WO2013009120A2 - Mobile communication terminal and apparatus and method for authenticating applications - Google Patents

Mobile communication terminal and apparatus and method for authenticating applications Download PDF

Info

Publication number
WO2013009120A2
WO2013009120A2 PCT/KR2012/005557 KR2012005557W WO2013009120A2 WO 2013009120 A2 WO2013009120 A2 WO 2013009120A2 KR 2012005557 W KR2012005557 W KR 2012005557W WO 2013009120 A2 WO2013009120 A2 WO 2013009120A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
information
application
channel
mobile communication
Prior art date
Application number
PCT/KR2012/005557
Other languages
French (fr)
Korean (ko)
Other versions
WO2013009120A3 (en
Inventor
류창화
Original Assignee
(주)시루정보
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020110108833A external-priority patent/KR101289028B1/en
Application filed by (주)시루정보 filed Critical (주)시루정보
Publication of WO2013009120A2 publication Critical patent/WO2013009120A2/en
Publication of WO2013009120A3 publication Critical patent/WO2013009120A3/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/64Self-signed certificates

Definitions

  • the present invention relates to a mobile communication terminal, an application authentication apparatus and a method, and more particularly, to a mobile communication terminal, an application authentication apparatus and a method for authentication of an application driven in a mobile communication terminal.
  • mobile communication terminals using a mobile communication network have been released. These mobile communication terminals can access the Internet through various wireless communication protocols. In addition, mobile communication terminals have a platform capable of running various application programs.
  • Mobile phones have a built-in platform that can run mobile application programs such as WIPI and BREW. Smartphones also have various application program driving platforms such as iOS, Windows Mobile, and Android. These mobile applications are produced and distributed by service providers in various fields such as finance and games.
  • a mobile application can be provided by a company or an individual who can program a service by easily creating and displaying it on the App Store.
  • the application authentication system disclosed in Korean Patent Application Publication No. 2003-0043738 uses the application authentication information of a separate authentication module to perform authentication of an application downloaded to a downloading unit of a terminal to confirm whether or not to confirm or correct a source. Perform a check of whether or not.
  • Korean published patent KR 2003-0043738 authenticates an application by using application authentication information of an authentication module, and thus there is a problem in that corresponding authentication information is not synchronized in real time with respect to all rapidly increasing applications.
  • the present invention provides a mobile communication terminal, an application authentication apparatus and a method in which a user can directly check whether an application downloaded by a user is an authenticated application provided by a legitimate operator.
  • the present invention provides a mobile communication terminal, an application authentication apparatus and method for exchanging encryption keys for security at the time of authentication to more securely handle subsequent service interworking, thereby increasing application security.
  • Application authentication apparatus is the authentication information generation unit for generating and storing the authentication information requested from the web server, the authentication information by the mobile communication terminal input the authentication information output by the web server And a communication unit for receiving the encrypted authentication request information, a first channel authentication unit for decrypting the encrypted authentication request information, and performing a first channel authentication according to whether or not the authentication information is included in the decrypted authentication request information. It may include a second channel authentication unit for performing a second channel authentication compared to the authentication information stored in the authentication information generation unit.
  • a mobile communication terminal according to an aspect of the present invention.
  • the mobile communication terminal is an input unit for inputting authentication information output from a web server, an authentication request information generation unit for generating authentication request information including the authentication information, and encryption for encrypting the authentication request information. And a communication unit for transmitting the encrypted authentication request information to the application authentication device and receiving first channel authentication result information from the application authentication device.
  • Application authentication method comprises the step of generating and storing the authentication information requested from the web server, including the authentication information by the mobile communication terminal input the authentication information output by the web server and encrypted Receiving the encrypted authentication request information, decrypting the encrypted authentication request information, performing first channel authentication according to whether the decryption is performed, and the authentication information included in the decrypted authentication request information is stored in the authentication information generation unit. And performing second channel authentication in comparison with the authentication information.
  • Application authentication method comprises the steps of inputting the authentication information output from the web server, generating authentication request information including the authentication information, encrypting the authentication request information and encrypted And transmitting the authentication request information to the application authentication apparatus and receiving first channel authentication result information from the application authentication apparatus.
  • the present invention is not limited to the embodiments disclosed below, but may be configured in different forms, and the present embodiments are intended to complete the disclosure of the present invention and to provide general knowledge in the technical field to which the present invention belongs. It is provided to fully inform those who have the scope of the invention.
  • the user can directly check whether the downloaded application is an authorized application provided by a legitimate operator, thereby preventing the use of malicious applications in advance, exposing personally valuable information or illegal accounts. It can prevent accidents such as performing unwanted actions such as transfer and payment.
  • the application authentication apparatus and method of the present invention by exchanging the encryption key for security at the time of application authentication, it is possible to more securely handle the subsequent service interworking to increase the security of the application.
  • FIG. 1 is a view for explaining an application authentication system according to an embodiment of the present invention.
  • FIG. 2 is a view for explaining a mobile communication terminal according to an embodiment of the present invention.
  • FIG. 3 is a view for explaining an application authentication method in a mobile communication terminal according to an embodiment of the present invention.
  • FIG. 4 is a view for explaining an application authentication apparatus according to an embodiment of the present invention.
  • FIG. 5 is a view for explaining an application authentication method in the application authentication apparatus according to an embodiment of the present invention.
  • 6 to 8 are call processing diagrams for explaining the application authentication method according to an embodiment of the present invention.
  • 9 to 11 are exemplary views of an application authentication method according to an embodiment of the present invention.
  • FIG. 1 is a view for explaining an application authentication system according to an embodiment of the present invention.
  • an application authentication system includes a mobile communication terminal 100, a web server 200, an application authentication device 300, a key management system 400, and an application server 500.
  • the mobile communication terminal 100 drives the downloaded application
  • the mobile communication terminal 100 inputs authentication information about the application output from the web server 200.
  • the mobile communication terminal 100 transmits the authentication request information including the authentication information to the application authentication apparatus 300, and receives the first channel authentication result information.
  • the mobile communication terminal 100 transmits the encrypted specialized information for the application service to the application server 500 and receives the corresponding specialized processing result information to perform the application service.
  • the web server 200 outputs authentication information received from the application authentication apparatus 300 to authenticate whether the application is an application provided by the same operator as the operator operating the web server 200.
  • the application authentication apparatus 300 generates and transmits authentication information to the web server 200 and performs first channel authentication and second channel authentication by using the encrypted authentication request information.
  • the first channel authentication is mutual authentication by a predetermined encryption algorithm between the application and the application authentication device 300
  • the second channel authentication compares whether the authentication information is authentication information generated by the application authentication device 300, To authenticate whether the application provided by the same operator as the operator operating the server 200.
  • the key management system 400 generates a key based on the public key and transmits the key identification information and the public key to the application authentication apparatus 300, and when the key identification information is transmitted from the application server 500, the corresponding private key. Read it and transmit it to the application server 500.
  • the application server 500 receives key identification information and encrypted specialized information from the mobile communication terminal 100.
  • the application server 500 receives a private key corresponding to the key identification information from the key management system 400, and decrypts the encrypted specialized information using the received private key to process the full text.
  • the application server 500 generates the professional processing result information and transmits the professional processing result information generated by the mobile communication terminal 100.
  • FIG. 2 is a view for explaining a mobile communication terminal according to an embodiment of the present invention.
  • the mobile communication terminal 100 includes an input unit 110, an authentication request information generating unit 120, an encryption unit 130, a communication unit 140, an output unit 150, and an application execution unit 160. And a storage unit 170.
  • the input unit 110 inputs authentication information output from the web server 200.
  • the input unit 110 may include, for example, a camera, a microphone, a button, a key, a touch sensor, and a proximity sensor that can be recognized through visual, auditory, tactile, and at least one sense to input authentication information.
  • the apparatus may further include a short range communication module that the RF signal can recognize.
  • the authentication request information generation unit 120 generates authentication request information including authentication information.
  • the encryption unit 130 encrypts the generated authentication request information by using the application authentication device 300 and a preset encryption method.
  • the encryption unit 120 encrypts the full text related to the application service using the public key information received from the application authentication device 300.
  • the communication unit 140 transmits the encrypted authentication request information to the application authentication apparatus 300 and receives the first channel authentication result information from the application authentication apparatus 300.
  • the communication unit 140 may further receive the second channel authentication result information together with the first channel authentication result information.
  • the communication unit 140 may further receive key identification information and public key information together with the first channel authentication result information.
  • the communication unit 140 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
  • the communication unit 140 receives the specialized processing result information processed by the application server 500.
  • the output unit 150 outputs first channel authentication result information.
  • the output unit 150 may output second channel authentication result information.
  • the application execution unit 160 sets and activates the application according to the authentication result, and performs the application service using the specialized processing result information received from the application server 500.
  • the storage unit 170 stores an authentication program, an encryption program, and an application program.
  • FIG. 3 is a view for explaining an application authentication method in a mobile communication terminal according to an embodiment of the present invention.
  • step S305 the mobile communication terminal 100 drives the downloaded application.
  • step S310 the mobile communication terminal 100 inputs the authentication information output from the web server 200.
  • the authentication information may be recognized through visual, auditory, tactile, and at least one sense, for example, at least one of barcode, QR code, image, voice, and braille, and at least one of RF signal. It may be a form.
  • the mobile communication terminal 100 may be input corresponding to the output of authentication information from the web server 200.
  • step S315 the mobile communication terminal 100 generates authentication request information including authentication information and encrypts it.
  • the authentication request information may include application identification information, mobile communication terminal 100 identification information, and authentication information.
  • step S320 the mobile communication terminal 100 transmits the encrypted authentication request information to the application authentication device 300.
  • step S325 the mobile communication terminal 100 receives the first channel authentication result information by the application authentication device 300.
