KR20220125161A - Smart card apparatus, apparatus for generating virtual code for authentication, method for generating virtual code for authentication using the same, server for verifying virtual code for authentication - Google Patents

Abstract

Provided are a smart card device, a virtual code generation device for authentication, a virtual code generation method for authentication using the same, and a virtual code verification server for authentication. The method comprises: a step of transmitting time data to a card when tagging the card with an embedded IC chip; a step of receiving a virtual code for primary authentication generated based on the time data from the card; a step of generating a virtual code for secondary authentication using the virtual code for primary authentication; a step of transmitting at least one among the virtual code for primary authentication and the virtual code for secondary authentication to a server; and a step of requesting, by the server, to perform a verification for the at least one.

Description

A smart card device, a device for generating a virtual code for authentication, a method for generating a virtual code for authentication using the same, and a virtual code verification server for authentication SERVER FOR VERIFYING VIRTUAL CODE FOR AUTHENTICATION}

The present invention relates to a smart card device, a device for generating a virtual code for authentication, a method for generating a virtual code for authentication using the same, and a virtual code verification server for authentication.

Code type data is used in many areas. The card number and account number used for payment, as well as the IPIN number and resident registration number for user identification, are virtual code generation devices for code-type data authentication.

However, many leaks occur in the process of using such code data. In the case of the card number, the actual card number is written on the surface of the card as it is, so it is visually leaked to others, and the card number is leaked as it is delivered to the POS device when making a payment using a magnet.

There have been many attempts to use the virtual code to prevent the actual code from being leaked, but data for identifying the user is required to search for the actual code corresponding to the virtual code.

However, in the case of OTP (One Time Password), a separate OTP generating device is required, which is inconvenient, and in particular, in the case of a user terminal, there is a security vulnerability due to leakage of seed data used for OTP generation.

Therefore, OTP code is generated like generating a virtual security code required for user authentication based on the card data of the card possessed by many users. We need a way to increase security.

Korean Patent No. 10-1316466, 2013.10.01.

An object of the present invention is to provide a smart card device, a device for generating a virtual code for authentication, a method for generating a virtual code for authentication using the same, and a virtual code verification server for authentication.

The problems to be solved by the present invention are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

The method for generating a virtual code for authentication performed by an apparatus for generating a virtual code for authentication according to an aspect of the present invention for solving the above-described problems includes: transmitting time data to the card when tagging a card with an IC chip embedded therein , receiving a virtual code for primary authentication generated based on the time data from the card, generating a virtual code for secondary authentication by using the virtual code for primary authentication, the first authentication virtual code transmitting at least one of a code and the virtual code for secondary authentication to a server, and requesting the server to perform verification on the at least one.

In the present invention, the virtual code for primary authentication includes a plurality of codes, a first code among the plurality of codes is generated based on the time data and a first OTP, and a second code among the plurality of codes The code may be generated by excluding a first user identification (UID) that is identification information of the card from the first code.

In the present invention, the step of generating the virtual code for secondary authentication includes generating a third code by excluding a second UID, which is identification information of the virtual code generating device for authentication, from the first code, the first code; The second code and the third code may be combined to generate the second authentication virtual code.

In the present invention, the card, the verification is performed based on the first code and the second code, the verification virtual code generating device, the verification is performed based on the first code and the third code can

In the present invention, the step of generating the virtual code for second authentication includes generating a second OTP based on the first virtual code for authentication, and the second OTP and identification information of the device for generating the virtual code for authentication. 2 The virtual code for the second authentication may be generated based on the UID.

In the present invention, the virtual code for secondary authentication is verified through comparison of the second OTP included in the virtual code for secondary authentication and a second OTP for verification, and the second OTP for verification is the second 2 It may be generated by the server based on the same seed data as the seed data used when generating the OTP.

In the present invention, the virtual code for primary authentication may be used for offline access control and user authentication during online login.

In the present invention, the virtual code for secondary authentication may be used for user authentication during financial payment.

In the present invention, the time data may be in a form combined with an Application Protocol Data Unit (APDU) command.

A smart card device according to another aspect of the present invention for solving the above-described problems, an NFC module for receiving time data from a virtual code generating device for authentication through card tagging, and for primary authentication based on the received time data an IC module for generating a virtual code, wherein the virtual code for the first authentication is transmitted by itself and used for user authentication, or is used to generate a virtual code for the second authentication, the virtual code for the second authentication, is generated by the device for generating the virtual code for authentication by using the virtual code for the first authentication, and at least one of the virtual code for the first authentication and the virtual code for the second authentication is verified by the server. It is transmitted to the server by the virtual code generating device for authentication.

An apparatus for generating a virtual code for authentication according to another aspect of the present invention for solving the above-described problem, transmits time data to the card when tagging a card with an IC chip embedded therein, and generates 1 generated based on the time data A communication unit for receiving the virtual code for secondary authentication from the card, a code generation unit for generating a virtual code for secondary authentication using the virtual code for primary authentication, and the first authentication virtual code and the second authentication unit through the communication unit and a verification request unit that transmits at least one of the virtual codes for car authentication to a server and requests that the server perform verification on the at least one.

In the method of verifying a virtual code for authentication performed by a server according to another aspect of the present invention for solving the above-described problem, the virtual code for primary authentication and the virtual code for secondary authentication from the device for generating a virtual code for authentication Receiving at least one and performing verification for at least one of the first virtual code for authentication and the second authentication virtual code, wherein the second authentication virtual code includes a plurality of codes In this case, the verification performing step may include extracting a first user identification (UID), which is identification information of a card, based on a first code and a second code among the plurality of codes, performing verification on the card, and performing verification of the plurality of codes. The verification of the virtual code generating device for authentication is performed by extracting a second UID, which is identification information of the device for generating the virtual code for authentication, based on the first code and the third code among the codes.

In the present invention, when the virtual code for secondary authentication includes the second OTP and the second UID, the verifying step includes verifying based on the same seed data as the seed data used to generate the second OTP. generating a second OTP for use, comparing the second OTP included in the virtual code for secondary authentication and the second OTP for verification, and if the second OTP and the second OTP for verification are the same, the card and Verification of the device for generating the virtual code for authentication may be completed.

