WO2022092582A1

WO2022092582A1 - Electronic device and method for providing mobile identify document by electronic device

Info

Publication number: WO2022092582A1
Application number: PCT/KR2021/013137
Authority: WO
Inventors: 유희준; 이다솜; 전소현; 최용하; 최인명
Original assignee: 삼성전자 주식회사
Priority date: 2020-10-29
Filing date: 2021-09-27
Publication date: 2022-05-05
Also published as: KR20220057254A

Abstract

Various embodiments provide a method and a device for providing a mobile identify document by using an electronic device. An electronic device according to various embodiments may comprise a communication module, a memory, a display module, and a processor, wherein the processor is configured to: execute an application for a mobile identify document service; acquire identify document information on the basis of a user input; display the identify document information through the display module; acquire an image for an identification photo for a mobile identify document in response to a photo update request; perform face matching on the basis of the image; according to a result of the face matching, transmit, to a server through the communication module, a message for requesting to issue the mobile identify document on the basis of the image; receive, from the server, the mobile identify document including the identification photo corresponding to the image through the communication module; and store the mobile identify document in a secure area of the memory. Various embodiments are possible.

Description

Electronic devices and methods of providing mobile identification on electronic devices

Various embodiments of the present disclosure disclose a method and apparatus for providing a mobile identification document using an electronic device.

With the development of digital technology, various types of electronic devices such as personal digital assistants (PDAs), smart phones, tablet PCs (personal computers), and wearable devices are widely used. In order to support and increase functions of the electronic device, a hardware part and/or a software part of the electronic device are continuously being developed.

As an example, recently, a related technology (eg, blockchain technology), a system that can use a mobile identification document that can replace an offline physical identification document (eg, a plastic ID) through an electronic device and/or standards (eg ISO 18013-5) are being discussed. An identification card may represent a document, such as an identification card, driver's license, and/or passport, maintained by a state authority and capable of authenticating a user (eg, identification).

For example, an identification card to prove identification information exists in the form of a plastic card and may need to be carried at all times. Recently, as various physical cards are replaced by mobile devices, such as payment services using electronic devices, requirements are increasing so that an identification card capable of proving a user's identity can be stored and used in an electronic device. In particular, a standard specification is being established so that an identification card issued by a government agency can be issued and used in an electronic device. Among them, ISO 18013-5 may represent a standard specification defined by ISO for a mobile driver's license (mDL).

According to an embodiment, the user may store the user's driver's license in the electronic device and, if necessary, show the mobile driver's license using the electronic device even if the user does not carry the current plastic driver's license. In the case of such a mobile ID, by exposing only necessary information through personal authentication, problems of illegal use, counterfeiting, and/or duplication can be prevented, and the mobile ID has various advantages that can be easily authenticated using an electronic device As such, discussions about mobile ID are actively underway.

Currently, in the case of mobile identification (eg, mobile driver's license), the photo of the real driver's license is used as it is. Therefore, when the real driver's license has been issued in the past for a considerable amount of time, there may be a difference between the user's current face (eg, appearance) and the photo of the mobile ID, which may cause difficulties in self-authentication. Additionally, when presenting a mobile ID for identification purposes, a validator (e.g. offline as a validator of the user's identity, e.g., the police or a merchant in a store) must include a photo of the mobile ID and the presenter of the mobile ID (e.g., the user ) by passively comparing the faces, authentication may not be possible depending on the subjectivity of the verifier.

Various embodiments are disclosed with respect to a method and apparatus for updating a photo of a mobile ID capable of verifying identity using an electronic device.

In various embodiments, after the electronic device completes the personal authentication operation for the mobile ID, the user's latest photo (eg, a recently taken selfie photo) is updated on the mobile ID, so that the identification can be performed more intuitively. Disclosed are methods and devices capable of making them aware.

Various embodiments are disclosed with respect to a method and apparatus capable of electronically verifying a mobile identity card and the face of a mobile identity presenter (eg, a user) by an electronic device.