  • the first channel authentication result information is mutually authenticated result information by an encryption algorithm between the application and the application authentication apparatus 300.
  • the mobile communication terminal 100 may further receive the second channel authentication result information together with the first channel authentication result information.
  • the mobile communication terminal 100 may further receive key identification information and public key information together with the first channel authentication result information.
  • the mobile communication terminal 100 outputs first channel authentication result information.
  • the mobile communication terminal 100 may set and activate an application according to the authentication result.
  • step S340 the mobile communication terminal 100 encrypts the full text related to the application service using the received public key information.
  • step S345 the mobile communication terminal 100 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
  • the mobile communication terminal 100 receives and outputs the specialized processing result information processed by the application server 500 to perform an application service.
  • the specialized processing result information is decrypted by the application server 500 by using the private key information corresponding to the key identification information from the key management system 400, and the corresponding application service is performed and then moved. It is transmitted to the communication terminal 100.
  • FIG. 4 is a view for explaining the application authentication apparatus 300 according to an embodiment of the present invention.
  • the application authentication apparatus 300 includes an authentication information generation unit 310, a communication unit 320, a first channel authentication unit 330, and a second channel authentication unit 340.
  • the authentication information generation unit 310 generates the authentication information requested from the web server 200 and stores it.
  • the communication unit 320 transmits the generated authentication information to the web server 200 and receives the encrypted authentication request information including the authentication information from the mobile communication terminal 100 which inputs the authentication information.
  • the communication unit 320 transmits the first channel authentication result information performed using the authentication request information to the mobile communication terminal 100 and transmits the second channel authentication result information to the web server 200.
  • the communication unit 320 may further transmit the second channel authentication result information to the mobile communication terminal 100.
  • the communication unit 320 receives the key identification information and public key information to the key management system 400, and transmits to the mobile communication terminal (100).
  • the first channel authenticator 330 decrypts the authentication request information and performs first channel authentication according to whether or not the decryption is performed.
  • the second channel authenticator 340 performs second channel authentication by comparing whether the authentication information included in the decrypted authentication request information is the authentication information generated by the application authentication apparatus 300.
  • FIG. 5 is a view for explaining an application authentication method in the application authentication apparatus 300 according to an embodiment of the present invention.
  • step S505 when the application authentication apparatus 300 receives the authentication information from the web server 200, the application authentication apparatus 300 generates and stores the authentication information.
  • the application authentication apparatus 300 transmits the generated authentication information to the web server 200.
  • the authentication information may be inactivated after a preset time, for example, one minute from the time generated as the information generated by the application authentication apparatus 300.
  • the application authentication device 300 receives encrypted authentication request information from the mobile communication terminal 100.
  • the application authentication apparatus 300 decrypts authentication request information and performs first channel authentication.
  • the application authentication apparatus 300 compares whether the authentication information included in the authentication request information is authentication information generated by the application authentication apparatus 300 and performs second channel authentication.
  • the second channel authentication is an application provided by the same operator as the operator operating the web server 200 via the application authentication device 300 in the web server 200 associated with the application in order to prevent the most applications. To authenticate the acknowledgment.
  • the application authentication apparatus 300 may be provided by the same operator as the operator operating the web server 200. Judging by the application.
  • the application authentication device 300 requests the public key to the key management system 400.
  • the application authentication apparatus 300 transmits key identification information and public key information from the key management system 400.
  • the application authentication device 300 transmits first channel authentication result information to the mobile communication terminal 100.
  • the application authentication device 300 may further transmit key identification information and public key information together with the first channel authentication result information.
  • the application authentication device 300 may further transmit the second channel authentication result information along with the first channel authentication result information to the mobile communication terminal 100.
  • the application authentication apparatus 300 transmits second channel authentication result information to the web server 200.
  • 6 to 7 are call processing diagrams for explaining an application authentication method according to an embodiment of the present invention.
  • step S605 the web server 200 requests authentication information from the application authentication apparatus 300 to perform authentication for an application.
  • the application authentication device 300 when receiving the authentication information, the application authentication device 300 generates the authentication information and stores it.
  • the application authentication apparatus 300 transmits the generated authentication information to the web server 200.
  • step S620 the web server 200 outputs the authentication information.
  • the authentication information may be inactivated after a preset time, for example, one minute from the time generated as the information generated by the application authentication apparatus 300.
  • the authentication information may be in a form recognizable through visual, auditory, tactile and at least one sense, for example, at least one of barcode, QR code, image, voice, and braille, and at least one form of RF signal. Can be.
  • step S625 the mobile communication terminal 100 drives the downloaded application.
  • a guide phrase for authenticating the application may be output, and access information for accessing the web server 200 may be output.
  • the web server 200 may output the authentication information in step S620 described above.
  • step S630 the mobile communication terminal 100 inputs the authentication information output from the web server 200.
  • the mobile communication terminal 100 may be input in correspondence with the output of the authentication information from the web server 200 described above.
  • step S635 the mobile communication terminal 100 generates authentication request information including the authentication information and encrypts it.
  • the authentication request information may include application identification information, mobile terminal identification information and authentication information.
  • step S640 the mobile communication terminal 100 transmits the encrypted authentication request information to the application authentication device 300.
  • the application authentication device 300 decrypts the authentication request information and performs a first channel authentication.
  • the application authentication apparatus 300 may reject the authentication.
  • the application authentication apparatus 300 determines that the first channel authentication is performed when decrypting the authentication request information encrypted in a predetermined manner in the application.
  • step S655 the application authentication device 300 compares whether the authentication information included in the authentication request information is the authentication information generated by the application authentication device 300 to perform the second channel authentication.
  • the application authentication apparatus 300 may be provided by the same service provider as the operator operating the web server 200. Judging by the application.
  • step S660 the application authentication device 300 requests the public key to the key management system 400.
  • the key management system 400 In operation S665, the key management system 400 generates a public key based key when the public key is requested from the application authentication apparatus 300.
  • the key management system 400 transmits the key identification information and the public key information to the application authentication device 300.
  • the application authentication device 300 transmits first channel authentication result information to the mobile communication terminal 100.
  • the application authentication device 300 may further transmit key identification information and public key information together with the first channel authentication result information.
  • the application authentication apparatus 300 transmits second channel authentication result information to the web server 200.
  • step S685 the mobile communication terminal 100 outputs first channel authentication result information.
  • step S690 the web server 200 outputs the second channel authentication result information.
  • the user checks the first channel authentication result information and the second channel authentication result information output from the mobile communication terminal 100 and the web server 200, and provides an authentication provided by a valid operator by the application downloaded from the mobile communication terminal 100. It can be determined whether or not the application.
  • the mobile communication terminal 100 may set and activate an application according to an authentication result to perform an application service.
  • FIG. 8 is a call processing diagram illustrating an application execution method according to an embodiment of the present invention.
  • step S810 the mobile communication terminal 100 encrypts the full text related to the application service using the public key information received from the application authentication apparatus 300.
  • the mobile communication terminal 100 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
  • step S840 and S850 the application server 500 transmits the received key identification information to the key management system 400, and receives the private key information corresponding to the key identification information from the key management system 400.
  • the application server 500 decrypts the full text related to the received encrypted application service using the received private key information, and performs an application service corresponding to the full text.
  • the application server 500 transmits the text message processing result information that performs the application service corresponding to the text message to the mobile communication terminal 100.
  • step S880 the mobile communication terminal 100 continues to provide an application service by receiving the specialized processing result information.
  • 9 to 11 are exemplary views illustrating an application authentication method according to an embodiment of the present invention.
  • the mobile communication terminal 100 when driving the downloaded application, the mobile communication terminal 100 outputs a guide phrase related to application authentication, and accesses the web server 200 for authentication through another communication terminal.
  • the mobile communication terminal 100 inputs an authentication command to perform two-factor authentication for the application.
  • the other communication terminal connected to the web server 200 for authentication in S1010 outputs the authentication information for authenticating the application for the mobile communication terminal 100.
  • the authentication information output from the web server 200 is input from the mobile communication terminal 100.
  • the web server 200 uses the authentication information input from the mobile communication terminal 100 by the application authentication apparatus 300 to determine whether the application downloaded from the mobile communication terminal 100 is an authenticated application provided by a legitimate operator.
  • the second channel authentication is determined, and the result information on the second channel authentication is output.
  • the mobile communication terminal 100 performs first channel authentication whether the application is approved by the application authentication device 300, and outputs result information on the first channel authentication.
  • the mobile communication terminal 100 may receive and output the result information for the second channel authentication together with the result information for the first channel authentication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a mobile communication terminal and an apparatus and a method for authenticating applications, and more specifically to a mobile communication terminal and an apparatus and a method for authenticating applications which are driven in the mobile communication terminal. The apparatus for authenticating applications according to one embodiment of the present invention comprises: an authentication information generation unit for generating and storing authentication information requested from a web server; a communication unit for receiving the encoded authentication request information including the authentication information through the mobile communication terminal for receiving the authentication information outputted through the web server; a first channel authentication unit for decoding the encoded authentication request information and performing a first authentication process according the decoded state; and a second channel authentication unit for performing a second authentication process by comparing the authentication information included in the decoded authentication request information with the authentication information stored in the authentication information generation unit.