In the present invention, when the first virtual code for authentication is received, the verifying step includes a first user identification (UID) that is identification information of a card based on the first authentication virtual code using a first verification algorithm. ) can be extracted to verify the card.

In addition to this, another method for implementing the present invention, another system, and a computer-readable recording medium for recording a computer program for executing the method may be further provided.

According to the present invention, the virtual security code required for user authentication using the time data acquired based on the NFC method without a separate OTP device by providing the time data to the smart card device by the virtual code generating device for authentication during card tagging can create

When tagging a smart card device to an authentication virtual code generating device, when data is transmitted/received between two devices, to prevent theft of the data, the first authentication virtual code generated by the smart card device is reprocessed for authentication The virtual code generating device may newly generate a virtual code for secondary authentication.

In addition, in the offline access control or online login situation, user authentication is performed through the verification of the virtual code for the first authentication, and in the financial payment situation, the virtual code for the second authentication generated using the virtual code for the first authentication is verified. By performing user authentication, the security level can be changed according to circumstances.

In addition, since the smart card device can be applied to both the offline access control situation and the financial payment situation, a financial card (personal card or corporate card) can be extended and used as an access card of a company.

Effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the following description.

1 is a configuration diagram of a virtual code-based user authentication system for authentication according to the present invention.
2 is a schematic configuration diagram of a smart cart device according to the present invention.
3 is a schematic configuration diagram of an apparatus for generating a virtual code for authentication according to the present invention.
4 is a flowchart of a method for generating a virtual code for authentication performed by the device for generating a virtual code for authentication according to the present invention.
5 is a diagram for explaining time data according to the present invention.
6 is a view for explaining the first authentication virtual code verification according to the present invention.
7 is a view for explaining the verification of the virtual code for secondary authentication according to the present invention.
8 is a flowchart of a method for generating a virtual code for authentication performed by a smart card device according to the present invention.

Advantages and features of the present invention and methods of achieving them will become apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only these embodiments allow the disclosure of the present invention to be complete, and those of ordinary skill in the art to which the present invention pertains. It is provided to fully inform those skilled in the art of the scope of the present invention, and the present invention is only defined by the scope of the claims.

The terminology used herein is for the purpose of describing the embodiments and is not intended to limit the present invention. In this specification, the singular also includes the plural, unless specifically stated otherwise in the phrase. As used herein, “comprises” and/or “comprising” does not exclude the presence or addition of one or more other components in addition to the stated components. Like reference numerals refer to like elements throughout, and "and/or" includes each and every combination of one or more of the recited elements. Although "first", "second", etc. are used to describe various elements, these elements are not limited by these terms, of course. These terms are only used to distinguish one component from another. Therefore, it goes without saying that the first component mentioned below may be the second component within the spirit of the present invention.

Unless otherwise defined, all terms (including technical and scientific terms) used herein will have the meaning commonly understood by those of ordinary skill in the art to which this invention belongs. In addition, terms defined in a commonly used dictionary are not to be interpreted ideally or excessively unless clearly specifically defined.

Before the description, the meaning of the terms used herein will be briefly described. However, it should be noted that the description of the terms is for the purpose of helping the understanding of the present specification, and is not used in the meaning of limiting the technical spirit of the present invention unless explicitly described as limiting the present invention.

In the present specification, 'character' is a component constituting a code, and includes all or part of uppercase letters, lowercase letters, numbers, and special characters.

In this specification, 'code' means a character string in which characters are listed.

In the present specification, 'OTP (One Time Password)' is a random code that is temporarily generated for user authentication and is changed every unit time, and may include a code of a specific number of characters.

In the present specification, the 'virtual code for authentication' is a code generated by the virtual code generating means for authentication, and means a code verified by the virtual code verification means for authentication. That is, the 'virtual code for authentication' means a virtual code temporarily assigned to each unit count so that verification can be performed. Here, the virtual code generating means for authentication may be a smart card device or a virtual code generating device for authentication according to an embodiment, but is not limited thereto.

In this specification, 'detail code' means some code included in the virtual code for authentication.

In the present specification, a 'unit count' is a unit that is set at a specific time interval and is changed as the time interval elapses. For example, 1 count may be set to a specific time interval (eg, 1.5 seconds) and used.

In this specification, the 'virtual code generation function for authentication' refers to a function used to generate a virtual code for authentication.

In the present specification, a 'user' may be a user who accesses a specific space (offline or online space) requiring security using a smart card device, or performs a financial payment using a smart card device, but is limited thereto not.

In the present specification, "UID (user identification)" refers to a value in the form of a unique code that is not duplicated for each user to identify a user.

In this specification, "time data" means time data of the current time. That is, the time data used for generating and verifying the virtual code for authentication may all mean time data at the same time point.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a configuration diagram of a virtual code-based user authentication system for authentication according to the present invention.

2 is a schematic configuration diagram of a smart cart device according to the present invention.

3 is a schematic configuration diagram of an apparatus for generating a virtual code for authentication according to the present invention.

4 is a flowchart of a method for generating a virtual code for authentication performed by the device for generating a virtual code for authentication according to the present invention.

5 is a diagram for explaining time data according to the present invention.

6 is a view for explaining the first authentication virtual code verification according to the present invention.

7 is a view for explaining the verification of the virtual code for secondary authentication according to the present invention.

8 is a flowchart of a method for generating a virtual code for authentication performed by a smart card device according to the present invention.

Referring to FIG. 1 , the authentication virtual code-based user authentication system (hereinafter, the system) includes a control server 100 , a smart card device 10 , a virtual code generating device 20 for authentication and a server 30 . . Here, the system may include fewer or more components than the components shown in FIG. 1 .

The smart card device 10 refers to a real card used by a user. Depending on the embodiment, only some of the card or user-identifiable information may be displayed on the surface of the smart card device 10, or no information may be displayed.

According to an embodiment, the smart card device 10 may be a card for access control or a card for financial settlement (eg, a credit card, a check card, a cash card, a corporate card, etc.).

Specifically, when the smart card device 10 is an access card for access control, the smart card device 10 is used when a user enters a specific space requiring security offline, or logs into a specific website or app online. can be used when When the smart card device 10 is a card for financial settlement, the smart card device 10 may be used when a user conducts a financial transaction. However, the form, type and purpose of the card are not limited to the above. A detailed description of the smart card device 10 will be described later.

