second side code data of the second side authentication data, And a third step of authenticating a designated first terminal that has accessed the second terminal, wherein the first side authentication data and the second side authentication data are received in an arbitrary order and held for a specified effective time .

According to the present invention, the black box device identifies any one of the unique first terminals and can perform bi-directional short distance communication. Meanwhile, the black box device may be physically separated from the first terminal for bi-directional short distance communication, or may include at least a circuit configuration independent of the first terminal side circuit configuration.

According to the present invention, the bi-directional short-range communication may include a pairing-based two-way short-range wireless communication between the black box device and the first terminal. Meanwhile, the bi-directional short-range communication may include bidirectional short-range wireless communication with the first terminal coupled to the black box device. Meanwhile, the bidirectional local area communication may include bidirectional cable communication based on the black box device and the first terminal cable communication.

According to the present invention, the unidirectional radio signal may include a radio signal broadcasted from the black box device in a short distance. Meanwhile, the unidirectional radio signal may be received by the first terminal and simultaneously received by the second terminal.

According to the present invention, the two-channel authentication method using the black box device comprises the steps of: receiving a key value generated in the black box device via a first terminal for bi-directional short distance communication with the black box device; (Or a key management server), wherein the first step includes receiving the first side authentication data including the first side code data encrypted through the black box device And decrypting the encrypted first side code data through a key value registered in the key storage medium (or the key management server).

According to the present invention, the two-channel authentication method using the black box device comprises the steps of: receiving a key value generated in the black box device via a first terminal for bi-directional short distance communication with the black box device; (Or a key management server), and the second step is a step of, when receiving the second side authentication data including the second side code data encrypted through the black box device And decrypting the encrypted second side code data through the key value registered in the key storage medium (or the key management server).

According to the present invention, the black box device generates a pair of a public key and a private key corresponding to a public key infrastructure, and the received key value may include a public key generated through the black box device.

According to the present invention, the code data may include a unique code unique to the black box device. The code data may include a unique code unique to the black box device and a disposable authentication code dynamically generated in the black box device. Meanwhile, the code data may include a unique code set in the black box device through the bidirectional local area communication at the first terminal. Meanwhile, the code data may include a unique code unique to the black box device and a disposable authentication code provided to the black box device through the bidirectional local area communication at the first terminal. Meanwhile, the code data may include a unique code set in the black box device through the bidirectional local area communication in the first terminal and a disposable authentication code provided in the black box device through the bidirectional local area communication from the first terminal .

According to the present invention, when the code data includes a dynamically generated disposable authentication code, the first step further includes performing a procedure for authenticating the validity of the disposable authentication code included in the first side code data And the second step further comprises performing a procedure for authenticating the validity of the disposable authentication code included in the second side code data, wherein the third step is a step of authenticating the disposable authentication code included in the first side code data When the validity of the code is authenticated and the validity of the disposable authentication code included in the second side code data is authenticated, comparing the first side code data including the authenticated one-time authentication code with the second side code data .

According to the present invention, the first side code data may include code data obtained by bidirectional short distance communication between the black box device and the first terminal at the first terminal. Meanwhile, the first side code data may include code data obtained by recognizing the unidirectional radio signal of the black box device at the first terminal. Meanwhile, the first side code data may be used to verify the code data obtained through the unidirectional radio signal of the black box device using the code data obtained through bidirectional short distance communication between the black box device and the first terminal at the first terminal And may include one code data.

According to the present invention, the first side authentication data may include first side code data obtained through the first terminal and first side unique data set unique to the first terminal. The first side authentication data may be automatically discarded or deactivated when a specified valid time has elapsed.

According to the present invention, the second side authentication data may include second side code data acquired through the second terminal and second side proprietary data peculiar to the second terminal. On the other hand, the second side authentication data may be automatically discarded or deactivated when the designated valid time has elapsed. Meanwhile, the second side authentication data may be repeatedly received from the second terminal whenever the second terminal receives the unidirectional radio signal of the black box device and recognizes the second side code data. On the other hand, the second side authentication data is generated by receiving the unidirectional radio signal of the black box device from the second terminal and recognizing the second side code data, and if there is a changed value of the recognized second side code data And may be repeatedly or additionally received from the second terminal. Meanwhile, the second side authentication data may be received from the second terminal when the received strength of the unidirectional radio signal of the black box device at the second terminal is equal to or greater than a predetermined reference strength.

According to the present invention, the black box device can amplify the signal intensity of the unidirectional radio signal to a predetermined amplification amount or more and transmit the signal intensity. On the other hand, the black box device can reduce the signal strength of the unidirectional radio signal to a specified amount or less from the designated signal strength.

According to the present invention, the two-channel authentication method using the black box device may further include a step of authenticating a second terminal accessing the first terminal or a result of authenticating a first terminal that has accessed the second terminal Side mobile station, the method comprising the steps of: confirming whether the valid time has not elapsed before completion of the service, reading the second side code data of the second side authentication data received from the second terminal, 2 terminal to maintain the access state and process the service to be completed.

According to the present invention, it is possible to automatically identify and authenticate two terminals that are approachable to each other by using a black box device having a bidirectional local communication function and a unidirectional radio signal transmission function, thereby preventing privacy invasion, There is an advantage in that the two terminals that have approached to the extent that they can be automatically faced without any operation are automatically identified and authenticated.

According to the present invention, there is an advantage of controlling the signal strength of the unidirectional radio signal transmitted from the black box device and freely controlling the distance for authenticating that the two terminals can face each other according to the situation.

1 is a conceptual diagram of a configuration for automatically identifying and authenticating a first terminal and a second terminal using a black box device according to an embodiment of the present invention.
2 is a diagram showing a functional configuration of a black box device according to an embodiment of the present invention.
3 is a diagram illustrating a functional configuration of a first terminal according to an embodiment of the present invention.
4 is a diagram illustrating a functional configuration of a second terminal according to an embodiment of the present invention.
5 is a diagram showing a functional configuration of an authentication apparatus according to an embodiment of the present invention.
6 is a diagram illustrating an initial setting process of a black box device according to an embodiment of the present invention.
7 is a diagram illustrating a process of registering a first terminal and a black box device in an authentication apparatus according to an embodiment of the present invention.
8 is a diagram illustrating a process of registering a second terminal in an authentication apparatus according to an embodiment of the present invention.
9 is a diagram illustrating a process of acquiring code data of a unidirectional radio signal transmitted from a black box device at a first terminal according to an embodiment of the present invention.
10 is a diagram illustrating a process of transmitting first side authentication data including code data acquired from a first terminal to an authentication apparatus and authenticating according to an embodiment of the present invention.
11 is a diagram illustrating a process of acquiring code data of a unidirectional radio signal transmitted from a black box device at a second terminal according to an embodiment of the present invention.
FIG. 12 is a diagram illustrating a process of transmitting second side authentication data including code data acquired from a second terminal to an authentication apparatus and authenticating according to an embodiment of the present invention.
13 is a diagram illustrating a process of authenticating a first terminal and a second terminal using a black box device according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In other words, the following embodiments correspond to the preferred embodiment of the preferred embodiment of the present invention. In the following embodiments, a specific configuration (or step) is omitted, or a specific configuration (or step) (Or steps), or an embodiment that incorporates functions implemented in more than one configuration (or step) into any one configuration (or step), a particular configuration (or step) It will be apparent that the present invention is not limited to the embodiments described below. In the following embodiments, a specific configuration unit implemented on the server side is implemented on the terminal side and reference is made on the server side, or conversely, in the following embodiments, a specific configuration unit implemented on the terminal side is implemented on the server side, And all of the embodiments utilizing the same are also included in the scope of the present invention. Therefore, it should be clearly stated that various embodiments corresponding to subsets or combinations based on the following embodiments can be subdivided based on the filing date of the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a conceptual diagram of a configuration for automatically identifying and authenticating a first terminal 300 and a second terminal 400 using a black box device 200 according to an embodiment of the present invention.

In more detail, FIG. 1 illustrates a first terminal 300 that performs bi-directional short distance communication with the black box device 200 using a black box device 200 having a bidirectional local communication function and a unidirectional radio signal transmission function. And transmits the same radio signal as the unidirectional radio signal recognized by the first terminal 300 among N (N? 1) second terminals 400 capable of recognizing the unidirectional radio signal of the black box apparatus 200 1 is a block diagram illustrating a black box device 200 according to an exemplary embodiment of the present invention. Referring to FIG. 1, (For example, some of the components may be omitted, or the subdivided or combined method of performing the automatic identification authentication of the first terminal 300 and the second terminal 400) may be inferred through the present invention Quot; The present invention is not limited to the technical features of the present invention.

The system of the present invention includes a black box device 200 having a bidirectional local area communication function and a unidirectional radio signal transmission function, and a black box device 200 capable of recognizing a unidirectional radio signal of the black box device 200, (N > = 1) capable of recognizing the unidirectional radio signal of the black box device (200) in a bidirectional short distance communication with the black box device (200) And a first terminal 300 capable of communicating with the first terminal 300 to the second terminal 400 and performing bidirectional short distance communication with the black box device 200, A second terminal 400 that recognizes the same radio signal as the unidirectional radio signal recognized by the first terminal 300 among the N second terminals 400 capable of recognizing the unidirectional radio signal of the black box device 200, And an authentication device 500 for identifying and authenticating the authentication device 500. [ . Hereinafter, the configuration related to the first terminal 300 and the configuration related to the first terminal 300 will be described with reference to the configuration related to the first terminal 300 and the configuration related to the second terminal 400, , And the technical features of the present invention will be described by naming the prefix "second side" with respect to the configuration related to the second terminal 400.

The black box device 200 is a collective term of a bidirectional local communication function for bidirectional data communication in a short distance and a unidirectional radio signal transmission function for broadcasting a wireless signal in a short distance, Directional short-range communication with the base station 300. For example, it is preferable that the black box device 200 is configured to perform bi-directional short distance communication with any one of the first terminals 300 even if there are a plurality of devices capable of bi-directional short distance communication. In the present invention, the black box device 200 and the first terminal 300 form one pair of bidirectional short distance communication.

The black box device 200 may be physically separated from the first terminal 300 for bidirectional short distance communication or may be implemented in the housing of the first terminal 300 even if the black box device 200 is implemented in the housing of the first terminal 300. [ 1 terminal 300 side circuit configuration and the circuit configuration independent of the one terminal 300 side circuit configuration. Hereinafter, the features of the present invention will be described focusing on an embodiment in which the black box device 200 and the first terminal 300 are physically separated.

According to the first bidirectional local area communication of the present invention, the bidirectional local area communication is performed between the black box device 200 and the first terminal 300 by bidirectional short-range wireless communication . ≪ / RTI > For example, the bidirectional local area communication may include pairing-based Bluetooth communication. Meanwhile, according to an embodiment of the present invention, the black box device 200 may transmit a radio frequency signal for the bi-directional short-range wireless communication to control the distance for processing the pairing- May be reduced below a specified amount of reduction in a specified signal strength (e.g., signal strength in the specification), or vice versa. For example, if the radio frequency reaching range of the designated signal strength of the pairing-based bidirectional local area wireless communication is 30 m to 100 m, the black box device 200 may transmit the radio frequency reaching range of about 1 m to 2 m The radio frequency signal strength for short-range wireless communication can be reduced. This signal strength control may be set in the black box device 200 with a pre-computed design signal strength, or may be set via the first terminal 300 based on two-way local communication with the first terminal 300 Can be set by control data.

According to the second bidirectional local area communication method of the present invention, the bidirectional local area communication may include bidirectional short range wireless communication with the black box device 200 and the first terminal 300 coupled to the black box device 200. For example, information for forming a mapping relationship between the black box device 200 and the first terminal 300 is registered in a designated server (for example, the authentication device 500), and the black box device 200 Directional short distance communication between the first terminal 300 and the first terminal 300 after authentication through the server. The first terminal 300 stores information for identifying and authenticating the first terminal 300 to the black box device 200 and then transmits the identification information to the black box device 200 when the two- The mobile terminal 200 can identify and authenticate the first terminal 300 to connect the two-way LAN. The first terminal 300 stores information for identifying and authenticating the black box device 200 and transmits the identification information to the first terminal 300 when the black box device 200 and the first terminal 300 establish a two- (300) to identify and authenticate the black box device (200) to connect the bi-directional local area communication. Or when the first terminal 300 and the first terminal 300 are connected to each other in the bidirectional local area communication between the black box device 200 and the black box device 200, The first terminal 300 identifies and authenticates the black box device 200 and the black box device 200 identifies and authenticates the first terminal 300 to connect the two-way LAN. Meanwhile, the radio frequency signal intensity of the black box device 200 may be controlled for coupling between the black box device 200 and the first terminal 300.

According to the third bidirectional local area communication method of the present invention, the bidirectional local area communication may include a bidirectional cable communication based on a cable communication between the black box device 200 and the first terminal 300. For example, the black box device 200 and the first terminal 300 can perform cable-based bidirectional cable communication by connecting cables.

According to a fourth bidirectional local area communication embodiment of the present invention, the bidirectional local area communication may include at least a combination of at least two of the first to third bidirectional local area communication embodiments, The present invention is not limited thereto. According to the embodiment of the present invention, bidirectional short-range communication corresponding to at least one of the first to fourth bidirectional short-range communication embodiments is performed based on the end-to-end encryption / decryption between the black box device 200 and the first terminal 300 And may include end-to-end encryption decryption based secure communication between the black box device 200 and the authentication device 500 using the first terminal 300 as a communication node according to an implementation method.

The black box device 200 further includes a unidirectional radio signal transmitting function for broadcasting a radio signal designated at a short distance in addition to bidirectional short distance communication with the first terminal 300. The unidirectional radio signal includes a radio signal broadcasted from the black box device 200 in a short distance. For example, the unidirectional wireless signal may include beacon signals after Bluetooth 4.0 broadcast without additional pairing. However, the unidirectional radio signal is not limited to the Bluetooth-based beacon signal. If the unidirectional radio signal is a broadcast signal which can be simultaneously received and recognized by the first terminal 300 to the N second terminals 400, I clarify it clearly.

According to the embodiment of the present invention, the black box device 200 amplifies and outputs the signal strength of the unidirectional radio signal to a specified amplification amount or more at a specified signal strength (for example, the signal strength of a specific mode defined in the standard) can do. For example, when the black box device 200 is implemented as an inter-vehicle device, the unidirectional radio signal transmitted from the black box device 200 may be transmitted to the vehicle body of the vehicle, It may be difficult to reach a specified distance outside the vehicle by the attached film material or the like. In this case, the black box device 200 can control to reach a specified distance outside the vehicle (for example, 30 meters outside the vehicle) by amplifying the signal strength of the unidirectional radio signal. When amplifying the signal strength of the unidirectional radio signal, the black box device 200 can amplify the signal strength of the unidirectional radio signal using the vehicle power source. If the signal intensity of the unidirectional radio signal is amplified by using a charging power source such as a battery, the black box device 200 may perform an input operation to the black box device 200 or a first terminal to which the bidirectional short- The signal intensity of the unidirectional radio signal can be amplified for a predetermined time according to the input operation through the antenna 300.