Description

이동통신단말기, 어플리케이션 인증 장치 및 방법Mobile communication terminal, application authentication apparatus and method
본 발명은 이동통신단말기, 어플리케이션 인증 장치 및 방법에 관한 것으로, 더욱 상세하게는 이동통신 단말기에서 구동되는 어플리케이션의 인증을 위한 이동통신단말기, 어플리케이션 인증 장치 및 방법에 관한 것이다.The present invention relates to a mobile communication terminal, an application authentication apparatus and a method, and more particularly, to a mobile communication terminal, an application authentication apparatus and a method for authentication of an application driven in a mobile communication terminal.
최근 이동통신망을 이용한 다양한 이동통신단말기들이 출시되고 있다. 이러한 이동통신단말기들은 등 다양한 무선 통신 프로토콜을 통하여 인터넷에 접속할 수 있다. 또한 이동통신단말기들은 다양한 어플리케이션 프로그램을 구동할 수 있는 플랫폼을 구비하고 있다.  Recently, various mobile communication terminals using a mobile communication network have been released. These mobile communication terminals can access the Internet through various wireless communication protocols. In addition, mobile communication terminals have a platform capable of running various application programs.
핸드폰의 경우 WIPI, BREW 등 모바일 어플리케이션 프로그램을 구동할 수 있는 플랫폼을 내장하고 있으며 스마트폰 또한 iOS, Windows Mobile, Android 등 다양한 어플리케이션 프로그램 구동 플랫폼을 갖추고 있다. 이러한 모바일 어플리케이션들은 금융, 게임 등 다양한 분야의 서비스 제공자에 의해 제작되어 배포되고 있다. 또한 모바일 어플리케이션은 프로그램이 가능한 기업이나 개인이면 누구나 쉽게 만들어서 앱스토어에 게재하는 방식으로 서비스를 제공할 수 있다. Mobile phones have a built-in platform that can run mobile application programs such as WIPI and BREW. Smartphones also have various application program driving platforms such as iOS, Windows Mobile, and Android. These mobile applications are produced and distributed by service providers in various fields such as finance and games. In addition, a mobile application can be provided by a company or an individual who can program a service by easily creating and displaying it on the App Store.
최근 스마트폰이 대중화 되면서, 어플리케이션 서비스 제공자는 쉽게 이동통신단말기용 어플리케이션을 만들어서 배포하고 사용자는 쉽게 다운로드하여 모바일 서비스를 제공할 수 있다. 하지만 선량한 서비스 제공자가 있는 반면에 악의적인 목적으로 이동통신단말기용 어플리케이션을 제작하여 배포하는 이도 존재한다. 이러한 악의적 어플리케이션은 바이러스를 포함하고 있거나 사용자의 개인정보를 빼내 가는 등의 동작을 수행하기 때문에 사회적으로 많은 문제를 일으키고 있다. 특히 인지도가 높은 기업이 제작한 어플리케이션인 것처럼 가장한 어플리케이션들이 출현하고 있는데, 이러한 어플리케이션들을 사용자가 의심 없이 사용하면서, 금융정보, 개인정보 등을 제공할 수 있다. 따라서 선의의 사용자들을 악의적 피싱 어플리케이션으로부터 보호하기 위하여 특정 어플리케이션이 정당한 특정 사업자에 의해 제작되고 배포되었는지를 확인할 수 있는 인증수단이 필요하다.With the recent popularization of smartphones, application service providers can easily create and distribute applications for mobile communication terminals, and users can easily download and provide mobile services. However, while there are good service providers, there are those who produce and distribute applications for mobile communication terminals for malicious purposes. These malicious applications cause a lot of social problems because they contain a virus or perform operations such as extracting user's personal information. In particular, applications that pretend as if they were produced by highly recognized companies have emerged. These applications can be used without a doubt by the user and provide financial information and personal information. Therefore, in order to protect well-intentioned users from malicious phishing applications, an authentication means that can verify whether a particular application is produced and distributed by a legitimate specific operator is required.
한편, 한국 공개 특허 KR 2003-0043738에 개시된 어플리케이션 인증 시스템은 별도의 인증 모듈의 어플리케이션 인증 정보를 이용하여, 단말의 다운로딩부에 다운로드된 어플리케이션의 인증을 수행하여 출처의 확인이나 정정이 수행되었는지의 여부의 확인을 수행한다. On the other hand, the application authentication system disclosed in Korean Patent Application Publication No. 2003-0043738 uses the application authentication information of a separate authentication module to perform authentication of an application downloaded to a downloading unit of a terminal to confirm whether or not to confirm or correct a source. Perform a check of whether or not.
하지만 한국 공개 특허 KR 2003-0043738는 인증 모듈의 어플리케이션 인증 정보를 이용하여 어플리케이션을 인증하므로, 급증하는 모든 어플리케이션에 대해 상응하는 인증 정보를 실시간으로 동기화시키지 못하는 문제점이 있다.However, Korean published patent KR 2003-0043738 authenticates an application by using application authentication information of an authentication module, and thus there is a problem in that corresponding authentication information is not synchronized in real time with respect to all rapidly increasing applications.
상술한 종래 기술의 문제점을 해결하기 위해, 본 발명은 사용자가 다운로드받은 어플리케이션이 정당한 사업자가 제공하는 인증된 어플리케이션인지 사용자가 직접 확인할 수 있는 이동통신단말기, 어플리케이션 인증 장치 및 방법을 제공한다.In order to solve the above-mentioned problems of the prior art, the present invention provides a mobile communication terminal, an application authentication apparatus and a method in which a user can directly check whether an application downloaded by a user is an authenticated application provided by a legitimate operator.
또한 본 발명은 인증 시 보안을 위한 암호화키를 교환하여 이후의 서비스 연동을 보다 안전하게 처리할 수 있어 어플리케이션의 보안성을 높일 수 있는 이동통신단말기, 어플리케이션 인증 장치 및 방법을 제공한다.In addition, the present invention provides a mobile communication terminal, an application authentication apparatus and method for exchanging encryption keys for security at the time of authentication to more securely handle subsequent service interworking, thereby increasing application security.
본 발명의 목적들은 이상에서 언급한 목적들로 제한되지 않으며, 언급되지 않은 또 다른 목적들은 아래의 기재로부터 명확하게 이해될 수 있을 것이다.The objects of the present invention are not limited to the above-mentioned objects, and other objects that are not mentioned will be clearly understood from the following description.
상기 목적을 달성하기 위하여, 본 발명의 일 측면에 따른 어플리케이션 인증장치를 제공한다.In order to achieve the above object, there is provided an application authentication apparatus according to an aspect of the present invention.
본 발명의 일실시예에 따른 어플리케이션 인증장치는 웹서버로부터 요청받은 인증정보를 생성하고 저장하는 인증정보생성부, 상기 웹서버에 의해 출력된 인증정보를 입력한 이동통신단말기에 의해 상기 인증정보를 포함하고 암호화된 인증요청정보를 수신하는 통신부, 상기 암호화된 인증요청정보를 복호화하고, 복호화 여부에 따라 제1 채널 인증을 수행하는 제1 채널 인증부 및 복호화된 인증요청정보에 포함된 인증정보가 상기 인증정보생성부에 저장된 인증정보와 비교하여 제2 채널인증을 수행하는 제2 채널 인증부를 포함할 수 있다.Application authentication apparatus according to an embodiment of the present invention is the authentication information generation unit for generating and storing the authentication information requested from the web server, the authentication information by the mobile communication terminal input the authentication information output by the web server And a communication unit for receiving the encrypted authentication request information, a first channel authentication unit for decrypting the encrypted authentication request information, and performing a first channel authentication according to whether or not the authentication information is included in the decrypted authentication request information. It may include a second channel authentication unit for performing a second channel authentication compared to the authentication information stored in the authentication information generation unit.
본 발명의 일 측면에 따른 이동통신단말기를 제공한다.Provided is a mobile communication terminal according to an aspect of the present invention.
본 발명의 일 실시예에 따른 이동통신단말기는 웹서버에서 출력된 인증정보를 입력하는 입력부, 상기 인증정보를 포함하는 인증요청정보를 생성하는 인증요청정보 생성부, 상기 인증요청정보를 암호화하는 암호화부 및 암호화된 인증요청정보를 어플리케이션 인증장치로 전송하고, 상기 어플리케이션 인증장치로부터 제1 채널인증결과정보를 수신하는 통신부를 포함할 수 있다.The mobile communication terminal according to an embodiment of the present invention is an input unit for inputting authentication information output from a web server, an authentication request information generation unit for generating authentication request information including the authentication information, and encryption for encrypting the authentication request information. And a communication unit for transmitting the encrypted authentication request information to the application authentication device and receiving first channel authentication result information from the application authentication device.
본 발명의 일 측면에 따른 어플리케이션 인증방법을 제공한다.It provides an application authentication method according to an aspect of the present invention.
본 발명의 일실시예에 따른 어플리케이션 인증방법은 웹서버로부터 요청받은 인증정보를 생성하고 저장하는 단계, 상기 웹서버에 의해 출력된 인증정보를 입력한 이동통신단말기에 의해 상기 인증정보를 포함하고 암호화된 인증요청정보를 수신하는 단계, 상기 암호화된 인증요청정보를 복호화하고, 복호화 여부에 따라 제1 채널 인증을 수행하는 단계 및 복호화된 인증요청정보에 포함된 인증정보가 상기 인증정보생성부에 저장된 인증정보와 비교하여 제2 채널인증을 수행하는 단계를 포함할 수 있다.Application authentication method according to an embodiment of the present invention comprises the step of generating and storing the authentication information requested from the web server, including the authentication information by the mobile communication terminal input the authentication information output by the web server and encrypted Receiving the encrypted authentication request information, decrypting the encrypted authentication request information, performing first channel authentication according to whether the decryption is performed, and the authentication information included in the decrypted authentication request information is stored in the authentication information generation unit. And performing second channel authentication in comparison with the authentication information.
본 발명의 다른 일실시예에 따른 어플리케이션 인증방법은 웹서버에서 출력된 인증정보를 입력하는 단계, 상기 인증정보를 포함하는 인증요청정보를 생성하는 단계, 상기 인증요청정보를 암호화하는 단계 및 암호화된 인증요청정보를 어플리케이션 인증장치로 전송하고, 상기 어플리케이션 인증장치로부터 제1 채널인증결과정보를 수신하는 단계를 포함할 수 있다.Application authentication method according to another embodiment of the present invention comprises the steps of inputting the authentication information output from the web server, generating authentication request information including the authentication information, encrypting the authentication request information and encrypted And transmitting the authentication request information to the application authentication apparatus and receiving first channel authentication result information from the application authentication apparatus.
상기 목적을 달성하기 위한 구체적인 사항들은 첨부된 도면과 함께 상세하게 후술된 실시예들을 참조하면 명확해질 것이다.Specific details for achieving the above object will be apparent with reference to the embodiments described below in detail with the accompanying drawings.
그러나 본 발명은 이하에서 개시되는 실시예들에 한정되는 것이 아니라, 서로 다른 다양한 형태로 구성될 수 있으며, 본 실시예들은 본 발명의 개시가 완전하도록 하고 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자에게 발명의 범주를 완전하게 알려주기 위해 제공되는 것이다.However, the present invention is not limited to the embodiments disclosed below, but may be configured in different forms, and the present embodiments are intended to complete the disclosure of the present invention and to provide general knowledge in the technical field to which the present invention belongs. It is provided to fully inform those who have the scope of the invention.
전술한 본 발명의 어플리케이션 인증장치 및 방법에 의하면, 다운로드받은 어플리케이션이 정당한 사업자가 제공하는 인증된 어플리케이션인지 사용자가 직접 확인할 수 있어 악의적인 어플리케이션의 사용을 미리 차단하여 개인의 소중한 정보를 노출하거나 불법 계좌이체, 결제 등 원치 않는 동작을 수행하는 등의 사고를 방지할 수 있다.According to the above-described application authentication apparatus and method of the present invention, the user can directly check whether the downloaded application is an authorized application provided by a legitimate operator, thereby preventing the use of malicious applications in advance, exposing personally valuable information or illegal accounts. It can prevent accidents such as performing unwanted actions such as transfer and payment.
또한, 본 발명의 어플리케이션 인증장치 및 방법에 의하면, 어플리케이션 인증 시 보안을 위한 암호화 키를 교환하여 이후의 서비스 연동을 보다 안전하게 처리할 수 있어 어플리케이션의 보안성을 높일 수 있다.In addition, according to the application authentication apparatus and method of the present invention, by exchanging the encryption key for security at the time of application authentication, it is possible to more securely handle the subsequent service interworking to increase the security of the application.