The virtual code generating device 20 for authentication may be an access control device (eg, a gate reader, a door lock, etc.) or a user terminal used by a user. In this case, the user terminal is any electronic device having an application processor (AP) capable of driving an application. The user terminal is a non-portable desktop computer or a portable mobile device (eg, a smart phone, a tablet PC, a personal digital assistant (PDA), an enterprise digital assistant (EDA), a portable multimedia (PMP) player), a personal navigation device (PND), a wearable device, etc., but is not limited thereto. A detailed description of the virtual code generating apparatus 20 for authentication will be described later.

The server 30, as a virtual code verification means for authentication, verifies the virtual code for authentication received from the device 20 for generating a virtual code for authentication. However, the present invention is not limited thereto, and the virtual code generating apparatus 20 for authentication instead of the server 30 may verify the virtual code for authentication according to an embodiment.

In this case, the server 30 may be a security-related server or a financial institution server that communicates with the virtual code generating device 20 for authentication, but is not limited thereto. Also, referring to FIG. 1 , although the server 30 is shown as being configured as one server, a plurality of servers may be configured as a system linked to each other.

As shown in FIG. 1 , the smart card device 10 , the device for generating a virtual code for authentication 20 , and the server 30 may transmit/receive various data, signals, or information to each other through a communication network.

Here, as the communication network, various types of communication networks may be used, for example, wireless LAN (Wireless LAN), Wi-Fi, Wibro, Wimax, High Speed Downlink Packet Access (HSDPA), etc. A communication method or a wired communication method such as Ethernet, xDSL (ADSL, VDSL), HFC (Hybrid Fiber Coax), FTTC (Fiber to The Curb), FTTH (Fiber To The Home) may be used.

On the other hand, the communication network is not limited to the communication method presented above, and may include all types of communication methods which are well known or to be developed in the future in addition to the above communication methods.

Referring to FIG. 2 , the smart card device 10 may include an NFC module 12 and an IC module 14 . Here, the smart card device 10 may include fewer or more components than the components shown in FIG. 2 .

The NFC (Narrow Frequency Communication) module 12 (ie, NFC chip) is a communication module, and may transmit/receive various data to and from the virtual code generating device 20 for authentication. Here, the NFC module 12 may be formed in the form of an applet, but is not limited thereto. When the smart card device 10 is tagged with the virtual code generating device 20 for authentication, the NFC module 12 may receive time data from the virtual code generating device 20 for authentication.

The IC module 14 (ie, IC chip) may generate a virtual code for primary authentication. Here, the IC module 14 may be formed in the form of an applet, but is not limited thereto.

The IC module 14 may generate a virtual code for primary authentication using the received time data. Specifically, the IC module 14 may generate the first authentication virtual code by using the received time data as well as card data stored in a memory (not shown) and a virtual code generating function for authentication.

Here, the card data may include user identification information and card identification information of a user who has applied for issuance of the corresponding smart card device 10 . Here, the card identification information may include a first user identification (UID), a secret, a card number, and a serial number that are identification information of the smart card device 10, but is not limited thereto, and card-related information may include all of them. Here, the user identification information may include a resident registration number, but is not limited thereto, and may include all user-related personal information.

The IC module 14 includes, in addition to user identification information and card identification information, a URL of a company that issues and manages the smart card device 10 (eg, a card manufacturing company, a financial company, a security company, an online web or app service company, etc.) An address and the like may be stored. For example, when the URL address of a specific financial company is stored in the IC module 14 of the smart card device 10 , when the corresponding smart card device 10 is tagged in the virtual code generating device 20 for authentication, authentication The virtual code generating apparatus 20 may obtain the URL address. In this case, the URL address may relate to installation information or execution information of a program or application of the financial company.

That is, various information is stored in the IC module 14 in addition to user identification information and card identification information. When the smart card device 10 is tagged to the virtual code generating device 20 for authentication, the virtual code generating device 20 for authentication receives the corresponding information from the smart card device 10 .

The smart card device 10 may further include a processor (not shown) for controlling the overall operation of the smart card device 10 . The processor (not shown) may process signals, data, information, etc. input or output through the above-described components, or may drive a stored application program. Although the processor (not shown) has been described as a configuration distinct from the IC module 14 , the IC module 14 may serve as a processor (not shown) according to an embodiment.

Referring to FIG. 3 , the device for generating a virtual code for authentication 20 may include a communication unit 22 , a memory 24 , and a processor 26 . Here, the device for generating a virtual code for authentication 20 may include a smaller number of components or more components than the components shown in FIG. 3 .

When the smart card device 10 is tagged with the virtual code generating device 20 for authentication, the communication unit 22 transmits time data to the smart card device 10 through the communication network, and based on the time data The generated virtual code for primary authentication may be received from the smart card device 10 . In addition, the two devices may transmit/receive various data to each other during tagging.

The memory 24 may store data supporting various functions of the virtual code generating device 20 for authentication. The memory 24 is a plurality of application programs (application programs or applications) driven in the virtual code generating device 20 for authentication, at least one process for the operation of the virtual code generating device 20 for authentication, data , and commands can be stored. At least some of these application programs may exist for a basic function of the virtual code generating device 20 for authentication.

In addition to the operation related to the application program, the processor 26 may generally control the overall operation of the virtual code generating device 20 for authentication. The processor 26 processes signals, data, information, etc. input or output through the above-described components, or by driving an application program stored in the memory 24, which is suitable for the smart card device 10 or the server 30 . may provide or process information or functions;

In addition, the processor 26 may control at least some of the components discussed with reference to FIG. 3 in order to drive an application program stored in the memory 24 . Furthermore, the processor 26 may operate by combining at least two or more of the components included in the virtual code generating apparatus 20 for authentication in order to drive the application program.

Referring to FIG. 3 , the processor 26 may include a code generation unit 262 and a verification request unit 164 . Here, the processor 26 may include fewer or more components than the components shown in FIG. 3 .

The code generator 262 may generate a virtual code for secondary authentication by using the virtual code for primary authentication generated by the smart card device 10 .

The verification request unit 264 transmits at least one of the virtual code for the first authentication and the virtual code for the second authentication to the server through the communication unit 22, and requests the server to verify the at least one. can

Although not shown in FIG. 3 , the processor 26 may further include components that perform various arithmetic operations and determination operations in addition to the code generation unit 262 and the verification request unit 264 .