Alternatively, the black box device 200 may control the signal strength of the unidirectional radio signal to be reduced to a specified amount or less from the designated signal intensity, and to be transmitted. For example, the first terminal 300 may be implemented by a user of the first terminal 300 carrying the black box device 200 (for example, a card type, a wrist watch type, And the second terminal 400 is within a range of 1 m to 2 m, the black box device 200 transmits the signal of the unidirectional radio signal It is possible to control the intensity to reach 1 m (maximum 2 m).

The black box device 200 can transmit designated code data via the unidirectional radio signal in a short distance. The code data includes a unique code having a unique value, and a disposable authentication code generated by substituting one or more seeds including a seed value specified in a code generation algorithm (for example, a hash algorithm or the like) .

According to the first code data embodiment of the present invention, the code data may include a unique code (e.g., an ID set in the black box device 200) unique to the black box device 200.

According to the second code data embodiment of the present invention, the code data may include a unique code unique to the black box device 200 and a disposable authentication code dynamically generated in the black box device 200. To this end, the black box device 200 stores a code generation algorithm for dynamically generating the disposable authentication code in addition to the unique code, and at least one seed value to be applied to the code generation algorithm may be stored according to the method . On the other hand, according to the method, at least one seed value can be provided from the first terminal 300 through the bi-directional local area communication. The black box device 200 may apply one or more fixed seed values and at least one dynamic seed value (e.g., time or challenge) to the code generation algorithm to dynamically generate a one-time authorization code.

According to the third code data embodiment of the present invention, the code data may include a unique code set in the black box device 200 through bidirectional local area communication at the designated first terminal 300. In this case, the code data may include the unique code set by the first terminal 300 instead of the unique code unique to the black box device 200 according to the first code data embodiment, 200 may be included in the code data at the same time as the unique code set by the first terminal 300. [

According to the fourth code data embodiment of the present invention, the code data is transmitted to the black box device 200 through the bi-directional short distance communication from the designated first terminal 300 with a unique code unique to the black box device 200 And may include the provided disposable authentication code. In this case, the one-time authentication code provided from the first terminal 300 to the black box device 200 may include a disposable authentication code generated dynamically by the first terminal 300, And at least one of the one-time authentication codes dynamically generated via the authentication server 500 (or a separate designated server).

According to the fifth code data embodiment of the present invention, the code data is transmitted from the first terminal 300 to the first terminal 300 through the bidirectional local area communication with the unique code set in the black box device 200 And a disposable authentication code provided to the black box device 200 through the bidirectional local area communication.

According to the sixth code data embodiment of the present invention, the code data may be at least partially combined with at least two of the first to fifth code data embodiments, and thus the present invention is not limited thereto . According to an embodiment of the present invention, code data corresponding to at least one of the first to sixth code data embodiments (e.g., at least one of a unique code and a disposable authentication code) The second terminal 400 may be decrypted only through the first terminal 300, the second terminal 400 specified among the N second terminals 400, and then transmitted through the unidirectional wireless signal.

According to an embodiment of the present invention, the black box device 200 may perform a procedure of generating a key value for encryption of the code data and exchanging the designated key value with a designated target, It can be used for encryption / decryption of communication.

According to an embodiment of the present invention, the black box device 200 generates one or more key values according to a designated key generation algorithm, and transmits at least one key value of the generated key values to the first terminal 300 The first terminal 300 stores the key value in a designated storage area of the first terminal 300 and uses the key value as a decryption key for data encrypted in the black box device 200, To the designated authentication device 500 (or the key management server) so as to be used as a decryption key for the data encrypted in the black box device 200. For example, the black box device 200 generates a key pair of a private key and a public key according to a key generation algorithm of a public key infrastructure (for example, an Elliptic Curve Cryptosystem (ECC) algorithm or an RSA algorithm) The first terminal 300 may provide the public key of the generated key pair to the first terminal 300 via the bidirectional local area communication and the first terminal 300 stores the public key in the designated storage area of the first terminal 300 Is used as a decryption key for data encrypted in the black box device 200 or transmitted to a specified authentication device 500 (or a key management server) and used as a decryption key for data encrypted in the black box device 200 Can be processed. According to the embodiment of the present invention, when generating the key pair of the public key infrastructure in the black box device 200, it is preferable to generate the key pair based on the ECC algorithm capable of being encrypted through the low-speed processor. Meanwhile, the black box device 200 can generate a key value of a symmetric key method according to an embodiment of the present invention, and thus the present invention is not limited thereto. Since the key value to be used for encryption / decryption is generated in the black box device 200, at least the key value used for encryption of the black box device 200 is not exposed.

The first terminal 300 is a collective name of a terminal that is capable of receiving a unidirectional radio signal of the black box device 200 and performs bidirectional short distance communication with the black box device 200, Directional short-range communication with the black box device 200 according to at least one of the two-way short-range communication embodiments. The first terminal 300 may include a wireless terminal (for example, a mobile phone, a smart phone, a tablet PC, etc.) possessed (or portable) by a user who owns the black box device 200, The first terminal 300 and the black box device 200 may move together to access the second terminal 400. [ The first terminal 300 is not limited to a wireless terminal but may be a wired terminal (for example, a personal computer or the like) that owns the black box device 200 or a black box device (E.g., CAT, POS, computer, smart phone, tablet PC, etc.) of one offline merchant. In this case, the second terminal 400 may move and access the first terminal 300 . That is, the present invention is not limited by the type of terminal.

According to an embodiment of the present invention, the first terminal 300 is bidirectional short-range communication with the black box device 200 and includes an application type program 325 for communicating with the specified authentication device 500 via a designated communication path, And the program 325 can recognize the unidirectional radio signal of the black box device 200 according to the method of operation. In the present invention, the description of the first terminal 300 as a main body is implemented through the program 325 installed and operated in the first terminal 300 without any other instruction.

The first terminal 300 may combine either one or both of bidirectional short distance communication with the black box device 200 and unidirectional radio signal recognition transmitted from the black box device 200 to the black box device 200 And acquires first side code data corresponding to code data to be transmitted through the unidirectional radio signal.

According to the first code data acquisition embodiment of the present invention, the first terminal 300 transmits the unicast signal through the unidirectional wireless signal from the black box apparatus 200 through bidirectional short-range communication with the black box apparatus 200 By receiving the code data, the first side code data corresponding to the code data to be transmitted through the unidirectional radio signal in the black box device 200 can be obtained.

According to the second code data acquisition embodiment of the present invention, the first terminal 300 receives the unidirectional radio signal transmitted from the black box device 200. And reads the received unidirectional radio signal to identify the code data contained in the unidirectional radio signal, thereby obtaining the first side code data corresponding to the code data to be transmitted through the unidirectional radio signal in the black box device 200 .

According to the third code data acquisition embodiment of the present invention, the first terminal 300 transmits the one-way radio signal from the black box device 200 through bidirectional short-range communication with the black box device 200 Receives the code data (or code of at least a part of the code data), receives and reads the unidirectional radio signal transmitted from the black box device 200, recognizes the code data contained in the unidirectional radio signal, (Or at least a part of the code data) received through communication with the code data recognized through the unidirectional radio signal to determine whether or not the code data matches the code data, And can obtain the first side code data.

According to the fourth code data acquisition embodiment of the present invention, the first terminal 300 transmits the unicast signal through the unidirectional wireless signal from the black box apparatus 200 through bidirectional short-range communication with the black box apparatus 200 Receives the verification value for verifying the code data, receives the unidirectional radio signal transmitted from the black box device (200) and recognizes the code data included in the unidirectional radio signal, And verifying the code data recognized through the unidirectional radio signal through the verification value, if the code data is verified, to obtain the verified code data as the first side code data.

According to the fifth code data acquisition embodiment of the present invention, the first terminal 300 acquires the first side code data by at least partially combining at least two of the first through fourth code data acquisition embodiments The present invention is not limited thereto.

The first terminal 300 transmits the first side authentication data including the first side code data obtained according to the first to fifth embodiments to the specified authentication apparatus 500. [ According to an embodiment of the present invention, the first MS 300 transmits first side authentication data including the obtained first side code data and first side unique data set unique to the first MS 300, To the authentication device 500. Preferably, the first side unique data is used as an identification means for identifying an authentication object, and the first side code data is used as an authentication means for authenticating the identification means. The authentication device 500 maintains the received first side authentication data for a specified effective time (e.g., 5 seconds, 10 seconds, etc.), and automatically updates the first side authentication data when the valid time elapses Discarded or deactivated. The authentication according to the present invention can be effectively handled during the valid time period in which the first side authentication data is held in the authentication device 500. [ Meanwhile, the first terminal 300 may repeatedly acquire the first side code data periodically and repeatedly transmit the first side code data to the authentication device 500 according to an embodiment of the present invention, It is possible to transmit the changed first side code data to the authentication device 500 by confirming that some (e.g., one-time authentication code or the like) is changed.

The second terminal 400 is a collective term of a terminal capable of receiving a unidirectional radio signal of the black box device 200 and does not perform bi-directional short distance communication with the black box device 200. The second terminal 400 may include a wireless terminal (e.g., a mobile phone, a smart phone, a tablet PC, etc.) possessed (or portable) by a user who owns the black box device 200, The second terminal 400 may move to access the black box device 200 and the first terminal 300. The second terminal 400 is not limited to a wireless terminal but may be a wired terminal (for example, a personal computer or the like) that owns the black box device 200 or the black box device 200 (E.g., CAT, POS, computer, smart phone, tablet PC, etc.) of an offline merchant. In this case, a couple of the black box device 200 and the first terminal 300 may move The second terminal 400 can be accessed. That is, the present invention is not limited by the type of terminal.

According to an embodiment of the present invention, the second terminal 400 receives and recognizes a unidirectional wireless signal of the black box device 200 and receives an application-type communication signal for communicating with the specified authentication device 500 through a designated communication path Program 425 is installed and operated. The description of the second terminal 400 as a main body is implemented through the program 425 installed and operated in the second terminal 400 without any other instruction.

The black box device 200 and the first terminal 300 may move to access the second terminal 400 and / or the second terminal 400 may move to the black box device 200 When the second terminal 400 can receive a unidirectional radio signal transmitted from the black box apparatus 200 by accessing a couple of the first terminal 300, Side code data corresponding to the code data to be transmitted through the unidirectional radio signal is acquired from the first side code data.

The second terminal 400 transmits the second side authentication data including the obtained second side code data to the specified authentication apparatus 500. According to an embodiment of the present invention, the second terminal 400 includes the second side authentication data including the obtained second side code data and including the second side unique data set unique to the second terminal 400, To the authentication device 500. Preferably, the second side unique data is used as an identification means for identifying an authentication object, and the second side code data is used as an authentication means for authenticating the identification means. The authentication device 500 maintains the received second side authentication data for a specified effective time (e.g., 5 seconds, 10 seconds, etc.), and automatically transmits the second side authentication data when the valid time elapses Discarded or deactivated. The authentication according to the present invention can be effectively handled during the valid time period in which the second side authentication data is held in the authentication device 500. [ Meanwhile, the second terminal 400 periodically repeats the acquisition of the second side code data and repeatedly transmits the second side code data to the authentication device 500 according to an embodiment of the present invention, It is possible to transmit the changed second side code data to the authentication device 500 by confirming that a part (for example, one-time authentication code or the like) is changed.

The authentication device 500 is capable of communicating with the first terminal 300 to the second terminal 400 and includes first side authentication data including first side code data acquired by the first terminal 300 And receives the second side authentication data including the second side code data acquired by the second terminal (400). The first side authentication data and the second side authentication data are arbitrarily received irrespective of the order, and the authentication device 500 maintains the received first side authentication data and the second side authentication data respectively for the specified valid time .

According to the method of the present invention, when the code data (or at least a part of the code data) is encrypted through the black box device 200, the authentication device 500 transmits the encrypted code data At least a part of the code data).

If the code data includes the dynamically generated disposable authentication code, the authentication device 500 authenticates the validity of the disposable authentication code included in the first side code data received from the first terminal 300 And / or to authenticate the validity of the disposable authentication code included in the second side code data received from the second terminal 400. [0064] The authentication procedure of the disposable authentication code may be performed by the authentication device 500 or may be performed through a separate code authentication server (not shown). According to the method of the present invention, when the code data includes the generated one-time authentication code, when the validity of the disposable authentication code included in each code data is authenticated, The first side code data of the first side authentication data received from the second terminal 300 and the second side code data of the second side authentication data received from the second terminal 400 are compared and authenticated.

The authentication apparatus 500 is configured to receive the first side authentication data received from the first terminal 300 and the second side authentication data received from the second terminal 400, 1-side code data and the second side code data of the second side authentication data. For example, when the first side authentication data is received from the first terminal 300, the authentication device 500 determines that the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Side authentication data is received from the second terminal 400, the authentication device 500 determines whether or not the second-side authentication data has been received within the valid period of holding the second- The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

Meanwhile, the first terminal 300 is limited to a terminal that performs bi-directional short distance communication with the black box device 200, but the second terminal 400 may be plural. Accordingly, the present invention controls the signal strength of the unidirectional radio signal transmitted through the black box device 200 to specify one of the plurality of second terminals 400, so that the black box device 200 and the first The second terminal 400 closest to the couple of the terminals 300 can be identified. Alternatively, when transmitting the second side authentication data from the second terminal 400, the second side authentication data may include information capable of discriminating the signal strength of the unidirectional radio signal from the second side authentication data, The signal intensity of the unidirectional radio signal may be read and a second terminal 400 transmitting the second side authentication data including the largest signal strength may be specified. Alternatively, the second terminal 400 may receive the unidirectional radio signal of the black box device 200, and may perform a designated input operation from the second terminal 400 to be included in the authentication target among the second terminal 400, By including information corresponding to the input operation, one second terminal 400 that has undergone the input operation designated by the authentication apparatus 500 can be specified.

According to an embodiment of the present invention, the authentication apparatus 500 may be configured to transmit the first side code data of the first side authentication data received from the first terminal 300, which performs bidirectional short distance communication with the black box device 200, Side authentication data based on the authentication result obtained by comparing the first side code data and the second side code data with the second side code data received from the second terminal 400, The first terminal 300 accessing the first terminal 300 may be authenticated or the first terminal 300 accessed by the second terminal 400 may be authenticated. The authentication apparatus 500 may transmit information obtained by authenticating the access of the first terminal 300 and the second terminal 400 to the first terminal 300 and the second terminal 400, respectively.

2 is a functional block diagram of a black box device 200 according to an embodiment of the present invention.

2 shows a configuration of a black box device 200 having a bidirectional local area communication function and a unidirectional radio signal transmission function, and the present invention is not limited to the above embodiments. Referring to and / or modified with respect to FIG. 2, various implementations of the configuration of the black box device 200 may be inferred (e.g., some configuration portions omitted, or subdivided, or combined) All of the above-described embodiments are included, and the technical features thereof are not limited only by the method shown in FIG.