도 1은 본 발명의 일 실시예에 따른 어플리케이션 인증 시스템을 설명하기 위한 도면.1 is a view for explaining an application authentication system according to an embodiment of the present invention.
도 2는 본 발명의 일 실시예에 따른 이동통신 단말기를 설명하기 위한 도면.2 is a view for explaining a mobile communication terminal according to an embodiment of the present invention.
도 3은 본 발명의 일 실시예에 따른 이동통신 단말기에서 어플리케이션 인증 방법을 설명하기 위한 도면.3 is a view for explaining an application authentication method in a mobile communication terminal according to an embodiment of the present invention.
도 4는 본 발명의 일 실시예에 따른 어플리케이션인증장치를 설명하기 위한 도면.4 is a view for explaining an application authentication apparatus according to an embodiment of the present invention.
도 5는 본 발명의 일 실시예에 따른 어플리케이션인증장치에서 어플리케이션 인증 방법을 설명하기 위한 도면.5 is a view for explaining an application authentication method in the application authentication apparatus according to an embodiment of the present invention.
도 6 내지 도 8은 본 발명의 일 실시예에 따른 어플리케이션 인증 방법을 설명하기 위한 호 처리도.6 to 8 are call processing diagrams for explaining the application authentication method according to an embodiment of the present invention.
도 9 내지 도 11은 본 발명의 일 실시예에 따른 어플리케이션 인증 방법의 실시 예시도.9 to 11 are exemplary views of an application authentication method according to an embodiment of the present invention.
아래에서는 첨부한 도면을 참조하여 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자가 용이하게 실시할 수 있도록 본 발명의 실시예를 상세히 설명하도록 한다.DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention.
그러나 본 발명은 여러 가지 상이한 형태로 구현될 수 있으며 여기에서 설명하는 실시예에 한정되지 않는다.As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention.
또한, 어떤 부분이 어떤 구성 요소를 "포함"한다고 할 때, 이는 특별히 반대되는 기재가 없는 한 다른 구성 요소를 제외하는 것이 아니라 다른 구성 요소를 더 포함할 수 있는 것을 의미한다.In addition, when a part is said to "include" a certain component, it means that it may further include other components, except to exclude other components unless specifically stated otherwise.
이하, 첨부된 도면을 참고하여, 본 발명의 실시를 위한 구체적인 내용을 설명하도록 한다.Hereinafter, with reference to the accompanying drawings, it will be described in detail for the practice of the present invention.
도 1은 본 발명의 일 실시예에 따른 어플리케이션 인증 시스템을 설명하기 위한 도면이다.1 is a view for explaining an application authentication system according to an embodiment of the present invention.
도 1을 참조하면, 어플리케이션 인증 시스템은 이동통신단말기(100), 웹서버(200), 어플리케이션인증장치(300), 키관리시스템(400) 및 어플리케이션서버(500)를 포함한다.Referring to FIG. 1, an application authentication system includes a mobile communication terminal 100, a web server 200, an application authentication device 300, a key management system 400, and an application server 500.
이동통신단말기(100)는 다운로드된 어플리케이션을 구동하는 경우, 웹서버(200)에서 출력된 어플리케이션에 대한 인증정보를 입력한다.When the mobile communication terminal 100 drives the downloaded application, the mobile communication terminal 100 inputs authentication information about the application output from the web server 200.
이동통신단말기(100)는 인증정보를 포함하는 인증요청정보를 어플리케이션인증장치(300)로 전송하고, 제1 채널 인증 결과 정보를 수신한다.The mobile communication terminal 100 transmits the authentication request information including the authentication information to the application authentication apparatus 300, and receives the first channel authentication result information.
이동통신단말기(100)는 어플리케이션서버(500)로 어플리케이션 서비스를 위한 암호화된 전문정보를 전송하고, 상응하는 전문처리결과정보를 수신하여 어플리케이션 서비스를 수행한다. The mobile communication terminal 100 transmits the encrypted specialized information for the application service to the application server 500 and receives the corresponding specialized processing result information to perform the application service.
웹서버(200)는 어플리케이션이 웹서버(200)를 운영하는 사업자와 동일한 사업자가 제공하는 어플리케이션인지를 인증하기 위하여 어플리케이션인증장치(300)로부터 수신한 인증정보를 출력한다.The web server 200 outputs authentication information received from the application authentication apparatus 300 to authenticate whether the application is an application provided by the same operator as the operator operating the web server 200.
어플리케이션인증장치(300)는 인증정보를 생성하여 웹서버(200)로 전송하고, 암호화된 인증요청정보를 이용하여 제1 채널 인증 및 제2 채널 인증을 수행한다.The application authentication apparatus 300 generates and transmits authentication information to the web server 200 and performs first channel authentication and second channel authentication by using the encrypted authentication request information.
여기서, 제1 채널 인증은 어플리케이션과 어플리케이션인증장치(300) 간 미리 설정된 암호화 알고리즘에 의한 상호 인증하는 것이며, 제2 채널 인증은 인증정보가 어플리케이션인증장치(300)에서 생성된 인증정보인지 비교하여 웹서버(200)를 운영하는 사업자와 동일한 사업자가 제공하는 어플리케이션인지를 인증하는 것이다.Here, the first channel authentication is mutual authentication by a predetermined encryption algorithm between the application and the application authentication device 300, and the second channel authentication compares whether the authentication information is authentication information generated by the application authentication device 300, To authenticate whether the application provided by the same operator as the operator operating the server 200.
키관리시스템(400)은 공개키 기반의 키를 생성하여 키 식별정보 및 공개키를 어플리케이션인증장치(300)로 전송하고, 어플리케이션서버(500)로부터 키 식별정보가 전송되는 경우, 상응하는 개인키를 독출하여 어플리케이션서버(500)로 전송한다.The key management system 400 generates a key based on the public key and transmits the key identification information and the public key to the application authentication apparatus 300, and when the key identification information is transmitted from the application server 500, the corresponding private key. Read it and transmit it to the application server 500.
어플리케이션서버(500)는 이동통신단말기(100)로부터 키 식별정보 및 암호화된 전문정보를 수신한다.The application server 500 receives key identification information and encrypted specialized information from the mobile communication terminal 100.
어플리케이션서버(500)는 키관리시스템(400)으로부터 키 식별정보에 상응하는 개인키를 수신하고, 수신한 개인키를 이용하여 암호화된 전문정보를 복호화하여 전문을 처리한다.The application server 500 receives a private key corresponding to the key identification information from the key management system 400, and decrypts the encrypted specialized information using the received private key to process the full text.
이후, 어플리케이션서버(500)는 전문처리결과정보를 생성하고, 이동통신단말기(100)로 생성된 전문처리결과정보를 전송한다. Thereafter, the application server 500 generates the professional processing result information and transmits the professional processing result information generated by the mobile communication terminal 100.
도 2는 본 발명의 일 실시예에 따른 이동통신 단말기를 설명하기 위한 도면이다.2 is a view for explaining a mobile communication terminal according to an embodiment of the present invention.
도 2을 참조하면, 이동통신단말기(100)는 입력부(110), 인증요청정보생성부(120), 암호화부(130), 통신부(140), 출력부(150), 어플리케이션 실행부(160) 및 저장부(170)를 포함한다.Referring to FIG. 2, the mobile communication terminal 100 includes an input unit 110, an authentication request information generating unit 120, an encryption unit 130, a communication unit 140, an output unit 150, and an application execution unit 160. And a storage unit 170.
입력부(110)는 웹서버(200)에서 출력된 인증정보를 입력한다.The input unit 110 inputs authentication information output from the web server 200.
입력부(110)는 이 경우, 인증정보를 입력하기 위하여 시각, 청각, 촉각 및 적어도 하나의 감각을 통하여 인식할 수 있는 예를 들면, 카메라, 마이크, 버튼, 키, 터치센서, 근접센서를 포함할 수 있으며, RF 신호가 인식할 수 있는 근거리 통신 모듈을 더 포함할 수 있다.In this case, the input unit 110 may include, for example, a camera, a microphone, a button, a key, a touch sensor, and a proximity sensor that can be recognized through visual, auditory, tactile, and at least one sense to input authentication information. The apparatus may further include a short range communication module that the RF signal can recognize.
인증요청정보 생성부(120)는 인증정보를 포함하는 인증요청정보를 생성한다.The authentication request information generation unit 120 generates authentication request information including authentication information.
암호화부(130)는 생성한 인증요청정보를 어플리케이션인증장치(300)와 미리 설정된 암호화방법에 의해 암호화한다. The encryption unit 130 encrypts the generated authentication request information by using the application authentication device 300 and a preset encryption method.
또한, 암호화부(120)는 어플리케이션인증장치(300)로부터 수신한 공개키 정보를 이용하여 어플리케이션 서비스와 관련된 전문을 암호화한다.In addition, the encryption unit 120 encrypts the full text related to the application service using the public key information received from the application authentication device 300.
통신부(140)는 암호화된 인증요청정보를 어플리케이션인증장치(300)로 전송하고, 어플리케이션인증장치(300)로부터 제1 채널 인증결과정보를 수신한다. The communication unit 140 transmits the encrypted authentication request information to the application authentication apparatus 300 and receives the first channel authentication result information from the application authentication apparatus 300.
또한, 통신부(140)는 제1 채널 인증결과 정보와 함께, 제2 채널 인증결과 정보를 더 수신할 수 있다.In addition, the communication unit 140 may further receive the second channel authentication result information together with the first channel authentication result information.
또한, 통신부(140)는 제1 채널 인증결과 정보와 함께, 키 식별정보 및 공개키 정보를 더 수신할 수 있다.In addition, the communication unit 140 may further receive key identification information and public key information together with the first channel authentication result information.
통신부(140)는 공개키 정보와 함께 수신한 키 식별정보 및 암호화된 전문 정보를 어플리케이션서버(500)로 전송한다.The communication unit 140 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
통신부(140)는 어플리케이션서버(500)에서 처리된 전문처리결과정보를 수신한다.The communication unit 140 receives the specialized processing result information processed by the application server 500.
출력부(150)는 제1 채널 인증결과정보를 출력한다.The output unit 150 outputs first channel authentication result information.
또한, 출력부(150)는 제2 채널 인증결과정보를 출력할 수 있다.In addition, the output unit 150 may output second channel authentication result information.
어플리케이션 실행부(160)는 인증결과에 따라 어플리케이션을 세팅하고 활성화하고, 어플리케이션서버(500)으로부터 수신된 전문처리결과정보를 이용하여 어플리케이션 서비스를 수행한다. The application execution unit 160 sets and activates the application according to the authentication result, and performs the application service using the specialized processing result information received from the application server 500.
저장부(170)는 인증프로그램, 암호화 프로그램 및 어플리케이션 프로그램을 저장한다.The storage unit 170 stores an authentication program, an encryption program, and an application program.
도 3은 본 발명의 일 실시예에 따른 이동통신 단말기에서 어플리케이션 인증 방법을 설명하기 위한 도면이다.3 is a view for explaining an application authentication method in a mobile communication terminal according to an embodiment of the present invention.
도 3을 참조하면, 단계 S305에서, 이동통신단말기(100)는 다운로드된 어플리케이션을 구동한다.Referring to FIG. 3, in step S305, the mobile communication terminal 100 drives the downloaded application.
단계 S310에서, 이동통신단말기(100)는 웹서버(200)에서 출력된 인증정보를 입력한다.In step S310, the mobile communication terminal 100 inputs the authentication information output from the web server 200.
여기서, 인증정보는 시각, 청각, 촉각 및 적어도 하나의 감각을 통하여 인식할 수 있는 양식, 예를 들면, 바코드, QR코드, 이미지, 음성 및 점자 중 적어도 하나의 양식과, RF 신호 중 적어도 하나의 양식일 수 있다. Here, the authentication information may be recognized through visual, auditory, tactile, and at least one sense, for example, at least one of barcode, QR code, image, voice, and braille, and at least one of RF signal. It may be a form.
이동통신단말기(100)는 웹서버(200)에서의 인증정보의 출력과 상응하게 입력될 수 있다.The mobile communication terminal 100 may be input corresponding to the output of authentication information from the web server 200.
단계 S315에서, 이동통신단말기(100)는 인증정보를 포함한 인증요청정보를 생성하고, 암호화한다. In step S315, the mobile communication terminal 100 generates authentication request information including authentication information and encrypts it.
