KR20190044738A - The convenient and safe method to authenticate real name protecting personal information - Google Patents

Abstract

The objective of the present invention is to discover a method which less sacrifices ′security, personal information protection and transaction transparency′ in regard to a convenient non-face-to-face transaction. According to an embodiment, the method includes: a step of searching ′information related with a transaction counterpart′ matched with the nickname of the counterpart; a step of transmitting a transaction request amount, a virtual real name ID, the information related with the counterpart, and a WYK for an institution to an institution server; a step of transmitting the transaction request amount, the virtual real name ID, and the information related with the counterpart to an authentication server; and a step of processing a transaction for remitting an amount of money corresponding to the transaction request amount.

Description

A method for authenticating a personal information while easily and securely authenticating the personal information is known as "

The present invention relates to a technique for authenticating a person in a non-face-to-face transaction.

In recent years, non-face-to-face transactions have increased, and self-certification has become frequent in non-face-to-face transactions. Therefore, the need to simplify identity verification in non-face-to-face transactions (hereinafter referred to as "non-face-to-face transaction authentication simplification") is also increasing. As such, pursuing the need to simplify authentication of non-face-to-face transactions, simple payment methods are being spread to simplify the authentication of the user.

As an example of the simple payment method, a method of reducing the transaction limit per day or day (hereinafter referred to as " a small amount of simple transaction method " since the security is reduced as much as the authentication of the user is simplified by eliminating the use of an authorized certificate or OTP ) Is spreading. As a result, the need for simplification of non-face-to-face transactions has been satisfied with the small-amount simple transaction method, but the inconvenience that the transaction limit is reduced (hereinafter referred to as "inconvenience between simplification and limit").

On the other hand, we do not want to disclose personal identification information such as resident registration number, driver's license number or passport number, personal identification information such as address, and payment means identification information such as a deposit account number or card number, The necessity (hereinafter referred to as " personal information protection necessity ") is also increasing. In order to satisfy the "necessity of authentication simplification as a non-face transaction", the real name identification information, personal identification information, (Hereinafter referred to as " inconsistency between simplification and protection ") has increased as the necessity of the above-mentioned " non-face-to-face transaction authentication simplification necessity "

In recent years, "non-face-to-face transactions, the need for simplification of authentication" has evolved, and various non-face-to-face transaction services such as non-bank international remittance, virtual currency transaction, In response to the need to simplify authentication for non-face-to-face transactions, we have implemented a method that eliminates elements that complicate the process or make the User Experience uncomfortable. Furthermore, in order to meet the recently emphasized "personal information protection necessity", a method of omitting the process of submitting the real name identification information (hereinafter referred to as "real name ID") from the user is omitted as much as possible. As a result, the inconvenience that these services are criticized as being a channel for illegal fund transactions such as money laundering, money laundering of terrorist / terrorist funds, and illegal foreign capital outflow (hereinafter referred to as "illegal risk inconvenience") ,

In order to alleviate this "unreasonable risk inconvenience", government authorities are increasingly required to make transactions using these services transparent (hereinafter referred to as "the need for transparency"). To meet these "need for transparency," the government is obliged to 'make these transactions unrealistic' and 'report to government authorities on these suspected illegal transactions'. In the case of a business that wants to provide, it is faced with the inconvenience of investing a huge amount of money (hereinafter referred to as "inconvenience to invest in transparency of investment") in order to have a system and a manpower to observe such obligation.

In order to mitigate this "inconvenience to illegal risk" and to mitigate the "inconveniences of investment transparency investment burden", the government authorities asked the start-up or SMEs with poor funding to " And a system that implements a method of reporting to government authorities on such transactions suspected of illegal transactions and a method of cooperating with a large bank that already has a manpower (allowing a small amount of remittance by way of a contract with a bank, And suggesting the method of confirming the name of bank partnership for deposit and withdrawal)

However, in the case of such an affiliate method, the user who intends to use the service must also authenticate himself or herself to the institution providing the service (hereinafter referred to as the "use agency"), (Hereinafter referred to as "non-face-to-face transaction authentication inconvenience") because it is required to authenticate to the organization responsible for the report (hereinafter referred to as "the self-certification body") ) Is expected.

It is an object of the present invention to provide a method and system for managing non-face-to-face transactions in a variety of non-face-to-face transactions such as PINTech remittance using a non-bank transfer company, virtual currency transaction, In addition, while maintaining the necessity of "transparency of transactions", it is difficult to find the "inconvenience between simplification and limit", "incompatibility between convenience and protection" and "inconvenience to risk" .

In accordance with an aspect of the present invention, there is provided a method of authenticating a user's personal information, which is simple and safe, is characterized in that information selected as a specific trading partner alias is input to the user terminal, Searching for 'information relating to a trading partner' matched with the other party's nickname; The transaction amount and master password are input to the user terminal, the virtual real name ID for the user is retrieved from the user ID DB, the encrypted WYK for the user authentication authority and the WYK for the user authority are retrieved from the WYKDB, the WYH for the user authentication authority is retrieved from the WYHDB Decrypting the WYK for the self-certification authority and the WYK for the encrypted user institution using the master password as a decryption key, and calculating authentication information for the principal for the principal using the WYK for the principal and the WYH for the principal; The user terminal transmits the remittance transaction identification information, the transaction application amount, the virtual real name ID, the information related to the counterparty, and the authentication information for the principal authentication authority to the authentication server, and transmits the transaction application amount and the virtual real name ID to the transaction counterpart And transmitting the WYK for the user institution to the user institution server; Searching the user DB for a user institution WYK matched with the virtual real name ID in the user DB, and determining whether the user authentication unit 'matches the retrieved user institution WYK' and the received user institution WYK '; If the determination is affirmative, transmitting the transaction request amount, the virtual real name ID, and the information about the counterparty to the authentication server, matching the predetermined remittance settlement application information; The authentication server determines whether the information transmitted from the user terminal and the user agent server match each other. If the determination is affirmative, the WYK for the user's authentication institution matching the virtual real name ID in the user authentication DB, The WYH for the certification authority is searched and it is judged whether or not the WYK for the self-certification-authority for the self-certification authority and the authentication information for the self-certification institution for which the self- Performing legal filtering on a remittance action including information on the counterparty, retrieving a real name ID matched with the real name ID, considering the real name ID as a real name ID of a remitter, considering the transaction application amount as a remittance amount, The random value calculating unit randomly calculates a new WYH, updates the WYH matched to the virtual real name ID in the personal authentication DB to the calculated WYH, and transmits the calculated WYH to the user terminal; Updating the WYH for the self-certification authority stored in the WYHDB with the received WYH at the user terminal; The settlement account ID matching the virtual real name ID is searched in the identity authentication DB in the identity authentication server and the balance corresponding to the settlement account ID is reduced in the balance account DB in accordance with the transaction application amount, Processing the transaction for transferring the amount corresponding to the amount of the transaction request to the counterparty corresponding to the 'information on' .

According to the embodiment of the present invention, when a user who intends to perform a non-face-to-face transaction enters only one master password as the authentication means, the application automatically provides non-face-to-face transaction services (hereinafter referred to as " WYK (What You Know: For example, a password for a user institution) is transmitted to a self-certification authority (for example, an affiliated large-size excellent bank) that performs a blind date confirmation and suspicious transaction reporting service The authentication information for the self-certification institution generated by encrypting the WYK for the certification authority (for example, the password of the settlement account registered in the large superior bank) is transmitted. Therefore, while the "non-face-to-face transactions need to simplify authentication" in the conventional method is maintained, the "inconvenience of authentication of non-face-to-face transaction duplication" that the user must manually authenticate to both institutions is reduced.

In addition, the use agency providing the non-face-to-face transaction service may be provided with identification information (e.g., a real name ID) such as a resident registration number, a driver's license number or a passport number, By matching the virtual real name ID assigned to the user by the user with the real name ID of the user stored in the own certification authority and the settlement account ID without exposing the settlement account ID, The result can be finally settled through the settlement account of the user at the settlement bank which also serves as the certification authority. In other words, in the user organization, it is not necessary to store the user's real name ID or settlement account ID. If the settlement bank serving as the self-certification body securely protects the real name ID or settlement account ID, Privacy needs "are met.

As mentioned above, "necessity of authentication simplification and protection is reduced" because "necessity of personal information protection" is satisfied while "necessity of authentication simplification of non-face transaction" is maintained.

In addition, it is the institution (for example, a large-sized excellent bank) that has a system and a manpower that implements 'a method of realizing such a transaction' and 'a method of reporting to government authorities about such a transaction suspected of illegal transaction' (Hereinafter referred to as "Compliance Filtering") to perform the verification of the real name of the person who uses the transaction in the user organization and the monitoring and reporting of the transaction (hereinafter referred to as "compliance filtering"), the use organization shall separately provide a blindness certificate such as a resident registration card, It monitors the absence of any illegal elements in each user's transactions, and reduces the inconvenience of "transparent transparency investment burden" by eliminating the need to invest in systems and personnel to report to the government authorities when certain criteria are met.

Of course, the self-certification body can match the transaction in the user organization to the specific real name ID using the virtual real name ID, and can perform the necessary reporting and can maintain the " transaction transparency necessity " Can be reduced.

According to the embodiment of the present invention, since the WYH for the user's certification authority stored in the user terminal and the authentication server is updated each time the user's authentication is successfully performed by the user's certification authority, the WYH for the user's certification authority is only valid once Do. The 'WYK for the user authentication authority and the WYK for the user institution' stored in the user terminal are encrypted with the master password. Since the master password is information that the user memorizes and is not submitted to the authentication authority or the user's organization, It is difficult to hack 'WYK for certification authority and WYK for user organization'. If all the passwords for the use agency (WYK for the use agency) are encrypted with the master password and stored in the app of the present invention, the master password can be decrypted at any time, so that the user does not have to memorize the other password if only one master password is memorized. For a user, if only one master password is memorized, it is not necessary to memorize other passwords, etc., so that it is not necessary to record the master password somewhere. Furthermore, in all non-face-to-face transactions, you only need to use the master password, so you will often use the master password, and the risk of forgetting it is negligible. Therefore, the 'WYK for the user's certification authority and the WYK for the user's institution', which decrypts by using the master password, can be safely stored. The authentication information for the self-certification authority, which is calculated using the WYK for the self-certification authority and the WYH for the self-certification authority, which is stored as described above, is hacked compared to the authentication information of the user in the conventional small- it's difficult. Accordingly, it is possible to expand the transaction limit per day and the daily limit compared to the conventional simple liquid payment method, and it is possible to reduce "inconvenience between simplification and limit".

FIG. 1 is a block diagram of an apparatus necessary to implement a method of real-name authentication in a simple yet safe manner while protecting personal information according to an embodiment of the present invention.
FIG. 2 and FIG. 3 are diagrams illustrating some operations of a preferred embodiment of a method of installing an app of the present invention in a user terminal of the present invention.
The service of the present invention is an embodiment (hereinafter referred to as " simultaneous application example ") to be applied when subscribing to a user organization (hereinafter referred to as &Quot; additional application example ") is possible. The " simultaneous application simultaneous application example " is illustrated in FIG. 2, and the " additional application example "
The present invention also relates to an embodiment (hereinafter, referred to as " embodiment for using WYH for use institution ") using an embodiment of WYH for a user organization (hereinafter, referred to as " embodiment using WYH for user organization " App installment operation for "WYH use case for use agency" is exemplified in FIG. 3, and "App install operation for WYH nonuse case for use agency" is shown in FIG. 2 .
Therefore, Fig. 2 is a diagram for explaining the operation exemplified by " Example of simultaneous subscribing application " and " Embodiment of using WYH for user institution " Fig. Of course, the operations exemplified by the " Example of simultaneous subscribing application " and " Example of using WYH for user organization " and the operation exemplifying the " Additional Application Example & , And this description is omitted for the sake of brevity.
4 to 9 are diagrams illustrating a method of easily and securely performing a real name authentication while protecting personal information using the app after the app of the present invention is installed in the user terminal of the present invention.
FIG. 4 is a flowchart illustrating a method for providing a non-bank remittance company with the non-bank remittance company and the non-bank remittance company using the app of the present invention to request a remittance transaction to a non-bank remittance company, Figure 4 is a diagram for explaining the operation of one embodiment of a method for securely realizing real name authentication.
FIG. 5 is a flowchart illustrating a process of transferring personal information to the virtual money exchange using the application of the present invention for depositing the money in the account of the user established in the virtual money exchange A method for authenticating a real name in a simple and safe manner.
FIG. 6 is a flowchart illustrating a method of providing personal information to the virtual money exchange and the 'self-certification institution and settlement bank affiliated with the virtual money exchange' using an app of the present invention for withdrawing money from the account of the user, A method for authenticating a real name in a simple and safe manner.
FIG. 7 is a flowchart illustrating a method of providing a virtual money exchange in which a user uses an app of the present invention to purchase and sell virtual money in a virtual money exchange, while protecting personal information from the virtual money exchange and ' Figure 4 is a diagram for explaining the operation of one embodiment of a method for securely realizing real name authentication.
FIG. 8 is a flowchart illustrating a process of transferring money deposited in a virtual money exchange to a specific trading partner using an app of the present invention, ≪ / RTI > and a settlement bank 'in a simple and safe manner while protecting personal information.
FIG. 9 is a flowchart illustrating a method of transmitting a payment to a mobile payment company using an app of the present invention to pay a commerce payment using a service provided by a mobile payment company to the mobile payment company and a self- FIG. 1 is a diagram for explaining the operation of one embodiment of a method for authenticating a real name in a simple and safe manner while protecting personal information.
A method in which a user can easily and securely perform a real name authentication while protecting personal information from a user using an app of the present invention for a predetermined transaction and a 'self-certification body affiliated with the user organization' There are many other examples, but this specification is omitted for brevity.
10 is a block diagram showing a configuration of an application of the present invention (hereinafter referred to as " first application ") installed in a user terminal of the present invention for the purpose of using a specific use agency (hereinafter referred to as a " (Hereinafter referred to as " second application ") of two embodiments among the embodiments in which personal information is protected while being easily and securely authenticated in order to subscribe to a service provided by another user institution (hereinafter referred to as " ) To the user terminal.
FIG. 11 is a diagram for explaining a method for accessing a service provided by a second user using the first application after the first application is installed in the user terminal of the present invention for the purpose of using the first user, Quot; second application " of the embodiment in which real name authentication is required to be installed in the user terminal.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The embodiments of the present invention can be variously changed without departing from the spirit and scope of the present invention. The following detailed description is not intended to limit the invention, and the terms used in the description are selected for readability or ease of explanation.

In the present invention, the " virtual real name ID " refers to information independent of the real name ID as identification information matched only to a specific real name ID. The virtual account number matched only to the specific real name ID may be an embodiment of the " virtual real name ID ".

In the present invention, the term " personalized OO app " refers to an OO app that is not stored in the storage unit, which is one or more of the user identification information for the user's certification authority and the user identification information for the user organization. it means.

In the present invention, the term " transaction " refers to non-monetary transactions such as deposits, withdrawals, remittances, payment transactions, monetary transactions such as the sale of virtual currency or commodities, and information retrieval.

In the present invention, the term " exchange goods " means goods traded on the exchange.

In the present invention, the term " exchange " means that when a buyer and a seller present a price and a quantity of a specific transaction object online, respectively, the buyer and the seller may conclude a transaction between the buyer and the seller, Means an organization that provides a service to the other party to conclude a transaction. Therefore, a virtual currency exchange, a stock exchange, a foreign currency exchange, a precious metal exchange, a mineral exchange, and a grain exchange may be an embodiment of an exchange.

In the present invention, the term " transaction information " is collectively referred to as " information for applying for a specific transaction " For example, 'information for requesting a specific deposit, remittance, or payment' and 'information for agreeing on a specific deposit, remittance, or payment application' may all be 'transaction information' in the present invention.

In the present invention, the term " unidirectional encryption " means that encryption is impossible or very difficult to be decrypted. Therefore, encrypting the encryption target information using the hash function can be an embodiment of unidirectional encryption.

In the present invention, the term " master password " means a password which is selected and memorized by the user, and does not need to be exposed to any user in the world as well as to a user in the world.

In the present invention, the term " separate channel " means a channel physically or logically separated from a communication channel to which an app is downloaded in the present specification. Thus, in embodiments where an app is downloaded using a mobile data communication network, the SMS communication network may be an embodiment of a separate channel.

Also, in the present invention, the term " security area " means a specific area of a storage unit constituting a user terminal, which means an area which is impossible to read from the outside or is extremely difficult. Keystore when the OS of the user terminal is Android, Keychain when the OS of the user terminal is iOS, and CPU of the user terminal are controlled by a specific admin agent operated by a secure OS independent of the open OS and configured in the authentication server of the user (Hereinafter referred to as " Trusted Zone ") is configured may be one embodiment of the security domain.

Also, in the present invention, the term " self-certification body " means an organization having management authority for the principal authentication server.

In the present invention, " user identification information for a certification authority " is generically referred to as information enabling a certification authority to distinguish a specific user from other users. The 'login ID, mobile phone number, e-mail address, settlement account number' and the like registered by the user in the self-certification authority are information that can not be duplicated by another user in the self-certification authority, They can be examples. Therefore, the user identification information for the certification authority may be plural. In addition, if the self-certification authority allocates a specific virtual real name ID to be continuously used to a specific user, and the virtual real name ID is not redundantly assigned to other users, the virtual real name ID may also be an embodiment of the user identification information for the user's certification authority .

In the present invention, the " identity authentication server " is an embodiment of a user institution server, and refers to a server to which a specific user accesses to use the identity authentication service.