The black box device 200 of the present invention includes a bidirectional local area communication function and a unidirectional radio signal transmission function. The black box device 200 can be manufactured by incorporating a chip module 230 therein. However, the black box device 200 is not limited to the chip module 230. Hereinafter, the features of the present invention will be described with reference to an embodiment in which a functional structure implemented in the black box device 200 is implemented through the chip module 230 for authentication of the present invention.

According to the embodiment of the present invention, the black box device 200 includes a terminal for receiving external power in addition to the chip module 230, a power supply unit 205 for receiving external power through the terminal, A power charger 215 for charging the vehicle power source, a black box function unit 220 for implementing a black box function, a power supply unit 220 for charging the chip module 230, An operation unit 225 for input operation of the local area communication, and a connector unit (not shown) for local area cable communication during the bi-directional local area communication. For example, the power supply unit 205 of the black box apparatus 200 receives a vehicle power (for example, 12V DC power) applied from the vehicle using terminals, The power charging unit 215 converts the power supplied to the black box function unit 220 and / or the power supplied to the chip module 230 into the operation power of the black box function unit 220 and / The power conversion unit 210 can charge the converted power. In this case, the chip module 230 of the black box device 200 may be operated through the vehicle power supplied through the power supply unit 205 according to the supply of the vehicle power, or may be operated through the power supply unit 205, Lt; / RTI > On the other hand, when the chip module 230 is operated by receiving power from the vehicle, the chip module 230 can amplify the unidirectional radio signal using the vehicle power source (for example, amplify the signal with the maximum signal strength) and transmit it. For example, the chip module 230 of the black box device 200 can amplify and transmit the unidirectional radio signal to a designated signal intensity using vehicle power supplied from the vehicle mounted on the vehicle, It is possible to overcome the signal interference caused by the metallic material of the vehicle body or the glass material of the window (in particular, the glass material provided with the ultraviolet ray shielding film) so that the unidirectional radio signal reaches the specified short distance outside the vehicle.

The black box function unit 220 is a general term of a configuration provided in the black box device 200 to implement a black box function and preferably includes various sensors, a GPS chip, a camera, etc., Collects, stores and manages information, and collects various HW / SW components for processing information necessary for various situation analysis and replay. The black box function unit 220 operates using the vehicle power supplied through the power supply unit 205 or the power converted through the power conversion unit 210 or the power charged through the power charging unit 215 And may operate using more than one power source.

When the black box device 200 is provided with a connector portion, the chip module 230 of the black box device 200 performs bidirectional cable communication based on the cable communication with the first terminal 300 connected through the connector portion .

The operation unit 225 of the black box device 200 processes an input operation for controlling the operation of the chip module 230. For example, the operation unit 225 may process an input operation of 'ON' to transmit the unidirectional radio signal for a predetermined time. In this case, the chip module 230 of the black box device 200 may transmit Directional radio signal for a period of time, and automatically stop sending the unidirectional radio signal. According to the embodiment of the present invention, the operation unit 225 can selectively operate (or toggle) the operation of 'On' or 'Off' of the various operations of the chip module 230. For example, when the operation unit 225 has processed an input operation for 'ON' transmission of a unidirectional radio signal, it performs an input operation for 'Off' transmission of the unidirectional radio signal by the next operation (or toggle) The chip module 230 can transmit the unidirectional wireless signal. Alternatively, the operation unit 225 can input a predetermined input value. For example, the operation unit 225 can input various information necessary for setting the chip module 230. Alternatively, the operation unit 225 can set various dynamics of the chip module 230 through an input operation of a predetermined operation pattern. For example, the operation unit 225 may display various patterns such as a time input pattern input at a predetermined time interval or more, a simultaneous operation pattern for simultaneously operating two or more switches / buttons, and a time difference operation pattern operated at a predetermined time difference So that various operations of the chip module 230 can be set.

2, the chip module 230 includes a control unit 245 for controlling the operation of the chip module 230, a data set (or [program] code) necessary for the operation of the chip module 230, A radio frequency (RF) processor 240 for performing bidirectional short-range wireless communication and RF processing for transmitting a unidirectional radio signal, and an antenna unit for transmitting and receiving a radio frequency signal corresponding to the RF processing. And a cable processing unit (not shown) that is electrically connected to the connector unit and processes the bidirectional cable communication according to an embodiment of the present invention.

The chip module 230 may be manufactured in the form of a bidirectional local area communication (PCB) and one or more SMD (Surface Mount Devices) for transmitting a unidirectional radio signal, and the controller 245 ), The memory unit 235, and the RF processor 240 may be implemented in the form of an integrated chip, an individual device mounted on a PCB, or a combination of an integrated chip and each device. It should be apparent that the invention is not limited by the manner in which the chip module 230 is implemented within the black box device 200.

The control unit 245 is a general term for controlling the operation of the chip module 230. The control unit 245 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 245 loads at least one [program] code included in the chip module 230 into the execution memory through the processor, and outputs the result to at least one To control the operation of the chip module 230. Hereinafter, a [program] configuration implemented in the chip module 230 in the form of [program] code will be described in the control unit 245 for convenience.

The control unit 245 of the chip module 230 may include an identification code that is designated when bidirectional short-range wireless communication is established with the first terminal 300 designated through the RF processor 240 (For example, amplified to a specified signal intensity and transmitted). Alternatively, the control unit 245 of the chip module 230 receives a predetermined (or preset) predetermined unidirectional radio signal transmitted from a predetermined signal transmitter located in a short distance outside the vehicle through the RF processor 240, It is possible to check that the unidirectional radio signal including the specified identification code is transmitted (for example, amplified to a specified signal strength and transmitted).

According to the embodiment of the present invention, the control unit 245 of the chip module 230 checks whether the specified condition is satisfied by interlocking with the black box function unit 220. If the specified condition is satisfied, (For example, amplified to a specified signal intensity and transmitted). For example, the control unit 245 may control the black box function unit 220 to transmit a unidirectional radio signal including an identification code that is present in a specific location area or out of a specific location area . Alternatively, the control unit 245 may transmit a unidirectional radio signal including an identification code designated when the signal value sensed through the specific sensor of the black box function unit 220 is within the specified threshold value range or out of the specified threshold value range It is possible to control to send out.

The memory unit 235 is a general term of the nonvolatile memory included in the chip module 230 and includes at least one program code executed through the control unit 245 and at least one program code And stores the data set. The memory unit 235 basically stores a system [program] code and a system data set corresponding to the operating system of the chip module 230, and at least one application [program] code and an application data set. The [program] code and data set corresponding to [program] are also stored in the memory unit 235.

According to the method of the present invention, the memory unit 235 stores the unique code in the memory unit 235 when the black box apparatus 200 (or the chip module 230) is manufactured And stores the unique code for the black box device 200 (or the chip module 230) in the designated storage area.

The RF processor 240 is a collective term for RF processing (e.g., radio frequency signal modulation) for broadcasting a unidirectional radio signal through the antenna and / or RF processing for bidirectional short-range wireless communication. And performs RF processing for communication-based bidirectional short-range wireless communication and unidirectional wireless signal transmission. Here, the transmission of the unidirectional radio signal includes a radio signal to be transmitted without identifying or pairing the receiving side that receives the radio signal. For example, the RF processor 240 may perform RF processing for transmitting a Bluetooth-based bidirectional short-range wireless communication and a Bluetooth-based unidirectional wireless signal (for example, a beacon signal of Bluetooth 4.0 or later).

According to the method of the present invention, the chip module 230 processes bi-directional short-range communication with the first terminal 300 that is paired / coupled, and the RF processor 240 processes the first terminal 300 and the RF And performs RF processing (e.g., radio frequency modulation / demodulation, etc.) for communication-based bidirectional short-range wireless communication.

Meanwhile, when the chip module 230 is provided with a cable processing unit, the chip module 230 can process bidirectional cable communication with the first terminal 300 connected through the connector unit using the cable processing unit. The bidirectional cable communication includes a packet communication function for transmitting and receiving a predetermined packet, and the cable processing unit controls the first terminal 300 connected to the connector unit to detect the chip module 230 and prepare for cable communication Protocol capabilities.

According to the method of the present invention, the cable processing unit remains electrically connected to the connector unit, but the bidirectional cable communication function of the cable processing unit can be selectively activated or deactivated according to a designated condition, Direction cable communication with the first terminal 300 connected to the connector unit when the function is activated and if the bidirectional cable communication function is inactivated, the first terminal 300 is connected to the connector unit It is possible to not handle bidirectional cable communication.

Referring to FIG. 2, the chip module 230 of the black box device 200 includes a communication identifier 250 for identifying a first terminal 300 to communicate using bi-directional short-range wireless communication, And a communication connection unit 255 for connecting bidirectional short-range wireless communication with the first terminal 300. According to an embodiment of the present invention, when the cable processing unit is provided in the chip module 230, Directional cable communication with the first terminal 300, which is cabled through the first terminal 300. FIG.

The communication identification unit 250 identifies the first terminal 300 to be connected to the first module 300 in the initial operation of the chip module 230 Way short range wireless communication between the chip module 230 and the nearest terminal capable of performing bidirectional short-range wireless communication with the chip module 230 at a predetermined input operation through the operation unit 225, (300). ≪ / RTI > Here, it is preferable that the first terminal 300 is a terminal owned (or possessed or possessed) by the owner of the black box device 200. For example, when the RF processor 240 performs RF processing for Bluetooth-based bidirectional short-range wireless communication, the communication identifier 250 determines whether the black-box device 200 possesses the black- It is possible to identify the first terminal 300 to which the Bluetooth-based bidirectional short-range wireless communication is to be connected by performing the pairing procedure with the first terminal 300 which is self-owned (or possessed or possessed). According to an embodiment of the present invention, the communication identification unit 250 identifies communication identification information for connecting the first terminal 300 to the first terminal 300 as a result of identifying the first terminal 300 Directional short-range wireless communication with the first terminal 300 using the communication identification information. In this case, the communication connection unit 255 can connect the first terminal 300 to the first terminal 300 via the network.

Meanwhile, the communication connection unit 255 may identify the first terminal 300 connected to the connector unit through the cable processing unit, and may connect the first terminal 300 with the first terminal 300 through a bidirectional cable connection. According to an embodiment of the present invention, the communication connection unit 255 may acquire communication identification information for identifying the first terminal 300 among the devices connected to the connector unit through the cable, and store the acquired communication identification information in the memory unit 235. In this case, The communication connection unit 255 may establish a two-way cable communication with the first terminal 300 corresponding to the communication identification information.

According to the embodiment of the present invention, the communication identifying unit 250 performs a designated information exchange procedure with the identified first terminal 300 (or the first terminal 300 connected with the cable) (For example, a device serial number of a communication object, an identification key value exchanged in accordance with a specified key exchange procedure, and the like) to be stored in a designated storage area of the memory unit 235 In this case, the communication connection unit 255 can authenticate the first terminal 300 connecting the bi-directional short distance communication using the communication authentication information. The first terminal 300 may also store communication authentication information for authenticating the chip module 230 of the black box device 200 according to an embodiment of the present invention. The chip module 230 of the black box device 200 to which bidirectional short-range communication is connected can be authenticated using the authentication information.

Referring to FIG. 2, the chip module 230 of the black box device 200 includes a first terminal 300 connected to the bidirectional LAN through the communication connection unit 255 and a communication processor A key processing unit 265 that generates at least one key value through a designated key generation algorithm and provides at least one key value of the generated key values to the first terminal 300 through bidirectional local area communication Respectively.

The communication processing unit 260 is connected to the first terminal 300 connected to the bidirectional local area communication through the communication connection unit 255 and to the first terminal 300 connected to the bidirectional local area communication via the communication connection unit 255, Handles short-range communications.

Directional short distance communication with the first terminal 300 through the communication processing unit 260, the key processing unit 265 determines whether a key value for encryption / decryption is stored in a designated storage area of the memory unit 235 Check. If the key value for encryption / decryption is not stored in the designated storage area, the key processing unit 265 may perform a procedure for generating one or more key values through a designated key generation algorithm. Or the control information requesting to generate a key value for encryption / decryption is provided from the first terminal 300 designated through the communication processing unit 260, or a key value for encryption / decryption through the input operation through the operation unit 225 The key processing unit 265 may perform a procedure of generating one or more key values through a designated key generation algorithm.

The key processing unit 265 generates one or more key values according to a designated key generation algorithm and stores the generated key value in a designated storage area of the memory unit 235. The generated key value is stored in the designated storage area of the memory unit 235, And provides at least one key value among the key values to the first terminal 300. For example, the key processing unit 265 generates a key pair of a private key and a public key according to a public key infrastructure key generation algorithm (e.g., an Elliptic Curve Cryptosystem (ECC) algorithm or an RSA algorithm) The public key of the generated key pair may be provided to the first terminal 300 through the communication processing unit 260 after storing the generated private key (which may include the public key) in the designated storage area. According to an embodiment of the present invention, when the key processing unit 265 generates a key pair of a public key infrastructure, it is preferable to generate a key pair based on an ECC algorithm capable of being encrypted through a low-speed processor. Meanwhile, the key processing unit 265 can generate the key value of the symmetric key method according to the embodiment, and thus the present invention is not limited thereto.

Referring to FIG. 2, the chip module 230 of the black box device 200 includes a code checking unit 270 for checking code data to be transmitted through a unidirectional radio signal, And a code generating unit (275) for generating a one-time authentication code among the code data to be included in the unidirectional radio signal, wherein the code generating unit (275) comprises a signal transmitting unit (285) for transmitting a unidirectional radio signal including the identified code data, And an encryption processing unit 280 for encrypting the code data (or at least a part of the code data) using the key value generated through the processing unit 265. [

The code checking unit 270 checks the code data of the designated code structure to be transmitted in the unidirectional radio signal, and the signal transmitting unit 285 transmits the code data including the checked code data through the RF processor 240 So that the unidirectional radio signal is transmitted. If the chip module 230 receives power from the vehicle or receives control information related to signal amplification from the first terminal 300 through the communication processing unit 260 or receives the control signal from the operation unit 225 The signal transmitting unit 285 amplifies the signal strength of the unidirectional radio signal by a specified amplification amount or more at a designated signal strength (for example, the signal strength of a specific mode defined in the specification) So that it can be controlled to be transmitted. Meanwhile, according to the embodiment, the signal transmitting unit 285 can control the signal intensity of the unidirectional radio signal to be reduced to a specified amount or less from the designated signal strength and transmitted. Meanwhile, when the key processing unit 265 generates and stores a key value to be used for encryption / decryption, the encryption processing unit 280 encrypts the code data (or at least a part of the code data) In this case, the signal transmitting unit 285 can process the unidirectional radio signal including the encrypted code data through the RF processor 240.

According to the first unidirectional radio signal transmitting embodiment of the present invention, the code verifying unit 270 may receive a unique code (for example, a black box device 200 ), And the signal transmitting unit 285 processes the unidirectional radio signal including the identified code data to be transmitted through the RF processing unit 240 at a designated signal strength can do.