여기서, 인증요청정보는 어플리케이션 식별정보, 이동통신단말기(100) 식별정보 및 인증정보를 포함할 수 있다.Here, the authentication request information may include application identification information, mobile communication terminal 100 identification information, and authentication information.
단계 S320에서, 이동통신단말기(100)는 암호화된 인증요청정보를 어플리케이션인증장치(300)로 전송한다.In step S320, the mobile communication terminal 100 transmits the encrypted authentication request information to the application authentication device 300.
단계 S325에서, 이동통신단말기(100)는 어플리케이션인증장치(300)에 의해 제1 채널 인증결과정보를 수신한다. In step S325, the mobile communication terminal 100 receives the first channel authentication result information by the application authentication device 300.
여기서, 제1 채널 인증결과정보는 어플리케이션과 어플리케이션인증장치(300) 간 암호화 알고리즘에 의한 상호 인증된 결과정보이다.Here, the first channel authentication result information is mutually authenticated result information by an encryption algorithm between the application and the application authentication apparatus 300.
또한, 이동통신단말기(100)는 제1 채널 인증결과 정보와 함께, 제2 채널 인증결과 정보를 더 수신할 수 있다.In addition, the mobile communication terminal 100 may further receive the second channel authentication result information together with the first channel authentication result information.
또한, 이동통신단말기(100)는 제1 채널 인증결과 정보와 함께, 키 식별정보 및 공개키 정보를 더 수신할 수 있다.In addition, the mobile communication terminal 100 may further receive key identification information and public key information together with the first channel authentication result information.
단계 S330에서, 이동통신단말기(100)는 제1 채널 인증결과정보를 출력한다.In operation S330, the mobile communication terminal 100 outputs first channel authentication result information.
단계 S335에서, 이동통신단말기(100)는 인증결과에 따라 어플리케이션을 세팅하고 활성화할 수 있다.In operation S335, the mobile communication terminal 100 may set and activate an application according to the authentication result.
단계 S340에서, 이동통신단말기(100)는 수신한 공개키 정보를 이용하여 어플리케이션 서비스와 관련된 전문을 암호화한다.In step S340, the mobile communication terminal 100 encrypts the full text related to the application service using the received public key information.
단계 S345에서, 이동통신단말기(100)는 공개키 정보와 함께 수신한 키 식별정보 및 암호화된 전문 정보를 어플리케이션서버(500)로 전송한다.In step S345, the mobile communication terminal 100 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
단계 S350에서, 이동통신단말기(100)는 어플리케이션서버(500)에서 처리된 전문처리결과정보를 수신하고 출력하여 어플리케이션 서비스를 수행한다. In operation S350, the mobile communication terminal 100 receives and outputs the specialized processing result information processed by the application server 500 to perform an application service.
여기서, 전문처리결과정보는 어플리케이션서버(500)에 의해 키관리시스템(400)으로부터 키 식별정보에 상응하는 개인키 정보를 이용하여 수신한 전문이 복호화되고, 상응하는 어플리케이션 서비스를 수행된 후, 이동통신단말기(100)로 전송되는 것이다.Here, the specialized processing result information is decrypted by the application server 500 by using the private key information corresponding to the key identification information from the key management system 400, and the corresponding application service is performed and then moved. It is transmitted to the communication terminal 100.
도 4는 본 발명의 일 실시예에 따른 어플리케이션인증장치(300)를 설명하기 위한 도면이다.4 is a view for explaining the application authentication apparatus 300 according to an embodiment of the present invention.
도 4를 참조하면, 어플리케이션인증장치(300)는 인증정보생성부(310), 통신부(320), 제1 채널 인증부(330) 및 제2 채널 인증부(340)를 포함한다.Referring to FIG. 4, the application authentication apparatus 300 includes an authentication information generation unit 310, a communication unit 320, a first channel authentication unit 330, and a second channel authentication unit 340.
인증정보생성부(310)는 웹서버(200)로부터 요청받은 인증정보를 생성하고, 이를 저장한다.The authentication information generation unit 310 generates the authentication information requested from the web server 200 and stores it.
통신부(320)는 생성된 인증정보를 웹서버(200)로 전송하고, 인증정보를 입력한 이동통신단말기(100)로부터 인증정보를 포함하고 암호화된 인증요청정보를 수신한다.The communication unit 320 transmits the generated authentication information to the web server 200 and receives the encrypted authentication request information including the authentication information from the mobile communication terminal 100 which inputs the authentication information.
통신부(320)는 인증요청정보를 이용하여 수행한 제1 채널 인증결과정보를 이동통신단말기(100)로 전송하고, 웹서버(200)로 제2 채널 인증결과정보를 전송한다.The communication unit 320 transmits the first channel authentication result information performed using the authentication request information to the mobile communication terminal 100 and transmits the second channel authentication result information to the web server 200.
또한, 통신부(320)는 제2 채널 인증결과정보를 이동통신단말기(100)로 더 전송할 수 있다.In addition, the communication unit 320 may further transmit the second channel authentication result information to the mobile communication terminal 100.
또한, 통신부(320)는 키관리시스템(400)으로 키 식별정보 및 공개키 정보를 수신하고, 이동통신단말기(100)로 전송한다.In addition, the communication unit 320 receives the key identification information and public key information to the key management system 400, and transmits to the mobile communication terminal (100).
제1 채널 인증부(330)는 인증요청정보를 복호화하고, 복호화 여부에 따라 제1 채널 인증을 수행한다.The first channel authenticator 330 decrypts the authentication request information and performs first channel authentication according to whether or not the decryption is performed.
제2 채널 인증부(340)는 복호화된 인증요청정보에 포함된 인증정보가 어플리케이션인증장치(300)에서 생성된 인증정보인지 비교하여 제2 채널 인증을 수행한다.The second channel authenticator 340 performs second channel authentication by comparing whether the authentication information included in the decrypted authentication request information is the authentication information generated by the application authentication apparatus 300.
도 5는 본 발명의 일 실시예에 따른 어플리케이션인증장치(300)에서 어플리케이션 인증 방법을 설명하기 위한 도면이다.5 is a view for explaining an application authentication method in the application authentication apparatus 300 according to an embodiment of the present invention.
도 5을 참조하면, 단계 S505에서, 어플리케이션인증장치(300)는 웹서버(200)로부터 인증정보를 요청받은 경우, 인증정보를 생성하고, 이를 저장한다.Referring to FIG. 5, in step S505, when the application authentication apparatus 300 receives the authentication information from the web server 200, the application authentication apparatus 300 generates and stores the authentication information.
단계 S510에서, 어플리케이션인증장치(300)는 생성된 인증정보를 웹서버(200)로 전송한다.In operation S510, the application authentication apparatus 300 transmits the generated authentication information to the web server 200.
여기서, 인증정보는 어플리케이션인증장치(300)에 의해 생성되는 정보로써 생성된 시간으로부터 미리 설정된 시간, 예를 들면, 1분 이후에는 불활성화 될 수 있다.Here, the authentication information may be inactivated after a preset time, for example, one minute from the time generated as the information generated by the application authentication apparatus 300.
단계 S515에서, 어플리케이션인증장치(300)는 이동통신단말기(100)로부터 암호화된 인증요청정보를 수신한다.In operation S515, the application authentication device 300 receives encrypted authentication request information from the mobile communication terminal 100.
단계 S520에서, 어플리케이션인증장치(300)는 인증요청정보를 복호화하고, 제1 채널인증을 수행한다.In operation S520, the application authentication apparatus 300 decrypts authentication request information and performs first channel authentication.
단계 S525에서, 어플리케이션인증장치(300)는 인증요청정보에 포함된 인증정보가 어플리케이션인증장치(300)에서 생성된 인증정보인지 비교하여 제2 채널 인증을 수행한다.In operation S525, the application authentication apparatus 300 compares whether the authentication information included in the authentication request information is authentication information generated by the application authentication apparatus 300 and performs second channel authentication.
여기서, 제2 채널인증은 가장[假裝] 어플리케이션 방지하기 위하여 어플리케이션과 연관된 웹서버(200)에서, 어플리케이션인증장치(300)를 경유하여 웹서버(200)를 운영하는 사업자와 동일한 사업자가 제공하는 어플리케이션인지를 인증하는 것이다.Here, the second channel authentication is an application provided by the same operator as the operator operating the web server 200 via the application authentication device 300 in the web server 200 associated with the application in order to prevent the most applications. To authenticate the acknowledgment.
어플리케이션인증장치(300)는 인증요청정보에 포함된 인증정보가 웹서버(200)에서 요청하여 생성된 인증정보와 상응하는 경우, 어플리케이션이 웹서버(200)를 운영하는 사업자와 동일한 사업자가 제공하는 어플리케이션으로 판단한다.When the authentication information included in the authentication request information corresponds to the authentication information generated by requesting from the web server 200, the application authentication apparatus 300 may be provided by the same operator as the operator operating the web server 200. Judging by the application.
단계 S530에서, 어플리케이션인증장치(300)는 키관리시스템(400)으로 공개키를 요청한다.In operation S530, the application authentication device 300 requests the public key to the key management system 400.
단계 S535에서, 어플리케이션인증장치(300)는 키관리시스템(400)으로부터 키 식별정보 및 공개키 정보를 전송한다. In operation S535, the application authentication apparatus 300 transmits key identification information and public key information from the key management system 400.
단계 S540에서, 어플리케이션인증장치(300)는 이동통신단말기(100)로 제1 채널 인증결과정보를 전송한다. In operation S540, the application authentication device 300 transmits first channel authentication result information to the mobile communication terminal 100.
어플리케이션인증장치(300)는 제1 채널 인증결과 정보와 함께, 키 식별정보 및 공개키 정보를 더 전송할 수 있다.The application authentication device 300 may further transmit key identification information and public key information together with the first channel authentication result information.
어플리케이션인증장치(300)는 이동통신단말기(100)로 제1 채널 인증결과정보와 함께, 제2 채널 인증결과정보를 더 전송할 수 있다. The application authentication device 300 may further transmit the second channel authentication result information along with the first channel authentication result information to the mobile communication terminal 100.
단계 S545에서, 어플리케이션인증장치(300)는 웹서버(200)로 제2 채널 인증결과정보를 전송한다.In operation S545, the application authentication apparatus 300 transmits second channel authentication result information to the web server 200.
도 6 내지 도 7은 본 발명의 일 실시예에 따른 어플리케이션 인증 방법을 설명하기 위한 호 처리도이다.6 to 7 are call processing diagrams for explaining an application authentication method according to an embodiment of the present invention.
도 6을 참조하면, 단계 S605에서, 웹서버(200)는 어플리케이션에 대한 인증을 수행하기 위하여 어플리케이션인증장치(300)로 인증정보를 요청한다.Referring to FIG. 6, in step S605, the web server 200 requests authentication information from the application authentication apparatus 300 to perform authentication for an application.
단계 S610에서, 어플리케이션인증장치(300)는 인증정보를 요청받은 경우, 인증정보를 생성하고, 이를 저장한다.In operation S610, when receiving the authentication information, the application authentication device 300 generates the authentication information and stores it.
단계 S615에서, 어플리케이션인증장치(300)는 생성된 인증정보를 웹서버(200)로 전송한다.In operation S615, the application authentication apparatus 300 transmits the generated authentication information to the web server 200.
단계 S620에서, 웹서버(200)는 인증정보를 출력한다.In step S620, the web server 200 outputs the authentication information.
여기서, 인증정보는 어플리케이션인증장치(300)에 의해 생성되는 정보로써 생성된 시간으로부터 미리 설정된 시간, 예를 들면, 1분 이후에는 불활성화 될 수 있다.Here, the authentication information may be inactivated after a preset time, for example, one minute from the time generated as the information generated by the application authentication apparatus 300.
인증정보는 시각, 청각, 촉각 및 적어도 하나의 감각을 통하여 인식할 수 있는 양식, 예를 들면, 바코드, QR코드, 이미지, 음성 및 점자 중 적어도 하나의 양식과, RF 신호 중 적어도 하나의 양식일 수 있다. The authentication information may be in a form recognizable through visual, auditory, tactile and at least one sense, for example, at least one of barcode, QR code, image, voice, and braille, and at least one form of RF signal. Can be.