In the present invention, the term " personal authentication information " means information transmitted from a user terminal to a user institution server in order to prove that a person who performs a transaction is a non-face-to-face person. Therefore, in order to verify the identity information defined in the digital signature method, that is, to signify the signer and to signify that the signer has signed the electronic document, information in electronic form attached or logically combined to the electronic document is used in the present invention It may be an embodiment of the authentication information. Also, the login password, the account password, the OTP calculated by the OTP generator providing the bank and the like, and the certificate defined by the digital signature method may be one embodiment of the authentication information of the present invention.

In the present invention, the term " user terminal ID " means identification information of a user terminal for communicating with the user terminal. Accordingly, the mobile phone number may be a user terminal ID in the case where the user terminal is a mobile phone, and the IP address may be an embodiment of the user terminal ID in the case where the user terminal is a PC.

In the present invention, " user identification information " is collectively referred to as the user identification information for the certification authority and the user identification information for the user. The 'login ID, mobile phone number, e-mail address, settlement account number' and the like registered by the user in the self certification authority (or the user organization other than the self-certification authority) are information that can not be duplicated by other users in the above- One embodiment of the identification information. Therefore, the user identification information may be plural.

In the present invention, the term " service server " is collectively referred to as an authentication server and a user institution server. In essence, the authentication service is also a kind of service, and in this respect, the authentication server of the user can also be a part of the user institution server. However, for the purpose of the present specification for describing the interaction between the authentication server and the user authentication server rather than the authentication server, it is assumed that the authentication server and the authentication server other than the authentication server are distinguished from each other do. However, when describing common operations in both servers, both servers are referred to as service servers.

In the present invention, the " receipt account ID " means the identification information of the means by which the counter party can receive the remittance amount. Therefore, the bank account number, the card number, the prepaid account number, the telephone number as the prepaid payment means identification information, and the disposable remittance allowance that can be recognized as the payee when presented to the payment institution are referred to as " Quot; may be one embodiment of the "

Also, in the present invention, the term "receiving institution" means an institution which issues means for receiving remittance. Accordingly, the bank issuing bank account, the card company issuing the card, the company issuing the prepaid payment means, the communication company issuing the telephone number as the prepaid payment means, the remittance company issuing the disposable remittance allowance, .

In the present invention, the term " alias of a counterparty " means information given to each counterparty by a user in order to identify a specific counterparty with another counterparty. Accordingly, in an embodiment of the present invention in which the contact DB installed in the smart phone is implemented as a transaction counterpart DB, a name (or an alias) for matching and inputting a telephone number, etc., Can be an embodiment.

In the present invention, the " recipient identification information " is used to distinguish the recipient corresponding to the counterparty from another person, corporation, or organization in the process of processing a remittance transaction by an institution handling a remittance transaction such as a bank or a remittance company The term "information" refers to the information required for such information.

In the present invention, the " real name ID " means information for identifying the real name of each user. The resident registration number, the driver's license number, the passport number, the corporation number, the business number, the alien registration number, and the like may be one embodiment of the real name ID.

In the present invention, the term " application " means an application program for self-authentication which is driven by the OS of the user terminal.

In the present invention, the term " connection account " means an account designated for withdrawing and receiving funds related to a service provided by a user institution among bank accounts of a specific user.

In the present invention, the term " user organization " is collectively referred to as " user organization server " In this specification, "non-bank transfer company operating a remittance company server", "virtual money exchange server operating a virtual money exchange server", and "mobile payment company operating a mobile payment server" are exemplified as the "use agency" Various embodiments will be described for each institution. Therefore, when the "user institution" is exemplified in the present specification, the non-bank remittance company, the virtual money exchange and the mobile settlement company exemplified above are collectively referred to. Also, in this specification, a description is given of an operation in which a user uses a plurality of utilization organizations by using one application of the present invention. In this case, the first and second utilization organizations are referred to for convenience of explanation. The term " user organization "

In the present invention, the term " user institution server " means a server to which a specific user accesses to use a specific transaction. In this specification, the term "user institution server" includes a server (hereinafter referred to as "remittance company server") operated by an institution other than a bank to which a user accesses remittance transactions, and a server Hereinafter referred to as a "virtual money exchange server") and a server (hereinafter referred to as a "mobile payment server") to which a user accesses for a mobile settlement transaction. However, a server (search server) that accesses to use a search transaction, a server (mobile banking server) that accesses for mobile banking transaction, and the like may all be one embodiment of the user institution server. Also, in this specification, a user communicates with a plurality of user agent servers by using one application of the present invention. In this case, the first user agent server and the second user agent server are referred to as' , And in this case also referred to as " user institution server "

In the present invention, the term " disposable authentication information " refers to electronic authentication information having characteristics that are changed each time the user transmits authentication authentication information from the user terminal to the access authority server it means. Therefore, the electronic information, which is characterized in that the information having characteristics corresponding to the digital signature defined in the digital signature method is changed every time the authentication is performed, can be an embodiment of the disposable authentication information. Also, an OTP generated in a hardware type or a software type OTP generation device issued to a customer by a bank or the like may be an embodiment of disposable identity authentication information.

In the present invention, the term " settlement account " means an account opened in the settlement bank of the user organization for the purpose of settlement of funds between the user and the user among the bank accounts of the specific user.

Also, in the present invention, the term " compliance filtering " refers to a process of determining whether a suspicious transaction report is applicable, determining whether the transaction is a money laundering transaction, , The financial institution determines whether it is a legally possible transaction or whether it is a transaction to be reported to the government authority before processing the transaction according to the transaction request, .

In the present invention, the term " WYK " means information registered in the service server assuming that only a specific user knows it. Accordingly, the 'login password, account password, PIN, etc. registered in the service server may be one embodiment of WYK. For the purpose of this specification, which describes the interoperation between the principal authentication server and the user authentication server, the "WYK" registered in the principal authentication server will be referred to as "WYK" for the principal authentication server and the principal authentication server "WYK" registered in the user agent server is referred to as "WYK" for the user organization, but "WYK" is referred to as "WYK" for the user authentication authority and "WYK"

In the present invention, the term " WYH " means information registered in the service server assuming that only a specific user is possessed. Accordingly, the digital signature generation information defined in the digital signature method, the information uniquely generated by the USIM, the encryption decryption key value stored in the security area of the user terminal in a predetermined method selected by the service server, biometric information (fingerprint, iris, vein , Facial features, etc.) may be one embodiment of WYH. Hereinafter, an embodiment using WYK encryption key stored in the secure area of the user terminal will be described as an embodiment of WYH. For the purpose of this specification, which describes the interoperation between the principal authentication server and the user authentication server and not the principal authentication server, "WYH" registered in the principal authentication server is hereinafter referred to as "WYH" for the principal authentication server and the principal authentication server WYH "registered in the user institution server is referred to as" WYH "for the user organization, but" WYH "is referred to as" WYH "for the user authentication authority and" WYH "

In the present invention, " OO box " is an area in which information indicating " OO " is displayed in the screen area output to the output unit, and " OO box "Quot; and " information "

Hereinafter, the virtual money exchange server, the mobile payment server, and the remittance company server are examples of use agency servers, the virtual money exchange, the mobile settlement company and the non-bank remittance company are examples of use agencies, (Hereinafter referred to as "the settlement bank") and the non-bank transfer company (hereinafter referred to as the "settlement bank") shall be a server operated by the settlement bank (hereinafter referred to as "settlement bank server" The settlement bank allocates a certain range of virtual account numbers to the virtual currency exchange, the mobile settlement company and the non-bank transfer company so that they do not overlap each other, and the virtual money exchange and the mobile settlement company And non-bank transfer companies each use a specific virtual account number among the virtual account numbers that are not allocated to itself in a non-overlapping manner For example, while the center to protect the privacy of the present invention the assigning a virtual real name ID is described a method for easily and safely verify the name.

FIG. 1 is a block diagram of an apparatus necessary to implement a method of real-name authentication in a simple yet safe manner while protecting personal information according to an embodiment of the present invention.

Referring to FIG. 1, a device necessary for realizing a simple and secure real name authentication method for personal information protection includes a principal authentication server 100, a user agent server 200, a user terminal 300, an application download server 400, And each of the components 100, 200, 300, and 400 may be connected to a wired / wireless network.

The authentication server 100 can be connected to at least one of the user institution server 200, the user terminal 300, and the application download server 400 with a wired or wireless network and includes an input unit, an output unit, a storage device, A random number calculation unit 130, and a personal authentication unit 140. The random number calculation unit 130 and the random number calculation unit 140 are the same as those shown in FIG.

The user authentication DB 110 is provided with a virtual real name ID for each user, a WYK for the user's certification authority, a WYH for the user's authentication authority, and a settlement account ID can be stored.

According to an additional aspect of the present invention, the virtual real name ID for each user organization is a specific virtual account number assigned to a specific user by each user organization in a virtual account number set independently allocated to each user organization.

According to a further aspect of the present invention, the WYK for the authorized container is stored in a unidirectional encrypted state.

In the function storage unit 120, at least one of the principal authentication information calculation function and the inverse function of the principal authentication information calculation function is stored. The personal authentication information calculation function receives at least one of 'WYK' matched to a specific real name ID and 'WYH' matched to the real name ID to calculate personal authentication information. In addition, the inverse function of the principal authentication information calculation function may receive the authentication information (up to the WYH when the WYH is inputted together with encryption) during decryption, and inverse the WYK.

According to a further aspect of the present invention, the authentication information calculating function of the present invention receives the WYK and the WYH together, and calculates the authentication information by encrypting the WYK with the encryption key. The WYH, which is a WYK encryption key, is updated in one of a user terminal and a user institution server every time a predetermined event (for example, an authentication event transmitted from the user terminal is verified by the authentication server 100) So that the WYH stored in the counterpart device can be updated. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key is also a one-time variable, and the calculated authentication information becomes the one-time authentication information. Hereinafter, the present invention will be described focusing on an embodiment to which the above-described additional aspects are applied.

According to another additional aspect of the present invention, the authentication information calculation function of the user is the same as the authentication information calculation function of the user stored in the function storage unit configured in the download target application stored in the application download server 400. The same is true for the authentication information calculation function of the user stored in the function storage unit configured in the application installed in the user terminal 300. Of course, even if the functions are the same, the identity information actually calculated according to the independent variables WYK for the self-certification authority and WYH for the self-certification authority to be input to the function is changed.

According to an additional aspect of the present invention, a unidirectional cryptographic function can be stored in the function storage unit 120. In the present invention, the unidirectional cryptographic function will be described.

The random value calculation unit 130 randomly calculates a new WYH for the individual authentication authority every time a predetermined event (for example, an event whose identity authentication information transmitted from the user terminal is verified by the identity server 100) is generated.

The authentication unit 140 checks whether the WYK for the self-certification authority received from the user terminal 300 matches the WYK for the self-certification authority 110 retrieved from the authentication DB 110 and determines whether the WYK is matched.

According to an additional aspect of the present invention, the identity authentication unit 140 assigns 'the WYK for the self-certification authority decrypted using the inverse function of the principal authentication information calculation function' to the 'unidirectional encryption function retrieved from the function storage unit 120' And the unidirectionally encrypted value is matched with the unidirectionally encrypted WYK 'for the self-certification authority searched in the self-certification DB 110 to determine coincidence. Hereinafter, the description will be focused on the above case.

According to a further aspect of the present invention in which the server of the settlement bank affiliated with the user institution also serves as the principal authentication server 100, the principal authentication server 100 includes a metabase unit 150, a balance DB 160, And may further include a balance DB 170.

The metabolic unit 150 collates the information transmitted from the user institution server 200 with the corresponding information transmitted from the user terminal 300 to judge whether they match each other, and performs compliance filtering using all or a part of the information.

Balance information can be stored in the balance DB 160 by matching the settlement account ID.

The virtual balance DB 170 may store cash balance information and non-cash balance information matching the virtual real name ID. The cash balance information may be composed of cash balance information matched for one or more currency indications, The non-cash balance information may consist of one or more virtual currency denominations, one or more merchandise identification information, and balance information matched by one or more securities identification information.

The user institution server 200 includes a user DB 210, a function storage unit 220, a random value calculation unit 230, a user authentication unit 240, and a virtual real name ID DB 250.

In the user DB 210, each user matches the user identification information registered in the user organization, and the predetermined virtual real name ID, "WYK for the user registered by the user in the user organization" and "WYH for the user" 'And one or more balance information are stored.

According to an additional aspect of the present invention, the WYK for the use agency can be stored in a unidirectional encrypted state.

According to an additional aspect of the present invention, the virtual real name ID is a specific virtual account number assigned to a specific user among a plurality of virtual account numbers allocated from the authentication server 100 by the user institution server 200.

According to an additional aspect of the present invention, the balance information includes at least one of cash balance information of a specific call display, specific virtual money balance information, balance information by specific product, and specific stock balance information.

The function storage unit 220 stores at least one of the principal authentication information calculation function and the inverse function of the principal authentication information calculation function. Wherein the authentication information calculation function of the user is one or more of 'WYK for user institution matching with specific user identification information' and 'WYH' for user institution matching with the user identification information, and calculates authentication information for the user institution . The inverse function of the authentication information calculation function of the user is input to the calculated user authentication information for the user (up to the WYH when the user inputs the WYH in encryption) to inverse the WYK.

According to an additional aspect of the present invention, the WYH for the user organization uses the WYK encryption key to transmit the user authentication information to the user terminal 300 and the user institution server 200 (for example, ≪ / RTI > and may be sent to the other party device and synchronized. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key is also a one-time variable, and the calculated authentication information becomes the one-time authentication information.

According to a further aspect of the present invention, the authentication information calculation function of the user is the same as the authentication information calculation function of the user stored in the function storage unit configured in the download target application stored in the application download server 400. The same is true for the authentication information calculation function of the user stored in the function storage unit configured in the application installed in the user terminal 300. Of course, even if the functions are the same, the disposable authentication information actually calculated according to the independent variables WYK for the user and WYH for the user are input to the function.

According to an additional aspect of the present invention, a unidirectional cryptographic function can be stored in the function storage unit 220. In the present invention, the unidirectional cryptographic function will be described.

The random value calculating unit 230 randomly calculates a WYH for a new use institution whenever a predetermined event (e.g., an event in which the user authentication information transmitted from the user terminal is verified by the use authority server 200).

The authentication unit 240 determines whether the authentication information for the user organization 300 received from the user terminal 300 is matched with the WYK for the user's institution retrieved from the user DB 210. [

According to an additional aspect of the present invention, the identity authenticator 240 may substitute the uni-directional encryption function retrieved from the function storage unit 220 for the user's institution WYK read or calculated in the received information, Value and the 'user DB 210' may be matched with the retrieved, unidirectionally encrypted WYK 'for the user agent for the unidirectional encryption. In the following description, the case will be mainly described.

In the virtual real name IDDB 250, the virtual real name IDs assigned from the certification authority are stored.

The user terminal 300 includes all computing devices that can be connected to a wired / wireless network and have an input unit, an output unit, a storage device, an operation unit, and an OS. In this specification, a smart phone is exemplified. An app 310 of the present invention can be installed in a storage device configured in the user terminal 300 and the app can be driven by the OS configured in the user terminal 300.

The application 310 is a program downloaded from the application download server 400 and includes a user ID DB 311, a WYKDB 312, a WYHDB 313, a function storage unit 314, a transaction partner DB 315, DB 316 and a service subscription code storage unit 317.

In the user ID DB 311, 'one or more of the user identification information and the virtual real name ID' registered in the corresponding user institution may be stored in correspondence with the one or more user ID information. According to another aspect of the present invention in which the application 310 is implemented exclusively for a specific user, the user ID DB 311 stores only the user identification information registered in the user organization and the virtual real name ID May be stored.

The WYKDB 312 stores the encrypted WYK for the certification authority and the encrypted WYK for the user. According to an additional aspect of the present invention, the 'encrypted WYK for the user's authentication authority' is stored in correspondence with the user authentication authority identification information, and the 'encrypted WYK for the user institution', which is independent of each other, Lt; / RTI >

WYHDB 313 may store WYH for the certification authority. According to an additional aspect of the present invention, the 'WYH for the self-certification institution' may be stored in correspondence with the self-certification institution identification information, and the independent 'WYH for the user institution' may be stored in correspondence with the one or more user- . Hereinafter, the WYH DB 313 stores 'WYK encryption key for the user's certification authority' as 'WYH for the user's certification authority', and matches the one or more user's identification information, Encryption key " is stored.

According to an additional aspect of the present invention, at least one of the user ID DB 311, the WYKDB 312 and the WYK encryption key DB 313 may be configured in a secure area (not shown) of the user terminal 300, In the present specification, an example of this additional aspect will be described.

The function storage unit 314 stores a principal authentication information calculation function, an encryption function, and a decryption function. The personal authentication information calculation function receives one or more of "WYK and WYH" for a specific use and calculates the authentication information of the use for the purpose.

According to an additional aspect of the present invention, the WYH for the specific use is a key for encrypting and decrypting the WYK for the use (hereinafter referred to as a " WYK encryption key "), It is shared.

According to a further additional aspect of the present invention, the WYH for the specific use is a WYH for a specific event (for example, an event in which the authentication information of the use transmitted from the user terminal to the server for the purpose is verified in the server of the use purpose) The WYH is updated at one of the user terminal and the server, and then transmitted to the counterpart device so that the WYH for the use stored in the counterpart device can be updated. In this case, since the WYK encryption key becomes a one-time variable, the WYK encrypted using the WYK encryption key is also a one-time variable, and the calculated authentication information becomes the one-time authentication information. Hereinafter, the present invention will be described focusing on an example of the above additional aspect.