The code generation unit 275 generates information on the information stored in the memory unit 235 of the chip module 230 and the information on the chip module 230, (For example, a time value counted using the charging power source of the power charging unit 215) is counted using the charging power source after the time synchronization with the first terminal 300 through the communication processing unit 260 Time value received from the first terminal 300 through the communication processing unit 260 and information received from the first terminal 300 through the bidirectional short distance communication through the communication processing unit 260 A random number, a device ID value of the first terminal 300, a value received from the server (or the authentication device 500) provided by the first terminal 300, and the like, One-off authentication code in the form of one-off code by applying it to the algorithm Can be dynamically generated. According to an embodiment of the present invention, the code generation unit 275 can generate a random number type disposable authentication code, and thus the present invention is not limited thereto. The code verifying unit 270 verifies the code data including the inherent code unique to the black box device 200 (or the chip module 230) and the disposable authentication code dynamically generated through the code generating unit 275 And the signal transmitting unit 285 may process the unidirectional radio signal including the identified code data to be transmitted with the designated signal strength through the RF processor 240. [

According to the third unidirectional wireless signal transmission embodiment of the present invention, the communication processing unit 260 can receive a predetermined unique code from the designated first terminal 300 through bidirectional local area communication. In this case, the code checking unit 270 checks the code data including the unique code received from the first terminal 300, and the signal transmitting unit 285 transmits the identified code Way radio signal containing data can be processed to be sent out with a specified signal strength. The fraudulent code verification unit 270 may generate a code including a unique code provided from the first terminal 300 instead of a unique code unique to the black box device 200 (or the chip module 230) Or code data including both the unique code unique to the black box device 200 (or the chip module 230) and the unique code provided from the first terminal 300 can be confirmed.

According to the fourth unidirectional wireless signal transmission embodiment of the present invention, the communication processing unit 260 can receive the disposable authentication code from the designated first terminal 300 through bidirectional local area communication. Here, the disposable authentication code provided from the first terminal 300 may include a disposable authentication code dynamically generated in the first terminal 300, an authentication device 500 communicating with the first terminal 300 And a disposable authentication code that is dynamically generated through a designated server (e.g., a designated server). The code verifying unit 270 verifies whether the black box device 200 (or the chip module 230) has a unique code and a disposable authentication code provided from the first terminal 300 through the communication processing unit 260 And the signal transmitting unit 285 can process the unidirectional radio signal including the checked code data to be transmitted with the designated signal strength through the RF processor 240. [

According to the fifth unidirectional wireless signal transmission embodiment of the present invention, the communication processing unit 260 receives a predetermined unique code from the designated first terminal 300 through bidirectional local area communication, receives the predetermined unique code from the first terminal 300 A disposable authentication code can be provided. Here, the disposable authentication code provided from the first terminal 300 may include a disposable authentication code dynamically generated in the first terminal 300, an authentication device 500 communicating with the first terminal 300 And a disposable authentication code that is dynamically generated through a designated server (e.g., a designated server). The code verifying unit 270 verifies the code data including the unique code and the disposable authentication code received from the first terminal 300 through the communication processing unit 260 and the signal transmitting unit 285 transmits the RF The processing unit 240 may process the unidirectional radio signal including the identified code data to be transmitted with the designated signal strength.

According to the sixth unidirectional radio signal transmitting embodiment of the present invention, the code verifying unit 270 verifies the code data in a form in which at least two or more of the first to fifth unidirectional radio signal transmitting embodiments are at least partially combined In this case, the signal transmitting unit 285 may process the unidirectional radio signal including the identified code data to be transmitted with the designated signal strength through the RF processor 240.

Meanwhile, according to the embodiment of the present invention, the encryption processing unit 280 encrypts the encryption key using the key value (e.g., a private key generated according to an ECC algorithm) stored in the designated storage area through the key processing unit 265, It is possible to encrypt the code data (or at least a part of the code data) confirmed by the code checking unit 270 according to at least one of the first to sixth unidirectional radio signal transmitting embodiments, The transmitting unit 285 may process the unidirectional radio signal including the encrypted code data to be transmitted with the designated signal strength through the RF processor 240.

Referring to FIG. 2, the chip module 230 of the black box device 200 includes a code checking unit 270 for checking code data to be transmitted through a unidirectional radio signal, (Or at least a part of the code data) by using the key value generated through the key processing unit 265, and a code transmitting unit 295 for transmitting the data to the first terminal 300. [ And a request confirming unit 290 for confirming a code data request from the first terminal 300 designated through the bi-directional short distance communication.

The code checking unit 270 identifies code data having a designated code structure to be included in the unidirectional radio signal based on at least one of the first to sixth unidirectional radio signal transmitting embodiments. The encryption processing unit 280 may encrypt the checked code data (or at least a part of the code data) according to the method.

Directional short-range communication with the first terminal 300 through the communication connection unit 255, the code transmission unit 295 transmits the confirmed (or encrypted) code data to the communication terminal through the communication processing unit 260 To the first terminal (300). That is, according to the embodiment of the present invention, the code data confirmed through at least one embodiment of the first to sixth unidirectional radio signal transmitting embodiments are included in the unidirectional radio signal through the signal transmitting unit 285 And transmitted to the first terminal 300 through the code transmission unit 295. [

Meanwhile, according to the method of the present invention, the transmission of the code data through the bidirectional local area communication can be selectively performed. For example, when the code request information requesting the code data is received through the bidirectional local area communication in the first terminal 300, the chip module 230 of the black box device 200 transmits the code data to the first terminal 300 1 < / RTI > To this end, the request confirmation unit 290 checks whether the code request information requesting the code data is received from the first terminal 300 through the communication processing unit 260. If the code data is received from the first terminal 300, the code transmission unit 295 transmits the confirmed (or encrypted) code data to the first terminal 300 through the communication processing unit 260, Lt; / RTI >

According to another embodiment of the present invention, the code transmitting unit 295 transmits a verification value (for example, the code data (or at least a part of the code data) for verifying the code data confirmed through the code checking unit 270 (Or at least a part of the code data)), and transmits the generated hash value to the first terminal 300 through the communication processing unit 260 The generated / verified verification value can be transmitted.

3 is a diagram illustrating a functional configuration of a first terminal 300 according to an embodiment of the present invention.

3 shows a functional configuration of a first terminal 300 capable of recognizing a unidirectional wireless signal transmitted from the chip module 230 in bidirectional short distance communication with the chip module 230 of the black box device 200 Those skilled in the art will be able to refer to and modify various aspects of the functionality of the first terminal 300 in accordance with the present invention, The present invention is not limited to the above-described embodiments. For convenience, the first terminal 300 of FIG. 3 is shown in the form of a wireless terminal such as a cellular phone, a smart phone, or a tablet PC having a network communication function, a bidirectional local communication function, and a unidirectional wireless signal receiving function. However, The terminal 300 is not limited to the form of the wireless terminal shown in FIG.

3, the first terminal 300 includes a control unit 302, a memory unit 320, a screen output unit 304, an input processing unit 306, a sound processing unit 316, a cable communication unit 310, A short range wireless communication unit 308, a short range wireless communication unit 312, a wireless network communication unit 314, a USIM reader unit 318, and a USIM, and has a battery for power supply.

The controller 302 is a generic term for controlling the operation of the first terminal 300. The controller 302 includes at least one processor and an execution memory. Bus (BUS). According to the present invention, the control unit 302 loads at least one [program] code included in the first terminal 300 through the processor and loads the program code into the execution memory, And controls the operation of the first terminal (300). Hereinafter, the configuration of the program 325 of the present invention, which is implemented in the form of a [program] code for convenience, will be described in the control unit 302. FIG.

The memory unit 320 is a generic term of a nonvolatile memory corresponding to a storage resource of the first terminal 300 and includes at least one [program] code executed through the control unit 302, And stores at least one data set used by the at least one data set. The memory unit 320 basically includes a system [program] code and a system data set corresponding to the operating system of the first terminal 300, a communication [program] code for processing a wireless communication connection of the first terminal 300 A program code and a data set corresponding to the program 325 of the present invention are also stored in the memory unit 320. The program code and data set corresponding to the program 325 of the present invention are stored in the memory unit 320. [

The screen output unit 304 includes a screen output unit (e.g., an LCD (Liquid Crystal Display) or the like) and a driving module for driving the screen output unit 304. The screen output unit 304 is connected to the control unit 302, And outputs an operation result corresponding to the output to the screen output device.

The input processing unit 306 is composed of one or more input devices (e.g., a button, a keypad, a touch pad, a touch screen etc. interlocked with the screen output unit 304) and a drive module for driving the input screen, And inputs a command for commanding various operations of the control unit 302 or data necessary for the operation of the control unit 302. [

The sound processing unit 316 includes a speaker, a microphone, and a driving module for driving the speaker. The sound processing unit 316 decodes sound data corresponding to the sound output from the various calculation results of the control unit 302 and outputs the sound data through the speaker Or a sound signal input through the microphone, and transmits the encoded sound signal to the controller 302. [

The cable communication unit 310 is a component that receives power using a cable or provides bidirectional cable communication, and the power supplied through the cable is charged in the battery. The cable communication unit 310 determines whether or not a local area cable communication is possible when a wired cable is connected and processes a local area cable communication using a wired cable when a local area cable communication is possible.

The short range wireless communication unit 308 processes bidirectional short distance wireless communication with the chip module 230 of the black box device 200 and receives the unidirectional wireless signal transmitted from the chip module 230 of the black box device 200 As the configuration unit, the Bluetooth unit preferably includes a Bluetooth unit for processing a Bluetooth-based bidirectional short-range wireless communication and receiving a Bluetooth-based unidirectional wireless signal. However, the communication standard and the signal standard of the short-range wireless communication unit 308 are not limited to the Bluetooth. The black-box device 200 processes bidirectional short-range wireless communication with the chip module 230 of the black- It is clear that whichever communication standard or signal standard is applied, it is within the scope of the present invention if the unidirectional wireless signal transmitted from the chip module 230 of the wireless module 230 can be received.

The wireless network communication unit 314 and the short-range network communication unit 312 are collectively referred to as communication resources for connecting the first terminal 300 to a designated communication network. The first terminal 300 may include a wireless network communication unit 314 as a basic communication resource and may include one or more short-range network communication units 312.

The wireless network communication unit 314 collectively refers to a communication resource for connecting the first terminal 300 to a wireless communication network via a base station. The wireless communication unit 314 may include an antenna, an RF module, a baseband module, And a signal processing module. The controller 302 is connected to the controller 302 and transmits the operation result corresponding to the wireless communication among the various operation results of the controller 302 through the wireless communication network or transmits the data through the wireless communication network And transmits it to the control unit 302, and performs the connection, registration, communication, and handoff procedures of the wireless communication. According to the present invention, the wireless network communication unit 314 can connect the first terminal 300 to a call network including a call channel and a data channel via an exchange, and in some cases, May be connected to a data network providing communication-based wireless network data communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 314 is a mobile communication unit that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to the CDMA / WCDMA / ≪ / RTI > Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 314 may further include a portable internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 314. [ That is, the wireless network communication unit 314 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless section, a type of a communication network, or a protocol.

The short-range network communication unit 312 is a generic term of communication resources for connecting a communication session using a radio frequency signal within a predetermined distance (for example, 10 m) as a communication medium and connecting the first terminal 300 to the communication network The first terminal 300 can be connected to the communication network through at least one of Wi-Fi communication, public wireless communication, and UWB. According to an embodiment of the present invention, the local area network communication unit 312 may be integrated with or separated from the wireless network communication unit 314. According to an embodiment of the present invention, the short-range network communication unit 312 connects the first terminal 300 to a data network providing packet-based short-range wireless data communication through a wireless AP. According to another embodiment of the present invention, the short-range network communication unit 312 may include the short-range wireless communication unit 308, and thus the present invention is not limited thereto.

The USIM reader 318 includes a universal subscriber identity module (Universal Subscriber Identity Module) that is mounted on or removed from the first MS 300 based on the ISO / IEC 7816 standard and a configuration for exchanging at least one data set As a generic term, the data set is exchanged in a half-duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is an SIM type card provided with an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 318, A program code for the IC chip according to at least one command transmitted from the first terminal 300 and connected to the input / output interface, or extracts the data set (Or processing) the data to the input / output interface.

The control unit 302 downloads the program 325 linked with the chip module 230 of the black box device 200 via the data network to which the communication resource is connectable and stores the program 325 in the memory unit 320, The program 325 may be driven to perform an operation according to the present invention.

3, the program 325 of the first terminal 300 includes a chip module 230 of the black box device 200 designated based on bidirectional short-range wireless communication in cooperation with the short- And a chip module connection unit 335 for linking the bi-directional short-range wireless communication with the chip module 230 of the identified black box device 200 in cooperation with the short-range wireless communication unit 308. [ The chip module connection unit 335 can connect the cable communication unit 310 with the black box device 200 connected to the wired cable according to an embodiment of the present invention.

The chip module identification unit 330 identifies the first terminal 300 to be connected to the bi-directional short-range wireless communication at the initial operation of the chip module 230 of the black box device 200 At the time of operation before the communication identification information for the first terminal 300 is stored in the chip module 230 or at the time of the input operation through the operation unit 225 of the black box device 200) And performs a procedure for identifying the chip module 230 of the black box device 200 among the devices capable of bidirectional short-range wireless communication through the communication unit 308. [ For example, when the short range wireless communication unit 308 processes Bluetooth based bidirectional short distance wireless communication, the chip module identification unit 330 performs a pairing procedure with the black box device 200 according to the Bluetooth pairing procedure Thereby identifying the chip module 230 of the black box device 200 to connect the Bluetooth-based bidirectional short-range wireless communication. According to the embodiment of the present invention, the chip module identification unit 330 identifies the communication identification information for connecting the two-way short-range wireless communication with the black box device 200 as a result of identifying the black box device 200 And can be stored in the memory unit 320.

The chip module connection unit 335 refers to the result of identifying the black box device 200 through the chip module identification unit 330 or the communication identification information stored in the memory unit 320, Directional short-range wireless communication with the chip module 230 of the base station.

The chip module connection unit 335 checks the chip module 230 of the black box device 200 connected to the cable communication unit 310 and connects the chip module 230 of the black box device 200 ) And bidirectional cable communications. According to an embodiment of the present invention, the chip module connection unit 335 may acquire communication identification information for identifying the chip module 230 of the black box device 200 among the devices to which the cable is connected and store the communication identification information in the memory unit 320 In this case, the chip module connection unit 335 can connect bidirectional cable communication with the black box device 200 corresponding to the communication identification information.

According to an embodiment of the present invention, the chip module identification unit 330 performs a designated information exchange procedure with the chip module 230 of the identified black box device 200 (or the cable-connected black box device 200) (For example, a serial number of the chip module 230, an identification key value exchanged in accordance with a designated key exchange procedure, etc.) for authenticating the chip module 230 of the black box device 200, (Not shown) of the memory unit 320. In this case, the chip module connecting unit 335 connects the chip of the black box device 200, which connects the bidirectional local area communication using the communication authentication information, Module 230 can be authenticated. The authentication information for authenticating the chip module 230 of the black box device 200 may be stored in the chip module 230 of the black box device 200 according to an embodiment of the present invention. The chip module 230 of the terminal 200 can authenticate the first terminal 300 to which bidirectional local area communication is connected using the communication authentication information.