단계 S625에서, 이동통신단말기(100)는 다운로드된 어플리케이션을 구동한다.In step S625, the mobile communication terminal 100 drives the downloaded application.
이동통신단말기(100)는 어플리케이션을 구동하는 경우, 어플리케이션에 대한 인증을 위한 안내문구가 출력될 수 있으며, 웹서버(200)로 접속하기 위한 접속정보가 출력될 수 있다. 웹서버(200)는 타 통신단말기를 통하여 접속한 경우, 상술한 단계 S620에서의 인증정보를 출력할 수 있다. When the mobile communication terminal 100 drives an application, a guide phrase for authenticating the application may be output, and access information for accessing the web server 200 may be output. When the web server 200 is connected through another communication terminal, the web server 200 may output the authentication information in step S620 described above.
단계 S630에서, 이동통신단말기(100)는 웹서버(200)에서 출력된 인증정보를 입력한다.In step S630, the mobile communication terminal 100 inputs the authentication information output from the web server 200.
이동통신단말기(100)는 상술한 웹서버(200)에서의 인증정보의 출력과 상응하게 입력될 수 있다.The mobile communication terminal 100 may be input in correspondence with the output of the authentication information from the web server 200 described above.
단계 S635에서, 이동통신단말기(100)는 인증정보를 포함한 인증요청정보를 생성하고, 암호화한다. In step S635, the mobile communication terminal 100 generates authentication request information including the authentication information and encrypts it.
여기서, 인증요청정보는 어플리케이션 식별정보, 이동통신단말기 식별정보 및 인증정보를 포함할 수 있다.Here, the authentication request information may include application identification information, mobile terminal identification information and authentication information.
단계 S640에서, 이동통신단말기(100)는 암호화된 인증요청정보를 어플리케이션인증장치(300)로 전송한다.In step S640, the mobile communication terminal 100 transmits the encrypted authentication request information to the application authentication device 300.
단계 S645에서, 어플리케이션인증장치(300)는 인증요청정보를 복호화하고, 제1 채널인증을 수행한다.In operation S645, the application authentication device 300 decrypts the authentication request information and performs a first channel authentication.
어플리케이션인증장치(300)는 인증요청정보에 포함된 이동통신단말기 식별정보를 체크하여 미리 설정된 횟수를 초과하여 인증요청을 수행하는 경우, 인증을 거부할 수 있다.When the application authentication apparatus 300 performs the authentication request more than a predetermined number of times by checking the mobile communication terminal identification information included in the authentication request information, the application authentication apparatus 300 may reject the authentication.
단계 S650에서, 어플리케이션인증장치(300)는 어플리케이션에서 미리 설정된 방식으로 암호화된 인증요청정보의 복호화가 실행되는 경우, 제1 채널인증이 실행되었다고 판단한다.In operation S650, the application authentication apparatus 300 determines that the first channel authentication is performed when decrypting the authentication request information encrypted in a predetermined manner in the application.
이후, 단계 S655에서, 어플리케이션인증장치(300)는 인증요청정보에 포함된 인증정보가 어플리케이션인증장치(300)에서 생성된 인증정보인지 비교하여 제2 채널 인증을 수행한다.Thereafter, in step S655, the application authentication device 300 compares whether the authentication information included in the authentication request information is the authentication information generated by the application authentication device 300 to perform the second channel authentication.
어플리케이션인증장치(300)는 인증요청정보에 포함된 인증정보가 웹서버(200)에서 요청하여 생성된 인증정보와 상응하는 경우, 어플리케이션이 웹서버(200)를 운영하는 사업자와 동일한 사업자가 제공하는 어플리케이션으로 판단한다.When the authentication information included in the authentication request information corresponds to the authentication information generated by requesting from the web server 200, the application authentication apparatus 300 may be provided by the same service provider as the operator operating the web server 200. Judging by the application.
이후, 단계 S660에서, 어플리케이션인증장치(300)는 키관리시스템(400)으로 공개키를 요청한다.Then, in step S660, the application authentication device 300 requests the public key to the key management system 400.
단계 S665에서, 키관리시스템(400)은 어플리케이션인증장치(300)로부터 공개키를 요청받은 경우, 공개키 기반의 키를 생성한다.In operation S665, the key management system 400 generates a public key based key when the public key is requested from the application authentication apparatus 300.
단계 S670에서, 키관리시스템(400)은 어플리케이션인증장치(300)로 키 식별정보 및 공개키 정보를 전송한다.In operation S670, the key management system 400 transmits the key identification information and the public key information to the application authentication device 300.
단계 S675에서, 어플리케이션인증장치(300)는 이동통신단말기(100)로 제1 채널 인증결과정보를 전송한다.In operation S675, the application authentication device 300 transmits first channel authentication result information to the mobile communication terminal 100.
어플리케이션인증장치(300)는 제1 채널 인증결과 정보와 함께, 키 식별정보 및 공개키 정보를 더 전송할 수 있다.The application authentication device 300 may further transmit key identification information and public key information together with the first channel authentication result information.
단계 S680에서, 어플리케이션인증장치(300)는 웹서버(200)로 제2 채널 인증결과정보를 전송한다.In operation S680, the application authentication apparatus 300 transmits second channel authentication result information to the web server 200.
단계 S685에서, 이동통신단말기(100)는 제1 채널 인증결과정보를 출력한다.In step S685, the mobile communication terminal 100 outputs first channel authentication result information.
단계 S690에서, 웹서버(200)는 제2 채널 인증결과정보를 출력한다.In step S690, the web server 200 outputs the second channel authentication result information.
사용자는 이동통신단말기(100) 및 웹서버(200)에서 출력되는 제1 채널 인증결과정보 및 제2 채널 인증결과정보를 확인하여 이동통신단말기(100)에서 다운로드된 어플리케이션이 정당한 사업자가 제공하는 인증된 어플리케이션인지 판단할 수 있다.The user checks the first channel authentication result information and the second channel authentication result information output from the mobile communication terminal 100 and the web server 200, and provides an authentication provided by a valid operator by the application downloaded from the mobile communication terminal 100. It can be determined whether or not the application.
단계 S695에서, 이동통신단말기(100)는 인증결과에 따라 어플리케이션을 세팅하고 활성화하여 어플리케이션 서비스를 수행할 수 있다.In operation S695, the mobile communication terminal 100 may set and activate an application according to an authentication result to perform an application service.
도 8은 본 발명의 일 실시예에 따른 어플리케이션 실행 방법을 설명하기 위한 호 처리도이다.8 is a call processing diagram illustrating an application execution method according to an embodiment of the present invention.
단계 S810에서, 이동통신단말기(100)는 어플리케이션인증장치(300)로부터 수신한 공개키 정보를 이용하여 어플리케이션 서비스와 관련된 전문을 암호화한다.In step S810, the mobile communication terminal 100 encrypts the full text related to the application service using the public key information received from the application authentication apparatus 300.
단계 S820에서, 이동통신단말기(100)는 공개키 정보와 함께 수신한 키 식별정보 및 암호화된 전문 정보를 어플리케이션서버(500)로 전송한다.In operation S820, the mobile communication terminal 100 transmits the key identification information and the encrypted specialized information received together with the public key information to the application server 500.
단계 S840 및 단계 S850에서, 어플리케이션서버(500)는 수신한 키 식별정보를 키관리시스템(400)으로 전송하고, 키관리시스템(400)으로부터 키 식별정보에 상응하는 개인키 정보를 수신한다.In step S840 and S850, the application server 500 transmits the received key identification information to the key management system 400, and receives the private key information corresponding to the key identification information from the key management system 400.
단계 S860에서, 어플리케이션서버(500)는 수신한 개인키 정보를 이용하여 수신한 암호화된 어플리케이션 서비스와 관련된 전문을 복호화하고, 전문에 상응하는 어플리케이션 서비스를 수행한다.In operation S860, the application server 500 decrypts the full text related to the received encrypted application service using the received private key information, and performs an application service corresponding to the full text.
단계 S870에서, 어플리케이션서버(500)는 전문에 상응하는 어플리케이션 서비스를 수행한 전문처리결과정보를 이동통신단말기(100)로 전송한다.In operation S870, the application server 500 transmits the text message processing result information that performs the application service corresponding to the text message to the mobile communication terminal 100.
단계 S880에서, 이동통신단말기(100)는 전문처리결과정보를 수신하여 어플리케이션 서비스를 계속 제공한다.In step S880, the mobile communication terminal 100 continues to provide an application service by receiving the specialized processing result information.
도 9 내지 도 11은 본 발명의 일 실시예에 따른 어플리케이션 인증 방법의 실시 예시도이다.9 to 11 are exemplary views illustrating an application authentication method according to an embodiment of the present invention.
도 9를 참조하면, S910에서 이동통신단말기(100)는 다운로드한 어플리케이션을 구동하는 경우, 어플리케이션 인증과 관련된 안내문구가 출력되고, 타 통신단말기를 통하여 인증을 위한 웹서버(200)에 접속하고, 이동통신단말기(100)에서 어플리케이션에 대한 2중 인증을 수행하도록 인증명령을 입력한다.Referring to FIG. 9, when driving the downloaded application, the mobile communication terminal 100 outputs a guide phrase related to application authentication, and accesses the web server 200 for authentication through another communication terminal. The mobile communication terminal 100 inputs an authentication command to perform two-factor authentication for the application.
S1010에서 인증을 위한 웹서버(200)에 접속한 타 통신단말기에서 이동통신단말기(100)용 어플리케이션을 인증하기 위한 인증정보를 출력한다.The other communication terminal connected to the web server 200 for authentication in S1010 outputs the authentication information for authenticating the application for the mobile communication terminal 100.
S1020에서 이동통신단말기(100)에서 웹서버(200)에서 출력한 인증정보를 입력한다.In S1020, the authentication information output from the web server 200 is input from the mobile communication terminal 100.
S1110에서 웹서버(200)는 어플리케이션인증장치(300)에 의해 이동통신단말기(100)에서 입력한 인증정보를 이용하여 이동통신단말기(100)에서 다운로드된 어플리케이션이 정당한 사업자가 제공하는 인증된 어플리케이션인지 제2 채널 인증을 판단하고, 제2 채널 인증에 대한 결과정보를 출력한다.In S1110, the web server 200 uses the authentication information input from the mobile communication terminal 100 by the application authentication apparatus 300 to determine whether the application downloaded from the mobile communication terminal 100 is an authenticated application provided by a legitimate operator. The second channel authentication is determined, and the result information on the second channel authentication is output.
S1120에서 이동통신단말기(100)는 어플리케이션인증장치(300)에 의해 어플리케이션이 승인된 것인지 제1 채널 인증을 수행하고, 제1 채널 인증에 대한 결과정보를 출력한다.In S1120, the mobile communication terminal 100 performs first channel authentication whether the application is approved by the application authentication device 300, and outputs result information on the first channel authentication.
이동통신단말기(100)는 제1 채널 인증에 대한 결과정보와 동시에 제2 채널 인증에 대한 결과정보를 함께 수신하여 출력할 수 있음은 당업자에게 자명하다. It is apparent to those skilled in the art that the mobile communication terminal 100 may receive and output the result information for the second channel authentication together with the result information for the first channel authentication.
전술한 본 발명의 설명은 예시를 위한 것이며, 본 발명이 속하는 기술분야의 통상의 지식을 가진 자는 본 발명의 기술적 사상이나 필수적인 특징을 변경하지 않고서 다른 구체적인 형태로 쉽게 변형이 가능하다는 것을 이해할 수 있을 것이다. 그러므로 이상에서 기술한 실시예들은 모든 면에서 예시적인 것이며 한정적이 아닌 것으로 이해해야만 한다. The foregoing description of the present invention is intended for illustration, and it will be understood by those skilled in the art that the present invention may be easily modified in other specific forms without changing the technical spirit or essential features of the present invention. will be. Therefore, it should be understood that the embodiments described above are exemplary in all respects and not restrictive.
본 발명의 범위는 상기 상세한 설명보다는 후술하는 특허청구범위에 의하여 나타내어지며, 특허청구범위의 의미 및 범위 그리고 그 균등 개념으로부터 도출되는 모든 변경 또는 변형된 형태가 본 발명의 범위에 포함되는 것으로 해석되어야 한다. The scope of the present invention is shown by the following claims rather than the above description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