Meanwhile, the encryption function encrypts the 'encryption target information input to the input unit' using the 'master password input to the input unit' as an encryption key, and the decryption function decrypts the 'master password' input to the input unit as a decryption key Target information '.

The recipient identification information may be stored in the transaction counterpart DB 315 by matching 'one or more of the trading partner alias and the profile photograph of the trading partner'.

In the embodiment in which money is deposited in the account of the recipient, the recipient identification information may include the recipient identification information and the receipt account ID. Therefore, the specific bank identification information and the bank account number, the specific card company identification information and the card number, the specific prepayment means issuer identification information, the prepaid account number, and the like may be one embodiment of the remittee identification information. In the embodiment in which the recipient searches for the specific recipient, the recipient identification information includes the recipient identification information, the recipient's name or reciprocal (hereinafter referred to as the recipient's name), the recipient's telephone number, and the recipient's e-mail address .

In a country where the purpose of the remittance transaction is confirmed, the remittance destination identification information having a high frequency when remitting the remittance can be included as the remittee identification information. In the case of an international remittance to which various remittance prohibited persons are to be discriminated, the name of the country (hereinafter referred to as "recipient country"), the name of the recipient, the address of the recipient and the remittance purpose identification information of the recipient institution may be included as the remittee identification information .

On the other hand, as an application installed in a smart phone, a contact app phone book application that can store at least one of an alias, a name and a profile picture matching each phone number is used. However, the name may also be an embodiment of the " trading partner alias " defined in this specification. Accordingly, this application may be an embodiment of the transaction counterpart DB 315 of the present invention, as long as the necessary payee identification registration information can be stored by matching with 'one or more of alias, name and profile picture'.

In the payment means DB 316, payment means identification information is stored in correspondence with one or more user ID information.

The service subscription code storage unit 317 may store 'identification information (hereinafter referred to as' service subscription code') that the app 310 is an app of a user subscribed to the real name authentication service of the present invention. According to an additional aspect of the present invention, when the service subscription code is retrieved from the service subscription code storage unit 317, it is estimated that the app is an app of the present invention provided to a user subscribed to the real name authentication service of the present invention If the service subscription code is not found, it is estimated that the app is not an app of the present invention, or an app of the present invention has not yet been registered in a self-certification authority.

An app is stored in the app download server 400, and a user terminal can access and download the app.

According to an additional aspect of the present invention, the application download server 400 may be one of the authentication server 100 and the user institution server 200. Hereinafter, however, the description will focus on the case in which the application download server 400 does not serve either as the authentication server 100 or the user institution server 200.

FIG. 2 is a view for explaining the operation of the embodiment of the method of installing the app of the present invention in the user terminal of the present invention, which is an example of "simultaneous subscribing application example" and "WYH non-use application for use agency".

In step 210, the user terminal 300 accesses the membership application application page of the user institution server 200, and a predetermined screen (hereinafter referred to as "Quot; subscription application screen ") is output.

According to a further aspect of the present invention, the user agent registration application screen may not include a column for inputting information that the user is reluctant to disclose to the user institution, such as a real name ID or a bank account number, .

(Hereinafter, referred to as " terms and conditions ") for browsing terms (hereinafter referred to as " user agent terms ") defined by a user agency for providing a predetermined service, (Hereinafter referred to as " agreement agreement input field ") for displaying consent to the terms posted in the above-mentioned terms and conditions and the user identification information to be used as authentication information when accessing the user institution server 200 (Hereinafter referred to as " user identification information input field ") for inputting user identification information (hereinafter referred to as " user identification information " (Hereinafter referred to as "mobile phone number input field") and a field for inputting an e-mail address (hereinafter referred to as "e-mail address input field").

When information corresponding to each required field in the user agent subscription application screen output to the output unit of the user terminal 300 is inputted in step 215, the input information is transmitted to the user institution server 200.

An example of the above operation is as follows. A user uses the input unit of the user terminal 300 to browse the terms of the user organization, select the agreement agreement input field, add the user identification information for the user organization Inputting a password for the user institution in the WYK field for the user institution, inputting the mobile phone number and the e-mail address of the user in the mobile phone number input field and the e-mail address input field, respectively, ).

If the 'information transmitted in step 215' is received from the user institution server 200 in step 220, the 'virtual real name' IDDB 250 receives' one of the virtual real name IDs previously assigned to the user's authentication authority Is selected for the user and the information entered by the user in step 215 is stored in the user DB 210 to match the selected virtual real name ID.

In an embodiment of the above operation, virtual account numbers assigned from the self-certification authority are stored in the virtual real name IDDB 250 configured in the user institution server 200, and the user identification information among the virtual account numbers is matched User ID information received at the step 220 in the embodiment of the step 220 and stored in the user DB 210 is stored in the user DB 210, Matching with the matched virtual account number ', stores the user agent identification information for the user agent, the password for the user agent, the mobile phone number and the e-mail address' received in the embodiment of the step 215 and received in the embodiment of the step 220, A code for identifying the fact of agreeing to the terms of use of the user (hereinafter referred to as "user agreement agreement code") is stored.

According to another aspect of the present invention, the user identification information of the user is not input separately, and the 'selected virtual account number, the inputted mobile phone number, and one of the input e-mail addresses' .

In step 240, the user agent server 200 calls the authentication server 100 and selects the user agent identification information, the mobile phone number and the e-mail address that are input in step 215 and received in step 220, Is transmitted to the authentication server 100, the authentication server 100 is called and receives the 'transmitted information'.

In one embodiment of the above operation, the user agent server 200 calls the settlement bank server 100, and the user agent identification information and the user information entered in the embodiment of step 215 and received in the embodiment of step 220, Mobile phone number and e-mail address' and 'virtual account number matched in the embodiment of step 220' to the settlement bank server 100, the settlement bank server 100 is called and the 'transmitted information' .

According to another aspect of the present invention, the user agent server 200 transmits the 'user identification information and virtual real name ID' to the user terminal 300, and the user terminal 300 transmits the ' Number and e-mail address' to the called authentication server 100.

In step 245, the user terminal 300 is connected to a predetermined service subscription application screen (hereinafter referred to as a "simple personal authentication service subscription screen") page of the authentication server 100 of the principal authentication server 100, (Hereinafter referred to as "WYK field for the certification authority") and a box for submitting a new settlement account to the certification authority (hereinafter referred to as "settlement account Quot; application request box ") is displayed.

An example of the simple self-certification service subscription application screen is an area for browsing the terms (hereinafter referred to as " simple personal authentication service ") defined by the self-certification body for providing a predetermined service (Hereinafter referred to as " settlement account ID ") as an embodiment of the user identification information for the user's certification authority and the information for identifying the account of the user opened in the user's certification authority (Hereinafter referred to as " personal authentication ") for inputting a password (hereinafter referred to as " settlement account password ") matched with the account ID WYK Field for Institution "or" Settlement Account Password Field ") and a settlement account application box.

Meanwhile, as another embodiment of the user authentication information for the user authentication authority in the present invention, the user may be provided with the login ID registered by the user in the user authentication authority, the 'information registered by the user in the user authentication authority' The mobile phone number, the e-mail address and the virtual real name ID ', which have features that do not overlap with the same type of information registered by the user.

If the user has the account settlement account of the user established in the self-certification authority, the following step 270 is operated after the step 250, the step 260 and the step 265 'are executed, and otherwise the following steps 250-1 and 255 -1 and step 265-1 are operated, the step 270 is operated.

When the user terminal 300 receives the information required for the user authentication service subscription application including the user authentication information for the user authentication service and the WYK for the user authentication service, the input information is transmitted to the authentication server 100 .

In an embodiment of the above operation, the user views the simple personal authentication service terms in the simple personal authentication service subscription application screen illustrated in the embodiment of step 245, using the input unit of the user terminal 300 , The user enters the settlement account number assigned by himself / herself in the settlement account ID field and the settlement account password field in the settlement account input field, and the settlement account password himself / herself registered in the settlement bank, The entered settlement account number and settlement account password and agreement information on the simple personal authentication service terms are transmitted to the settlement bank server 100.

When the authentication server 100 receives the 'information transmitted in step 250' in step 260, the user authentication DB 110 receives the real name ID matched with the 'user identification information for the user authentication authority read from the information' The WYK for the institution is searched, and the identity authentication unit 140 collates' the WYK for the self-certification authority read out from the received information and the WYK for the self-certification authority searched for to determine whether or not to match.

When the settlement bank server 100 receives the 'settlement account number and settlement account password and agreement information on the simplified personal authentication service agreement' transmitted in the embodiment of step 250, Unidirectionally encrypted settlement account password 'is searched for in the authentication DB 110, and the received settlement account password is unidirectionally encrypted using a hash function, and the one-way encrypted settlement account The password is matched with the unidirectionally encrypted settlement account password retrieved from the principal authentication DB 110 to determine coincidence.

If the determination in step 260 is affirmative, step 265 is operated.

The random value calculating unit 130 randomly calculates a new WYH for the user's authentication center in the authentication server 100 at step 265 and transmits the WYH for the user's authentication center read from the information received at step 260 And the mobile phone number, the e-mail address and the virtual real name ID 'read from the information received in step 240 are stored.

The random value calculation unit 130 calculates a new settlement account password encryption key at random as the WYH for the principal authentication authority and transmits the new settlement account password encryption key to the principal authentication DB 110 in step ' The calculated settlement account password encryption key and the mobile phone number and the e-mail address received in the embodiment of the step 240 are stored in correspondence with the settlement account number read from the received information, and the settlement account number The virtual account number received in the embodiment of step 240 is stored in the virtual account number field matched with the matching user agent identification information received in the step 240 embodiment.

In step 250-1, if information for selecting the settlement account opening application box included in the simple self-service authentication service subscription screen at step 245 is input to the user terminal 300, (Hereinafter, referred to as a " combined dual-user authentication service subscription screen ") is displayed on the user terminal 300. The screen displays a field for inputting a real name ID ID field ") and a WYK field for your certification authority.

When the user selects the settlement account open application box configured on the simple personal authentication service subscription application screen output in the embodiment of step 245 using the input unit of the user terminal 300, Predetermined settlement account opening application information is transmitted from the user terminal 300 to the authentication server 100 and information on the common authentication service subscription screen is transmitted from the authentication server 100 to the user terminal 300 A third party identification information input column, a second another account account number input column, a third party account authentication information input column, and an account password input field as a WYK input column for the principal authentication station in the output section of the user terminal 300 , A conditional access box, and a predetermined combined simple authentication service subscription application screen including a conditional agreement input field 'are output.

If the information necessary for the application for opening a settlement account including the 'real name ID and the WYK for the self-certification institution' and the information required for the simple personal authentication service subscription application are input to the user terminal 300 in step 255-1, And is transmitted to the identity authentication server 100.

In one embodiment, the user inputs the user's real name number to the real name number input field using the input unit of the user terminal 300, selects the third-party identification information input field, (Hereinafter referred to as " another bank ") in which his / her account is opened, which is not his / her own certification authority, by inputting the identification information of the account of his / her own account (Hereinafter referred to as "another account number"), the 'third-party identification information and the other account number' are transmitted to the principal authentication server 100, and the principal authentication server 100 calculates a predetermined random value 'The random value matched with the other account number' is transmitted to the computer system corresponding to the another-run identification information. At this time, the user accesses the computer system corresponding to the third-party identification information using the input unit of the user terminal 300, searches for the random value, inputs the retrieved random value to the second-account authentication information input field, (Or driver's license or passport) is photographed in accordance with a resident registration card (or a driver's license or passport) in which the real name number of the real name is registered in the camera image output field, Inputting the account password selected by the user in the account password input field and inputting the agreement display of the simple personal authentication service terms and conditions, the 'entered real name, account password and random value' and ' And the agreement information on the simplified self-authentication service agreement is transmitted to the authentication server 100 It is.

In step 265-1, when the 'information transmitted in step 255-1' is received from the authentication server 100, one of the transaction IDs for the authentication authorities for the authentication authorities not assigned to other users is selected, and the random value calculation unit 130 The WYK for the self-certification authority read out from the received information is unidirectionally encrypted, and in the identity authentication DB 110, the WYH for the self-certification authority is randomly generated The WAN control information for the selected certification authority, the WAN identifier for the selected certification authority, the WAN identifier for the selected certification authority, the WAN identifier for the selected certification authority, E-mail address and virtual real name ID 'are stored.

If the 'information transmitted in the embodiment of step 255-1' is received from the settlement bank server 100, the 'specific settlement account ID', which has not yet been assigned to any user, The random value calculation unit 130 randomly calculates a new settlement account password encryption key as the WYH for the certification authority, and the 'settlement account password read out from the received information' is used as a hash function Encrypted in the unauthorized encrypted account settlement account password 'and the' unidirectionally encrypted account settlement account password ', and the' unidirectional encrypted account settlement account ID ' Settlement account password encryption key " and the 'user identification information and mobile phone number, e-mail address and virtual account number' received in the embodiment of step 240 are stored.

The application download server 400 downloads the application to the user terminal 300 in step 270 and the authentication information registration screen is output to the output unit of the user terminal 300 and the authentication server 100 " to " information requesting WYH " is transmitted.

In an embodiment of the above operation, a URL for downloading an application from the authentication server 100 is transmitted to the user terminal 300, and when the user terminal 300 receives the URL, When the user selects the url using the input unit of the user terminal 300, the application is downloaded to the user terminal 300 from the application download server 400, A personal authentication information registration screen including an account number input field, a WYK encryption key input field, a settlement account password input field, a password field for a user institution, a master password field and a confirmation box 'is output from the mobile phone 300, 'Information for requesting a WYK encryption key for the self-certification authority' is transmitted together with the mobile phone number, which is the ID of the user terminal, to the mobile terminal 100.

When the authentication server 100 receives the 'information transmitted in step 270' in step 275, the virtual real name ID matched with the user terminal ID read from the information in the authentication DB 110 and the WYH for the user's authentication authority are retrieved do.

When the settlement bank server 100 receives the 'information transmitted in the embodiment of the step 270', the authentication DB 110 stores the information matched to the mobile phone number read from the information The virtual account number and the WYK encryption key for the certification authority are retrieved.

The virtual real name ID and the WYH for the certification authority WYH 'retrieved in step 275 are transmitted on a separate channel as a response to the' information received in step 275 'from the authentication server 100 to the user terminal 300 in step 280

As an example of such an operation, the settlement bank server 100 may send a response to the 'information received in the embodiment of Step 275' to the user terminal 300 as a 'virtual account number' And the WYK encryption key for the certification authority 'are transmitted in the form of SMS

When the user terminal 300 receives the virtual real name ID and the WYH for the authentication authority sent in step 280, the information is output to the output unit in step 285.

According to an additional aspect of the present invention, the 'virtual identity information ID input field and the WYH input field for the self-certification authority are included in the' identity authentication information registration screen output at step 270 ', and the virtual real name ID And WYH for the certification authority are output to the corresponding input boxes.

When the user terminal 300 receives the 'information transmitted in step 280', the 'virtual account number input field' included in the 'user authentication information registration screen' outputted in step 270 and the ' The virtual account number and the WYK encryption key for the self-certification authority 'are respectively input into the WYK encryption key input field for the bank.

According to another aspect of the present invention, in step 285, the 'virtual real name ID' and the WYH for the user's certification authority are separately input in the corresponding input boxes, 'And' WYH 'for the user's authentication center by using the input field of the user terminal 300 and the' virtual real name ID input field 'and the' WYH input field for the user authentication authority ' 'May be included.

In step 290, the WYK for the certification authority, the WYK for the user, and the master password are input to the user terminal 300.

The user inputs the settlement account password field, the password field for the user and the master password field using the input unit of the user terminal 300, Account password, user authority password and master password '.

In step 295, the user terminal 300 transmits the WYK for the user authentication institution and the WYK for the user institution input in the step 290 (or the step 290-1) to the master password input in the step 290 (or the step 290-1) Encrypted WYK for the authentication authority and the WYK for the user organization are stored in the WYKDB 312 and the encrypted virtual real name ID entered in step 285 (or step 285-1) is stored in the user ID DB 311 And stored in the WYHDB 313 for WYH 'for the certification authority inputted in step 285 (or step 285-1).

In an embodiment of step 290 (or step 290-1) to 'the master password' entered in the embodiment of step 290 (or step 290-1) at user terminal 300, Settlement account password and the password for the user organization ', respectively, and the WYKDB 312 configured in the security zone, respectively, matches the' settlement bank identification information and the user identity information ' Is stored in the user ID DB 311, and the virtual account number input in the embodiment of the step 285 (or the step 285-1) is stored in the user ID DB 311, and in the embodiment of the step 285 (or the step 285-1) WYK encryption key for the certification authority 'inputted in the WYH DB 313 is stored in the WYH DB 313.

According to another aspect of the present invention, the steps 210-1, 280-1, 285-1, and 290-2 are performed in place of the steps 210, 270, 275, 280, 285, 1 can be operated.

In step 210-1, the 'app of the present invention' is downloaded from the application download server 400 to the user terminal 300, and the user agent subscription application screen is output to the output unit of the user terminal 300.

One embodiment of the user agent registration application screen is the same as in step 210. [

In step 280-1, the virtual real name ID and the WYH for the authentication authority stored in step 265 are transmitted to the user terminal 300 from the authentication server 100 on a separate channel

As an example of the above operation, the settlement bank server 100 transmits 'the virtual account number stored in step 265 and the WYK encryption key for the self-certification authority' in the form of SMS to the user terminal 300

Upon receiving the virtual real name ID and the WYH for the user authentication authority transmitted in step 280-1 from the user terminal 300 in step 285-1, the output unit is provided with a virtual real name ID input field, a WYH input field for the user authentication authority, A predetermined authentication information registration screen including a WYK input field and a master password input field 'and a' virtual real name ID and WYH for a user authentication authority 'are output.