3, a program 325 of the first terminal 300 includes a chip module 230 of a black box device 200 to which bidirectional local area communication is connected, a chip module communication unit 340 for processing bidirectional local area communication, And a chip module management unit 300 for performing bidirectional short distance communication with the chip module 230 of the black box device 200 through the chip module communication unit 340 to manage the chip module 230 of the black box device 200. [ (345).

The chip module communication unit 340 processes bidirectional short-range wireless communication with the chip module 230 of the black box device 200 communicatively connected with the short-range wireless communication unit 308 through the chip module connection unit 335. The chip module management unit 345 controls various types of control information for managing the chip module 230 of the black box device 200 through the chip module communication unit 340, From the chip module 230 of the black box device 200 to the chip module 230 of the black box device 200 or to the chip module 230 of the black box device 200 via the chip module communication part 340 Status information related to transmission of a radio signal, and the like) can be received and output. For example, the chip module management unit 345 may selectively control the unidirectional wireless signal to be transmitted from the chip module 230 of the black box device 200. Or the chip module management unit 345 checks various information necessary for generating the disposable authentication code in the chip module 230 of the black box device 200 and provides the information to the chip module 230 of the black box device 200 can do. Alternatively, the chip module management unit 345 may check the unique code and / or disposable authentication code that can be included in the unidirectional wireless signal transmitted from the chip module 230 of the black box device 200, Chip module 230 as shown in FIG.

3, the program 325 of the first terminal 300 receives a key value generated through the chip module 230 from the black box device 200 connected to the bi-directional local area communication, Or a key registration unit 350 that transmits the received key value to the designated authentication device 500 (or the key management server) and requests registration.

After generating one or more key values according to the key generation algorithm specified by the chip module 230 of the black box device 200 and providing at least one key value among the generated key values through bidirectional local area communication, 350 receives the key value from the chip module 230 of the black box device 200 through the chip module communication unit 340. The key registrar 350 stores the key value received from the chip module 230 of the black box device 200 in a designated storage area to store the received key value in the chip of the black box device 200 And may be used as a decryption key for decrypting the data encrypted by the module 230. [ Meanwhile, the key registrar 350 transmits the key value received from the chip module 230 of the black box device 200 to the specified authentication device 500 (or the key management server) And to be used as a decryption key for decrypting the encrypted code data through the black box device 200. [

Referring to FIG. 3, a program 325 of the first terminal 300 transmits a unidirectional radio signal transmitted from the chip module 230 of the black box device 200 in cooperation with the short- And a signal recognition unit (355) for receiving and recognizing code data included in the unidirectional radio signal.

The signal recognition unit 355 receives the unidirectional radio signal transmitted from the chip module 230 of the black box device 200 in cooperation with the short range wireless communication unit 308 and transmits the unidirectional wireless signal through the short range wireless communication unit 308 Directional radio signal transmitted from the chip module 230 of the black box device 200 according to at least one embodiment of the first to sixth unidirectional radio signal transmission embodiments of the present invention by reading the received unidirectional radio signal, (E. G., Unique code and / or disposable authentication code). ≪ / RTI >

Referring to FIG. 3, the program 325 of the first terminal 300 transmits code data transmitted via the unidirectional radio signal from the chip module 230 of the black box device 200 via bidirectional local area communication (Or a verification value) received through the code receiving unit 360 according to an embodiment of the present invention. The code receiving unit 360 receives the code data transmitted through the unidirectional radio signal, And a code verifying unit 365 for verifying the code data recognized by the signal recognizing unit 355.

The code receiving unit 360 receives the code data from the chip of the black box device 200 through the chip module communication unit 340 at any time before, Directional short distance communication with the module 230 to receive the same code data as the code data included in the unidirectional radio signal transmitted from the chip module 230 of the black box device 200. [

The code receiving unit 360 may receive the code data transmitted from the chip module 230 of the black box device 200 through the chip module communication unit 340. [ The code receiving unit 360 transmits code request information for requesting code data to the chip module 230 of the black box device 200 through the chip module communication unit 340, And receive the code data from the chip module 230.

Meanwhile, the code receiving unit 360 performs bidirectional short-range communication with the chip module 230 of the black box device 200 through the chip module communication unit 340 and transmits the resultant signal to the chip module 230 of the black box device 200 Lt; RTI ID = 0.0 > 1, < / RTI >

If the code data transmitted from the chip module 230 of the black box device 200 through the unidirectional radio signal is recognized through the signal recognition unit 355 and the black box device Directional short distance communication with the chip module 230 of the base station 200, the code verification unit 365 receives the code data received through the bidirectional local communication and the code data received through the signal recognition unit 355 The validity of the code data can be verified. If the code data is encrypted, the code verification unit 365 can decrypt the encrypted code data using the key value stored in the key registration unit 350, and verify the encrypted code data.

Meanwhile, the code data transmitted from the chip module 230 of the black box device 200 via the unidirectional radio signal is recognized through the signal recognition unit 355, and the code data is verified through the code reception unit 360 The code verification unit 365 can verify the validity of the code data recognized through the signal recognition unit 355 through the verification value received via the bidirectional local area communication.

Referring to FIG. 3, the program 325 of the first terminal 300 includes code data recognized through the signal recognizing unit 355, code data of the chip of the black box device 200 through the code receiving unit 360, A data generation unit 370 for generating first side authentication data including any one of the first side code data of the code data received from the module 230 and the code data verified through the code verification unit 365, And a data transmission unit 375 for transmitting the generated first side authentication data to the specified authentication apparatus 500. The second terminal 400 accesses the first terminal 300 from the authentication apparatus 500, And a result information processor 380 for receiving and outputting result information including a result of authenticating the first terminal 300 that has accessed the second terminal 400.

The data generating unit 370 can generate the first side authentication data including the first side code data corresponding to the recognized code data through the signal recognizing unit 355. [ Or the data generating unit 370 receives the first side authentication data including the first side code data corresponding to the code data received from the chip module 230 of the black box device 200 through the code receiving unit 360, Lt; / RTI > Alternatively, the data generating unit 370 may generate the first side authentication data including the first side code data corresponding to the verified code data through the code verifying unit 365.

According to an embodiment of the present invention, the data generating unit 370 includes the first side code data, and at the same time, generates a first side unique data set unique to the first terminal 300, Authentication data can be generated.

The first side unique data is used as identification means for uniquely identifying the first terminal 300, and the first side code data is used as authentication means (or authentication information) for authenticating the identification means.

According to the first specific data embodiment of the present invention, the unique data may include unique information that physically uniquely identifies the first terminal 300. For example, the unique data is unique to a designated storage area (e.g., a memory area, a protected storage area, etc.) of the first terminal 300 before the program 325 is installed in the first terminal 300 And may include unique information such as stored terminal serial number, telephone number, IMEI, IMSI, MSISDN, USIM serial number, MAC address, and various configuration module serial numbers.

According to the second specific data embodiment of the present invention, the unique data may include unique information logically uniquely identifying the first terminal 300 on the communication network. For example, the unique data may include unique information such as an IP address, a subscriber number, and network identification information uniquely assigned to the first MS 300.

According to the third specific data embodiment of the present invention, the unique data includes identification information that uniquely identifies the state in which the program 325 is driven after the program 325 is downloaded to the first terminal 300 . For example, the unique data may include identification information such as token information, unique identification code value, UUID, and UDID generated by the program 325 after the program 325 is installed in the first terminal 300 And the identification information may be encrypted and stored in a designated storage area of the first terminal 300.

According to the fourth characteristic data embodiment of the present invention, the unique data may include verification information generated by the program 325 at the first terminal 300. [ For example, the unique data may include verification information generated by hashing the program (325) itself (or designated data or a designated file) driven by the first terminal (300). At this time, the verification information may not be generated in advance and stored in the first terminal 300, and the program 325 may be generated and transmitted at the time of transmitting the unique data to the authentication apparatus 500.

According to the fifth eigenvalue data embodiment of the present invention, the inherent data may be in the form of at least partially combining two or more of the first to fourth eigenvalue data embodiments, and thus the present invention is not limited thereto. That is, the unique data may be in any form as long as it can be used as an identification means for uniquely identifying the first terminal 300 in any form.

The data transmitting unit 375 transmits the generated first side authentication data to the specified authentication device 500. Preferably, the data transmitting unit 375 can automatically transmit the generated first side authentication data to the authentication device 500 at the same time that the first side authentication data is generated through the data generating unit 370 , Or may transmit the first side authentication data to the authentication device 500 as a result of a specified input operation to the first terminal 300. [

According to the embodiment of the present invention, the signal recognition unit 355 can recognize the code data every time the unidirectional radio signal of the black box device 200 is received and recognized. In this case, 375 may transmit the first side authentication data including the first side code data corresponding to the code data recognized through the signal recognition unit 355 to the authentication device 500 more than a specified number of times / . Alternatively, the code receiving unit 360 can periodically / repeatedly receive the code data from the chip of the black box device 200 through bidirectional local area communication. In this case, the data transmitting unit 375 receives the code data from the code receiving unit 360 The first side authentication data including the first side code data corresponding to the code data received via the first side code data may be periodically / repeatedly transmitted to the authentication device 500 a predetermined number of times or more.

Meanwhile, when the code data includes the one-time authentication code, the signal recognition unit 355 periodically / repeatedly receives and recognizes the unidirectional radio signal of the black box device 200, If the one-time authentication code of the next recognized code data has been changed after storing and storing the changed code data, it is possible to process the changed code data as valid recognition. In this case, the data transmitting unit 375 transmits the changed code Side authentication data including the first-side code data corresponding to the data can be transmitted to the authentication device 500. [ Alternatively, the code receiving unit 360 periodically / repeatedly receives the code data from the chip of the black box device 200 via bidirectional local area communication, temporarily stores the previously received code data, In this case, the data transmitting unit 375 may transmit the first side code corresponding to the changed code data and the first side code corresponding to the changed code data, And transmits the first side authentication data including the data to the authentication device 500. [

The authentication device 500 receives the first side authentication data and stores and retains the first side authentication data for a specified effective time. If the first side code data of the first side authentication data includes the one-time authentication code, the authentication device 500 can perform a procedure for authenticating the validity of the one-time authentication code. Meanwhile, the authentication device 500 may receive the second side authentication data including the second side code data from the second terminal 400 recognizing the unidirectional radio signal of the black box device 200, In this case, the first side code data of the first side authentication data is compared with the second side code data of the second side authentication data to authenticate the second terminal 400 that has approached the first terminal 300, 2 terminal 400 and transmits result information including the result of the authentication to the first terminal 300. The first terminal 300 can access the first terminal 300 and the second terminal 300, On the other hand, if the access of the first terminal 300 and the second terminal 400 is not authenticated, the authentication apparatus 500 need not provide separate result information.

The result information processor 380 may authenticate the second terminal 400 accessing the first terminal 300 from the authentication device 500 or may authenticate the second terminal 400 accessing the designated first terminal 300 ), And output the result information.

4 is a functional block diagram of a second terminal 400 according to an embodiment of the present invention.

4 shows a functional configuration of a second terminal 400 for recognizing a unidirectional radio signal transmitted from the chip module 230 of the black box device 200. In the technical field of the present invention, It will be appreciated that various embodiments of the functionality of the second terminal 400 may be referred to and / or modified by reference to FIG. 4, but the invention is not limited thereto And the technical features thereof are not limited only by the method shown in FIG. For convenience, the second terminal 400 of FIG. 4 is shown as a wireless terminal such as a mobile phone, smart phone, or tablet PC having a network communication function, a bidirectional local communication function, and a unidirectional wireless signal receiving function. However, The terminal 400 is not limited to the form of the wireless terminal shown in FIG.

4, the second terminal 400 includes a control unit 402, a memory unit 420, a screen output unit 404, an input processing unit 406, a sound processing unit 416, a cable communication unit 410, A short range wireless communication unit 408, a short range wireless communication unit 412, a wireless network communication unit 414, a USIM reader unit 418, and a USIM, and has a battery for power supply. A detailed description of each component will be made with reference to FIG. 3, and the same components as those of FIG. 3 will not be described.

Directional short-range wireless communication with the chip module 230 of the black box device 200 is not performed, although the short-range wireless communication unit 408 can perform bidirectional short-range wireless communication and unidirectional wireless signal reception. Also, the cable communication unit 410 does not connect the cable to the black box device 200. The control unit 402 downloads a program 425 capable of recognizing the unidirectional radio signal of the black box device 200 via the data network to which the communication resource is connectable and stores the program 425 in the memory unit 420, The controller 425 is driven to perform the operation according to the present invention.

Referring to FIG. 4, the program 425 of the second terminal 400 transmits a unidirectional radio signal transmitted from the chip module 230 of the black box device 200 in cooperation with the short-range wireless communication unit 408 And a signal recognizer 430 for receiving the code data and recognizing the code data included in the unidirectional radio signal.

The signal recognition unit 430 receives the unidirectional radio signal transmitted from the chip module 230 of the black box device 200 in cooperation with the short range wireless communication unit 408 and transmits the unidirectional wireless signal through the short range wireless communication unit 408 Directional radio signal transmitted from the chip module 230 of the black box device 200 according to at least one embodiment of the first to sixth unidirectional radio signal transmission embodiments of the present invention by reading the received unidirectional radio signal, (E. G., Unique code and / or disposable authentication code). ≪ / RTI >

According to the embodiment of the present invention, the signal recognition unit 430 can set a reference intensity for effectively recognizing the unidirectional wireless signal of the black box device 200. In this case, the signal recognition unit 430 When the reception strength of the unidirectional radio signal of the black box device 200 is greater than or equal to the preset reference strength, It is possible to effectively recognize the code data included in the unidirectional radio signal.

Referring to FIG. 4, a program 425 of the second terminal 400 receives second side authentication data including second side code data corresponding to code data recognized through the signal recognition unit 430 And a data transmission unit 440 for transmitting the generated second side authentication data to the specified authentication apparatus 500. The authentication apparatus 500 transmits the generated second side authentication data to the first terminal 300 And a result information processor 445 for receiving and outputting result information including a result of authenticating the second terminal 400 that has accessed the second terminal 400 or the first terminal 300 that has accessed the second terminal 400, ).

The data generating unit 435 may generate the second side authentication data including the second side code data corresponding to the code data recognized through the signal recognizing unit 430. [ According to an embodiment of the present invention, the data generation unit 435 includes the second side code data, and at the same time, generates a second side unique data that is unique to the second terminal 400 Authentication data can be generated.

The second side unique data is used as identification means for uniquely identifying the second terminal 400, and the second side code data is used as authentication means (or authentication information) for authenticating the identification means.

According to the first unique data embodiment of the present invention, the unique data may include unique information that physically uniquely identifies the second terminal 400. For example, the unique data may be stored in a designated storage area (e.g., a memory area, a protected storage area, etc.) of the second terminal 400 before the program 425 is installed in the second terminal 400 And may include unique information such as stored terminal serial number, telephone number, IMEI, IMSI, MSISDN, USIM serial number, MAC address, and various configuration module serial numbers.