Claims (16)

  1. 어플리케이션 인증장치에 있어서,In the application authentication device,
    웹서버로부터 요청받은 인증정보를 생성하고 저장하는 인증정보생성부;Authentication information generation unit for generating and storing the authentication information requested from the web server;
    상기 웹서버에 의해 출력된 인증정보를 입력한 이동통신단말기에 의해 상기 인증정보를 포함하고 암호화된 인증요청정보를 수신하는 통신부;A communication unit including the authentication information and receiving encrypted authentication request information by a mobile communication terminal which inputs the authentication information output by the web server;
    상기 암호화된 인증요청정보를 복호화하고, 복호화 여부에 따라 제1 채널 인증을 수행하는 제1 채널 인증부; 및A first channel authentication unit which decrypts the encrypted authentication request information and performs first channel authentication according to whether or not to decrypt the encrypted authentication request information; And
    복호화된 인증요청정보에 포함된 인증정보가 상기 인증정보생성부에 저장된 인증정보와 비교하여 제2 채널인증을 수행하는 제2 채널 인증부를 포함하는 어플리케이션 인증장치. And a second channel authentication unit configured to perform second channel authentication by comparing the authentication information included in the decrypted authentication request information with the authentication information stored in the authentication information generation unit.
  2. 제1항에 있어서,The method of claim 1,
    상기 통신부는The communication unit
    상기 제1 채널 인증결과정보를 상기 이동통신단말기로 전송하고, 상기 제2 채널 인증결과정보를 상기 웹서버로 전송하는 것을 특징으로 하는 어플리케이션 인증장치.And transmitting the first channel authentication result information to the mobile communication terminal and transmitting the second channel authentication result information to the web server.
  3. 제1항에 있어서,The method of claim 1,
    상기 통신부는The communication unit
    상기 제1 채널 인증결과정보 및 상기 제2 채널 인증결과정보 중 적어도 하나를 상기 이동통신단말기로 전송하는 것을 특징으로 하는 어플리케이션 인증장치. And at least one of the first channel authentication result information and the second channel authentication result information is transmitted to the mobile communication terminal.
  4. 제1항에 있어서,The method of claim 1,
    상기 인증정보생성부는The authentication information generation unit
    상기 인증정보는 생성된 시간으로부터 미리 설정된 시간 이후에 삭제되는 것을 특징으로 하는 어플리케이션 인증장치.And the authentication information is deleted after a preset time from the generated time.
  5. 어플리케이션 인증장치에서 실행되는 어플리케이션 인증방법에 있어서,In the application authentication method executed in the application authentication device,
    웹서버로부터 요청받은 인증정보를 생성하고 저장하는 단계;Generating and storing authentication information requested from a web server;
    상기 웹서버에 의해 출력된 인증정보를 입력한 이동통신단말기에 의해 상기 인증정보를 포함하고 암호화된 인증요청정보를 수신하는 단계;Receiving encrypted authentication request information including the authentication information by a mobile communication terminal which inputs the authentication information output by the web server;
    상기 암호화된 인증요청정보를 복호화하고, 복호화 여부에 따라 제1 채널 인증을 수행하는 단계; 및Decrypting the encrypted authentication request information and performing first channel authentication according to whether to decrypt the information; And
    복호화된 인증요청정보에 포함된 인증정보가 상기 인증정보생성부에 저장된 인증정보와 비교하여 제2 채널인증을 수행하는 단계를 포함하는 어플리케이션 인증방법.And performing second channel authentication by comparing the authentication information included in the decrypted authentication request information with the authentication information stored in the authentication information generation unit.
  6. 제5항에 있어서,The method of claim 5,
    제1 채널 인증결과정보 및 제2 채널 인증결과정보 중 적어도 하나를 상기 이동통신단말기로 전송하는 단계를 더 포함하는 어플리케이션 인증방법.And transmitting at least one of first channel authentication result information and second channel authentication result information to the mobile communication terminal.
  7. 제5항에 있어서,The method of claim 5,
    제2 채널 인증결과정보를 상기 웹서버로 전송하는 단계를 더 포함하는 어플리케이션 인증방법.And transmitting second channel authentication result information to the web server.
  8. 제5항에 있어서,The method of claim 5,
    키관리시스템으로 공개키를 요청하고, 키 식별정보 및 공개키 정보를 수신하는 단계;Requesting a public key from a key management system and receiving key identification information and public key information;
    제1 채널 인증결과정보, 상기 키 식별정보 및 상기 공개키 정보를 상기 이동통신단말기로 전송하는 단계; 및Transmitting first channel authentication result information, the key identification information, and the public key information to the mobile communication terminal; And
    제2 채널 인증결과정보를 상기 웹서버로 전송하는 단계를 포함하는 어플리케이션 인증방법.Application authentication method comprising the step of transmitting the second channel authentication result information to the web server.
  9. 제5항에 있어서,The method of claim 5,
    상기 인증요청정보는 어플리케이션 식별정보, 이동통신단말기 식별정보 및 인증정보를 포함하는 어플리케이션 인증방법.The authentication request information includes an application identification information, mobile terminal identification information and authentication information authentication method.
  10. 이동통신단말기에 있어서,In the mobile communication terminal,
    웹서버에서 출력된 인증정보를 입력하는 입력부;An input unit for inputting authentication information output from a web server;
    상기 인증정보를 포함하는 인증요청정보를 생성하는 인증요청정보 생성부;An authentication request information generation unit for generating authentication request information including the authentication information;
    상기 인증요청정보를 암호화하는 암호화부; 및An encryption unit for encrypting the authentication request information; And
    암호화된 인증요청정보를 어플리케이션 인증장치로 전송하고, 상기 어플리케이션 인증장치로부터 제1 채널인증결과정보 및 제2 채널인증결과정보 중 적어도 하나를 수신하는 통신부를 포함하는 이동통신단말기.And a communication unit which transmits encrypted authentication request information to an application authentication device and receives at least one of first channel authentication result information and second channel authentication result information from the application authentication device.
  11. 제10항에 있어서,The method of claim 10,
    상기 입력부는 The input unit
    상기 인증정보를 입력하는 카메라, 마이크, 버튼, 키, 터치센서, 근접센서 및 근거리 통신 모듈 중 적어도 하나를 포함하는 이동통신단말기.A mobile communication terminal comprising at least one of a camera, a microphone, a button, a key, a touch sensor, a proximity sensor, and a short range communication module for inputting the authentication information.
  12. 제10항에 있어서,The method of claim 10,
    상기 통신부는 키 식별정보 및 공개키 정보를 더 수신하고, The communication unit further receives key identification information and public key information,
    상기 암호화부는 상기 공개키 정보를 이용하여 어플리케이션 서비스와 관련된 전문을 암호화하는 것을 특징으로 하는 이동통신단말기.And the encryption unit encrypts a full text related to an application service using the public key information.
  13. 제12항에 있어서,The method of claim 12,
    상기 통신부는 암호화된 전문을 어플리케이션서버로 전송하고, 이에 상응하는 전문처리결과정보를 수신하는 것을 특징으로 하는 이동통신단말기.The communication unit is a mobile communication terminal, characterized in that for transmitting the encrypted text to the application server, and receives the corresponding professional processing result information.
  14. 이동통신단말기에서 실행되는 어플리케이션 인증 방법에 있어서,In the application authentication method executed in the mobile communication terminal,
    웹서버에서 출력된 인증정보를 입력하는 단계;Inputting authentication information output from a web server;
    상기 인증정보를 포함하는 인증요청정보를 생성하는 단계;Generating authentication request information including the authentication information;
    상기 인증요청정보를 암호화하는 단계; 및Encrypting the authentication request information; And
    암호화된 인증요청정보를 어플리케이션 인증장치로 전송하고, 상기 어플리케이션 인증장치로부터 제1 채널인증결과정보 및 제2 채널인증결과정보 중 적어도 하나를 수신하는 단계를 포함하는 어플리케이션 인증 방법.Transmitting the encrypted authentication request information to an application authentication device, and receiving at least one of first channel authentication result information and second channel authentication result information from the application authentication device.
  15. 제14항에 있어서,The method of claim 14,
    상기 키 식별정보 및 공개키 정보를 더 수신하는 단계; 및 Further receiving the key identification information and public key information; And
    상기 공개키 정보를 이용하여 어플리케이션 서비스와 관련된 전문을 암호화하는 단계를 더 포함하는 어플리케이션 인증 방법.And encrypting a full text related to an application service using the public key information.
  16. 제15항에 있어서,The method of claim 15,
    암호화된 전문을 어플리케이션서버로 전송하고, 이에 상응하는 전문처리결과정보를 수신하는 단계를 더 포함하는 어플리케이션 인증 방법.Transmitting the encrypted text to the application server, and receiving the corresponding text processing result information.
PCT/KR2012/005557 2011-07-13 2012-07-13 Mobile communication terminal and apparatus and method for authenticating applications WO2013009120A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2011-0069646 2011-07-13
KR20110069646 2011-07-13
KR10-2011-0108833 2011-10-24
KR1020110108833A KR101289028B1 (en) 2011-07-13 2011-10-24 Mobile communication terminal, device and method for application certification