An electronic device according to an embodiment of the present disclosure includes a communication module, a memory, a display module, and a processor operatively connected to the communication module, the memory, and the display module, wherein the processor is for a mobile ID service Execute the application, obtain ID information based on a user input, display the ID information through the display module, obtain an image for an ID photo of a mobile ID based on a photo update request, and add the ID information to the image based on the face matching, and based on the result of the face matching, through the communication module, transmits a message requesting issuance of a mobile ID based on the image to the server, and through the communication module, the server Receive a mobile ID including an identification photo corresponding to the image from the mobile ID, and store the mobile ID in a secure area of the memory.

An operating method of an electronic device according to an embodiment of the present disclosure includes an operation of executing an application for a mobile identification service, an operation of acquiring identification information based on a user input, an operation of displaying the identification information through a display module; Based on the photo update request, the operation of obtaining an image for the ID photo of the mobile ID, the operation of performing face matching based on the image, the operation of performing face matching based on the result of the face matching, through the communication module, based on the image transmitting a message requesting issuance of a mobile ID to the server, receiving a mobile ID including an ID photo corresponding to the image from the server through the communication module, and storing the mobile ID in the memory It may include an operation of saving to a secure area.

In order to solve the above problems, in various embodiments of the present disclosure, a computer-readable recording medium recording a program for executing the method in a processor may be included.

Further scope of applicability of the present disclosure will become apparent from the following detailed description. However, it should be understood that the detailed description and specific embodiments, such as preferred embodiments of the present disclosure, are given by way of illustration only, since various changes and modifications within the spirit and scope of the present disclosure may be clearly understood by those skilled in the art.

According to an electronic device and a method of operating the same according to various embodiments of the present disclosure, a photo of a mobile ID capable of proving a user's identity is updated with the user's latest photo (eg, a recently taken selfie photo) using the electronic device. can support According to various embodiments, it is possible to update the user's latest photo on the mobile ID so that the identity verifier can more intuitively and accurately determine the user's identity. According to various embodiments, the mobile ID and the face of the ID presenter (eg, user) may be electronically verified by the electronic device, thereby increasing the objectivity of self-authentication.

In connection with the description of the drawings, the same or similar reference numerals may be used for the same or similar components.

1 is a block diagram of an electronic device in a network environment according to various embodiments of the present disclosure;

2 is a diagram illustrating an example of a system structure including an electronic device, a server, and a reader device according to various embodiments of the present disclosure;

3 is a diagram schematically illustrating a configuration of an electronic device according to various embodiments of the present disclosure;

4 is a diagram illustrating an operation scenario of issuing a mobile ID between an electronic device and a server according to various embodiments of the present disclosure;

5 is a flowchart illustrating an operation of an electronic device according to various embodiments of the present disclosure;

6 is a flowchart illustrating an operation of receiving a mobile ID from an electronic device according to various embodiments of the present disclosure;

7 is a diagram for explaining an example of a user interface provided by an electronic device according to various embodiments of the present disclosure;

8 is a flowchart illustrating an operation of updating an ID photo of a mobile ID in an electronic device according to various embodiments of the present disclosure;

9A and 9B are diagrams for explaining an example of a user interface provided by an electronic device according to various embodiments of the present disclosure;

10 is a diagram for describing a face matching method in an electronic device according to various embodiments of the present disclosure;

11 is a diagram illustrating an operation scenario of using a mobile ID electronically between an electronic device and a reader device according to various embodiments of the present disclosure;

1 is a block diagram of an electronic device 101 in a network environment 100 according to various embodiments of the present disclosure.

Referring to FIG. 1 , in a network environment 100 , an electronic device 101 communicates with an electronic device 102 through a first network 198 (eg, a short-range wireless communication network) or a second network 199 . It may communicate with the electronic device 104 or the server 108 through (eg, a long-distance wireless communication network). According to an embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108 . According to an embodiment, the electronic device 101 includes a processor 120 , a memory 130 , an input module 150 , a sound output module 155 , a display module 160 , an audio module 170 , and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or an antenna module 197 may be included. In some embodiments, at least one of these components (eg, the connection terminal 178 ) may be omitted or one or more other components may be added to the electronic device 101 . In some embodiments, some of these components (eg, sensor module 176 , camera module 180 , or antenna module 197 ) are integrated into one component (eg, display module 160 ). can be