Hereinafter, a virtual code-based user authentication method performed by the device 20 for generating a virtual code for authentication will be described in detail with reference to FIGS. 4 to 7 .

Referring to FIG. 4 , the communication unit 22 of the device for generating a virtual code for authentication 20 may transmit time data to the smart card device 10 when tagging a card having an IC chip embedded therein ( S110 ).

Since the smart card device 10 cannot obtain time data by itself, it can receive time data from the virtual code generating device 20 for authentication through tagging.

In this case, the time data may be in a form combined with an Application Protocol Data Unit (APDU) command. Referring to FIG. 5 , time data may be transmitted to the smart card device 10 in a combined form after the APDU command. However, the binding form is not limited thereto.

The communication unit 22 of the device 20 for generating a virtual code for authentication may receive the first virtual code for authentication generated based on the time data from the smart card device 10 (S120).

That is, the smart card device 10 receives the time data, and uses the received time data and card data (eg, secret, first UID) stored in the card together to generate a virtual code for primary authentication. And it can be delivered to the virtual code generating device 20 for authentication.

The virtual code for primary authentication may include a first code and a second code. Here, the first code and the second code are detailed codes of the virtual code for primary authentication, and the virtual code for primary authentication may include a greater number of detailed codes in addition to the first code and the second code.

The first code of the virtual code for the first authentication may be generated based on the time data and the first OTP. First, the smart card device 10 may generate the first OTP using the secret value stored in the card and the time data as seed data using the first virtual code generation function for authentication. In this case, the seed data may further use values other than the secret value and time data according to an embodiment.

Then, the smart card device 10 may generate a first code by adding the generated first OTP to the received time data using the first authentication virtual code generation function.

The smart card device 10 may generate the second code by excluding a first user identification (UID), which is identification information of the card, from the first code using a first virtual code generation function for authentication. Here, the first UID is data stored in the smart card device 10 and is a unique value capable of identifying the smart card device 10 .

1st code = time data + 1st OTP

second code = first code - first UID

The smart card device 10 may generate a virtual code for primary authentication by combining the generated detailed codes (first code and second code). In an embodiment, the smart card device 10 may generate the first virtual code for authentication by combining a plurality of detailed codes according to a specific rule using the first virtual code generating function for authentication. The first virtual code generation function for authentication may include a rule for combining a plurality of detailed codes (ie, a detailed code combination function).

Various methods may be applied as a method of generating one virtual code for authentication by combining a plurality of detailed codes. As an example of the detailed code combination function, the smart card device 10 may generate a virtual code for authentication by alternately arranging an M-digit first code and an N-digit second code. Also, as another example, the detailed code combining function may be a function of combining the second code after the first code. As the number of detailed codes included in the authentication virtual code increases, various detailed code combining functions may be generated.

The generated primary authentication virtual code is transmitted to the authentication virtual code generating device 20 .

The code generating unit 262 of the virtual code generating device 20 for authentication may generate a second authentication virtual code by using the first authentication virtual code (S130).

Before step S130, the code generation unit 262 of the virtual code generation device for authentication 20 may first determine whether to generate a virtual code for secondary authentication according to the type of the smart card device 10. . In more detail, the code generator 262 may perform the determination operation based on the card data received together with the virtual code for primary authentication (according to the embodiment, the card data may be received at the time of tagging) ). That is, the code generator 262 may determine whether the smart card device 10 is an access control card or a financial payment card based on the card data. And, if it is confirmed that the smart card device 10 is a card for access control, it is confirmed that the smart card device 10 is a card for financial payment based on the card data without generating a virtual code for secondary authentication Then, a virtual code for secondary authentication can be generated.

According to an embodiment, whether to generate the virtual code for secondary authentication may be determined according to the type of the virtual code generating apparatus 20 for authentication. Specifically, when the virtual code generating device 20 for authentication is an access control device, the secondary authentication virtual code may not be generated without the determination operation. When the authentication virtual code generating device 20 is a user terminal, the code generating unit 262 may determine whether to generate the secondary authentication virtual code according to the type of the smart card device 10 . In more detail, the code generator 262 may perform the determination operation based on the card data received together with the virtual code for primary authentication (according to the embodiment, the card data may be received at the time of tagging) ). That is, when it is confirmed that the smart card device 10 is an access control card based on the card data, the code generation unit 262 does not generate a virtual code for secondary authentication, and the smart card device 10 does not generate the virtual code for the second authentication based on the card data. When it is confirmed that the card device 10 is a card for financial settlement, a virtual code for secondary authentication may be generated.

Although it has been described above that the code generator 262 performs the determination operation, the present invention is not limited thereto, and other components of the processor 260 may perform the determination operation.

If it is determined to generate the virtual code for secondary authentication through the above process, in step S130 , the code generator 262 may generate a virtual code for secondary authentication using the virtual code for primary authentication. At this time, in order to generate the virtual code for the secondary authentication, the server 30 must first verify the virtual code for the primary authentication. The server 30 may extract a plurality of detailed coats (first code and second code) included in the virtual code for primary authentication through verification, and transmit it to the virtual code generating device 20 for authentication.

In the above description, the verification of the first authentication virtual code for generating the secondary authentication virtual code was described as being performed by the server 30, but according to the embodiment, the authentication virtual code generating device 20 instead of the server 30 ) may perform the corresponding verification. A method of verifying the virtual code for authentication will be described later.

In the present specification, a method of generating the virtual code for secondary authentication may be divided into a method of performing the OTP operation once and a method of performing the OTP operation twice.

In the method of performing the OTP operation once (the first method), the OTP operation is performed only when the virtual code for the first authentication is generated in the smart card device 10, and the code length of the virtual code for the second authentication becomes longer.

In the first method, the code generation unit 262 excludes the second UID, which is the identification information of the virtual code generation device 20 for authentication, from the first code received using the second virtual code generation function for authentication. A third code may be generated. Here, the second UID is data stored in the virtual code generating device 20 for authentication and is a unique value capable of identifying the virtual code generating device 20 for authentication.

3rd code = 1st code - 2nd UID

Then, the code generator 262 uses the second authentication virtual code generation function to generate the first code generated by the smart card device 10, the second code generated by the smart card device 10, and the virtual virtual for authentication. A virtual code for secondary authentication may be generated by combining the third code generated by the code generating device 20 .