Upon receiving the 'information transmitted in step 280-1' from the user terminal 300, the 'virtual account number field', the WYK encryption key field for the settlement bank, the password field for the user station, and the master The virtual account number and the WYK encryption key for the user's authentication authority are input in the virtual account number input field and the WYK encryption key input field for the settlement bank, respectively And output.

According to another aspect of the present invention, in step 285-1, the 'virtual real name ID' and the WYH for the certification authority are replaced with the ' And the user inputs the virtual real name ID and the user authentication information in the 'virtual real name ID input field' and the 'WYH input field for the user authentication authority' included in the authentication information registration screen of the user using the input unit of the user terminal 300 ≪ / RTI > and WYH 'for the agency, respectively.

In step 290-1, the WYK for the user and the master password are input to the user terminal 300.

The user inputs the password for the user agency and the master password in the 'user input password field and master password input field' included in the user authentication information registration screen using the input unit of the user terminal 300, '.

FIG. 3 is a view for explaining an operation exemplified by the "additional application embodiment" and the "WYH usage example for a user organization", which is an embodiment of a method of installing an app of the present invention in a user terminal of the present invention.

If the 'information for selecting the mobile payment service identification information provided by the user of the present invention as payment means identification information' is input to the user terminal 300 of the present invention in step 305, the service registration code of the user terminal 300 is stored A predetermined service subscription code, which can be matched with the settlement means identification information, is retrieved in the subsection 317.

In an exemplary embodiment of the present invention, it is assumed that a user has already subscribed to a specific mobile payment service provided by a specific user, and a predetermined application for the mobile payment service is installed in the user terminal 300 The user accesses a server (not shown, hereinafter referred to as "online commerce server") operating a predetermined online commerce site using the user terminal 300, When the logo of the mobile payment service is selected using the input unit of the user terminal 300 as information for selecting the payment means for payment using the service, A predetermined service subscription code matching the mobile settlement service 'is retrieved from the storage unit 317.

If the service subscription code is not retrieved in step 305, step 310 and below are operated.

In step 310, the user terminal 300 accesses the service addition request page of the user institution server 200, and a predetermined screen (hereinafter referred to as " Service addition application screen ") is output. The user agent service addition request screen includes a user identification information input field for the use agency, a WYK input field for the use agency, and a WYH application box for the use agency.

According to an additional aspect of the present invention, the user agent service addition request screen may include 'one of a mobile phone number input field and an e-mail address input field' as the user identification information input field for the user agent.

When the user terminal 300 receives the user identification information for the user organization, the WYK for the user organization, and the information for selecting the WYH application box for the user organization, the inputted user organization WYK is calculated as the authentication information for the user organization, The 'user identification information for the user institution, the user authentication information for the user organization' and the predetermined WYH application information are transmitted to the user institution server 200.

In one embodiment of the operation, the user browses the terms of the user organization using the input unit of the user terminal 300, selects the agreement agreement input field, , The user inputs a password to be registered in the user organization in the WYK input field for the user organization, and selects the WYH application box for the user organization, the input password is used as the authentication information for the user organization And the input user institution user identification information, the user authentication information for the user institution, and the predetermined WYH application information are transmitted to the user institution server 200. [

According to an additional aspect of the present invention, the user identification information of the user is not input separately, and information input in 'one of the mobile phone number input field and the e-mail address input field' may be regarded as the user identification information.

In step 320, when the user institution server 200 receives the user identity information for the user organization, the user authentication information for the user organization, and the predetermined WYH application information transmitted in step 315, the user DB 210 transmits' The WYK for the user institution that matches the institutional user identification information 'is searched for, and the identity verification unit 240 determines whether the received authentication information for the user institution is matched with the retrieved WYK for the user institution.

When the user agent server 200 receives the user agent identification information for the user agent, the password for the user agent, and the predetermined WYH application information transmitted in step 315 from the user DB 210 Unidirectionally encrypted password for the user organization 'matched with the received user ID for the user ID' is retrieved, and the identity authentication unit 240 unidirectionally encrypts the received WYK for the user ID using the hash function, The password for the single-use encrypted institution is compared with the retrieved one-way encrypted encrypted password for the used institution to determine whether or not they match.

If the determination in step 320 is affirmative, step 325 is operated.

In step 325, one virtual real name ID not allocated to any user among the virtual real name IDs previously allocated from the authentication authority in the virtual real name ID DB 250 is selected for the user in the user institution server 200 , The random value calculating unit 230 randomly calculates the WYH for the user institution and stores the virtual real name ID and the WYH for the user institution in the user DB 210 in correspondence with the received user identification information for the user, The WYH for the use agency is transmitted to the user terminal 300.

In an embodiment of the above operation, in the virtual institution name server 200, the virtual real name ID DB 250 stores' virtual account numbers that are not matched with the user identification information among the virtual account numbers pre- , The random number calculation unit 230 randomly calculates the WYK encryption key for the use authority, and the user ID information is stored in the user DB 210 as the user identification information (Hereinafter referred to as " additional service agreement agreement code ") for identifying the virtual account number, the calculated WYK encryption key for the service provider and the agreement of the calculated additional account agreement, The WYK encryption key for the use agency is transmitted to the user terminal 300 as a reply to the 'transmission in step 315'.

If the user terminal 300 receives the 'WYH for user agent transmitted in step 325' in step 330, the WYH input field for the user organization, the WYK input field for the user organization and the master password input field, do.

When the user terminal 300 receives the 'WYK encryption key for the user station transmitted in the embodiment of step 325' as a reply to 'transmission in step 315' in the user terminal 300, A WYK encryption key input field for the user organization, a password input field for the user organization, and a master password input field to which the WYK encryption key for the user organization is inputted.

According to another aspect of the present invention, in step 330, a WYH input field for the user station and a WYH input field for the user station are output to the output unit instead of the operation for outputting the WYH input field for the user station, Operation 'and' the operation of inputting the output WYH 'for the user using the input unit of the user terminal 300 in the output WYH input field for the user institution.

If the WYK for the user institution and the master password are input to the user terminal 300 in step 335, the WYK for the user institution is encrypted with the encryption key as the master password, the encrypted WYK for the user institution is stored in the WYKDB 312, The WYH 'for the user institution input at 330 is stored in the WYHDB 313.

The user inputs the password for the user authority and the password for the master password in the user input password field and the master password input field, which are output in the embodiment of the step 330, using the input unit of the user terminal 300, The password for the user authority is encrypted using the master password as an encryption key, the encrypted password for the user authority is stored in the WYKDB 312, the WYK encryption key for the user station input in the embodiment of the step 330, Is stored in the WYHDB 313.

In step 340, the user agent server 200 searches the user DB 210 for 'mobile phone number and e-mail address' matched to 'user identification information for the user institution received in step 320' And transmits the user identification information, the 'mobile phone number and e-mail address', and the 'virtual real name ID selected in step 325' to the authentication server 100, the authentication server 100 calls And receives the 'transmitted information'.

As an example of the above operation, a 'mobile phone number and an e-mail address' matched to the 'user identification information for the user institution received in step 320' is retrieved from the user DB 210 in the user institution server 200 , The user institution server 200 calls the settlement bank server 100 and searches the settlement bank server 100 for the user identification information, the retrieved 'mobile phone number and e-mail address', and the virtual account number assigned to the user in the embodiment of step 325' To the settlement bank server 100, the settlement bank server 100 is called and receives the 'transmitted information'.

According to another aspect of the present invention, the user agent server 200 transmits the 'user identification information and virtual real name ID' to the user terminal 300, and the user terminal 300 transmits the ' Number and e-mail address' to the called authentication server 100.

Step 245 in Fig. 2 is operated.

After the step 245 is executed, if the user holds the settlement account of the user established in the self-certification authority, the operation of step 250 and step 260 'in FIG. 2 is performed, 2 ', the' steps 270 to 295 'in FIG. 2 are operated, and in other cases, the steps 250-1 and 255-1 and the steps 265-1 'Are operated, the' steps 270 to 295 'are operated.

FIG. 4 is a flowchart illustrating a method for providing a non-bank remittance company with the non-bank remittance company and the non-bank remittance company using the app of the present invention to request a remittance transaction to a non-bank remittance company, Figure 4 is a diagram for explaining the operation of one embodiment of a method for securely realizing real name authentication.

In step 405, information for selecting an app is input to the user terminal 300.

To illustrate one embodiment of the above operation, a user selects an icon using the user terminal 300, in which the identification information of the user organization is displayed.

In step 420, 'at least one of trading partner aliases and profile photographs' is retrieved from the trading partner DB 315 at the user terminal 300 and output to the output unit in a predetermined order.

In an embodiment of the above operation, the user terminal 300 searches the transaction counterpart DB 315 together with the 'latest transfer date and profile photo' matched with the information stored in the trading partner alias field, N 'trading partner aliases' from the alias of the trading partner whose date is the latest date are outputted to the output unit together with the' matched profile pictures', respectively, and then the remaining trading partner aliases are matched with ' And output to the output unit.

In step 425, information on which 'one of the specific trading partner alias and specific profile photograph' is selected is input to the user terminal 300.

To illustrate one embodiment of the above operation, the user uses the input of the user terminal 300 to select 'one of the trading partner aliases and the matched profile pictures output in the embodiment of step 420'.

In step 430, the recipient identification registration information matched to one of the trading partner alias and the profile photograph selected at step 425 is retrieved from the transaction counterpart DB 315 at the user terminal 300, and the retrieved information is matched Input field and output to the output section, and the transaction application amount field and the master password field are displayed.

In the transaction partner DB 315, 'transaction partner alias, payee name, recipient institution identification information, and so on' matched to one of the trading partner alias and the profile photograph selected in the embodiment of step 425 ' (Hereinafter, referred to as " transaction identification information ") that identifies a transaction type, which is a " transfer request " ) Is matched with the transaction partner alias input field, the recipient name field, the recipient institution identification information field, the recipient account number field, the recipient country name field, the recipient telephone number field, the recipient e-mail address field, And the remittance amount input field and the master password input field are output.

According to an additional aspect of the present invention, the information that is not searched out among the 'trading partner alias name, payee name, recipient institution identification information, receipt account ID, recipient country name, recipient telephone number, recipient e-mail address and remittance purpose identification information' If so, the fields matching the non-retrieved information are output in blank.

According to another additional aspect of the present invention, the step 430 includes an operation of inputting corresponding information by using a field of the user terminal 300 in a field output in blank as described above .

According to another additional aspect of the present invention, when the user inputs corresponding information by using the input box of the user terminal 300 in a field output in the blank space as described above, in the transaction partner DB 315, The remittee identification registration information matched to one of the trading partner alias and the profile photograph selected in step 425 is updated with the corresponding information inputted.

At step 435, the amount of transaction request and the master password are input to the user terminal 300.

The user inputs the remittance amount as transaction amount and the master password in the remittance input field and the master password input field, which are output in the embodiment of step 430, using the input unit of the user terminal 300, .

In step 440, the virtual null name for the user institution is retrieved from the user ID DB 311 of the user terminal 300, the encrypted WYK for the user's authority and the WYK for the user's institution are retrieved from the WYKDB 312, WYH for the certification authority is searched.

In an embodiment of the above operation, a virtual account number matched with the user ID information is retrieved from the user ID DB 311 configured in the security area in the user terminal 300, The encrypted settlement account password 'matched to the settlement bank identification information and the' password for the encrypted use agency matched to the use institution identification information 'are searched for and the WYHDB 313 configured in the security area matches the settlement bank identification information The WYK encryption key is retrieved.

In step 445, the user terminal 300 decrypts the master password 'inputted in the user terminal 300' in step 435 (or step 935) by using the decryption key, which is retrieved from the WYKDB 312 in step 440 (or step 940) Decrypts the WYK for the user's certification authority and the WYK for the encrypted use-organization.

The master password input to the user terminal 300 in the embodiment of step 435 (or step 935) may be referred to as a decryption key, the 'encrypted settlement account password retrieved from the WYKDB 312, And the encrypted password for the use agency ', respectively.

The user terminal 300 uses the WYK for the self-certification authority decrypted in step 445 (or step 545) and the WYH for the self-certification authority retrieved from the WYHDB 313 in step 440 (or step 540) Authentication information for the certification authority is calculated.

[0052] In an embodiment of the above operation, the 'decrypted settlement account password' decrypted in the step 445 (or step 545) is encrypted with the 'WYK encryption key for settlement bank' retrieved in step 440 (or step 540) And the authentication information for the settlement bank is calculated.

However, if the WYK encryption key is a disposable WYK encryption key that is updated each time the authentication authority performs authentication, the encrypted settlement account password becomes a one-time encrypted WYK for the certification authority. Also, since the WYK encryption key itself is an embodiment of WYH, the encrypted settlement account password is information for proving WYK and also for verifying WYH.

Hereinafter, the description will be focused on an embodiment in which a single-use WYK encryption key is used to encrypt a WYK for a certification authority and 'one-time authentication information for proving WYK and WYH' is calculated.

In step 455, the user terminal 300 transmits the remittance transaction identification information, the transaction application amount entered in step 435, the virtual real name ID retrieved in step 440, and the virtual real name ID retrieved from the transaction counterpart DB 315 in step 430, To the authentication server 100, the authentication information of the authentication agency for the authentication institution calculated in step 450 and the authentication information of the authentication server 100 by matching the 'transaction application amount, virtual real name ID, and payee identification registration information' The WYK 'for the user institution decrypted in step 445 is transmitted to the use-institution server 200 as the authentication information for the user institution.

In one embodiment of the above operation, the user terminal 300 transmits the remittance application code, 'the remittance amount entered in the embodiment of the step 435', the 'virtual account number retrieved in the embodiment of the step 440' To the settlement bank server 100, the payee identification information 'retrieved from the counterparty DB 315 or inputted therein and the' authentication information for the settlement bank calculated in the embodiment of the step 450 'to the settlement bank server 100, , The virtual account number, the payee name and payee ID, the payee account ID, the payee name, the payee's telephone number, the payee's e-mail address, and the payee's payee identification information 'in step 445 To the use agency server 200. [

When the user agent server 200 receives the 'information transmitted to the user agent server 200 in step 455' in step 456, the user DB 210 searches the user DB 210 for the 'virtual real name ID read from the received information' Searches for the WYK for the use agency, and the identity verification unit 240 determines whether the 'retrieved WYK for the user institution' matches the 'authentication information for the user institution' read from the received information.

When the user agent server 200 receives the 'information transmitted to the user agent server 200 in the embodiment of the step 455' in the user DB 210, Unidirectionally encrypted password for a service provider with a hash function matched to the virtual account number read out by the user authentication unit 240. If the identity authentication unit 240 receives the ' Password 'is unidirectionally encrypted with a hash function, and the' unidirectionally encrypted password for the user agent 'is compared with' the unidirectionally encrypted password for the user agent 'to determine coincidence.

If the determination at step 456 is affirmative, step 457 is operated.

In step 457, a predetermined transaction ID is generated in the use institution server 200, and the transaction ID and the predetermined remittance settlement application information are matched with each other. , And the payee identification information 'to the authentication server 100.

In one embodiment of the above operation, a predetermined transaction ID is generated in the user institution server 200, and the transaction ID is matched with the predetermined remittance settlement application information, , The virtual account number, the receiver's name, the receiver's identification information, the receiver's account ID, the receiver's name, the receiver's phone number, the receiver's e-mail address, and the receiver's identification information ' do.

If the authentication server 100 receives the 'information transmitted to the authentication server 100 at step 455' and the 'information transmitted at step 457' at step 458, the metabolic unit 150 transmits the received amount information It is determined whether or not they match each other.

[0064] In an example of the above operation, when the authentication server 100 receives the 'information transmitted to the authentication server 100 in the embodiment of the step 455' and the 'information transmitted in the embodiment of the step 457' , The proxy unit 150 transmits the remittance amount, the virtual account number, the payee name and payee name, the payee account ID, the payee name, the payee telephone number, and the payee email address read from the information transmitted in the embodiment of Step 455 The virtual account number, the payee name and payee ID information, the payee account ID, the payee name and the recipient telephone number, which are read out from the information transmitted in the embodiment of Step 457, Number, recipient e-mail address, and remittance identification information.

If the determination at step 458 is affirmative, step 460 is run.

In step 460, the authentication server 100 authenticates the user who is matched with the virtual real name ID 'read from the information transmitted to the authentication server 100 in step 455 (or step 457-1) The WYK for the certification authority and the WYH for the certification authority are searched, and the identity verification unit 140 searches for the WYK for the self-certification authority and the WYH for the self-certification authority and the authentication information for the self- .

In one embodiment of the above operation, the settlement bank server 100 performs a unidirectional encryption with a hash function matched to the virtual account number 'read from the information transmitted in the embodiment of the step 455' Quot; settlement account password " and the WYK encryption key for the settlement bank, and when the principal authentication unit 140 receives the " settlement account encrypted for settlement bank ", which is read from the received information, Account password 'to the' settlement bank WYK encryption key ', unidirectionally encrypts the decrypted settlement account password using a hash function, and transmits the unidirectionally encrypted settlement account password and the' unidirectionally encrypted settlement account password ' And determines whether or not they match.

If the determination in step 460 is affirmative, step 465 is operated.

In step 465, the authentication server 100 searches the personal authentication DB 110 for a real name ID matched to the virtual real name ID determined to match in step 458, and regards the real name ID as the real name ID of the remitter , The payment amount read from the information received in the step 460 is regarded as the remittance, and the remittee name, the payment station identification information, the payment account opening bank identification information, the payment account number and remittance determined to match in the step 458 The destination identification information 'is regarded as information on the recipient, and the filtering is performed for the remittance act constituted.