The processor 120, for example, executes software (eg, a program 140) to execute at least one other component (eg, a hardware or software component) of the electronic device 101 connected to the processor 120 . It can control and perform various data processing or operations. According to one embodiment, as at least part of data processing or operation, the processor 120 converts commands or data received from other components (eg, the sensor module 176 or the communication module 190 ) to the volatile memory 132 . may be stored in the volatile memory 132 , and may process commands or data stored in the volatile memory 132 , and store the result data in the non-volatile memory 134 . According to an embodiment, the processor 120 is a main processor 121 (eg, a central processing unit (CPU) or an application processor (AP)) or an auxiliary processor capable of operating independently or together with it ( 123) (eg, graphic processing unit (GPU), neural network processing unit (NPU), image signal processor (ISP), sensor hub processor, or communication processor (CP, communication processor)) may be included. For example, when the electronic device 101 includes the main processor 121 and the sub-processor 123 , the sub-processor 123 may use less power than the main processor 121 or may be set to be specialized for a specified function. can The auxiliary processor 123 may be implemented separately from or as a part of the main processor 121 .

The auxiliary processor 123 is, for example, on behalf of the main processor 121 while the main processor 121 is in an inactive (eg, sleep) state, or the main processor 121 is At least one of the components of the electronic device 101 (eg, the display module 160 , the sensor module 176 , or At least some of functions or states related to the communication module 190 may be controlled. According to an embodiment, the coprocessor 123 (eg, an image signal processor or a communication processor) may be implemented as part of another functionally related component (eg, the camera module 180 or the communication module 190). there is. According to an embodiment, the auxiliary processor 123 (eg, a neural network processing device) may include a hardware structure specialized for processing an artificial intelligence model. Artificial intelligence models can be created through machine learning. Such learning may be performed, for example, in the electronic device 101 itself on which artificial intelligence is performed, or may be performed through a separate server (eg, the server 108). The learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but in the above example not limited The artificial intelligence model may include a plurality of artificial neural network layers. Artificial neural networks include deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), restricted boltzmann machines (RBMs), deep belief networks (DBNs), bidirectional recurrent deep neural networks (BRDNNs), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the above example. The artificial intelligence model may include, in addition to, or alternatively, a software structure in addition to the hardware structure.

The memory 130 may store various data used by at least one component of the electronic device 101 (eg, the processor 120 or the sensor module 176 ). The data may include, for example, input data or output data for software (eg, the program 140 ) and instructions related thereto. The memory 130 may include a volatile memory 132 or a non-volatile memory 134 .

The program 140 may be stored as software in the memory 130 , and may include, for example, an operating system (OS) 142 , middleware 144 , or an application 146 . there is.

The input module 150 may receive a command or data to be used in a component (eg, the processor 120 ) of the electronic device 101 from the outside (eg, a user) of the electronic device 101 . The input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).

The sound output module 155 may output a sound signal to the outside of the electronic device 101 . The sound output module 155 may include, for example, a speaker or a receiver. The speaker can be used for general purposes such as multimedia playback or recording playback. The receiver may be used to receive an incoming call. According to one embodiment, the receiver may be implemented separately from or as part of the speaker.

The display module 160 may visually provide information to the outside (eg, a user) of the electronic device 101 . The display module 160 may include, for example, a control circuit for controlling a display, a hologram device, or a projector and a corresponding device. According to an embodiment, the display module 160 may include a touch sensor configured to sense a touch or a pressure sensor configured to measure the intensity of a force generated by the touch.

The audio module 170 may convert a sound into an electric signal or, conversely, convert an electric signal into a sound. According to an embodiment, the audio module 170 acquires a sound through the input module 150 or an external electronic device (eg, a sound output module 155 ) directly or wirelessly connected to the electronic device 101 . A sound may be output through the electronic device 102 (eg, a speaker or headphones).

The sensor module 176 detects an operating state (eg, power or temperature) of the electronic device 101 or an external environmental state (eg, user state), and generates an electrical signal or data value corresponding to the sensed state. can do. According to one embodiment, the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, a barometric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, a humidity sensor, or an illuminance sensor.