The code generator 262 may generate a virtual code for secondary authentication by combining a plurality of generated detailed codes (first code, second code, and third code). In an embodiment, the code generator 262 may generate the second authentication virtual code by combining a plurality of detailed codes according to a specific rule using the second authentication virtual code generating function. The second virtual code generation function for authentication may include a rule for combining a plurality of detailed codes (ie, a detailed code combination function). As a method of generating one virtual code for authentication by combining a plurality of detailed codes, the above-described methods may be applied.

In the first method, the first code and the second code included in the virtual code for primary authentication and the first code and the second code included in the virtual code for secondary authentication are all generated by the smart card device 10 . means the same code. A third code is newly generated in the smart authentication device 20 and combined with the first code and the second code to generate a virtual code for secondary authentication.

In the method of performing the OTP operation twice (the second method), the OTP operation is performed when the first authentication virtual code is generated in the smart card device 10 , and then the second authentication is performed in the authentication virtual code generating device 20 . When the virtual code is generated, the OTP operation is performed once again, and there is no change in the code length of the virtual code for the second authentication (that is, it is the same as the length of the virtual code for the first authentication).

In the second method, the code generation unit 262 generates a second OTP based on the first virtual code for authentication, and generates a second UID that is identification information of the second OTP and the virtual code generating device for authentication. Based on the second authentication virtual code can be generated. Here, the second UID is data stored in the virtual code generating device 20 for authentication and is a unique value capable of identifying the virtual code generating device 20 for authentication.

The code generator 262 may generate the second OTP by further utilizing the first authentication virtual code as additional seed data as well as the time data and the secret value by using the second authentication virtual code generating function. .

Then, the code generator 262 generates the time data (time data is a virtual code for secondary authentication) included in the first code generated by the smart card device 10 using the second authentication virtual code generation function. The first code may be generated by adding the generated second OTP to the request time. The code generator 262 excludes a second user identification (UID), which is identification information of the virtual code generating device 20 for authentication, from the first code using a second virtual code generation function for authentication. can create Here, the second UID is data stored in the virtual code generating device 20 for authentication and is a unique value capable of identifying the virtual code generating device 20 for authentication.

1st code = time data + 2nd OTP

2nd code = 1st code - 2nd UID

Here, the time data is time data of the current time, and the time data used when generating the virtual code for the first authentication and the time data used when generating the virtual code for the second authentication may be the same. That is, since the first OTP and the second OTP are generated at the same time, the same current time data may be used.

The code generator 262 may generate a virtual code for secondary authentication by combining the generated detailed codes (the first code and the second code). In an embodiment, the code generator 262 may generate the second authentication virtual code by combining a plurality of detailed codes according to a specific rule using the second authentication virtual code generating function. The second virtual code generation function for authentication may include a rule for combining a plurality of detailed codes (ie, a detailed code combination function). As a method of generating one virtual code for authentication by combining a plurality of detailed codes, the above-described methods may be applied.

In the second method, the first code and the second code included in the virtual code for primary authentication and the first code and the second code included in the virtual code for secondary authentication are respectively used for authentication with the smart card device 10 . The codes generated by the virtual code generating device 20 are different from each other. That is, the first code and the second code included in the virtual code for primary authentication are generated using the first OTP and the first UID, and the first code and the second code included in the virtual code for secondary authentication are Since they are generated using the second OTP and the second UID, they are different from each other.

The first virtual code generating function for authentication and the second virtual code generating function for authentication described above are stored in the smart card device 10 and the virtual code generating device 20 for authentication, respectively, but the initial driving time may be the same. . That is, when the user receives the smart card device 10 and completes user registration for the smart card device 10 in the server 30 through initial tagging in the virtual code generating device 20 for authentication, the smart card device The first virtual code generating function for authentication and the second virtual code generating function for authentication stored in ( 10 ) and the virtual code generating device 20 for authentication, respectively, may start to be driven. That is, the first authentication virtual code generating function and the second authentication virtual code generating function may be the same.

When the user registration is completed in this way, at least one of a first UID that is identification information of the smart card device 10 and a second UID that is identification information of the device 20 for generating a virtual code for authentication may be stored in the server. That is, the server 30 may store at least one of the first UID and the second UID in an area allocated to the user in the verification algorithm at the time of user registration. According to an embodiment, the server 30 may store the first UID in one area and match the second UID to the first UID and store it. According to an embodiment, the server 30 may store the second UID in one area and match the first UID to the second UID and store it. According to an embodiment, the server 30 may store the first UID and the second UID in each of two areas.

In addition, at the time of user registration, the server 30 provides not only the first UID and the second UID, but also the card data related to the smart card device 10 and terminal data related to the virtual code generating device 20 for authentication. can be stored together.

The communication unit 22 of the device for generating a virtual code for authentication 20 may transmit at least one of the virtual code for the first authentication and the virtual code for the second authentication to the server (S140).

The verification request unit 264 of the virtual code generating apparatus 20 for authentication may request that the server 30 perform verification on the at least one (S150).

According to an embodiment, when the smart card device 10 is an access card for access control, that is, a user enters a specific space requiring security offline by using the smart card device 10, or accesses a specific website or When logging into the app, the server 30 may receive a verification request for the virtual code for the first authentication. Specifically, the virtual code for primary authentication generated by the smart card device 10 may be transmitted to the server 30 by itself and used for user authentication.

Referring to FIG. 6 , the authentication virtual code generating device 20 (in more detail, the verification request unit 264 ) transmits the first authentication virtual code generated by the smart card device 10 to the server 30 . You can request verification. The server 30 may verify the first authentication virtual code based on the verification algorithm and transmit the verification result to the authentication virtual code generating device 20 .

At this time, the device 20 for generating the virtual code for authentication may directly transmit the virtual code for the first authentication to the server 30 to request a verification, but the user may visually check or copy the virtual code for the first authentication to another user. It can be output to a display unit (not shown) so that it can be input or pasted into a program or a web page. The authentication virtual code generating device 20 may transmit the primary authentication virtual code input or pasted by the user to the server 30 to request verification.