If the compliance filtering result at step 465 is determined to be a normal transaction, step 475 is operated.

The random value calculating unit 130 randomly calculates a new WYH for the user's authentication center in the authentication server 100 in step 475 and the WYH calculated in step 456 Updates the WYH for the self-certification authority that matches the virtual real name ID '(read from the information received in step 955) with the calculated WYH for the self-certification authority and transmits the calculated WYH for the self-certification authority to the user terminal 300. [

The random value calculation unit 130 may randomly calculate the WYK encryption key for the authentication center for the authentication authority, and the authentication DB 110 may determine whether the random value is a random number Or the WYK encryption key for the self-certification authority matched to the virtual account number '(read from the information received in the embodiment of step 955) to the calculated WYK encryption key for the self-certification authority' And transmits the calculated WYK encryption key for the self-certification authority '.

When the user terminal 300 receives the 'information transmitted to the user terminal in step 475' in step 480, the 'WYH for the user's authentication institution' stored in the WYHDB 313 with 'the WYH for the user's certification authority read from the received information' Lt; / RTI >

Upon receiving the 'information transmitted to the user terminal in the embodiment of step 475' in the user terminal 300, the 'WYK encryption key read from the received information' And updates the 'WYK encryption key for settlement bank' stored in the DB 313.

In step 485, the authentication server 100 searches the authentication DB 110 for the settlement account ID matched with the virtual real name ID that is determined to be matched in step 458, and in the balance DB 160, The ID, the balance matched to the ID is reduced corresponding to the transaction amount determined to be matched in step 458, the payee name, the payee identification information, the payee account opening bank identification information, The money amount corresponding to the amount of the transaction before the remittee corresponding to at least one of 'the receipt account number and remittance purpose identification information'.

In one embodiment, the settlement bank server 100 searches the personal authentication DB 110 for a settlement account number matched to the virtual account number determined to be matched in the embodiment of step 458, In the balance DB 160, 'the balance matched to the settlement account number' is reduced by the sum of the remittance fee calculated in step 458 and the predetermined remittance fee, and ' , The remittance amount to the remittee corresponding to at least one of the payee name, the payee name identification information, the payee account opened bank identification information, the payee account number, and the remittance purpose identification information.

According to another aspect of the present invention, steps 455-1 and 457-1 may be performed in place of steps 455, 457, and 458, respectively.

In step 455-1, the user terminal 300 transmits the remittance transaction identification information, the transaction amount entered in step 435, the virtual real name ID retrieved in step 440, The virtual real name ID, and the payee identification information 'calculated in step 450,' the WYK for the user institution decrypted in step 445 ', and the' To the user institution server 200 as the authentication information for the user organization.

In step 457-1, a predetermined transaction ID is generated in the use-institution server 200, and the transaction ID and the predetermined remittance settlement application information are matched with each other, and the 'remittance transaction identification information, which is read from the information received in step 456, And transmits the application amount, the virtual real name ID, the payee identification registration information, and the authentication information for the self-certification institution to the authentication server 100.

The authentication server 100 does not directly transmit the 'authentication information for the principal authentication authority' from the user terminal 300 to the authentication server 100, as in step 455, The reason for the reason is that the 'WYH for the certification authority' is updated every time the user is authenticated, as in steps 475 and 485, and the result is that the authentication information for the user's certification authority, which is calculated in step 450, becomes the disposable information, , The information will be information that can not be used for the next authentication.

FIG. 5 is a flowchart illustrating a process of transferring personal information to the virtual money exchange using the application of the present invention for depositing the money in the account of the user established in the virtual money exchange A method for authenticating a real name in a simple and safe manner.

Step 405 in Fig. 4 is operated.

In step 510, boxes in which transaction identification information are respectively written are output to the output unit of the user terminal 300.

In an exemplary embodiment of the above operation, a deposit box in which transaction identification information " deposit " is displayed, a withdrawal box in which transaction identification information " withdrawal " And a transfer box in which the transaction identification information "transfer" is displayed.

In another example of the above embodiment, the selling box may be output in which a transaction box with the transaction identification information " buy " is displayed and a transaction identification information " sell "

In step 515, information (hereinafter referred to as "deposit transaction identification information") identifying the 'transaction for requesting deposit to the account opened in the user institution' (hereinafter referred to as "deposit transaction") is transmitted to the user terminal 300 Information (hereinafter referred to as " deposit transaction selection information ") for selecting a marked box (hereinafter referred to as "deposit box") is input.

To illustrate one embodiment of the above operation, the user selects a deposit box using the input unit of the user terminal 300 to apply for a transaction for depositing funds in his account opened in the user institution.

In step 530, the deposit transaction identification information, the transaction application amount field and the master password field are output to the output unit of the user terminal 300.

In an exemplary embodiment of the above operation, a predetermined deposit transaction application screen including a sign "deposit application", a deposit amount input field, and a master password input field is output to the output unit of the user terminal 300.

Step 435 in Fig. 4 is operated.

In an exemplary embodiment of the present invention, the user inputs the deposit amount and the master password in the deposit amount input field and the master password input field, which are output in the embodiment of step 530, using the input unit of the user terminal 300, respectively.

In step 540, the user's virtual ID for the user is retrieved from the user ID 300 in the user terminal 300, the encrypted WYK for the user's authority is retrieved from the WYKDB 312, and the WYH for the user's authentication authority is retrieved from the WYHDB 313 do.

In the user terminal 300, a 'virtual account number matched with the user ID information' is retrieved from the user ID DB 311 configured in the security area, and the WYKDB 312 configured in the security area is retrieved. The encrypted settlement account password matched with the settlement bank identification information is searched for in the security area and the WYK encryption key matched to the settlement bank identification information is retrieved from the WYHDB 313 configured in the security area.

The master password input to the user terminal 300 at step 435 (or step 735) is decrypted by the decryption key at step 545 in the user terminal 300 in step 545. In step 540, the encrypted master certification authority WYK 'retrieved from the WYKDB 312 in step 540, .

In operation 540, the encrypted master account password retrieved from the WYKDB 312 is decrypted by the decryption key in the 'master password' input to the user terminal 300 in the embodiment of operation 435. [ ≪ / RTI >

Step 450 in FIG. 4 is operated.

In step 555, the user terminal 300 transmits a transaction ID code matching 'transaction identification information' displayed in the box selected in step 515 (or step 615), 'virtual real name ID retrieved in step 540', and ' And the 'authentication amount for the self-certification institution calculated in step 450' to the authentication server 100.

[0064] [0040] Illustrating one embodiment of the above operation, the user terminal 300 may further include a deposit application code corresponding to the transaction identification information selected in the embodiment of step 515 (or step 615) And the authentication information for settlement bank calculated in the embodiment of the step 450 to the settlement bank server 100. The settlement bank server 100 transmits the settlement bank application 100,

In step 560, the authentication server 100 receives the 'information transmitted in step 555 (or step 755)', and in the authentication DB 110, the 'authentication information' corresponding to the 'virtual real name ID' read from the received information, The WYK for the certification authority and the WYH for the user's certification authority are searched, and the identity verification unit 140 searches for the WYK for the self-certification authority and the WYH for the self-certification authority, 'Are matched.

When the settlement bank server 100 receives the 'information transmitted in the embodiment of step 555 (or step 755)' in the settlement bank server 100, Unidirectionally encrypted settlement account password with a hash function matched to the read virtual account number 'and the WYK encryption key for the settlement bank, and the identity authentication unit 140 reads' the account information read from the received information, Decrypts the settlement account password encrypted with the WYK encryption key for the settlement bank, which is the personal authentication information, with the WYK encryption key for the settlement bank, unidirectionally encrypts the decrypted account settlement password using a hash function, The settlement account password and the retrieved one-way encrypted settlement account password are compared with each other to determine whether or not they match.

If the determination in step 560 is affirmative, step 565 is operated.

In step 565, the authentication server 100 searches for the 'real name ID and the settlement account ID' matched to the 'virtual real name ID read out from the information received in step 560' in the authentication DB 110, The corresponding person withdraws an amount corresponding to 'the transaction amount read from the information received in step 560' from the 'own account corresponding to the settlement account ID' and deposits the money in 'his account opened in the user institution' Lt; / RTI >

In one embodiment of the above operation, in the authentication server 100, the user authentication DB 110 registers the real name number matched with the 'virtual account number read from the information received in the embodiment of the step 560' 'The person corresponding to the real name number' withdraws' the deposit amount received in the embodiment of the step 560 'from the' own account corresponding to the settlement account number ', and' The transaction is deposited in the account.

If the result of compliance filtering at step 565 is determined to be a transaction that can be processed, step 570 is performed.

In step 570, the authentication server 100 subtracts the balance matched with the settlement account ID found in step 565 by the amount corresponding to the amount of transaction demand read from the information received in step 560 in the balance DB 160 The balance matching the settlement account ID of the user institution is increased and the remaining balance matched with the virtual real name ID read from the information received in step 560 is increased by the amount corresponding to the transaction application amount in the virtual balance DB 170, (Hereinafter referred to as " compliant filtering completed information ") and the information indicating the completion of the predetermined compliance filtering (Hereinafter, referred to as " personal authentication completed information ") to the user institution server 200. [

In one embodiment of the above operation, the authentication server 100 determines that the balance matching the 'settlement account number retrieved in the embodiment of the step 565' in the balance DB 160 is' the information received in the embodiment of the step 560 And the remaining balance matched to the settlement account of the user institution is increased by 'the amount of the settlement application fee minus the predetermined settlement commission', and in the virtual balance DB 170, the 'amount of deposit requested' , A balance amount matched to the read virtual account number 'is increased by the amount of the deposit request, and a professional code for identifying that the deposit transaction is completed by the user institution server 200' ', The virtual account number, the amount of the depositing application, and the amount of' the deposit fee minus the settlement commission '.

Steps 475 and 480 in Fig. 4 are operated.

When the user agent server 200 receives the 'information transmitted in step 570' in step 590, the user DB 210 transmits the balance matched with the virtual real name ID read out from the received information to the received information The amount equivalent to the transaction amount read from the '

[0064] In an embodiment of the above operation, when the user agent server 200 receives the 'information transmitted in the embodiment of step 570', the cash balance matched to the 'virtual account number read from the received information' Is increased by 'the amount of the deposit application read out from the received information'.

FIG. 6 is a flowchart illustrating a method of providing personal information to the virtual money exchange and the 'self-certification institution and settlement bank affiliated with the virtual money exchange' using an app of the present invention for withdrawing money from the account of the user, A method for authenticating a real name in a simple and safe manner.

Steps 405 and 510 in Fig. 5 are operated.

In step 615, information (hereinafter referred to as "withdrawal transaction identification information") identifying the transaction "requesting withdrawal from his / her account opened in the user institution" (hereinafter referred to as "withdrawal transaction") is transmitted to the user terminal 300 Information for selecting a marked box (hereinafter referred to as "withdrawal box") (hereinafter referred to as "withdrawal transaction selection information") is input.

In an exemplary embodiment of the above operation, the user selects the withdrawal box using the input of the user terminal 300 to apply for a transaction to withdraw money from his account opened in the user institution.

In step 630, the information for identifying the withdrawal transaction, the transaction application amount field, and the master password field are output to the output unit of the user terminal 300.

In one embodiment of the above operation, a predetermined withdrawal transaction application screen including a mark "withdrawal application", a withdrawal amount field and a master password field is output to the output unit of the user terminal 300.

Steps 435 to 560 in Fig. 5 are operated.

In operation 435, the user inputs the withdrawal application amount and the master password in the 'withdrawal amount field and master password field', which are output in the embodiment of operation 630, using the input unit of the user terminal 300 do.

In step 665, the authentication server 100 searches the personal authentication DB 110 for a real name ID and a settlement account ID matched with the virtual real name ID read from the information received in step 560, The transaction amount that is read from the information received in step 560 is withdrawn from the account of the user established in the user institution and the transaction is deposited to the account of the account corresponding to the settlement account ID.

If the compliance filtering result in step 665 is determined to be a transaction that can be processed, step 670 is operated.

In step 670, the authentication server 100 transmits the balance matched with the virtual real name ID read from the information received in step 560 in the virtual balance DB 170 to the transaction amount read from the information received in step 560 The balance DB 160 reduces the balance matched to the settlement account ID of the user institution by the amount corresponding to the transaction application amount and increases the balance matched to the settlement account ID searched in step 565 , Transmits the predetermined withdrawal transaction identification information, the virtual real name ID, the amount corresponding to the transaction application amount, the predetermined compliance filtering completion information, and the user authentication completion information to the user institution server 200.

In one embodiment of the above operation, the authentication server 100 checks the balance matching the 'virtual account number read from the information received in the embodiment of the step 560' in the virtual balance DB 170 from ' The balance DB 160 reduces the balance matched to the settlement account number of the user institution by the amount of withdrawal application in step ' The balance of the matching account number 'retrieved in the embodiment 565 is increased, and a special code for identifying a predetermined personal authentication and a withdrawal transaction for completing the prescribed compliance filtering and completing the authentication of the user', the virtual account number The amount of the withdrawal application and the amount of the withdrawal application amount minus a predetermined settlement fee are transmitted to the user institution server 200.

Steps 475 and 480 in Fig. 4 are operated.

When the user agent server 200 receives the 'information transmitted in step 670' in step 690, the user DB 210 transmits the balance matched to the virtual real name ID read from the received information to the received information The amount of the transaction amount read from the '

[0053] In an embodiment of the above operation, when the user agent server 200 receives the 'information transmitted in the embodiment of step 670', the cash balance matched to the 'virtual account number read from the received information' The amount of the withdrawal application read out from the received information is reduced by the amount of the sum of the predetermined settlement fee.

FIG. 7 is a flowchart illustrating a method of providing a virtual money exchange in which a user uses an app of the present invention to purchase and sell virtual money in a virtual money exchange, while protecting personal information from the virtual money exchange and ' Figure 4 is a diagram for explaining the operation of one embodiment of a method for securely realizing real name authentication.

Steps 405 and 510 in Fig. 5 are operated.

In step 715, information (hereinafter referred to as "transaction identification information") identifying the 'transaction for submitting a sale from his / her account opened in the user institution' (hereinafter referred to as " Information (hereinafter referred to as " trading transaction selection information ") for selecting a marked box (hereinafter referred to as " trading box "

An exemplary embodiment of the above operation may be exemplified as follows. In order to apply for a purchase transaction in which a user holds a balance held in his / her account opened in a user institution or a transaction in which the balance stored in the account is sold, 300 are used to select the trading box.

According to another aspect of the present invention, there is provided an information processing method comprising the steps of: replacing the purchase transaction selection information with a transaction (hereinafter referred to as "purchase transaction") in which a customer requests purchase of cash deposited in his / (Hereinafter referred to as "purchase transaction selection information") for selecting a box (hereinafter referred to as "purchase box") in which information to be identified (hereinafter referred to as "purchase transaction identification information") is displayed (Hereinafter referred to as the "sell box") in which information (hereinafter referred to as "sell transaction identification information") identifying the transaction (hereinafter referred to as "sell transaction") requesting sale of virtual currency or securities product deposited in the account (Hereinafter referred to as " selling transaction selection information ") may be input.

In step 730, the output section of the user terminal 300 includes a field for inputting information for identifying a sales transaction and a selling object identification information (hereinafter referred to as a "selling object identification information input field"), a quantity input field, a price input field and a master password input field .

According to a further aspect of the present invention, the information for identifying the purchase transaction may be one of information for identifying the purchase transaction and information for identifying the sale transaction, and may include a box (hereinafter referred to as " (Hereinafter referred to as the "application box") and a box in which information identifying the sale transaction is displayed (hereinafter referred to as "sale application box").

[0040] In one embodiment of the above operation, a purchase application box, a sale application box, a column for inputting the virtual currency identification information for sale, a column for inputting the transaction application quantity, a column for inputting the application price, The screen of the purchase transaction application is displayed.

In step 735, information (hereinafter referred to as " buying transaction selection information " and " selling transaction selection information ", respectively) in which one of the buying transaction identification information and the selling transaction identification information is selected as transaction identification information is transmitted to the user terminal 300 The specific selling object identification information, the quantity, the price and the master password are inputted.

In an exemplary embodiment of the above operation, the user selects the purchase order box and the purchase order box in the sales order box, which are output in the embodiment of step 730, using the input unit of the user terminal 300, The virtual coin identification information output field in the embodiment of step 730 is selected and a bit coin identification code is selected from the output virtual currency identification information list, the quantity purchase quantity is input in the quantity input field, and the purchase price is entered in the price input field And enter the master password in the master password field.

Steps 540 to 450 in Fig. 5 are operated.

In step 755, the user terminal 300 transmits a 'transaction identification code matched to the transaction selection information input in step 735', 'the identification information of the selling object entered in step 735, the application quantity and the application price' Real name ID " and " personal authentication information for the self-certification institution calculated in step 450 " to the authentication server 100 itself.

The user terminal 300 may determine whether the number of purchase application codes matched in the purchase order box selected in the embodiment of step 735 and the bit coin identification code input in the embodiment of step 735 and the number The virtual account number retrieved in the embodiment of the step 540 and the encrypted settlement account password in the embodiment of the step 450 are transmitted to the settlement bank server 100.

Step 560 in Fig. 5 is operated.

If the determination at step 560 is affirmative, step 770 is run.

In step 770, the authentication server 100 matches the transaction identification code, the selling object identification information, the application quantity, the application price, and the virtual real name ID, read from the information received in step 560, And transmits the personal authentication completion information to the use agency server 200.