The interface 177 may support one or more designated protocols that may be used by the electronic device 101 to directly or wirelessly connect with an external electronic device (eg, the electronic device 102 ). According to an embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, a secure digital (SD) card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102 ). According to an embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 may convert an electrical signal into a mechanical stimulus (eg, vibration or movement) or an electrical stimulus that the user can perceive through tactile or kinesthetic sense. According to an embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera module 180 may capture still images and moving images. According to an embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 may manage power supplied to the electronic device 101 . According to an embodiment, the power management module 188 may be implemented as, for example, at least a part of a power management integrated circuit (PMIC).

The battery 189 may supply power to at least one component of the electronic device 101 . According to one embodiment, battery 189 may include, for example, a non-rechargeable primary cell, a rechargeable secondary cell, or a fuel cell.

The communication module 190 is a direct (eg, wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (eg, the electronic device 102, the electronic device 104, or the server 108). It can support establishment and communication performance through the established communication channel. The communication module 190 may include one or more communication processors that operate independently of the processor 120 (eg, an application processor) and support direct (eg, wired) communication or wireless communication. According to one embodiment, the communication module 190 is a wireless communication module 192 (eg, a cellular communication module, a short-range communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (eg, : It may include a LAN (local area network) communication module, or a power line communication module). A corresponding communication module among these communication modules is a first network 198 (eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (eg, legacy It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (eg, a telecommunication network such as a LAN or a wide area network (WAN)). These various types of communication modules may be integrated into one component (eg, a single chip) or may be implemented as a plurality of components (eg, multiple chips) separate from each other. The wireless communication module 192 uses the subscriber information (eg, International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199 . The electronic device 101 may be identified or authenticated.

The wireless communication module 192 may support a 5G network after a 4G network and a next-generation communication technology, for example, a new radio access technology (NR). NR access technology is a high-speed transmission of high-capacity data (eMBB, enhanced mobile broadband), minimization of terminal power and access to multiple terminals (mMTC, massive machine type communications), or high reliability and low latency (URLLC, ultra-reliable and low-latency). communications) can be supported. The wireless communication module 192 may support a high frequency band (eg, mmWave band) to achieve a high data rate, for example. The wireless communication module 192 includes various technologies for securing performance in a high-frequency band, for example, beamforming, massive multiple-input and multiple-output (MIMO), all-dimensional multiplexing. It may support technologies such as input/output (FD-MIMO, full dimensional MIMO), an array antenna, analog beam-forming, or a large scale antenna. The wireless communication module 192 may support various requirements specified in the electronic device 101 , an external electronic device (eg, the electronic device 104 ), or a network system (eg, the second network 199 ). According to an embodiment, the wireless communication module 192 may include a peak data rate (eg, 20 Gbps or more) for realizing eMBB, loss coverage (eg, 164 dB or less) for realizing mMTC, or U-plane latency for realizing URLLC ( Example: downlink (DL) and uplink (UL) each 0.5 ms or less, or round trip 1 ms or less).

The antenna module 197 may transmit or receive a signal or power to the outside (eg, an external electronic device). According to an embodiment, the antenna module 197 may include an antenna including a conductor formed on a substrate (eg, a PCB) or a radiator formed of a conductive pattern. According to an embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected from the plurality of antennas by, for example, the communication module 190 . can be selected. A signal or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna. According to some embodiments, other components (eg, a radio frequency integrated circuit (RFIC)) other than the radiator may be additionally formed as a part of the antenna module 197 .

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, the mmWave antenna module comprises a printed circuit board, an RFIC disposed on or adjacent to a first side (eg, bottom side) of the printed circuit board and capable of supporting a designated high frequency band (eg, mmWave band); and a plurality of antennas (eg, an array antenna) disposed on or adjacent to a second side (eg, top or side) of the printed circuit board and capable of transmitting or receiving signals of the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (eg, a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and a signal ( eg commands or data) can be exchanged with each other.