The device 20 for generating a virtual code for authentication may perform user authentication during offline access control and online login according to the verification result. That is, if the virtual code for primary authentication is a normal code, the user may be allowed to enter the specific space requiring security or to log in to the specific website or app.

According to an embodiment, when the smart card device 10 is a card for financial payment, that is, when a user performs a financial transaction using the smart card device 10 , the server 30 may You may receive a verification request for your code. That is, the first authentication virtual code generated by the smart card device 10 may be transmitted to the authentication virtual code generating device 20 and used to generate the secondary authentication virtual code.

Referring to FIG. 7 , the virtual code generating device 20 for authentication (more specifically, the code generating unit 262 ) uses the virtual code for primary authentication generated by the smart card device 10 for secondary authentication. You can create virtual code. The virtual code generating apparatus 20 for authentication (more specifically, the verification request unit 264 ) may transmit the generated virtual code for secondary authentication to the server 30 to request verification. The server 30 may verify the virtual code for secondary authentication based on the verification algorithm and transmit the verification result to the device 20 for generating the virtual code for authentication.

In this case, the virtual code generating device for authentication 20 may request verification of the first virtual code for authentication to the server 30 in order to obtain seed data for generating the second authentication virtual code. The server 30 extracts at least one of the first code, the second code, time data, the secret value, and the first UID from the virtual code for the first authentication based on the verification algorithm and sends it to the virtual code generating device 20 for authentication. can transmit The authentication virtual code generating device 20 generates a secondary authentication virtual code by using at least one of a first code, a second code, time data, a secret value, a first UID, and a primary authentication virtual code as seed data. can do. As described above, the verification of the virtual code for the first authentication for generating the virtual code for the second authentication may be performed by the server 30, but according to the embodiment, the device for generating the virtual code for authentication 20 directly corresponds Verification may also be performed.

The device for generating a virtual code for authentication 20 may perform user authentication during financial payment according to the verification result. That is, if the virtual code for secondary authentication is a normal code, the user can proceed with the financial transaction.

Hereinafter, the verification method for the virtual code for authentication will be described in detail.

According to an embodiment, when the server 30 receives a verification request for the first authentication virtual code, based on the first authentication virtual code using a verification algorithm corresponding to the first authentication virtual code generation function The first UID may be extracted by searching an area in which the first UID is stored.

At this time, as described above, the virtual code for primary authentication includes a plurality of detailed codes. The plurality of detailed codes include a first code for setting a starting point of a search for a storage area of the first UID and a specific search method. It may be composed of a second code for setting a search path from the starting point to the storage area of the first UID.

The first code and the second code have a correlation for verifying the virtual code for primary authentication in the server 30 having the virtual code verification means for authentication, but a smart card device having a virtual code generating means for authentication ( 10) only includes the first function for generating the first code and the second function for generating the second code as detailed code generating functions to increase security, data on the correlation between the first code and the second code may not include

In addition, as an embodiment, when the virtual code for primary authentication is generated by a combination according to a specific rule of the first code and the second code, the first code and the second code are the actual values (the first UID) in the verification algorithm. It can perform each role to search the storage area of . For example, the first code sets a starting point of searching for a storage location, and the second code sets a search path from the starting point to the storage area of the first UID according to a specific search method. Therefore, thereafter, when the virtual code for authentication normally generated for each unit count is provided in the smart card device 10, the server 30 moves along the search path corresponding to the second code from the starting point corresponding to the first code. The point is determined as an area in which the first UID is stored.

Specifically, the server 30 may extract a plurality of detailed codes included in the virtual code for primary authentication by using a verification algorithm. The virtual code for primary authentication is generated by combining a plurality of detailed codes according to a specific rule. The server 30 may extract a plurality of detailed codes from the first authentication virtual code by applying the same function as the detailed code combination function used when generating the primary authentication virtual code. For example, when a virtual code for primary authentication in which two detailed codes (that is, a first code and a second code) are combined is generated, the server 30 sets the detailed code in the character array of the virtual code for primary authentication The first code and the second code may be separated by applying the combining function. In this case, a correlation may be included between the detailed codes.

When the virtual code for primary authentication includes the first code and the second code, in an embodiment having a correlation between the detailed codes, the server 30 determines the start point of the search corresponding to the first code, A value corresponding to a point moved along a search path corresponding to the second code from the search start point may be regarded as the first UID.

In addition, in another embodiment, as the smart card device 10 provides a new virtual code for primary authentication for each unit count, the server 30 based on the first code and the second code that are changed for each count The first UID may be searched by setting a starting point and a search path.

Also, according to an embodiment, the server 30 may include a verification algorithm to find the first UID using a plurality of detailed codes having correlations. The verification algorithm is an algorithm that makes it possible to search for the first UID when each detailed code included in the virtual code for primary authentication is applied. For example, when the first code for determining the starting point of the search of the first UID from the virtual code for primary authentication and the second code for suggesting the direction of the storage area from the starting point are included, the verification algorithm performs the first When a direction corresponding to the second code is indicated at a point corresponding to the code, the first UID is adjusted so that the first UID is disposed at the corresponding position. By using the verification algorithm, the server 30 can find the first UID even when the first code and the second code included in the virtual code for primary authentication are changed.

In addition, in one embodiment, when the first virtual code for primary authentication is generated by combining a first code obtained by adding a first OTP to the time data, and a second code excluding the first UID from the first code, the server (30) may extract the actual value (ie, the first UID) by subtracting the second code value from the first code value.

Also, in one embodiment, the server 30 compares the first UID extracted by searching the storage area with the first UID extracted by subtracting the second code value from the first code value, and the two values are the same. Then, it can be determined that the first virtual code for authentication is a normal code. However, even without such a comparison process, the server 30 can determine whether the corresponding primary authentication virtual code is a normal code only with each value (eg, the extracted value is information stored in the DB of the server 30 ) judging by whether or not they match).

According to an embodiment, when the server 30 receives a verification request for the virtual code for secondary authentication, based on the virtual code for secondary authentication using a verification algorithm corresponding to the second authentication virtual code generation function , at least one of the first UID and the second UID may be extracted by searching for at least one of the area in which the first UID is stored and the area in which the second UID is stored.