According to the second specific data embodiment of the present invention, the unique data may include unique information logically uniquely identifying the second terminal 400 on the communication network. For example, the unique data may include unique information such as an IP address, a subscriber number, and network identification information uniquely assigned to the second terminal 400.

According to the third specific data embodiment of the present invention, the unique data may include identification information that uniquely identifies the state in which the program 425 is driven after the program 425 is downloaded to the second terminal 400 . For example, after the program 425 is installed in the second terminal 400, the unique data may include identification information such as token information, unique identification code value, UUID, and UDID generated by the program 425 And the identification information may be ciphered and stored in a designated storage area of the second terminal (400).

According to the fourth characteristic data embodiment of the present invention, the unique data may include verification information generated by the program 425 at the second terminal 400. [ For example, the unique data may include verification information generated by hashing the program 425 (or designated data or a designated file) driven by the second terminal 400 by hashing. At this time, the verification information may not be generated in advance and stored in the second terminal 400, and the program 425 may be generated and transmitted at the time of transmitting the unique data to the authentication apparatus 500.

According to the fifth eigenvalue data embodiment of the present invention, the inherent data may be in the form of at least partially combining two or more of the first to fourth eigenvalue data embodiments, and thus the present invention is not limited thereto. That is, the unique data may be in any form as long as it can be used as an identification means for uniquely identifying the second terminal 400 in any form.

The data transmitting unit 440 transmits the generated second side authentication data to the specified authentication device 500. Preferably, the data transmitting unit 440 can automatically transmit the generated second side authentication data to the authentication device 500 at the same time that the second side authentication data is generated through the data generating unit 435 Or to transmit the second side authentication data to the authentication device 500 as a result of a specified input operation to the second terminal 400. [

According to the embodiment of the present invention, the signal recognition unit 430 can recognize the code data whenever the unidirectional radio signal of the black box device 200 is received and recognized. In this case, 440 may transmit the second side authentication data including the second side code data corresponding to the code data recognized through the signal recognition unit 430 to the authentication device 500 more than a specified number of times / .

Meanwhile, when the code data includes the one-time authentication code, the signal recognition unit 430 periodically / repeatedly receives and recognizes the unidirectional radio signal of the black box device 200, If the one-time authentication code of the next recognized code data is changed after storing and storing, the data transmitting unit 440 can process the changed code data as being recognized as effective. In this case, the data transmitting unit 440 transmits the changed code Side authentication data including the second-side code data corresponding to the data can be transmitted to the authentication apparatus 500. [

The authentication device 500 receives the second side authentication data and stores and maintains the second side authentication data for a specified valid time. If the disposable authentication code is included in the second side code data of the second side authentication data, the authentication device 500 may perform a procedure for authenticating the validity of the disposable authentication code. Meanwhile, the authentication device 500 can receive the first side authentication data including the first side code data from the first terminal 300 that has recognized the unidirectional radio signal of the black box device 200, In this case, the second side code data of the second side authentication data is compared with the second side code data of the second side authentication data to authenticate the second terminal 400 which has approached the first terminal 300, The second terminal 400 may authenticate the first terminal 300 that has accessed the second terminal 400 and then transmit the result information including the result to the second terminal 400. On the other hand, if the access of the second terminal 400 and the second terminal 400 is not authenticated, the authentication apparatus 500 may not provide separate result information.

The result information processing unit 445 authenticates the second terminal 400 accessing the first terminal 300 from the authentication device 500 or accesses the first terminal 300 ), And output the result information.

5 is a functional block diagram of an authentication apparatus 500 according to an embodiment of the present invention.

5 illustrates a method of automatically identifying a first terminal 300 that performs bidirectional short-range communication with a black box device 200 and automatically identifying a first terminal 300 that is in a unidirectional direction of the black box device 200 recognized by the identified first terminal 300 The second terminal 400 recognizing the same radio signal as the radio signal and authenticates the second terminal 400 accessing the first terminal 300 or the first terminal 400 accessing the second terminal 400 5 is a block diagram illustrating a functional configuration of an authentication device 500 for authenticating the terminal 300. As shown in FIG. 5, the authentication device 500 It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

The authentication apparatus 500 may be implemented as a server on a network that communicates with the first terminal 300 through the second terminal 400 through a communication network or may be implemented as a server on the network through the first terminal 300, The present invention is not limited to the embodiment in which the authentication apparatus 500 is implemented.

5, the authentication device 500 includes a black box device 200 having a bidirectional local communication function and a unidirectional wireless signal transmission function, and a first one of two-way LAN communication with the black box device 200 And a first side registration unit 505 for registering a couple of the terminals 300. [

When the program 325 designated to the first terminal 300 is installed and executed, the first terminal 300 transmits the first side unique IDs corresponding to at least one of the first through fifth eigen data embodiments of the present invention, The first side registration unit 505 receives the first side unique data from the first terminal 300 and stores the first side unique data in a designated storage medium. Meanwhile, when the authentication of the present invention identifies and authenticates the user of the first terminal 300, the first terminal 300 can perform a procedure of registering the user of the first terminal 300. In this case, The first side registration unit 505 receives user information about the user of the first terminal 300 from the first terminal 300 and registers and stores the user information in a designated storage medium Linkage storage).

When the bidirectional local area communication corresponding to at least one of the first to fourth bidirectional local area communication embodiments of the present invention is connected between the first terminal 300 and the black box device 200, 300 transmits a unique code (for example, a unique code unique to the black box device 200, or a unique code unique to the black box device 200) included in the code data to be transmitted through the unidirectional wireless signal in the black box device 200 via the bidirectional short- The first side registering unit 505 registers and registers the unique code provided from the first terminal 300 to the black box device 200. The first side registering unit 505 registers the black box device 200, And transmits the unique code to the designated storage medium. The first side registration unit 505 may map the first side unique data and the unique code of the black box device 200 to the black box device 200, Couples can be registered.

Meanwhile, when the one-way authentication code is included in the code data of the unidirectional radio signal transmitted from the chip module 230 of the black box device 200 which performs bi-directional short distance communication with the first terminal 300, the first side registration part 505 Determines a variety of information (e.g., a seed value) necessary for generating the disposable authentication code and provides the information to the first terminal 300 so that the chip of the black box device 200 The black box device 200 may be configured to receive the various information set in the chip module 230 of the black box device 200 through the first terminal 300, Or in association with the unique code of the first terminal 300 and / or the first side unique data of the first terminal 300. If the validity authentication of the disposable authentication code is performed through a separate code authentication server, the first side registration unit 505 performs a procedure of registering various information necessary for generating the disposable authentication code in the code authentication server can do.

Meanwhile, at least one key value is generated according to a key generation algorithm specified in the chip module 230 of the black box device 200 that performs bi-directional short distance communication with the first terminal 300, and at least one of the generated key values When the first terminal 300 provides a key value (e.g., a public key, etc.) to the first terminal 300, the first terminal 300 performs a procedure of registering a key value provided from the black box device 200, The first side registration unit 505 can receive the key value from the first terminal 300 and store it in a designated key storage medium. Preferably, the first side registering unit 505 registers the key value with the unique code of the black box device 200 and / or the unique data of the first terminal 300 coupled with the black box device 200 . Meanwhile, the first terminal 300 or the first side registration unit 505 can register the key value in the designated key management server according to the embodiment, and in this case, the key value can be confirmed through the key management server.

5, the authentication apparatus 500 includes N (N > = 1) capable of recognizing a unidirectional radio signal transmitted from a black box apparatus 200 having a bidirectional local communication function and a unidirectional radio signal transmission function And a second side registration unit 510 for registering the second terminal 400.

When the program 425 specified in the second terminal 400 is installed and executed, the second terminal 400 can access the second side unique to the second terminal 400 corresponding to at least one of the first through fifth eigen data embodiments of the present invention, The second side registration unit 510 receives the second side unique data from the second terminal 400 and stores the second side unique data in a designated storage medium. Meanwhile, when the authentication of the present invention identifies and authenticates the user of the second terminal 400, the second terminal 400 may perform a procedure of registering the user of the second terminal 400. In this case, The second side registration unit 510 receives the user information about the user of the second terminal 400 from the second terminal 400 and registers and stores the second side unique data and the user information in a designated storage medium Linkage storage).

Referring to FIG. 5, the authentication apparatus 500 includes a bi-directional short distance communication between the black box device 200 and the first terminal 300 from the first terminal 300, A first side receiving unit 515 for receiving first side authentication data including first side code data obtained through the first terminal 300 by combining any one or two of unidirectional radio signal recognition, Side authentication unit 520 for identifying and authenticating the validity of the one-side authentication data.

The first terminal 300 may receive the unidirectional radio signal of the black box device 200 coupled with the first terminal 300 according to at least one of the first through fifth code data acquisition embodiments of the present invention Corresponding to at least one of the first through fifth eigen data embodiments of the present invention, the first side code data corresponding to the first code data, Side inherent data and transmits the first side authentication data to the authentication apparatus 500. The first side receiving unit 515 receives the first side authentication data from the first terminal 300. [

According to the embodiment of the present invention, the first side receiver 515 stores and maintains the first side authentication data received from the first terminal 300 for a valid period of time. Meanwhile, the first side receiving unit 515 checks whether the designated valid time elapses while the first side authentication data is held, and if the valid time of the first side authentication data has elapsed, Data can be automatically discarded or disabled to avoid being used for authentication procedures.

When the first side authentication data includes the first side unique data, the first side authentication unit 520 identifies the first side unique data included in the first side authentication data, Side unique data included in the first side authentication data by comparing the first side unique data registered through the first side unique data registration unit 505 with the first side unique data.

If the first side code data (or at least a part of the code data) included in the first side authentication data is encrypted, the first side authentication unit 520 transmits the first side code data (Or key management server) associated with the first side unique data contained in the first side authentication data or associated with the unique code of the first side code data among the registered information stored in the key storage medium Confirms the corresponding decryption key, and decrypts the encrypted first side code data through the decryption key.

On the other hand, if the first side code data (or the decrypted first side code data) included in the first side authentication data includes the one-time authentication code, the first side authentication unit 520 may determine that the first side registration unit (E.g., a seed value, etc.) associated with the first side unique data included in the first side authentication data or associated with the unique code of the first side code data among the information registered in the storage medium through the first side authentication data 505, The validity of the disposable authentication code included in the first side code data is verified by using the generated verification code.

According to the method of the present invention, the first side authentication unit 520 may have the same code generation algorithm as the algorithm used to generate the disposable authentication code included in the first side code data. In this case, the first side authentication unit 520 may generate various kinds of information associated with the first side unique data included in the first side authentication data or associated with the unique code of the first side code data (E.g., time and the like) dynamically determined, and then substituting the identified one or more seed values into the code generation algorithm to generate a verification code, The validity of the disposable authentication code included in the first side code data can be verified by comparing the generated validation code with the one-time authentication code included in the one-side code data. Meanwhile, according to another embodiment of the present invention, the validity authentication of the disposable authentication code can be performed through a separate code authentication server. In this case, the first-side authentication unit 520 may transmit the disposable authentication code to the code authentication server The authentication result of the disposable authentication code can be received from the code authentication server after providing the code.

If the disposable authentication code is included in the first side code data (or the decrypted first side code data) included in the first side authentication data, the authentication device 500 determines that the validity of the disposable authentication code is valid It is preferable to perform a procedure of comparing and authenticating the first side code data with the second side code data included in the second side authentication data received from the second terminal 400. [

5, the authentication apparatus 500 recognizes the unidirectional radio signal of the black box device 200 from the second terminal 400, and receives the second side authentication data including the second side code data And a second side authentication unit 530 for identifying and authenticating the validity of the second side authentication data.

The black box device 200 and the first terminal 300 move to move to the second terminal 400 and / or the second terminal 400 moves to move the black box device 200 and / When the second terminal 400 accesses a couple of the first terminal 300 and receives the unidirectional radio signal transmitted from the black box apparatus 200 at the second terminal 400, Directional radio signal of the first to fifth eigenvalues of the present invention and acquiring second side code data corresponding to the code data included in the unidirectional radio signal of the first to fifth eigenvalues Side authentication data including the second side unique data corresponding to the second side authentication data and transmits the second side authentication data to the authentication device 500. The second side reception unit 525 receives the second side authentication data from the second terminal 400, And receives data.

According to the embodiment of the present invention, the second side receiver 525 stores and maintains the second side authentication data received from the second terminal 400 for a valid period of time. On the other hand, the second side receiving unit 525 checks whether the designated valid time elapses while the second side authentication data is held, and if the valid time of the second side authentication data has elapsed, Data can be automatically discarded or disabled to avoid being used for authentication procedures.

When the second side authentication data includes the second side unique data, the second side authentication unit 530 identifies the second side unique data included in the second side authentication data, Side unique data included in the second side authentication data by comparing the first side unique data with the second side unique data registered through the second side unique data.

If the second side code data (or at least a part of the code data) included in the second side authentication data is encrypted, the second side authentication unit 530 transmits the second side code data (Or the key management server) associated with the unique code of the second side code data among the information registered in the second side code data and confirms the decryption key corresponding to the key value registered in the specified key storage medium Side code data.

On the other hand, when the one-use authentication code is included in the second side code data (or the decrypted second side code data) included in the second side authentication data, the second side authentication unit 530 authenticates the first side registration unit (E.g., seed value, etc.) associated with the unique code of the second side code data among the information stored in the storage medium via the second side code data Authenticate the validity of the disposable authentication code.

According to the method of the present invention, the second side authentication unit 530 may have the same code generation algorithm as the algorithm used to generate the disposable authentication code included in the second side code data. In this case, the second side authentication unit 530 identifies a seed value corresponding to various information (e.g., seed value, etc.) associated with the unique code of the second side code data, and generates at least one seed value dynamically determined (E.g., time, etc.), then substituting the identified one or more seed values into the code generation algorithm to generate a verification code, and comparing the generated verification code with the one-time verification code included in the second side code data And validate the validity of the disposable authentication code included in the second side code data. Meanwhile, according to another embodiment of the present invention, the validity authentication of the disposable authentication code can be performed through a separate code authentication server. In this case, the second side authentication unit 530 transmits the one- The authentication result of the disposable authentication code can be received from the code authentication server after providing the code.

If the disposable authentication code is included in the second side code data (or the decrypted second side code data) included in the second side authentication data, the authentication device 500 determines whether the validity of the disposable authentication code is authenticated It is preferable to perform a procedure for comparing and authenticating the second side code data with the first side code data included in the first side authentication data received from the first terminal 300. [

5, the authentication device 500 compares the first side code data of the first side authentication data received within the designated time range with the second side code data of the second side authentication data, And an authentication processing unit (535) for authenticating a second terminal (400) accessing the first terminal (300) or authenticating a designated first terminal (300) accessing the second terminal (400) The second terminal 400 accesses the terminal 300 or authenticates the first terminal 300 that has accessed the second terminal 400 to construct the resultant information, And an authentication result processing unit 540 for providing the authentication result to the second terminal 400.