According to an embodiment, the command or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199 . Each of the external

electronic devices

102 or 104 may be the same as or different from the electronic device 101 . According to an embodiment, all or a part of operations executed in the electronic device 101 may be executed in one or more external

electronic devices

102 , 104 , or 108 . For example, when the electronic device 101 is to perform a function or service automatically or in response to a request from a user or other device, the electronic device 101 may perform the function or service itself instead of executing the function or service itself. Alternatively or additionally, one or more external electronic devices may be requested to perform at least a part of the function or the service. One or more external electronic devices that have received the request may execute at least a part of the requested function or service, or an additional function or service related to the request, and transmit a result of the execution to the electronic device 101 . The electronic device 101 may process the result as it is or additionally and provide it as at least a part of a response to the request. For this, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an Internet of things (IoT) device. Server 108 may be an intelligent server using machine learning and/or neural networks. According to an embodiment, the external electronic device 104 or the server 108 may be included in the second network 199 . The electronic device 101 may be applied to an intelligent service (eg, smart home, smart city, smart car, or health care) based on 5G communication technology and IoT-related technology.

The electronic device according to various embodiments disclosed in this document may have various types of devices. The electronic device may include, for example, a portable communication device (eg, a smart phone), a computer device, a portable multimedia device, a portable medical device, a camera, a wearable device, or a home appliance device. The electronic device according to the embodiment of the present document is not limited to the above-described devices.

The various embodiments of this document and terms used therein are not intended to limit the technical features described in this document to specific embodiments, but it should be understood to include various modifications, equivalents, or substitutions of the embodiments. In connection with the description of the drawings, like reference numerals may be used for similar or related components. The singular form of the noun corresponding to the item may include one or more of the item, unless the relevant context clearly dictates otherwise. As used herein, "A or B", "at least one of A and B", "at least one of A or B", "A, B or C", "at least one of A, B and C", and "A , B, or C" each may include any one of the items listed together in the corresponding one of the phrases, or all possible combinations thereof. Terms such as “first”, “second”, or “first” or “second” may simply be used to distinguish the component from other components in question, and may refer to components in other aspects (e.g., importance or order) is not limited. It is said that one (eg, first) component is "coupled" or "connected" to another (eg, second) component, with or without the terms "functionally" or "communicatively". When referenced, it means that one component can be connected to the other component directly (eg by wire), wirelessly, or through a third component.

The term “module” used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as, for example, logic, logic block, component, or circuit. can be used as A module may be an integrally formed part or a minimum unit or a part of the part that performs one or more functions. For example, according to an embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

According to various embodiments of the present document, one or more instructions stored in a storage medium (eg, internal memory 136 or external memory 138) readable by a machine (eg, electronic device 101) may be implemented as software (eg, the program 140) including For example, a processor (eg, processor 120 ) of a device (eg, electronic device 101 ) may call at least one command among one or more commands stored from a storage medium and execute it. This makes it possible for the device to be operated to perform at least one function according to the called at least one command. The one or more instructions may include code generated by a compiler or code executable by an interpreter. The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not include a signal (eg, electromagnetic wave), and this term is used in cases where data is semi-permanently stored in the storage medium and It does not distinguish between temporary storage cases.

According to one embodiment, the method according to various embodiments disclosed in this document may be included in a computer program product (computer program product) and provided. Computer program products may be traded between sellers and buyers as commodities. The computer program product is distributed in the form of a machine-readable storage medium (eg compact disc read only memory (CD-ROM)), or via an application store (eg Play Store ^TM ) or on two user devices ( It can be distributed online (eg download or upload), directly between smartphones (eg smartphones). In the case of online distribution, at least a part of the computer program product may be temporarily stored or temporarily generated in a machine-readable storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

According to various embodiments, each component (eg, module or program) of the above-described components may include a singular or a plurality of entities, and some of the plurality of entities may be separately disposed in other components. there is. According to various embodiments, one or more components or operations among the above-described corresponding components may be omitted, or one or more other components or operations may be added. Alternatively or additionally, a plurality of components (eg, a module or a program) may be integrated into one component. In this case, the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component among the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component are executed sequentially, in parallel, repetitively, or heuristically, or one or more of the operations are executed in a different order. , may be omitted, or one or more other operations may be added.

The example of FIG. 2 may represent an example of a system architecture for a mobile ID (or mobile ID service). In one embodiment, the identity card is a certificate (or identity card) managed by a national authority and capable of authenticating a user (eg, identification), such as an identification card, driver's license, and/or passport. real-name verification certificate) may be included. In an embodiment, the mobile ID card or mobile ID service may include a service for using the physical ID as described above through the electronic device 101 (or mobile).