In an embodiment of the above operation, a special code that identifies that the transaction has completed the predetermined compliance filtering and has completed the authentication of the user, and a special code that identifies the purchase application code read from the received information in the embodiment of the step 560 And transmits the bit coin identification code, the purchase request quantity, the purchase price and the virtual account number to the user institution server 200.

Steps 475 and 480 in Fig. 4 are operated.

When the user agent server 200 receives the 'information transmitted in step 770' in step 790, it calculates the available quantity and the available price by a predetermined method, multiplies the available quantity by the available price, And calculates a balance matched with the virtual real name ID and the merchandise identification information read out from the received information in the user DB 210 to the transaction identification code read from the received information (In the case of the purchase application code) (in the case of the purchase application code), and subtracts the balance matched to the price display currency from the virtual real name ID read from the received information in the user DB 210 (In the case of a purchase application code) according to the transaction identification code read out from the received information (in the case of a sale application code), and increases it to the authentication server 100 by the amount corresponding to the amount of the application, ID and , The transaction identification code, the selling object identification information, the amount corresponding to the transaction application amount, and the display currency identification information '.

[0064] In an embodiment of the above operation, when the user agent server 200 receives the 'information transmitted in the embodiment of Step 770', it calculates the available and available prices in a predetermined manner, The balance amount matching the virtual account number and the bit coin identification code read out from the received information in the user DB 210 is calculated by multiplying the balance by the available amount Quot ;, which is the transaction identification code read from the received information, and the balance matched to the price display currency and the 'virtual account number read out from the received information' in the user DB 210, Quot; APPLICATION CODE ", which is a transaction ID code read from the received information, as much as the amount of money added to the transaction ID and the predetermined fee, and transmits the 'virtual account number' and the transaction ID code Number and transmits the application code, and a coin-bit identification code, and a corresponding amount and, display currency for the payment sincheongaek identification information of the local currency (KRW) '.

In step 791, when the authentication server 100 receives the 'information transmitted in step 790', the authentication server 100 determines whether the virtual real name DB and the displayed currency identification information ' (The case where the transaction identification code is the purchase application code) or the amount thereof is increased by the amount corresponding to the transaction amount read out from the received information (the transaction identification code is the purchase application code) 110) searches for a real name ID matched with the virtual real name ID, and the metabolic unit 150 searches for a person corresponding to the real name ID, an object corresponding to the selling object identification information read out from the received information, (In the case where the transaction identification code is the purchase application code) or the amount corresponding to the transaction amount read out from the received information (in the case where the transaction identification code is the sale application code) About 'deals' Compliance filtering.

When the authentication server 100 receives the 'information transmitted in the embodiment of the step 790', the authentication server 100 reads 'the virtual account', which is read from the received information, (The transaction identification code is the purchase application code), the amount matched to the 'number and the displayed currency identification information' is reduced by 'the amount obtained by adding the predetermined transaction fee to the payment application amount read out from the received information' 110) searches for a real name number matched with the virtual account number, and the proxy unit 150 receives the virtual money corresponding to the real name number, the virtual coin corresponding to the bit coin identification code read from the received information The transaction corresponding to the amount of the settlement application read out from the received information, and the transaction that pays (because the transaction identification code is the buy application code).

According to another aspect of the present invention, steps 540 and 545 and 'step 755 to step 770 and step 790' are replaced with 'step 440 and step 445' in FIG. 4 and steps 755-1 to 770-1 May be operated.

In step 755-1, the user terminal 300 transmits the transaction identification code, which is matched to the transaction selection information input in step 735, the sales object identification information, the application quantity and the application price entered in step 735, The WYK for the user institution decrypted in step 445 is matched with at least one of the searched virtual real name ID 'and the user identification information for the user institution and the' user authentication information for the user authentication authority calculated in step 450 ' To the server (200).

In step 760-1, the user agent server 200 receives the 'information transmitted in step 755-1', and the user DB 210 receives' the virtual real name ID read from the received information and the user identification information for the user agent One or more ', and the identity authentication unit 140 determines whether the retrieved WYK for the user is matched with' the authentication information for the user institution 'read from the received information.

If the determination in step 760-1 is affirmative, step 765-1 is operated.

In step 765-1, the user institution server 200 calculates the available and available prices by a predetermined method, calculates the amount of the transaction application by multiplying the available price by the available price, The balance matched with the virtual real name ID and the selling object identification information read out from the received information is added in accordance with the transaction identification code read out from the received information (in the case of the purchase application code) (In the case of a sales application code), and the user DB 210 transmits a 'virtual name' ID 'read from the received information and a balance matched to the price display currency to an amount corresponding to the transaction application amount' (In the case of a purchase application code) in accordance with the transaction identification code read from the information (in the case of the sale application code), and transmits the virtual real name ID, the transaction identification code, Identification And it transfers the amount and presentation currency identification information "corresponding to the transaction sincheongaek.

In step 770-1, the authentication server 100 receives the 'information transmitted in step 765-1', and transmits the 'virtual real name ID', the transaction identification code, the selling object identification information, and the transaction application amount Corresponding amount " and performs predetermined compliance filtering.

FIG. 8 is a flowchart illustrating a process of exchanging the virtual money exchange with the virtual money exchange using the app of the present invention to send money deposited in the account of the user to the virtual money exchange, A method for authenticating a real name in a simple and safe manner while protecting private information is provided to a 'settlement bank'.

Steps 405 and 510 in Fig. 5 are operated in the same manner.

(Hereinafter, referred to as " remittance transaction identification information ") that identifies a 'transaction for requesting remittance from an account opened in the user institution' (hereinafter referred to as "remittance transaction") to the user terminal 300 in step 815, (Hereinafter referred to as " remittance transaction selection information ") is input.

To illustrate one embodiment of the above operation, the user selects a remittance box using the input of the user terminal 300 to request a transaction for remittance from his or her account opened in the user institution.

Steps 420 to 435 in Fig. 4 are operated.

Steps 540 to 450 in Fig. 5 are operated.

In step 855, the user terminal 300 transmits the remittance transaction identification information, the transaction application amount entered in step 435, the virtual real name ID retrieved in step 540, and the virtual real name ID retrieved from the transaction partner DB 315 in step 430, And the authentication information for the self-certification institution calculated in step 450 'to the authentication server 100 of the user.

In operation 430, the user terminal 300 transmits the remittance application code, the 'remittance amount entered in the embodiment of the step 435', the 'virtual account number retrieved in the step 540' and the transaction counterpart DB 315, the recipient name and the recipient identification information, the receipt account ID, the recipient's name, the recipient's telephone number, the recipient's e-mail address, and the remittance's identification information 'and the settlement calculated in the embodiment of step 450 Bank authentication information 'to the settlement bank server 100.

In step 860, the authentication server 100 receives the 'information transmitted in step 855', and the WYK for the certification authority matching the virtual name 'ID read from the received information' The authentication unit 140 searches the WYH for the certification authority and determines whether the retrieved authentication certificate WYK for the self-certification authority and the WYH for the self-certification authority match the authentication information for the self-certification authority read out from the received information.

When the settlement bank server 100 receives the 'information transmitted in the embodiment of step 855', the personal authentication DB 110 transmits' the virtual account number read from the received information, Unidirectionally encrypted settlement account password 'and the WYK encryption key for the settlement bank, which match the' hash function 'matched to the' settlement bank ', and the self authentication unit 140 searches for' the authentication information for the settlement bank read from the received information ' The WAN control unit decrypts the settlement account password encrypted with the WYK encryption key for the settlement bank into the WYK encryption key for the settlement bank, unidirectionally encrypts the decrypted settlement account password using the hash function, The unidirectionally encrypted settlement account password 'searched for is matched to determine whether or not they match.

If the determination at step 860 is affirmative, step 865 is run.

In step 865, the authentication server 100 searches the personal authentication DB 110 for a real name ID matched with the virtual real name ID read from the information received in step 860 and regards the real name ID as the real name ID of the remitter The recipient identity registration information read from the information received in the step 860 is regarded as the information on the recipient, and the recipient identification information registered in the recipient identity registration information read in the information received in the step 860 is regarded as the remittance, do.

If the result of the compliance filtering in step 865 is a normal transaction, step 870 is performed.

In step 870, the authentication server 100 matches the 'remittance transaction identification information, the virtual real name ID, and the transaction application amount' read from the information received in step 860, and transmits the predetermined compliance filtering completion information and the personal authentication completion information to the user organization To the server (200).

In an exemplary embodiment of the above operation, the settlement bank server 100 transmits a 'special code for identifying a remittance transaction that has completed the prescribed compliance filtering and completed the identity authentication' and ' And transmits the read remittance application code, virtual account number, and remittance amount to the user institution server 200.

Steps 475 and 480 in Fig. 4 are operated.

When the user agent server 200 receives the 'information transmitted in step 870' in step 885, the user DB 210 searches for a balance matched to the virtual real name ID read from the received information, It is determined whether or not the amount is equal to the amount corresponding to the transaction amount read out from the received information.

When the user agent server 200 receives the 'information transmitted in the embodiment of step 870', the cash balance matched to the 'virtual account number read from the received information' And determines whether or not the remaining amount is equal to or greater than the amount obtained by adding a predetermined fee to the amount of remittance read out from the received information.

If the determination at step 885 is affirmative, step 890 is operated.

In step 890, the user institution server 200 subtracts the balance matched with the virtual real name ID read out from the received information by the amount corresponding to the transaction amount read out from the received information in the user DB 210 , And transmits predetermined agreement information to the authentication server 100 as a reply to the 'received information'.

In an embodiment of the above-described operation, the user institution server 200 transmits a 'cash balance matched to a virtual account number' read out from the received information as' a cash fee added to the remittance read out from the received information , And transmits a predetermined agreement code to the bank server 100 as a reply to the 'received information'.

When the authentication server 100 receives the 'information transmitted in step 890' in step 895, the settlement account ID matching the 'virtual real name ID read from the information received in step 860' is stored in the personal authentication DB 110 And the remaining balance matched to the settlement account ID of the user institution in the balance DB 160 is reduced in accordance with the read transaction amount read from the information received in the step 860. In the virtual balance DB 170, The balance matched to the read virtual false name ID 'is subtracted from the information received at 860 by the amount corresponding to the amount of the transaction request, Process the remittance transaction corresponding to the amount of the application.

When the settlement bank server 100 receives the 'information transmitted in the embodiment of the step 890', the personal authentication DB 110 transmits the 'information read from the information received in the step 860 to the virtual , And the remaining balance matched to the settlement account number of the user institution in the balance DB 160 is calculated by adding a predetermined fee to the amount of remittance read from the information received in step 860 The virtual balance DB 170 subtracts the balance matched to the virtual account number read from the information received in step 860 by the amount of money added from the remittance amount and proceeds to step 860 , The remittance amount read out from the information received from the receiver, the receiver's identification information, the receiver's account ID, the receiver's name, the receiver's phone number, the receiver's e-mail address, To And Lee.

FIG. 9 is a flowchart illustrating a method of transmitting a payment to a mobile payment company using an app of the present invention to pay a commerce payment using a service provided by a mobile payment company to the mobile payment company and a self- FIG. 1 is a diagram for explaining the operation of one embodiment of a method for authenticating a real name in a simple and safe manner while protecting personal information.

In step 905, after the user connects the user terminal 300 to a predetermined transaction server (not shown), the user of the user terminal 300 selects the purchase of the predetermined details using the input unit, And selects the identification information of the providing means.

In one embodiment of the above operation, a user connects a user terminal 300 to a specific on-line commerce server (not shown) in a foreign country, and then, using an input unit of the user terminal 300, A box in which the identification information of the payment means provided by the mobile payment company is displayed is selected.

In step 910, 'payment information including predetermined transaction request amount, predetermined transaction counterpart identification information and predetermined transaction details' is transmitted from the transaction server (not shown) to the use agency server 200, (200) receives the information.

In an embodiment of the above operation, a payment window page of the mobile payment server 200 is called from a server (not shown) operating in the foreign online store site, and a predetermined payment application amount, a seller ID, Is transmitted to the mobile payment server 200, which is a user agent server operated by the mobile payment company.

The user terminal 300 searches the payment means DB 316 for the use agency identification information matched with the payment instrument identification information selected at the step 905 and matches the user identification information in the user ID DB 311 And at least one of the 'user identification information for the use agency and the virtual real name ID' is transmitted to the use agency server 200 matching the use agency identification information .

The user terminal 300 is connected to the payment window page of the mobile payment server 200 by a call in the embodiment of step 910 and the user ID 300 311 , The user identification information 'matching the payment method identification information selected in step 905', 'account ID of the user registered in the mobile payment company operating the payment means' is searched, and the account ID is transmitted to the mobile payment server 200).

According to another aspect of the present invention, in a state in which a user has previously registered at least one of the user identification information for the user institution and the virtual real name ID assigned to the server (not shown) operating the online commerce site , Steps 910 and 915 may be replaced by the following steps 905-1 and 910-1.

In step 910-1, 'at least one of the user identification information for the user and the virtual real name ID' registered by the user is searched in the transaction server (not shown) in a predetermined manner, and the ' The billing information including the predetermined transaction request amount, the predetermined counterparty identification information, and the predetermined transaction details' is transmitted to the use agency server 200, 200 receives the information.

If the information transmitted in step 910 and the information transmitted in step 915 are received at the user institution server 200 in step 920, the user DB 210 transmits a user identification And the virtual remaining amount information matched with 'at least one of the information and the virtual real name ID' is retrieved, and it is determined whether or not the 'transaction demand amount read out from the information transmitted in step 910' is within the limit amount corresponding to the balance information.

In an exemplary embodiment of the above operation, the mobile payment server 200 retrieves a balance matched with 'the user identification information read from the information transmitted in the embodiment of step 915' in the user DB 210, It is determined whether or not the amount of settlement of payment 'read from the information transmitted in the embodiment 910 is within the balance.

In another exemplary embodiment of the above operation, in the mobile payment server 200, the payment DB issuer identification information matched with the 'user identification information read from the information transmitted in the embodiment of step 915' (Not shown) corresponding to the payment method issuer identification information, which is matched with the payment method issuer identification information and matches the user identification information, (For example, a card number or an account number) assigned by a credit card company or a bank or an issuer of a prepaid payment means) and the settlement amount, and transmits a predetermined agreement When information is received, it is judged that it is within the limit amount.

If the determination at step 920 is affirmative, then step 925 below is run.

In step 925, the user agent server 200 transmits to the user terminal 300 matching 'one or more of the user identification information and the virtual real name ID' transmitted in step 915 and read from the information received in step 920 ' Payment information including information on transaction amount, transaction other party identification information, and transaction details, which is transmitted and read in the information received in step 920, is transmitted.

On the other hand, according to another aspect of the present invention that preliminary verification of the settlement bank with respect to remittance possibility is preferred to process shortening prior to operation of step 925, if the determination at step 920 is affirmative, 921-1-1, step 922-1-1, step 923-1-1, and step 925-1 may be operated.

In step 921-1, the user DB 200 searches the user DB 210 for a virtual real name ID matched with the user identification information read from the information transmitted in step 915, The payment information 'transmitted and received at 910 is transmitted to the authentication server 100.

In one example of the above operation, the mobile payment server 200 searches for a virtual account number matched with 'user identification information read from the information transmitted in the case of the step 915' in the user DB 210, The settlement bank server 100 transmits the virtual account number and the payment information including the payment application amount and the seller ID and the name and quantity of the purchased goods transmitted and received in the case of the step 910. [

According to another aspect of the present invention, in step 921-1, the user agent server 200 transmits the 'virtual real name ID' read from the information transmitted in step 915 and the 'payment information transmitted and received in step 910' And may be transmitted to the authentication server 100.

According to another aspect of the present invention, the user identification information may be transmitted in place of the virtual real name ID.

If the information transmitted in step 921-1 is received from the authentication server 100 in step 922-1, the authentication server 110 transmits' the user identification information read from the received information and the virtual user ID One or more ', and the real name ID is regarded as the real name ID of the payer, the transaction amount read out from the received information is regarded as an amount corresponding to the payment amount, Information on the transaction details read out from the information is regarded as the identification information for the recipient and the information about the transaction details read out from the received information is referred to as the reason why the payee has to pay the payee Quot; information " and filters it.

When the settlement bank server 100 receives the 'information transmitted in the embodiment of the step 921-1', the personal authentication DB 110 transmits' information read from the received information to the virtual The real name number corresponding to the account number is regarded as the real name number of the payer, the payment amount read out from the received information is regarded as the amount corresponding to the payment amount, The seller ID read from the information is regarded as the payee identification information, and the name and the quantity of the purchased goods read out from the received information are regarded as information on the reason for remittance and are subjected to compliant filtering.

If it is determined as a normal transaction as a result of the compliance filtering in step 922-1, step 923-1 is performed.

(Hereinafter referred to as " transaction enable code ") as a reply to the 'information transmitted in step 921-1' in the authentication server 100 in step 923-1, ).

If the information transmitted in step 923-1 is received from the user agent server 200 in step 925-1, the user identification information transmitted from the step 915 and read from the information received in step 920 and the virtual real name ID Payment information including transaction amount, transaction other party identification information, and transaction details read in the information transmitted in step 910 and received in step 920 'is transmitted to the user terminal 300 matched to' one or more ' .

When the 'information transmitted in the embodiment of step 923-1' is received at the user institution server 200, the 'user identification information read from the information transmitted in the embodiment of step 915, The payment information including the settlement amount, the seller ID, and the name and the quantity of the purchased product read from the information transmitted in the embodiment of the step 910 'is transmitted to the user terminal 300 matched with'

After step 925 (or step 925-1) is operated, the following step 930 is operated.