The authentication processing unit 535 receives the first side authentication data received from the first terminal 300 and the second side authentication data received from the second terminal 400, 1-side code data and the second side code data of the second side authentication data. For example, when receiving the first side authentication data from the first terminal 300, the authentication processing unit 535 stores the first side authentication data at the time when the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Or the second terminal 400, the authentication processing unit 535 determines whether or not the second authentication data is received from the second terminal 400 based on the time when the second side authentication data is received within the valid time for holding the second side authentication data The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

Meanwhile, the first terminal 300 is limited to a terminal that performs bi-directional short distance communication with the black box device 200, but the second terminal 400 may be plural. Accordingly, the present invention controls the signal strength of the unidirectional radio signal transmitted through the black box device 200 to specify one of the plurality of second terminals 400, so that the black box device 200 and the first The second terminal 400 closest to the couple of the terminals 300 can be identified. Alternatively, when transmitting the second side authentication data from the second terminal 400, the second side authentication data may include information capable of discriminating the signal strength of the unidirectional radio signal from the second side authentication data, The signal intensity of the unidirectional radio signal may be read and a second terminal 400 transmitting the second side authentication data including the largest signal strength may be specified. Alternatively, the second terminal 400 may receive the unidirectional radio signal of the black box device 200, and may perform a designated input operation from the second terminal 400 to be included in the authentication target among the second terminal 400, By including information corresponding to the input operation, the authentication device 500 can specify one second terminal 400 that has undergone the specified input operation.

According to an embodiment of the present invention, the authentication processing unit 535 may generate the first side code data of the first side authentication data received from the first terminal 300, which performs bidirectional short distance communication with the black box device 200, Side authentication data based on the authentication result obtained by comparing the first side code data and the second side code data with the second side code data received from the second terminal 400, The first terminal 300 accessing the first terminal 300 may be authenticated or the first terminal 300 accessed by the second terminal 400 may be authenticated. The authentication result processing unit 540 may transmit the result information obtained by authenticating the access of the first terminal 300 and the second terminal 400 to the first terminal 300 and the second terminal 400, respectively.

According to the embodiment of the present invention, when a result of authenticating the second terminal 400 accessing the first terminal 300 or authenticating the designated first terminal 300 accessing the second terminal 400 Based on the results, a designated service (e.g., payment, point accumulation, coupon provision, etc.) may be provided. In this case, the authentication result processing unit 540 may configure the service information for the service and provide the first terminal 300 and the second terminal 400 with a terminal or a terminal to be provided with a service . According to an embodiment of the present invention, the service information may be included in the result information and transmitted. Alternatively, the authentication result processing unit 540 may configure service information for the service through a separate service provision server (not shown) to provide a service among the first terminal 300 and the second terminal 400 The present invention is not limited to this.

Meanwhile, when the second terminal 400 accesses the first terminal 300 or the first terminal 300 accesses the second terminal 400, The authentication processing unit 535 checks whether the valid time of each of the first side authentication data has elapsed or the valid time of the second side authentication data has elapsed before the service is completed, If the time has not elapsed, the service can be processed to be finally completed.

Or a result of authenticating the second terminal 400 accessing the first terminal 300 or authenticating the designated first terminal 300 accessing the second terminal 400 The authentication processing unit 535 reads the second side code data of the second side authentication data repeatedly / additionally received through the second side receiving unit 525 and transmits the second side code data to the first terminal 300 and the second terminal It is possible to confirm whether the first terminal 300 and the second terminal 400 are approaching within the effective distance and when the first terminal 300 and the second terminal 400 are maintained within the effective distance, .

6 is a diagram illustrating an initial setting process of the black box apparatus 200 according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a method in which the chip module 230 of the black box device 200 identifies / connects bidirectional local communication with the designated first terminal 300 and generates one or more key values for encryption / And registers at least one of the key values. Referring to FIG. 6 and / or modified by those skilled in the art, it is assumed that the initial value of the black box device 200 It will be appreciated that various implementations of the set-up process (e.g., omitting some of the steps or changing the order) may be inferred, but the present invention encompasses all of the above- The technical features thereof are not limited only by the method of implementation.

6, when the chip module 230 of the black box device 200 receives power from at least one of a vehicle power source and a charging power source and starts operation 600, the chip module 230 of the black box device 200 (605) whether to transmit the unidirectional radio signal. According to an embodiment of the present invention, the chip module 230 of the black box device 200 may transmit the unidirectional radio signal (e.g., a radio signal) to the first terminal 300 through an operation unit 225, Can be transmitted. If it is determined that the unidirectional radio signal is to be transmitted, the chip module 230 of the black box device 200 may transmit the unidirectional radio signal according to at least one embodiment of the first to sixth unidirectional radio signal transmission embodiments of the present invention. The wireless signal can be transmitted.

Meanwhile, the chip module 230 of the black box device 200 confirms whether the first terminal 300 to be connected with bidirectional local area communication is communicated (Step 610). The chip module 230 of the black box device 200 may be connected to the first terminal 300 in cooperation with the designated first terminal 300 if the first terminal 300 to connect the two- The first terminal 300 performs the communication identification procedure for connecting the bidirectional local area communication with the black box device 200 in cooperation with the chip module 230 of the black box device 200, And performs a communication identification procedure for connecting the bidirectional short distance communication with the terminal (615).

When the communication identification procedure for connecting the bidirectional short distance communication between the chip module 230 of the black box device 200 and the first terminal 300 is successful, the chip module 230 of the black box device 200 Directional short distance communication with the identified first terminal 300 may be performed 620 and the first terminal 300 may be connected to the chip module 230 of the identified black box device 200 A procedure for connecting the bi-directional short-range communication can be performed (620).

If bi-directional short distance communication between the chip module 230 of the black box device 200 and the first terminal 300 is connected, the chip module 230 of the black box device 200 generates a key value for encryption / decryption (630). For example, the chip module 230 of the black box device 200 may determine to generate the key value if the key generation value of the designated storage area is not registered. Or to generate the key value based on an input operation through the operation unit 225 of the black box device 200 or control information of the first terminal 300 through the bidirectional local area communication.

If it is determined to generate the key value, the chip module 230 of the black box device 200 generates one or more key values (e.g., an ECC algorithm-based private key and a public key) using a designated key generation algorithm, The generated key value is held until completion of registration (635). Meanwhile, the chip module 230 of the black box device 200 provides at least one designated key value (for example, a public key) of the generated key values to the first terminal 300 through the bidirectional local area communication (640) The first terminal 300 receives the key value generated in the black box device 200 through the bidirectional local area communication in step 645 and stores the key value in the black area in the designated storage area of the first terminal 300, The key value generated by the box device 200 may be stored (650).

The first terminal 300 requests the designated authentication apparatus 500 to register the key value in step 655. The authentication apparatus 500 receives the key value from the first terminal 300 in step 660, The key value is registered and stored in the designated key storage medium (or key management server) (665), and the registration result of the key value is returned to the first terminal (670).

The first terminal 300 receives the key value registration result from the authentication device 500 and relays the received key value to the black box device 200 through the bidirectional local area communication 675, The chip module 230 receives the key value registration result from the first terminal 300 through the bidirectional local area communication in step 680 and transmits the key value to the designated storage area of the chip module 230 based on the registration result (685).

7 is a diagram illustrating a process of registering a first terminal 300 and a black box device 200 in an authentication apparatus 500 according to an embodiment of the present invention.

7 shows a process of registering a couple of the black box device 200 and the first terminal 300 connected to the bidirectional local area communication in the authentication device 500. In the technical field of the present invention, It is possible to refer to and / or modify the FIG. 7 so that various methods of registration of the first terminal 300 and the black box device 200 (e.g., some steps are omitted, However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited by the method shown in FIG.

Referring to FIG. 7, when a program 325 designated to the first terminal 300 is installed and operated (700), the first terminal 300 determines that at least one of the first through fifth unique data embodiments of the present invention Side unique data corresponding to the embodiment (705), and requests registration of the first side unique data to the specified authentication device (710). The authentication device 500 receives the first side unique data from the first terminal 300 in step 715 and stores the first side unique data in a designated storage medium in step 720 and then transmits the first side unique data to the first terminal 300, Side unique data (725).

Meanwhile, the first terminal 300 determines whether bidirectional LAN is connected to the designated black box device 200. If the bidirectional LAN is connected to the black box device 200, A unique code is requested to the black box device 200 (725). The chip module 230 of the black box device 200 checks the unique code request through the bidirectional LAN and then checks the unique code of the black box device 200 and transmits the unique code to the black box device 200 through the bidirectional LAN The first terminal 300 receives the unique code of the black box device 200 through the bidirectional LAN and then transmits the unique code to the designated authentication device 500) to register the unique code (755). The authentication device 500 receives the unique code of the black box device 200 from the first terminal 300 and stores it in a designated storage medium (for example, mapping the first code to the first side unique data) (Step 765), the registration result of the unique code is transmitted to the first terminal 300 (step 725).

Meanwhile, the first terminal 300 determines whether the disposable authentication code is included in the code data of the unidirectional radio signal transmitted from the black box device 200 (775). If the one-way authentication code is included in the code data of the unidirectional radio signal transmitted from the black box device 200, the first terminal 300 transmits the black-box device 200 and the authentication device 500 (780), and the chip module (230) of the black box device (200) repeats the process of exchanging various information for generation / authentication of the disposable authentication code between the disposable authentication code (E.g., a seed value) to be stored in the designated storage area of the chip module 230 (785), and the authentication device 500 transmits the disposable authentication code Checks various information for authentication and registers and stores the information in a designated storage medium (or a separate code authentication server) (790).

FIG. 8 is a diagram illustrating a process of registering a second terminal 400 in an authentication apparatus 500 according to an embodiment of the present invention.

8 shows a process of registering a second terminal 400 capable of recognizing a unidirectional radio signal of the black box device 200 in the authentication device 500. In the conventional technology, It is possible to refer to and / or modify the FIG. 8 to infer the various methods of the registration process of the second terminal 400 (for example, a method of omitting some steps or changing the order) However, the present invention is not limited to the technical features of the present invention.

Referring to FIG. 8, when the program 425 designated to the second terminal 400 is installed (800), the second terminal 400 receives at least one of the first through fifth unique data embodiments of the present invention The second side unique data corresponding to the embodiment is checked (805), and the second side unique data is requested to be registered (810) to the specified authentication device (500). The authentication apparatus 500 receives the second side unique data from the second terminal 400 in step 815 and stores the second side unique data in a designated storage medium 820 and transmits the second side unique data to the second terminal 400 Side unique data (825). The second terminal 400 receives and outputs the registration result (830).

9 is a diagram illustrating a process of acquiring code data of a unidirectional radio signal transmitted from the black box device 200 at the first terminal 300 according to an embodiment of the present invention.

9 is a diagram illustrating a bidirectional local area communication between the black box device 200 and the first terminal 300 and a second local terminal communication between the black box device 200 and the first terminal 300 in a first terminal 300 designated for bidirectional short- Way radio signal recognition through the black box device 200 and the unidirectional radio signal recognition through the black box device 300 to obtain the code data included in the unidirectional radio signal transmitted from the black box device 200 to identify the first code data Those skilled in the art will appreciate that various embodiments of the first side code data acquisition process (e.g., some steps may be omitted, or alternatively, However, the present invention is not limited to the above-described embodiments, but includes all of the above-described embodiments. This is not limited.

9, when a unidirectional wireless signal is transmitted from the chip module 230 of the black box device 200, the chip module 230 of the black box device 200 transmits the first to sixth codes The code data corresponding to at least one of the data embodiments is identified (900). Meanwhile, if the code data is confirmed, the chip module 230 of the black box device 200 can encrypt the confirmed code data (or at least a part of the code data) using the designated key value (905) .

If the code data is confirmed, the chip module 230 of the black box device 200 may include the code data according to at least one embodiment of the first to sixth unidirectional radio signal transmission embodiments of the present invention. The first terminal 300 receives the unidirectional radio signal of the black box device 200 and recognizes the code data by amplifying or reducing the signal strength of the unidirectional radio signal according to the designated method (step 910) (915). According to an embodiment of the present invention, the first terminal 300 can identify code data recognized through the unidirectional radio signal as first side code data (step 920).

When the bidirectional short distance communication between the chip module 230 of the black box device 200 and the first terminal 300 is connected at the time of transmitting the unidirectional radio signal from the black box device 200, The chip module 230 of the box device 200 may transmit the code data (or the verification value of the code data) included in the unidirectional radio signal to the first terminal 300 through the bidirectional local area communication (925) The first terminal 300 may receive the code data (or the verification value of the code data) from the chip module 230 of the black box device 200 through the bidirectional local area communication (step 930) . According to an embodiment of the present invention, the first terminal 300 can identify the code data received through the bidirectional local area communication with the first side code data (935).

Meanwhile, the first MS 300 may verify the code data recognized through the unidirectional wireless signal through the code data (or the verification value) received through the bidirectional local area communication (step 940). If the code data is not verified, the first terminal 300 may output a code data error (945), and the process of FIG. 9 may be repeated. Meanwhile, when the code data is verified, the first terminal 300 can confirm the verified code data with the first side code data (950).

FIG. 10 is a diagram illustrating a process of transmitting first side authentication data including code data acquired by a first terminal 300 to an authentication device 500 according to an embodiment of the present invention and performing authentication.

In more detail, FIG. 10 shows the first side authentication data including the first side code data acquired by the first terminal 300 designated for bi-directional short distance communication with the black box device 200 to the authentication device 500 The authentication process of the first side authentication data is performed. If the person skilled in the art is familiar with the present invention, referring to and / or modified in FIG. 10, the first side authentication process It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it will be appreciated that the invention may be practiced otherwise than as specifically described herein, The technical characteristics thereof are not limited.

Referring to FIG. 10, when the first terminal 300 acquires the first side code data by combining any one or both of bidirectional local communication with the black box device 200 and unidirectional radio signal recognition, The control unit 300 generates the first side authentication data including the first side code data and including the first side unique data corresponding to at least one of the first through fourth unique data embodiments of the present invention (1000). When the first side authentication data is generated, the first terminal 300 transmits the first side authentication data to the specified authentication device 500 (1005).

The authentication device 500 receives the first side authentication data from the first terminal 300 and maintains the first side authentication data for a designated valid time (1010). The authentication apparatus 500 determines whether the first side unique data included in the first side authentication data received from the first terminal 300 is unique data of the first terminal 300 registered through the process of FIG. (1015). If the first side unique data is not identified and authenticated, the authentication device 500 may provide an authentication error to the first terminal 300 (1045). Meanwhile, the first side unique data authentication process may be omitted according to the method.

Meanwhile, when the first side code data (or at least a part of the code data) included in the first side authentication data received from the first terminal 300 is encrypted, the authentication device 500 performs the process of FIG. 7 The decrypted first side code data is decrypted through the registered key value (1020). If the first side code data is encrypted but is not decrypted, the authentication apparatus 500 may provide an authentication error to the first terminal 300 (1045). On the other hand, if the first side code data is not encrypted, the decryption process may be omitted.