In the first method, the virtual code for secondary authentication is generated by combining the first code, the second code, and the third code as described above. The server 30 extracts the first UID by searching the area in which the first UID is stored based on the virtual code for the second authentication by using a verification algorithm corresponding to the second authentication virtual code generation function, and the second UID The second UID may be extracted by searching an area in which .

The server 30 may extract a plurality of detailed codes included in the virtual code for secondary authentication by using a verification algorithm. The virtual code for secondary authentication is generated by combining a plurality of detailed codes according to a specific rule. The server 30 may extract a plurality of detailed codes from the secondary authentication virtual code by applying the same function as the detailed code combination function used when generating the secondary authentication virtual code. For example, when a virtual code for secondary authentication in which three detailed codes (that is, a first code, a second code, and a third code) are combined is generated, the server 30 is a character of the virtual code for the secondary authentication The first code, the second code, and the third code can be separated by applying the detailed code combining function in the array. In this case, a correlation may be included between the detailed codes.

When the virtual code for secondary authentication includes the first code, the second code, and the third code, in an embodiment having a correlation between the detailed codes, the server 30 is the starting point of the search corresponding to the first code. may be determined, and a value corresponding to a point moved along a search path corresponding to the second code from the search start point may be regarded as the first UID. Then, a start point of the search corresponding to the first code may be determined, and a value corresponding to a point moved along the search path corresponding to the third code from the start point may be regarded as the second UID.

In addition, in another embodiment, as the virtual code generating device 20 for authentication provides a new virtual code for secondary authentication for each unit count, the server 30 changes the first code and the second code for each count. and setting a start point and a search path based on the third code to search the first UID and the second UID.

Also, according to an embodiment, the server 30 may include a verification algorithm to find the first UID and the second UID using a plurality of subcodes having a correlation. The verification algorithm is an algorithm that enables the first UID search and the second UID search when each detailed code included in the virtual code for secondary authentication is applied. For example, a first code for determining a starting point of the search for the first UID and the second UID from the virtual code for secondary authentication, and a second code and a starting point for presenting the direction of the first UID storage area from the starting point When the third code indicating the direction of the second UID storage area from It is an algorithm that adjusts so that the second UID is arranged at the corresponding position when the direction corresponding to the third code is indicated at the point corresponding to the first code. By using the verification algorithm, the server 30 may find the first UID and the second UID even if the first code, the second code, and the third code included in the virtual code for secondary authentication are changed.

In addition, in one embodiment, the second authentication virtual code includes a first code obtained by adding a first OTP to the time data, a second code excluding the first UID from the first code, and a second code from the first code When the third code excluding the UID is combined and generated, the server 30 extracts an actual value (ie, the first UID) by subtracting the second code value from the first code value, and from the first code value An actual value (ie, the second UID) may be extracted by subtracting the third code value.

That is, the server 30 extracts the first UID based on the first code and the second code to verify the smart card device 10, and the first code and the third code The verification of the virtual code generating apparatus 20 for authentication may be performed by extracting the second UID based on .

Also, in one embodiment, the server 30 compares the first UID extracted by searching the storage area with the first UID extracted by subtracting the second code value from the first code value, and the two values are the same. When the first verification of the virtual code for secondary authentication is completed (that is, verification of the smart card device), the third code from the extracted second UID and the first code value by searching the storage area The second UID extracted by subtracting a value is compared, and if the two values are the same, the second verification of the virtual code for the second authentication is completed (that is, the verification of the device for generating the virtual code for authentication), and the second It can be determined that the virtual code for authentication is a normal code. However, even without such a comparison process, the server 30 can determine whether the corresponding secondary authentication virtual code is a normal code only with each value (eg, the extracted value is information stored in the DB of the server 30 ) judging by whether or not it matches).

In the second method, the second authentication virtual code is the first code and second code generated based on the second OTP and the second UID generated based on the first authentication virtual code as described above. created by combining The server 30 may verify the virtual code for secondary authentication by comparing the second OTP included in the received virtual code for secondary authentication and the second OTP for verification. Here, the second OTP for verification may be generated by the server 30 based on the same seed data as the seed data used in generating the second OTP.

Specifically, the server 30 separates the first code and the second code from the virtual code for secondary authentication, and searches for the second UID based on the separated first code and the second code. , you can check the card data (eg, secret value) that was stored together. Here, the method of separating the detailed code and searching for an actual value using the detailed code is the same as described above.

Then, the server 30 may search for a first UID matching the found second UID.

The server 30 generates a virtual code for the first authentication using the values extracted through the second UID, that is, the secret value and the first UID, and the current time data, and the generated virtual code for the first authentication and the A second OTP for verification may be generated using the secret value and time data as seed data.

When comparing the generated second OTP for verification and the second OTP included in the second virtual code for authentication, if the two values are the same, the server 30 determines that the second virtual code for authentication is a normal code can do. That is, if the second OTP and the second OTP for verification are the same, all the values (virtual code for primary authentication, the secret value, and time data) used as seed data are the same, and also the virtual code for primary authentication If is the same, since the virtual code for secondary authentication generated with the corresponding value is also the same, the smart card device 10 and the device for generating the virtual code for authentication 20 can be verified as normal.

Hereinafter, a virtual code-based user authentication method performed by the smart card device 10 will be described in detail with reference to FIG. 8 .

Referring to FIG. 8 , the smart card device 10 receives time data from the device for generating a virtual code for authentication through card tagging (S210), and generates a first virtual code for authentication based on the received time data. can be (S220).

The smart card device 10 generates a virtual code for primary authentication, the device for user authentication 20 generates a virtual code for secondary authentication, and the server 30 generates a virtual code for primary authentication and 2 Since the verification of at least one of the virtual codes for car authentication overlaps with that described with reference to FIGS. 1 to 7 , a detailed description thereof will be omitted.

Meanwhile, the smart card device 10 of the present invention may perform functions for financial settlement and access control together. That is, when the smart card device 10 is a corporate card of a company or an employee's personal card, each user can use the card as an access card of the company.

Although the steps shown in FIGS. 4 and 8 are described as being sequentially executed, this is merely illustrative of the technical idea of this embodiment, and those of ordinary skill in the art to which this embodiment belongs As it will be applicable by changing the order of the steps described in FIGS. 4 and 8 and executing one or more steps in parallel without departing from the essential characteristics of the example, various modifications and variations may be applied, so in FIGS. 4 and 8 The steps described are not limited to chronological order.