When the 'information transmitted in step 925 (or step 925-1)' is received from the user terminal 300 in step 930, the output unit displays' the amount of transaction demand, transaction counterpart identification information, transaction details The master password field and a confirmation box are displayed.

When the information 'transmitted in the embodiment of the step 925 (or step 925-1)' is received at the user terminal 300, the output unit reads' the information read from the received information, Payment information including the settlement amount, the seller ID, and the name and the quantity of the purchased product ', a master password input field and a confirmation box are displayed.

If the user agrees with the output payment information, step 935 is performed.

In step 935, the master password is input to the user terminal 300.

When the user selects 'OK box output from the embodiment of step 930' using the input unit of the user terminal 300, a master password input box and another confirmation box are output, Inputs the master password to the master password input field using the input unit of the user terminal 300, and selects the confirmation box.

In step 940, the user's virtual ID for the user ID is retrieved from the user ID 300 in the user terminal 300, the encrypted WYK for the user's authority and the WYK for the user's institution are retrieved from the WYKDB 312, 'WYH for the certification authority and WYH for the user' are searched.

In an exemplary embodiment of the above operation, a virtual account number matching the 'use institution identification information retrieved in the embodiment of step 915' is retrieved from the user ID DB 311 configured in the secure area in the user terminal 300, The encrypted settlement account password matched with the settlement bank identification information and the encrypted password for the use agency matched with the use agency identification information are retrieved from the WYKDB 312 configured in the security area, The WYK encryption key for the settlement bank matched with the settlement bank identification information and the WYK encryption key for the use agency matched with the use agency identification information are searched in step 313.

According to another aspect of the present invention, in the case where the virtual real name ID is retrieved in step 915, a virtual real name ID matching 'user institution identification information retrieved in step 915' in the user ID DB 311 is retrieved in step 940 Action 'may be omitted.

Step 445 in Fig. 4 is operated.

In operation 940, the encrypted master account password retrieved from the WYKDB 312 in the embodiment of operation 940 and the encrypted password for the use agency, which are retrieved from the WYKDB 312, are decrypted with the decryption key. Respectively.

In step 950, the user authentication information for the user's certification authority is calculated using the 'WYK for the user's authentication authority decrypted in step 445' and the WYH 'for the user's authentication authority retrieved from the WYHDB 313 in step 940, The authentication information for the user institution is calculated by using the user organization WYK 'decrypted in step 445 and the user organization WYH' retrieved from the WYHDB 313 in step 940.

[0041] In one embodiment of the present invention, the 'decrypted settlement account password' in the embodiment of step 445 is encrypted with the 'WYK encryption key for the settlement bank' retrieved from the WYHDB 313 in the embodiment of step 940, Encrypted with the WYK encryption key for the user institution retrieved from the WYHDB 313 in the embodiment of the above step 940 ', and transmits the authentication information for the user institution .

In step 955, the user terminal 300 transmits predetermined transaction confirmation information, which is transmitted in step 925 (or step 925-1) and matches the information received in step 930, 'To the user institution server 200, and transmits the remittance transaction identification information,' transaction amount read out from the information received in step 930 ',' virtual real name ID 'retrieved in step 940 (or step 915) Information about transaction details read in the information received in step 930 'and' the authentication information for the self-certification institution calculated in step 950 ', which are read from the received information, to the authentication server 100 send.

In an exemplary embodiment of the above operation, the user terminal 300 may determine that a transaction has been received in step 925 (or step 925-1) and matches the information received in the embodiment of step 930, And the authentication information for the user institution calculated in the embodiment of the step 950 'to the user institution server 200 and transmits the remittance transaction identification information and the' payment amount read out from the information received in the embodiment of the step 930 ' The virtual account number retrieved in the embodiment of step 940 (or step 915), the seller ID read from the information received in the embodiment of step 930, and the merchant ID read from the information received in the embodiment of step 930, To the settlement bank server 100, the name and the quantity of the purchased commodity and the authentication information for settlement bank calculated in the embodiment of the step 950. [

According to another aspect of the present invention, in step 955, the virtual real name ID may be substituted, and the settlement account ID read from the predetermined memory may be transmitted to the identity authentication server 100

In step 956, when the user agent server 200 receives the 'information transmitted from the user DB 210 in step 955', the user ID information transmitted from the user DB 210 in step 925 (or step 925-1) The WYK for the user institution and the WYH for the user institution 'matched with' one or more of the virtual real name ID ', and the identity verification unit 240 searches for' the WYK for the user institution and the WYH for the user institution ' , The authentication information for the user organization 'is matched.

If the user agent server 200 receives the 'information transmitted to the user agent server in the embodiment of the step 955' in the user DB 210 in the step 925 (or the step 925- Unidirectionally encrypted password for the user institution 'and' WYK encryption key for the user institution 'matched with at least one of the account ID and the virtual account number transmitted in the embodiment of FIG. 1) Decrypts the encrypted WYK encryption key for the user institution using the decryption key, the encrypted password for the user institution, which is the authentication information for the user, which is read from the received information, unidirectionally encrypts the decrypted user agency password using the hash function, It is determined whether the password for the unidirectionally encrypted use authority matches the retrieved password for the unidirectionally encrypted use authority.

If the determination in step 956 is affirmative, step 957 is operated.

One or more of the user identification information and the virtual real name ID transmitted from the user DB 210 in step 925 (or step 925-1) is generated in step 957 by the use agency server 200 The matched balance is reduced by an amount corresponding to the transaction amount included in the information transmitted in step 925 (or step 925-1), and transmitted in step 925 (or step 925-1) The virtual real name ID included in the information, the payment information including the predetermined transaction request amount, the predetermined transaction other-party identification information, and the predetermined transaction details transmitted in the step 910 and received in the step 920, The random value calculation unit 230 randomly calculates a new WYH for the user institution and the WYH for the user institution matched with the virtual real name ID in the user DB 210 to the calculated WYH for the user institution Updates the calculated WYH for the use agency, To the user terminal 300.

An exemplary transaction ID is generated in the user agent server 200 and is transmitted from the user DB 210 to the account ID < RTI ID = 0.0 > (Or step 925-1) ', and further matches the transaction ID with' the virtual account number 'and the' virtual account number ' To the settlement bank server 100, payment information including the predetermined payment application amount, the seller ID, and the name and quantity of the purchased goods transmitted in the embodiment of the step 910 and received in the embodiment of the step 920 The random value calculation unit 230 randomly calculates a new WYK encryption key for the user institution, and transmits the WYK encryption key for the user institution matched with the virtual real name ID in the user DB 210 to the calculated WYK encryption key for the user institution And the calculated WYK password for the use agency To the user terminal (300).

When the authentication server 100 receives the 'information transmitted to the authentication server 100 in step 955' and the information 'transmitted in step 957 (or step 957-1)' in step 958, It is determined whether the received amount information matches each other.

In an example of the above operation, when the authentication server 100 receives the 'information transmitted to the authentication server 100 in the embodiment of the step 955' and the 'information transmitted in the embodiment of the step 957' , The metabase unit 150 checks whether the virtual account number, the payment amount and the seller ID, the name and the quantity of the purchased goods, which are read out from the information transmitted in the embodiment of Step 955, are transmitted in the embodiment of Step 957 It is determined whether or not the virtual account number, the settlement amount, the seller ID, and the name and the quantity of the purchased product read from the information coincide with each other.

If the determination at step 958 is affirmative, step 960 is run.

In step 960, the authentication server 100 searches the personal authentication DB 110 for the authentication information of the authentication server 100 that matches the virtual real name ID (or settlement account ID) read from the information transmitted to the authentication server 100 in step 955 The WYK and the WYH for the certification authority are searched, and the identity verification unit 140 judges whether or not 'the WYK for the self-certification institution and the WYH for the self-certification authority searched and the authentication information for the self-certification institution read out from the received information match' do.

In one embodiment of the above operation, the settlement bank server 100 performs a process of matching 'to the virtual account number read from the information transmitted from the embodiment of the step 955 to the authentication server 100 in the identity authentication DB 110' And the WYK encryption key for the settling bank, and the authentication unit 140 transmits a 'one-way encrypted settlement account password' and a settlement bank's WYK encryption key to the settlement bank 'authentication information for settlement bank', which is read from the received information, A WYK encryption key for the settlement bank ', a unidirectional encryption of the decrypted settlement account password using a hash function, and a' unidirectional encrypted settlement account password 'and a' unidirectional encrypted password ' Encrypted settlement account password 'to determine whether or not they match.

If the determination at step 960 is affirmative, then step 965 is performed

The authentication server 100 searches for the real name ID matched to the virtual real name ID read from the information transmitted from the authentication server 100 in step 955 to the authentication server 110 in step 965, Is regarded as the real name ID of the payer, the transaction amount determined to be matched in the step 958 is regarded as an amount corresponding to the payment amount, and the transaction counterpart identification information judged as matched in the step 958 is regarded as the payee identification information And regards the information on the predetermined transaction details determined to be matched in step 958 as information on the reason for paying the payee who is the payee, and performs the compliant filtering.

In one embodiment, the settlement bank server 100 searches for the real name number matched to the virtual account number read from the information transmitted to the authentication server 100 in the step 955, The real name number is regarded as the real name number of the payer, the amount of the payment amount calculated by subtracting the predetermined fee from the payment amount determined to be matched in the embodiment of the step 958 is regarded as an amount corresponding to the payment amount, The seller ID 'determined to be matched in the embodiment is regarded as the remittee identification information, and the name and quantity of the purchased goods determined to match in the embodiment of the step 958 are regarded as information on remittance reason, Filter.

If the result of the compliance filtering in step 965 is determined to be a normal transaction, steps 475 and 480 in FIG. 4 are operated.

The authentication server 100 searches the authentication server 110 for the settlement account ID matched to the virtual real name ID read from the information transmitted to the authentication server 100 in step 955, A balance matched with the settlement account ID is subtracted from the settlement amount matching the settlement account identification information by an amount corresponding to 'the amount of transaction application judged as matched in step 958' The balance corresponding to the settlement account ID is reduced in accordance with the amount of the transaction application, and the amount of money received in step 955 and matched with the counterpart identification information read in the information received in step 958 The amount of money corresponding to the amount of the transaction is handled.

In an exemplary embodiment of the above operation, the settlement bank server 100 performs a process of matching 'the virtual account number read from the information transmitted from the embodiment of the step 955 to the settlement bank server 100' And the balance DB 160 subtracts the balance matched to the settlement account number of the user institution by the amount obtained by adding the predetermined fee to the 'payment application amount determined to be matched in the embodiment of the step 958' The balance matched to the settlement account number is increased, and the balance matched to the settlement account number is reduced by 'the sum of the settlement fee plus the predetermined remittance fee', and is transmitted in the embodiment of step 955 In the embodiment of the step 958, processes the transaction for remitting the settlement amount to the receipt account matching the seller ID 'read from the received information.

According to an additional aspect of the present invention, the receipt account matching the seller ID may be one of an account of the seller name and an account for settlement of the collection settlement of the mobile payment company name.

On the other hand, according to another aspect of the present invention in which the virtual real name ID is substituted in step 955 and the settlement account ID read from the predetermined memory is transferred to the identity authentication server 100, in step 995, The operation of retrieving the settlement account ID matched with the virtual real name ID 'read from the information transmitted from the authentication server 100 to the authentication server 100 may be omitted

FIG. 10 is a flowchart illustrating a method of accessing a service provided by a second user using the first application after the first application is installed in the user terminal of the present invention for the purpose of using the first user, Fig. 5 is a diagram for explaining an operation of an embodiment in which it is not necessary to install a second application in a user terminal in the real name authentication.

In step 210-2, the user terminal 300 accesses the membership subscription application page of the second use agency server (not shown), and the output section of the user terminal 300 displays the 'user identification information input field for the use agency and the WYK input field &Quot; is displayed.

One embodiment of the user agent registration application screen includes a conditional access box, a conditional agreement input field, a user identification information input field for a user, a WYK input field for a user, a mobile phone number input field, and an E-mail address input field.

If the second user ID and the second user ID WYK are input to the user terminal 300 in step 215-2, the input information is used as the second user ID authentication information, Lt; / RTI >

An example of the above operation is as follows. A user uses the input unit of the user terminal 300 to browse the conditions of the user organization, select the agreement agreement input field, add the user ID for the second user If the user inputs his / her own 'mobile phone number and e-mail address' into the 'mobile phone number input field and the e-mail address input field', he / she inputs the identification information, Information is transmitted to the use-organ server 200.

When the 'information transmitted in step 215-2' is received in the second user database server (not shown) in step 220-2, the 'virtual real name IDs' (not shown) , And information 'read from the information' is stored in the user DB (not shown) to match the selected virtual real name ID.

In an example of the above operation, virtual account numbers assigned from a self-certification authority are stored in a virtual real name ID DB (not shown) in a second user database server (not shown) When the 'transmitted information' in the example is matched with 'the virtual account number that is the most preceding virtual account numbers in which the user identification information is not matched among the virtual account numbers, Identification information 'is matched with the' matched virtual account number 'in the user DB 210, and the' second user ID ', the password for the second user ID, the mobile phone number, and the e- E-mail address' and user agreement agreement code are stored.

According to another aspect of the present invention, the 'user identification information for the second user institution' is not separately inputted to the user terminal 300, and the 'virtual real name ID, the inputted mobile phone number, One of the e-mail addresses' may be regarded as the 'user identification information for the second user terminal' of the user.

In step 240-2, the second usage authority server (not shown) calls the authentication server 100 and transmits the second usage authority identification information, the predetermined real name authentication application information, and the virtual real name ID selected in step 220-2 To the identity authentication server 100, the identity authentication server 100 is called and receives the 'transmitted information'.

In an exemplary embodiment of the above operation, the second user agent server (not shown) calls the settlement bank server 100, and the second user agent identification information, the predetermined real name authentication application information, The settlement bank server 100 is called and the 'received information' is received when the virtual account number 'matched in the embodiment is transmitted to the settlement bank server 100'.

According to another aspect of the present invention, the second user terminal server (not shown) transmits the 'second user ID information, the predetermined real name authentication application information and the virtual real name ID' to the user terminal 300, And the terminal 300 may transmit the information to the called authentication server 100 called.

The user terminal 300 is connected to the predetermined real name authentication application screen page of the authentication server 100 in step 245-2 and the authentication server 200 is connected to the output unit of the user terminal 300 in step 240-2. (Hereinafter, referred to as " real name authentication application box ") and a master password input field, which are read from the received information, Is output.

The user terminal 300 is connected to the predetermined real name authentication application screen page of the authentication server 100 by the call in the step 240-2 and the authentication server 100 To the user terminal 300, the 'second access authority identification information received by the settlement bank server 100 in the step 240-2 embodiment' and the ' And the information about the predetermined real name authentication application screen including the "confirmation box for the above-mentioned phrase" as the real name authentication application box is transmitted to the output section of the user terminal 300, The screen is displayed.

In step 250-2, the information for selecting the 'real name authentication application box output from step 245-2' and the master password are input to the user terminal 300.

When the user selects the confirmation box in the step 245-2 using the input unit of the user terminal 300, the master password input box is output to the output unit, The master password is input to the master password input field by using the input unit of the master password input unit 300.

In step 255-2, the user terminal 300 encrypts' the master password input in step 250-2 'with the encryption key' the WYK for the second user institution inputted in step 215-2 is encrypted, and in the WYKDB 312, Encrypted WYK 'for the second user equipment is stored in the WYKDB 312 in correspondence with the' second user equipment identification information outputted in step 245-2 (or step 245-3) Is retrieved from the user ID DB 311, the WYH DB 313 searches for the WYH for the user's certification authority, and the master password is decrypted using the 'encrypted WYK for the user's authentication authority' And the 'authentication information for the user's authentication institution' is calculated using the decrypted 'WYK for the user's authentication authority' and the retrieved 'WYH for the user's authentication authority', and the 'user identification information for the user's authentication authority' The authentication application information and the ' Is transmitted to the authentication server 100 of the user.

In the user terminal 300, the 'master password inputted in the embodiment of the step 250-2' is encrypted with the encryption key 'the password for the second usage authority inputted in the embodiment of the step 215-2' Is encrypted, and the 'encrypted password for the second user institution' is stored in the WYKDB 312 so as to match the second user identity information 'output in the embodiment of step 245-2 (or step 245-3) , The encrypted settlement account password matched to the settlement bank identification information is retrieved from the WYKDB 312 configured in the security area, and in the user ID DB 311, the login ID , The settlement account number, the first virtual institutional real name ID, and the N (N ≠ 2) virtual real name ID for the certification authority 'are searched for and the WYHDB 313 configured in the security area matches the settlement bank identification information The WYK encryption key is retrieved, and the master password is decrypted The encrypted settlement account password is decrypted and the decrypted settlement account password is encrypted with the WYK encryption key to calculate the authentication information for the settling bank, One of the institutional virtual real name ID and the N (N ≠ 2) virtual institutional real name ID for the certification authority ', the real name authentication application code and the authentication information for the settlement bank are transmitted to the settlement bank server 100.

In step 260-2, when the 'information transmitted in step 255-2' is received from the authentication server 100, the user authentication DB 110 transmits a 'real name' matching the 'user identification information for the user authentication institution' ID, the WYK for the self-certification authority and the WYH for the self-certification authority, and the self-certification unit 140 searches for one or more of the searched WYK for the self-certification authority and the WYH for the self-certification authority, Authentication information for the self-employed certification authority 'is matched.