On the other hand, when the first side code data includes the disposable authentication code, the authentication device 500 confirms the disposable authentication code included in the first side code data (1025) and verifies the validity of the disposable authentication code (1030). ≪ / RTI > If the validity of the disposable authentication code is not authenticated, the authentication device 500 may provide an authentication error to the first terminal 300 (1045). On the other hand, if the first side code data does not include the disposable authentication code, the authentication process of the disposable authentication code may be omitted.

Meanwhile, when the specified authentication procedure is completed during the authentication procedure, the authentication apparatus 500 checks whether the valid time of the first side authentication data has elapsed (1035), and if the valid time has not elapsed Side authentication code and the second side code data of the second side authentication data received from the second terminal 400. [ Meanwhile, when the effective time of the first side authentication data has elapsed, the authentication device 500 may discard or disable the first side authentication data (1040).

FIG. 11 is a diagram illustrating a process of acquiring code data of a unidirectional radio signal transmitted from a black box device 200 at a second terminal 400 according to an embodiment of the present invention.

11 shows a process of recognizing the unidirectional radio signal of the black box device 200 at the second terminal 400 within the unidirectional radio signal range of the black box device 200 and confirming the second side code data Those skilled in the art will be able to refer to and / or modify Figure 11 to illustrate the various ways of obtaining the second side code data (e.g., some steps may be omitted The present invention is not limited to the above-described embodiments, and the present invention is not limited to the above-described embodiments.

Referring to FIG. 11, when a unidirectional wireless signal is transmitted from the chip module 230 of the black box device 200, the chip module 230 of the black box device 200 transmits the first to sixth codes Code data corresponding to at least one of the data embodiments is identified (1100). If the code data is confirmed, the chip module 230 of the black box device 200 may encrypt the confirmed code data (or at least a part of the code data) using the designated key value (1105) .

If the code data is confirmed, the chip module 230 of the black box device 200 may include the code data according to at least one embodiment of the first to sixth unidirectional radio signal transmission embodiments of the present invention. The signal strength of the unidirectional radio signal is amplified or reduced according to the designated method and transmitted (1110). The second terminal 400 receives the unidirectional radio signal of the black box device 200 and recognizes the code data (1115), and recognizes the code data recognized through the unidirectional radio signal as second side code data (1120).

FIG. 12 is a diagram illustrating a process of transmitting second side authentication data including code data acquired by a second terminal 400 to an authentication apparatus 500 according to an embodiment of the present invention and performing authentication.

More specifically, FIG. 12 shows the second side authentication data including the second side code data acquired by the second terminal 400 within the unidirectional radio signal range of the black box device 200 to the authentication device 500 The authentication process of the second side authentication data is performed by the second side authentication process, and if the person skilled in the art is familiar with the present invention, referring to and / It will be understood that various embodiments (e.g., omitting some steps or changing the order) may be inferred from the above description, but the present invention includes all of the above- The technical features are not limited by the method alone.

Referring to FIG. 12, when the second terminal 400 recognizes the unidirectional radio signal of the black box device 200 and acquires the second side code data, the second terminal 400 transmits the second side code data And generates second side authentication data including the second side unique data corresponding to at least one of the first through fourth unique data embodiments of the present invention (1200). When the second side authentication data is generated, the second terminal 400 transmits the second side authentication data to the specified authentication device 500 (1205).

The authentication device 500 receives the second side authentication data from the second terminal 400 and maintains the second side authentication data for a designated valid time period (1210). The authentication apparatus 500 determines whether the second side unique data included in the second side authentication data received from the second terminal 400 is unique data of the second terminal 400 registered through the process of FIG. (1215). If the second side unique data is not identified and authenticated, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). Meanwhile, the second side unique data authentication process may be omitted according to the embodiment.

Meanwhile, when the second side code data (or at least a part of the code data) included in the second side authentication data received from the second terminal 400 is encrypted, the authentication device 500 performs the process of FIG. 7 And decrypts the encrypted second side code data through the registered key value (1220). If the second side code data is encrypted but not decrypted, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). On the other hand, if the second side code data is not encrypted, the decryption process can be omitted.

On the other hand, if the second side code data includes the disposable authentication code, the authentication device 500 confirms the disposable authentication code included in the second side code data (1225) and verifies the validity of the disposable authentication code (1230). ≪ / RTI > If the validity of the disposable authentication code is not authenticated, the authentication device 500 may provide an authentication error to the second terminal 400 (1245). Meanwhile, if the second side code data does not include the disposable authentication code, the authentication process of the disposable authentication code may be omitted.

Meanwhile, when the designated authentication procedure is completed, the authentication apparatus 500 checks whether the valid time of the second side authentication data has elapsed (1235), and if the valid time period has not elapsed, Side authentication data with the first side code data of the first side authentication data received from the first terminal 300. [ Meanwhile, when the effective time of the second side authentication data has elapsed, the authentication device 500 may discard or disable the second side authentication data (1240).

13 is a diagram illustrating a process of authenticating the first terminal 300 and the second terminal 400 using the black box device 200 according to an embodiment of the present invention.

13 shows the first side code data of the first side authentication data received from the first terminal 300 which performs bi-directional short distance communication with the black box device 200 within the time range designated by the authentication device 500, The second side code data of the second side authentication data received from the second terminal 400 that has recognized the unidirectional radio signal of the black box device 200 is compared and authenticated and the result of the comparison is transmitted to the first terminal 300 And authenticating the first terminal 300 that has accessed the second terminal 400 or accesses the second terminal 400. It should be noted that the present invention is not limited to the above- It is possible to refer to and / or modify the FIG. 13 so that various methods of authentication of the first terminal 300 and the second terminal 400 using the black box device 200 (e.g., , Or a change in order) And, the invention is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 13.

Referring to FIG. 13, the authentication apparatus 500 receives the first side authentication data received from the first terminal 300 through the process of FIG. 9 to the authentication apparatus 500 and authenticated through the process of FIG. 10, The first side authentication data received from the second terminal 400 through the process of FIG. 11 to the authentication device 500 and received within the designated authentication time out of the second side authentication data authenticated through the process of FIG. 12, Side authentication data (1300), and compares the first side code data of the first side authentication data received within the specified authentication time with the second side code data of the second side authentication data to authenticate whether the matching is performed (1305). For example, when the first side authentication data is received from the first terminal 300, the authentication device 500 determines that the first side authentication data is received within the valid period of holding the first side authentication data Side code data to be matched with the first side code data of the first side authentication data among the second side code data of the second side authentication data from the second terminal 400 before or after the designated time on the basis of the first side code data . Side authentication data is received from the second terminal 400, the authentication device 500 determines whether or not the second-side authentication data has been received within the valid period of holding the second- The first side code data of the first side code data of the first side authentication data and the first side code data matched with the second side code data of the second side authentication data can be discriminated from the first terminal 300 before or after the specified time.

If the first side code data of the received first side authentication data and the second side code data of the second side authentication data are not matched with each other within the specified authentication time, Can be repeated. On the other hand, if the first side code data of the received first side authentication data and the second side code data of the second side authentication data are matched with each other within a specified authentication time, the one side code data of the black box device 200 of the authentication device 500 The first terminal 300 and the second terminal 400 within the wireless signal range are uniquely identified and authenticated, and the result information is generated (operation 1310). The authentication apparatus 500 provides the result information to the authenticated first terminal 300 in step 1315 and the first terminal 300 transmits the result information to the second terminal 400 And receives and outputs the result information (operation 1320). Meanwhile, the authentication apparatus 500 provides the result information to the authenticated second terminal 400 in step 1315, and the second terminal 400 transmits the result information to the first terminal 400 300), and outputs the received information (1325).

200: Black box device 230: Chip module
250: communication identification unit 255: communication connection unit
260: communication processing unit 265: key processing unit
270: code verification unit 275: code generation unit
280: encryption processing unit 285: signal transmission unit
290: Request confirmation unit 296: Code transmission unit
300: first terminal 400: second terminal
500: Authentication device 505: First side registration
510: second side registering unit 515: first side registering unit
520: first side authentication unit 525: second side reception unit
530: second side authentication unit 535: authentication processing unit
540: Authentication result processing unit

Claims (32)

A method of executing via an authentication device that performs an authentication procedure using a black box device having a bidirectional local communication function and a unidirectional radio signal transmission function,
Directional local communication between the black box device and the first terminal and the unidirectional radio signal recognition through the first terminal from a first terminal designated for bidirectional short distance communication with the black box device in the vicinity of the black box device, A first step of receiving first side authentication data including first side code data obtained through the first terminal in combination with the first side authentication data;
A second step of receiving second side authentication data including second side code data obtained by recognizing the unidirectional radio signal from N (N > = 1) second terminals receiving the unidirectional radio signal of the black box device; ; And
A second terminal accessing the first terminal based on the authentication result obtained by comparing the first side code data of the first side authentication data received within the designated time range with the second side code data of the second side authentication data And authenticating a designated first terminal that accesses the second terminal,
Wherein the first side authentication data and the second side authentication data are received in an arbitrary order and held for a specified effective time.
The black box apparatus according to claim 1,
Channel authentication is performed by identifying one of the unique first terminals and performing bi-directional short-range communication.
The black box apparatus according to claim 1,
And a circuit configuration that is physically separated from the first terminal that performs bi-directional short-range communication, or that is independent of at least the first terminal side circuit configuration.
The method as claimed in claim 1, wherein the bidirectional short-
Wherein the black box device and the first terminal include bidirectional short-range wireless communication based on pairing between the black box device and the first terminal.
The method as claimed in claim 1, wherein the bidirectional short-
And a bi-directional short-range wireless communication between the black box device and the first terminal coupled to the black box device.
The method as claimed in claim 1, wherein the bidirectional short-
Wherein the black box device and the first terminal comprise a two-way cable communication based on a cable communication between the black box device and the first terminal.
2. The method of claim 1,
And a radio signal broadcasted from the black box device in a short distance.
2. The method of claim 1,
Wherein the second terminal is received by the second terminal while being received by the first terminal.
The method according to claim 1,
Receiving a key value generated in the black box device via a first terminal that performs bi-directional short distance communication with the black box device; And
And registering the received key value in a designated key storage medium (or a key management server)
The first step may include receiving, when the first side authentication data including the first side code data encrypted through the black box device is received, encrypting the first side authentication data through the key value registered in the key storage medium (or the key management server) And decrypting the first-side code data based on the first-side code data.
The method according to claim 1,
Receiving a key value generated in the black box device via a first terminal that performs bi-directional short distance communication with the black box device; And
And registering the received key value in a designated key storage medium (or a key management server)
The second step may include receiving, when the second side authentication data including the second side code data encrypted through the black box device is received, encrypting the encrypted side key data through the key value registered in the key storage medium (or the key management server) And decrypting the second side code data based on the second side code data.
11. The method according to claim 9 or 10,
The black box device generates a pair of a public key and a private key corresponding to the public key infrastructure,
Wherein the received key value includes a public key generated through the black box device.
2. The method according to claim 1,
Wherein the black box device comprises a unique code unique to the black box device.
2. The method according to claim 1,
Wherein the black box device includes a unique code unique to the black box device and a disposable authentication code dynamically generated in the black box device.
2. The method according to claim 1,
And a unique code set in the black box device through the bidirectional local area communication at the first terminal.
2. The method according to claim 1,
Wherein the black box device includes a unique code unique to the black box device and a disposable authentication code provided to the black box device through the bidirectional local area communication at the first terminal.
2. The method according to claim 1,
And a unique code set in the black box device through the bi-directional local area communication at the first terminal and a disposable authentication code provided to the black box device through the bi-directional local area communication at the first terminal. Two channel authentication method using black box device.
The method according to claim 1,
If the code data includes a dynamically generated disposable authentication code,
Wherein the first step further comprises performing a procedure for authenticating the validity of the disposable authentication code included in the first side code data,
Wherein the second step further comprises performing a procedure for authenticating the validity of the disposable authentication code included in the second side code data,
The third step includes a step of, when the validity of the disposable authentication code included in the first side code data is authenticated and the validity of the disposable authentication code included in the second side code data is authenticated, Further comprising the step of comparing the first side code data with the second side code data.
18. The method of claim 17,
A verification code generated through the same code generation algorithm and the seed value as the algorithm for generating the one-time verification code included in the first side code data is compared with the one-time verification code included in the first side code data, The method of claim 1, further comprising the steps of:
18. The method according to claim 17,
The verification code generated through the same code generation algorithm and the seed value as the algorithm for generating the one-time authentication code included in the second side code data is compared with the one-time authentication code included in the second side code data to authenticate the validity The method of claim 1, further comprising the steps of:
2. The apparatus of claim 1, wherein the first-
Wherein the black box device comprises code data obtained by bidirectional short distance communication between the black box device and the first terminal at the first terminal.
2. The apparatus of claim 1, wherein the first-
Wherein the first terminal includes code data obtained by recognizing a unidirectional radio signal of the black box device at the first terminal.
2. The apparatus of claim 1, wherein the first-
And code data obtained by verifying the code data obtained through the unidirectional radio signal of the black box device using the code data obtained through bidirectional short distance communication between the black box device and the first terminal at the first terminal A two-channel authentication method using a black box device.
2. The authentication system according to claim 1,
Wherein the first side code data obtained through the first terminal and the first side unique data unique to the first terminal are included.
24. The method according to claim 1 or 23,
Wherein the automatic black box device is automatically discarded or deactivated when a specified effective time elapses.
2. The authentication system according to claim 1, wherein the second-
Wherein the second side code data obtained through the second terminal and the second side unique data set unique to the second terminal are included.
The authentication method according to claim 1 or 25,
Wherein the automatic black box device is automatically discarded or deactivated when a specified effective time elapses.
The authentication method according to claim 1 or 25,
Wherein the second terminal receives the unidirectional radio signal of the black box device at the second terminal and repeatedly receives the unidirectional radio signal from the second terminal every time the second terminal code recognizes the second side code data.
The authentication method according to claim 1 or 25,
Receiving a unidirectional radio signal of the black box device from the second terminal, recognizing the second side code data, and thereafter repeating or adding from the second terminal if there is a changed value of the recognized second side code data Channel authentication method using a black box device.
The authentication method according to claim 1 or 25,
Wherein the second terminal receives the unidirectional radio signal of the black box device from the second terminal when the received strength of the unidirectional radio signal of the black box device is equal to or greater than a predetermined reference strength.
The black box apparatus according to claim 1,
Wherein the signal strength of the unidirectional radio signal is amplified to a specified amplification amount or more and then transmitted.
The black box apparatus according to claim 1,
Wherein the signal intensity of the unidirectional radio signal is reduced to a specified amount or less at a specified signal intensity and transmitted.
The method according to claim 1,
When providing a designated service based on a result of authenticating a second terminal accessing the first terminal or authenticating a designated first terminal accessing the second terminal, the valid time does not elapse before completion of the service Or reads the second side code data of the second side authentication data received from the second terminal to check whether the first terminal and the second terminal maintain the access state and processes the service so that the service is completed Further comprising the step of: determining whether the black box device is in use.

Images