The present invention described above may further provide a computer-readable recording medium for recording a computer program for executing the method of generating the virtual code for authentication.

The above-mentioned program is C, C++, JAVA, machine language, etc. that a processor (CPU) of the computer can read through the device interface of the computer in order for the computer to read the program and execute the methods implemented as a program It may include code (Code) coded in the computer language of Such code may include functional code related to a function defining functions necessary for executing the methods, etc., and includes an execution procedure related control code necessary for the processor of the computer to execute the functions according to a predetermined procedure can do. In addition, such code may further include additional information necessary for the processor of the computer to execute the functions or code related to memory reference for which location (address address) in the internal or external memory of the computer to be referenced. have. In addition, when the processor of the computer needs to communicate with any other computer or server located remotely in order to execute the above functions, the code uses the communication module of the computer to determine how to communicate with any other computer or server remotely. It may further include a communication-related code for whether to communicate and what information or media to transmit and receive during communication.

The steps of the method or algorithm described in relation to the embodiment of the present invention may be implemented directly in hardware, implemented as a software module executed by hardware, or implemented by a combination thereof. A software module may include random access memory (RAM), read only memory (ROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, hard disk, removable disk, CD-ROM, or It may reside in any type of computer-readable recording medium well known in the art to which the present invention pertains.

As mentioned above, although embodiments of the present invention have been described with reference to the accompanying drawings, those skilled in the art to which the present invention pertains can realize that the present invention can be embodied in other specific forms without changing its technical spirit or essential features. you will be able to understand Therefore, it should be understood that the embodiments described above are illustrative in all respects and not restrictive.

10: smart card device
12: NFC module
14: IC module
20: Device for generating a virtual code for authentication
22: communication department
24: memory
26: processor
262: code generation unit
264: verification request unit
30: server

Claims (15)

In the method performed by the device for generating a virtual code for authentication,
transmitting time data to the card when tagging a card with an integrated IC chip;
receiving a virtual code for primary authentication generated based on the time data from the card;
generating a secondary authentication virtual code using the primary authentication virtual code;
transmitting at least one of the first virtual code for authentication and the second authentication virtual code to a server; and
Requesting the server to perform verification for the at least one; Containing, a virtual code generation method for authentication. The method of claim 1,
The first authentication virtual code includes a plurality of codes,
A first code among the plurality of codes is generated based on the time data and a first OTP,
A second code among the plurality of codes is generated by excluding a first user identification (UID) that is identification information of the card from the first code. 3. The method of claim 2,
The step of generating the virtual code for the second authentication is,
generating a third code by excluding a second UID that is identification information of the virtual code generating device for authentication from the first code;
A method of generating a virtual code for authentication by combining the first code, the second code, and the third code to generate the second authentication virtual code. 4. The method of claim 3,
The card is verified based on the first code and the second code,
The device for generating a virtual code for authentication, the verification is performed based on the first code and the third code, the method for generating a virtual code for authentication. 3. The method of claim 2,
The step of generating the virtual code for the second authentication is,
Generate a second OTP based on the virtual code for the first authentication,
Generating the virtual code for the second authentication based on the second UID that is the identification information of the second OTP and the device for generating the virtual code for authentication, the authentication virtual code generation method. 6. The method of claim 5,
The virtual code for secondary authentication is,
It is verified through comparison of the second OTP included in the virtual code for secondary authentication and the second OTP for verification,
The second OTP for verification is,
The method of generating a virtual code for authentication that is generated by the server based on the same seed data as the seed data used in generating the second OTP. The method of claim 1,
The virtual code for the first authentication is,
A method of generating a virtual code for authentication that is used for offline access control and user authentication when logging in online. The method of claim 1,
The virtual code for secondary authentication is,
A method of generating a virtual code for authentication that is used for user authentication when making financial payments. The method of claim 1,
The time data is
A method of generating a virtual code for authentication in a form combined with an Application Protocol Data Unit (APDU) command. A program stored in a computer-readable recording medium in combination with a computer to execute the method of any one of claims 1 to 9. NFC module for receiving time data from the device for generating a virtual code for authentication through card tagging; and
Including; IC module for generating a virtual code for primary authentication based on the received time data;
The virtual code for the first authentication is transmitted by itself and used for user authentication, or is used to generate a virtual code for the second authentication,
The secondary authentication virtual code is generated by the authentication virtual code generating device using the primary authentication virtual code,
At least one of the first virtual code for authentication and the second authentication virtual code is transmitted to the server by the virtual code generating device for authentication so that verification is performed by the server. a communication unit for transmitting time data to the card when tagging a card having an IC chip embedded therein, and receiving a virtual code for primary authentication generated based on the time data from the card;
a code generator for generating a second authentication virtual code by using the first authentication virtual code; and
A verification request unit that transmits at least one of the virtual code for the first authentication and the virtual code for the secondary authentication to the server through the communication unit, and requests the server to verify the at least one; A device for generating a virtual code for authentication. A method performed by a server, comprising:
Receiving at least one of a virtual code for primary authentication and a virtual code for secondary authentication from the device for generating a virtual code for authentication; and
Including; performing verification of at least one of the first virtual code for authentication and the second authentication virtual code;
When the virtual code for secondary authentication includes a plurality of codes, the verification performing step includes:
extracting a first user identification (UID), which is identification information of a card, based on a first code and a second code among the plurality of codes, and verifying the card;
Based on the first code and the third code among the plurality of codes, a second UID that is identification information of the virtual code generating device for authentication is extracted to perform verification of the device for generating the virtual code for authentication, Code Verification Server. 14. The method of claim 13,
When the virtual code for secondary authentication includes a second OTP and the second UID, the verifying step includes:
generating a second OTP for verification based on the same seed data as the seed data used in generating the second OTP;
comparing the second OTP included in the virtual code for secondary authentication and the second OTP for verification;
When the second OTP and the second OTP for verification are the same, verification of the card and the device for generating the virtual code for authentication is completed, a virtual code verification server for authentication. 14. The method of claim 13,
When the virtual code for the first authentication is received,
The verification step is
A virtual code verification server for authentication, which performs verification on the card by extracting a first UID (user identification), which is identification information of a card, based on the virtual code for primary authentication using a first verification algorithm.

Images