Publications (2)

Publication Number Publication Date
WO2013009120A2 true WO2013009120A2 (en) 2013-01-17
WO2013009120A3 WO2013009120A3 (en) 2013-03-14

Family

ID=47506732

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/005557 WO2013009120A2 (en) 2011-07-13 2012-07-13 Mobile communication terminal and apparatus and method for authenticating applications

Country Status (1)

Country Link
WO (1) WO2013009120A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014200301A1 (en) * 2013-06-14 2014-12-18 Chang Dong Hoon Electronic device with code module and method for processing code using same
CN110214326A (en) * 2016-11-29 2019-09-06 俐怒媒体公司 In conjunction with the divided stages of authentication procedure and the personal information infringement prevention method and system of biological identification
WO2019237041A1 (en) * 2018-06-08 2019-12-12 Vmware, Inc. Unmanaged secure inter-application data communications
CN111132163A (en) * 2019-12-28 2020-05-08 飞天诚信科技股份有限公司 Authentication method and system for wireless security equipment and application program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002318635A (en) * 2001-01-19 2002-10-31 Matsushita Electric Ind Co Ltd Communication terminal
KR20050117478A (en) * 2003-03-14 2005-12-14 가부시키가이샤 세큐어드 커뮤니케이션즈 Inter-authentication method and device
KR20080008825A (en) * 2006-07-21 2008-01-24 (주)네오프리라인 Method and apparatus for authentication of electronic devices lack of communication means
US20110016320A1 (en) * 2008-01-28 2011-01-20 Paycool International Ltd. Method for authentication and signature of a user in an application service, using a mobile telephone as a second factor in addition to and independently of a first factor
KR20110042621A (en) * 2009-10-19 2011-04-27 이태원 The method and system for providing authentication service

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002318635A (en) * 2001-01-19 2002-10-31 Matsushita Electric Ind Co Ltd Communication terminal
KR20050117478A (en) * 2003-03-14 2005-12-14 가부시키가이샤 세큐어드 커뮤니케이션즈 Inter-authentication method and device
KR20080008825A (en) * 2006-07-21 2008-01-24 (주)네오프리라인 Method and apparatus for authentication of electronic devices lack of communication means
US20110016320A1 (en) * 2008-01-28 2011-01-20 Paycool International Ltd. Method for authentication and signature of a user in an application service, using a mobile telephone as a second factor in addition to and independently of a first factor
KR20110042621A (en) * 2009-10-19 2011-04-27 이태원 The method and system for providing authentication service

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014200301A1 (en) * 2013-06-14 2014-12-18 Chang Dong Hoon Electronic device with code module and method for processing code using same
CN110214326A (en) * 2016-11-29 2019-09-06 俐怒媒体公司 In conjunction with the divided stages of authentication procedure and the personal information infringement prevention method and system of biological identification
WO2019237041A1 (en) * 2018-06-08 2019-12-12 Vmware, Inc. Unmanaged secure inter-application data communications
US11108556B2 (en) 2018-06-08 2021-08-31 Vmware, Inc. Unmanaged secure inter-application data communications
CN111132163A (en) * 2019-12-28 2020-05-08 飞天诚信科技股份有限公司 Authentication method and system for wireless security equipment and application program
CN111132163B (en) * 2019-12-28 2022-11-04 飞天诚信科技股份有限公司 Authentication method and system for wireless security equipment and application program

Also Published As

Publication number Publication date
WO2013009120A3 (en) 2013-03-14

Similar Documents

Publication Publication Date Title
WO2015093734A1 (en) System and method for authentication using quick response code
WO2018012747A1 (en) Two-channel authentication proxy system capable of detecting application tampering, and method therefor
WO2018101727A1 (en) Personal information infringement prevention method and system, in which biometric authentication and phase division of authentication process are combined
WO2019093573A1 (en) Electronic signature authentication system on the basis of biometric information and electronic signature authentication method thereof
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
WO2017222183A1 (en) Method for processing transaction approval and card issuer server
WO2022102930A1 (en) Did system using browser-based security pin authentication and control method thereof
WO2014175538A1 (en) Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same
WO2013162296A1 (en) Passcode operating system, passcode apparatus, and super-passcode generating method
WO2013141602A1 (en) Authentication method and system for same
WO2013191325A1 (en) Method for authenticating trusted platform-based open id, and apparatus and system therefor
WO2017119548A1 (en) Security-reinforced user authentication method
WO2015069018A1 (en) System for secure login, and method and apparatus for same
WO2021071116A1 (en) Simple authentication method and system using web storage of browser
WO2015126037A1 (en) Personal identification and anti-theft system and method using disposable random key
WO2016064041A1 (en) User terminal using hash value to detect whether application program has been tampered and method for tamper detection using the user terminal
WO2019139420A1 (en) Electronic device, server, and control method therefor
WO2020032351A1 (en) Method for establishing anonymous digital identity
WO2021080316A1 (en) Method and device for performing access control by using authentication certificate based on authority information
WO2016206530A1 (en) Highly secure mobile payment method, apparatus, and system
WO2013009120A2 (en) Mobile communication terminal and apparatus and method for authenticating applications
WO2016095339A1 (en) Method for updating seed data in dynamic token
WO2020022700A1 (en) Secure element for processing and authenticating digital key and operation method therefor
WO2017111483A1 (en) Biometric data-based authentication device, control server and application server linked to same, and method for operating same
WO2023128341A1 (en) Method and system for fraudulent transaction detection using homomorphically encrypted data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12810548

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/05/2014)

122 Ep: pct application non-entry in european phase

Ref document number: 12810548

Country of ref document: EP

Kind code of ref document: A2