When the 'information transmitted in the embodiment of the step 255-2' is received from the settlement bank server 100, the personal authentication DB 110 transmits a 'login ID And the settlement account number, the real name ID matched to one of the virtual real name ID for the first authentication institution and the virtual real name ID for the Nth (N ≠ 2) certification authority, the 'one-way encrypted settlement account password with the hash function' And the personal authentication unit 140 transmits the 'settlement account password encrypted with the WYK encryption key for the settlement bank', which is the authentication information for the settlement bank, read from the received information, to the 'settlement bank' And the unidirectionally encrypted settlement account password is compared with 'the unidirectionally encrypted settlement account password' to determine whether the unidirectional encrypted settlement account password matches with the unidirectionally encrypted settlement account password.

If the determination in step 260-2 is affirmative, step 265-2 is executed.

In step 265-2, the authentication server 100 matches the user identification information for the user authentication authority read in the information received in step 260-2 in the authentication DB 110, and transmits the information received in step 240-2 The random value calculation unit 130 randomly calculates a new WYH for the individual authentication authority, and the personal authentication DB 110 updates the ' The WYH for the self-certification authority which matches the user identification information for the self-certification authority 'is updated to the calculated WYH for the self-certification authority, and the user terminal 300 transmits, as a reply to the' information received in the step 260-2 ' 'The second user organization identification information and the virtual real name ID' and the 'calculated WYH for the authentication authority WYH', and transmits the predetermined real name confirmation completion information as the response to 'reception in step 240-2' To a server (not shown).

In one embodiment of the above operation, in the personal authentication DB 110, a login ID, a settlement account number, a virtual account number for a first certification authority, and an Nth account number read from the information received in the embodiment of the step 260-2 In the virtual account number field matched with the 'second access authority identification information received in the embodiment of step 240-2' matched with 'one of the virtual account numbers for the certification authority (N ≠ 2)' , The random value calculation unit 130 randomly calculates a new WYK encryption key for the individual authentication authority and acquires the login ID and the settlement account number from the principal authentication DB 110 Updates the WYK encryption key for the self-certification authority to match the one of the virtual account number for the first authentication authority and the virtual account number for the Nth (N ≠ 2) certification authority with the calculated WYK encryption key for the self-certification authority, In response to the information 'received in the embodiment of 260-2, And transmits the 'second usage institution identification information and the virtual account number' and the calculated WYK encryption key for the self-certification authority 'to the authentication server 300 as a reply to the' reception at step 240-2 ' And transmits the completion information to the second user institution server (not shown).

Upon receiving the 'information transmitted from the second access authority server (not shown) to the second access authority server (not shown) at step 265-2' in step 270-2, 2 to the authentication server 100, and the predetermined real name authentication completion identification information is stored.

Upon receipt of the 'information transmitted to the user terminal in step 265-2' in the user terminal 300 in step 280-2, the first application 310 is activated, and in the user ID DB 311, The second user organization identification information and the virtual real name ID 'are stored in the WYH DB 313 and stored in the WYHDB 313, and the WYH for the user's certification authority is updated to the WYH for the user's certification authority read from the received information do.

FIG. 11 is a diagram for explaining a method for accessing a service provided by a second user using the first application after the first application is installed in the user terminal of the present invention for the purpose of using the first user, Quot; second application " of the embodiment in which real name authentication is required to be installed in the user terminal.

In step 210-3, the 'personalized premises 2 application' is downloaded from the application download server 400 to the user terminal 300. In the output unit of the user terminal 300, the 'user identification information input field for the user and the WYK input field for the user' A predetermined usage agency subscription application screen including a user ID and a password is displayed.

One embodiment of the user agent registration application screen includes a conditional access box, a conditional agreement input field, a user identification information input field for a user, a WYK input field for a user, a mobile phone number input field, and an E-mail address input field.

Steps 215-2 to 240-2 in Fig. 10 are operated.

In step 245-3, the user terminal 300 is connected to a predetermined real name authentication application screen page of the authentication server 100, the first application of the user terminal 300 is activated, , A second real-name authentication application screen including a real-name authentication application box and a master password input field read out from the information received by the authentication server 200 is output.

The user terminal 300 is connected to the predetermined real name authentication application screen page of the authentication server 100 by the call in the step 240-2 and the authentication server 100 The first application of the user terminal 300 is activated by the call of the first authentication server 100 and the authentication server 100 authenticates the user terminal 300 via the second A name of the real name authentication application that includes the "use agency identification information", the phrase "application of the real name authentication to the user organization corresponding to the second use agency identification information" and the "confirmation box for the above phrase" To the user terminal 300 and outputs the real name authentication application screen to the output unit of the user terminal 300. [

Steps 250-2 to 280-2 in Fig. 10 are operated.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the invention. Therefore, the scope of the present specification should not be limited to the above-described embodiments, but should be defined by the appended claims and their equivalents.

100: authentication server
110: Personal authentication DB
120: Function storage unit
130: random value calculation unit
140:
150: Metabolic Department
160: balance DB
170: Virtual balance DB
200: user institution server
210: User DB
220: Function storage unit
230: random value calculating unit
240:
300: user terminal
310: Apps
311: User IDDB
312: WYKDB
313: WYHDB
314: Function storage unit
315: Trading partner DB
316: Payment method DB
317: Service subscription code storage unit
400: App Download Server

Claims (24)

Receiving authentication information from the user terminal matching the predetermined user identification information at the service server;
Searching the service server for WYH matched to the user identification information;
Determining whether the received authentication information matches the retrieved WYH in the service server;
Calculating a 'WYH to be updated' in the service server;
Updating the WYH matched to the user identification information to the calculated WYH in the service server; And
Transmitting the 'calculated WYH' from the service server to the user terminal; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving authentication information from the user terminal matching the predetermined user identification information at the service server;
Searching for 'unidirectionally encrypted WYK' and WYH matched to the user identification information at the service server;
Decrypting the 'received authentication information' with the WYH in the service server;
Unidirectionally encrypting the decrypted information in the identity authentication server; And
Determining whether the unidirectionally encrypted information matches the retrieved unidirectionally encrypted WYK in the authentication server; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving authentication information from the user terminal matching the predetermined user identification information at the service server;
Searching the service server for a WYK matched with the user identification information;
Determining whether the 'received authentication information' matches the 'retrieved WYK' in the service server;
Storing at least one of 'WYH' calculated by a predetermined method and 'one virtual real name ID not assigned to any user' matching the user identification information at the service server; And
Transmitting at least one of 'WYH and virtual real name ID' from the service server to the user terminal; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving a virtual real name ID from a second service server at a first service server;
Receiving authentication information matched with predetermined user identification information from a user terminal in a first service server;
Retrieving a WYK matched to the user identification information at a first service server;
Determining whether the 'received authentication information' matches the 'retrieved WYK' in the first service server;
Storing the virtual real name ID in the first service server by matching the user identification information; And
Transmitting from the first service server to the user terminal at least one of 'WYH' matching the virtual real name ID and the virtual real name ID; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving at least one of a virtual real name ID, a transaction identification code, a transaction application amount, and a transaction application amount from the user terminal and the user authentication information for the user authentication authority from the user terminal;
Searching for at least one of "WYK for the self-certification authority and WYH for the self-certification authority" matched with the virtual real name ID in the principal authentication server;
Determining whether the authentication information for the self-certification institution, which is read from the received authentication information, matches at least one of the searched WYK for the self-certification authority and the WYH for the self-certification authority at the self-authentication server;
Searching for at least one of a real name ID and a settlement account ID matched to the virtual real name ID at the authentication server of the user; And
The transaction ID code and the transaction application amount and the transaction application amount at least one of 'the account corresponding to the real name ID' and the 'account of the settlement account ID and one of the accounts opened in the user institution' Compliant filtering for an action of making a transaction; A method for authenticating a real name in a simple and safe manner while protecting personal information
The authentication server receiving a virtual real name ID from at least one of a user institution server and a user terminal;
The method comprising the steps of: receiving, from the at least one authentication server, at least one of the user terminal and the user terminal server, the authentication information for the user and the authentication information for the user;
Searching for one or more of "WYK for the certification authority and WYH for the certification authority" matched with the user identification information for the certification authority in the authentication server of the user;
Determining whether the 'one or more of the searched WYK for the self-certification authority and the WYH for the self-certification authority' matches the 'received authentication information for the self-certification authority' at the self-authentication server; And
Storing the virtual real name ID in the principal authentication server by matching with the user authentication information for the principal authentication authority; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving a virtual real name ID from a user institution server in a principal authentication server;
Receiving a 'real name ID and WYK' from a user terminal in the identity authentication server;
A step of assigning 'one of the transaction IDs for the self-certification-institution not assigned to another user' to the user in the identity authentication server;
Calculating WYH at random in the authentication server;
Unidirectionally encrypting the WYK at the authentication server; And
Storing the transaction account ID, the unidirectionally encrypted WYK, the WYH, and the virtual real name ID matching the real name ID in the principal authentication server; A method for authenticating a real name in a simple and safe manner while protecting personal information
A step (A) of receiving a virtual real name ID, a transaction identification code, a transaction application amount and trading partner identification information from a user institution server in the authentication server;
Retrieving a real name ID matching the virtual real name ID in the identity authentication server; And
The authentication server considers the real name ID to be the real name ID of one of the payee and payee according to the transaction ID code and regards the received transaction amount as an amount corresponding to the payment amount, (The case where the real name ID is regarded as the real name ID of the payee) and the payee identification information (when the real name ID is regarded as the real name ID of the payee) And filtering the received data; A method for authenticating a real name in a simple and safe manner while protecting personal information
9. The method according to claim 5 or 8,
Transmitting a virtual real name ID and predetermined authentication completion information to a user institution server in the user authentication server;
Receiving predetermined agreement information that can be matched with specific transaction information from a user agent server in the identity authentication server; And
Transmitting, by the principal authentication server, a predetermined transaction enable code to the user institution server as a reply to the 'information received in the step (A)'; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving at least one of a transaction identification code, a transaction application amount, and a transaction application amount 'from the' one or more of the user terminal and the user institution server 'in the identity authentication server by matching with a predetermined virtual real name ID;
A step of searching 'the real name ID and the settlement account ID' matched with the virtual real name ID in the principal authentication server; And
A balance matched to the searched settlement account ID 'and a' balance matched to the searched settlement account ID 'as a quantity corresponding to' at least one of the received transaction request amount and transaction application amount 'in the' one or more of the balance DB and the virtual balance DB 'Quot; balance < / RTI > matching the account ID of the account " A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving at least one of the transaction application amount, the transaction other party identification information, and the transaction details from the user terminal in the user institution server and at least one of the user identification information and the virtual real name ID, and the authentication information for the user institution ;
Searching for at least one of 'WYK and WYH' matched to at least one of the received 'user identification information and virtual real name ID' in the user institution server;
Determining whether the received authentication information matches at least one of the retrieved WYK and WYH; And
(B) transmitting at least one of 'information on transaction request amount, transaction other party identification information, and transaction details' to the authentication server in the user institution server by matching with the virtual real name ID; A method for authenticating a real name in a simple and safe manner while protecting personal information
Selecting 'one virtual real name ID not assigned to another user' to allocate to a specific user in a user institution server;
Storing the virtual real name ID by matching with the user identification information of the user in the user institution server;
(C) the use institution server transmitting the virtual real name ID to the identity authentication server;
Receiving the 'predetermined real name verification completion information' as a reply to the transmission in the step (C) from the authentication server at the user institution server;
Receiving at least one of a transaction ID and a transaction application amount and a transaction application amount from the user terminal by matching with at least one of the user identification information and the virtual real name ID from the user institution server; And
(D) transmitting at least one of a transaction identification code, a transaction request amount, and a transaction application amount, to the authentication server of the user institution server by matching the virtual real name ID with the authentication server; A method for authenticating a real name in a simple and safe manner while protecting personal information
12. The method according to claim 11 or 12,
Receiving at least one of the 'authentication completion information and compliant filtering completed information and transaction enable code' as a response to the transmission of the step (B) or (D) from the authentication server at the user institution server; ?
Transmitting predetermined agreement information that can be matched to specific transaction information from the user institution server to the authentication server; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving information on 'predetermined transaction application amount, predetermined trading partner identification information and information on a predetermined transaction history' from a predetermined transaction server in a user institution server;
Receiving at least one of the user identification information and the virtual real name ID from the at least one of the transaction server and the user terminal at the user institution server;
Transmitting the received transaction request amount, transaction counterpart identification information and transaction details to the user terminal from the user institution server;
Receiving authentication information from a user terminal at a user institution server;
Searching for one or more of 'WYK and WYH' matched with 'at least one of the user identification information and the virtual real name ID' in the user institution server;
Determining whether the received authentication information matches at least one of the retrieved WYK and WYH; And
Transmitting at least one of the virtual real name ID, the transaction request amount, the transaction counterpart identification information and the transaction details to the authentication server of the user at the user institution server; A method for authenticating a real name in a simple and safe manner while protecting personal information
Receiving predetermined transaction application information from a user terminal at a user institution server;
Calculating a transaction application amount matching with the transaction application information in a predetermined manner at a user institution server; Changing a balance matching the user terminal in the user institution server by an amount corresponding to the transaction application amount; And
Transmitting a virtual real name ID matching the user terminal and an amount corresponding to the transaction amount to the authentication server in the user institution server; A method for authenticating a real name in a simple and safe manner while protecting personal information
(A) searching WYH at the user terminal;
Calculating predetermined identity authentication information using the WYH in a user terminal;
The user terminal transmitting the authentication information to the service server; And
Receiving a new WYH from the service server at the user terminal, and updating the WYH retrieved in step (A) to the new WYH; A method for authenticating a real name in a simple and safe manner while protecting personal information
A step of searching 'one or more of the encrypted WYK for the certification authority and the WYH for the certification authority' in the user terminal;
A step of calculating authentication information for a principal for an authentication authority using the 'encrypted WYK for the principal authentication authority and the WYH for the principal authentication authority' in the user terminal;
Transmitting user authentication information for the authentication authority and authentication information for the user authentication authority from the user terminal to the authentication server;
Receiving a 'virtual real name for a second user ID' from a user authentication server at a user terminal; And
Storing the virtual real name for the second user institution in the user terminal by matching with the second user ID information; A method for authenticating a real name in a simple and safe manner while protecting personal information
The method of claim 17,
Downloading a predetermined personalized premise 2 app matching the second user institution from the application download server at the user terminal;
Inputting user identification information for a second user and WYK for a second user to a user terminal;
Transmitting the user identification information for the second user and the WYK for the second user from the user terminal to the second user's server;
Inputting a master password to a user terminal; And
Storing the 'master password' in the user terminal by encrypting 'the WYK for the second user institution' with the encryption key and matching with the second user ID information; Further comprising the steps of: (a)
(A) inputting at least one of 'user identification information and real name ID' and WYK in a user terminal;
Transmitting from the user terminal to the service server matching the information input in the step (A);
Receiving at least one of a predetermined virtual real name ID and a predetermined WYH from the service server at a user terminal;
Inputting a master password to a user terminal;
Encrypting the WYK with the encryption key in the user terminal; And
The encrypted WYK and at least one of the 'virtual name' and 'WYH' are matched and stored in the user terminal; A method for authenticating a real name in a simple and safe manner while protecting personal information
A step (A) of inputting a master password to a user terminal;
(B) retrieving a virtual real name ID from the user terminal and one or more of 'encrypted WYK and WYH' that can be matched to a specific service server;
(C) decrypting the retrieved, encrypted WYK using the decrypting key of the master password inputted in the user terminal; And
(D) calculating identity authentication information for at least one of the decrypted WYK and the WYH in the user terminal; And
(E) transmitting the calculated personal authentication information and the searched virtual real name ID to the service server; A method for authenticating a real name in a simple and safe manner while protecting personal information
20. The method of claim 20,
Wherein the step (A)
A step (A1) of inputting a transaction request amount to a user terminal; Lt; / RTI >
The method of claim 1, further comprising the step of: (a) receiving, by the user,
(A) in the user terminal to search for 'at least one of trading partner aliases and profile photographs' in the trading partner DB and output it in a predetermined order;
A step (B) of inputting information of 'selected one of specific trading partner alias and specific profile photograph' to the user terminal;
(C) retrieving, at the user terminal, payee identification registration information matched with 'one of the above selected selected trading partner alias and profile picture' in the transaction counterpart DB;
A step (D) of inputting a transaction request amount to a user terminal; And
(E) transmitting, by the user terminal, the transaction request amount and the payee identification information to the service server; A method for authenticating a real name in a simple and safe manner while protecting personal information
The method of claim 22,
If the recipient identification registration information is not found in step (C), outputting a field matched with the recipient identification registration information in blank;
Inputting payee identification information to the user terminal by matching with the input field; And
Updating the remittee identification information matched to the selected 'specific trading partner alias and one of the specific profile photographs' to the inputted remittee identification information' at the user terminal; Further comprising the steps of: (a)
Receiving at least one of the transaction request amount, the counterparty identification information, and the transaction details from the user agent server at the user terminal;
Inputting a master password to a user terminal;
Searching at the user terminal for at least one of the virtual real name ID for the user organization and the encrypted WYK for the user authentication organization and the WYK for the user organization; and WYH for the user authentication organization and WYH for the user organization;
Decrypting at least one of the retrieved encrypted WYK for the user's authentication authority and the encrypted WYK for the user's institution 'as the' input master password 'at the user terminal;
At least one of the above-mentioned WYH for the user's authentication authority and the WYK for the user's authentication authority decrypted in the user terminal and one or more of the WYK for the user and the decrypted WYK for the user, A step of calculating at least one corresponding one of the authentication information for the user institution; And
The user terminal transmitting at least one of the transaction confirmation information, the authentication information for the user's own authentication authority and the authentication information for the user's institution, to at least one of the authentication server and the user's institution; A method for authenticating a real name in a simple and safe manner while protecting personal information

Images