According to an embodiment, a system structure for a mobile ID may include a server 201 , a reader device 301 , and an electronic device 101 .

The server 201 may include, for example, a server of an issuing authority (IA) of a mobile ID. According to an embodiment, the server 201 may store and manage identification information of a physical ID. For example, identification information corresponding to a driver's license acquired by a user (eg, a licensee) may be stored. According to one embodiment, the identification information may include, for example, the user's personal information such as user name, identification photo (eg, face image), date of birth, and/or gender, the user's signature, identification number (eg, license number). ), the issuing authority, and/or identification information associated with the user's acquired ID, such as renewal period. For example, when the user of the electronic device 101 obtains a driver's license, identification information on the driver's license obtained by the user and personal information of the user may be registered in the server 201 .

The reader device 301 is a device of a verifier (eg, as a user's identity verifier, for example, a police officer or a seller of a store), and obtains at least some information included in the mobile ID from the electronic device 101 , A device for verifying the user identity based on the identity card may be included.

The electronic device 101 wirelessly communicates with the server 201 through a first network (eg, Wi-Fi network and/or cellular network), and a reader device (eg, out of band (OOB) network) through a second network (eg, out of band (OOB) network). 301), and may include various types of devices including a function of providing data related to a mobile ID to the server 201 and/or the reader device 301 . For example, the electronic device 101 may include a mobile device such as a smart phone, a tablet personal computer (PC), and/or a wearable device.

According to an embodiment, the electronic device 101 receives a mobile ID from the server 201 in the mobile ID system, stores it in a secure area (eg, TA and/or eSE), and uses the mobile ID in an environment (eg, offline). (offline) mode or online (online) mode) may indicate a holder that provides (eg, displays or transmits) at least some information of the mobile ID. According to some embodiments, the security region may be a memory (eg, a space (or region) included in a partial region of the memory 130 of FIG. 1 , or a separate chip physically separated from the memory 130 . According to an example, the electronic device 101 may verify whether the identity information for the mobile ID matches the identity information for the mobile ID while interacting with the server 201. According to an embodiment, the electronic device 101 may include the reader device 301 . and at least some information of the mobile ID through a specified authentication protocol.

According to an embodiment, in the offline mode of the electronic device 101 , the mobile ID service is provided while the mobile ID (or mobile ID data) is directly issued from the server 201 (eg, issuing organization) from the server 201 . can give an example.

According to an embodiment, the operation according to the offline mode of the electronic device 101 may include, for example, a device engagement operation and a data transfer (offline) operation.

According to one embodiment, the device engagement operation may include a pre-operation of connecting to perform data transfer between the electronic device 101 and the reader device 301 offline. For example, the electronic device 101 is a parameter to be set with the reader device 301 for data transfer through an identification code (eg, QR code and/or barcode) or OOB communication (eg, NFC, near field communication). The (parameter) value may be included in the device engagement data, and the reader device 301 may read the device engagement data through an identification code or OOB communication connection. According to an embodiment, the electronic device 101 may generate an ephemeral public key for end-to-end encrypted communication and include it in device engagement data.

According to an embodiment, in the data transfer operation, the reader device 301 requests the electronic device 101 for desired mobile identification data (or data element) offline, and the electronic device 101 receives the data from the reader device 301 . It may include providing the requested mobile identification data offline. According to an embodiment, the reader device 301 generates an ephemeral key and encrypts it with a session key to request mobile ID data, and the electronic device 101 encrypts the mobile ID data with the session key ID data may be provided (eg end-to-end encrypted communication). According to an embodiment, the data transfer operation is performed between the electronic device 101 and the reader device 301 for OOB communication (eg, BLE, NFC, ultra-wide band (UWB), Zigbee, and/or Wi-Fi 2.4). GHz communication).

According to an embodiment, the online mode of the electronic device 101 represents an example in which the electronic device 101 provides a mobile ID service in a state in which a mobile ID (or mobile ID data) is not issued from the server 201 . can

According to an embodiment, the operation according to the online mode of the electronic device 101 may include, for example, a device engagement operation and a data transfer (offline) operation.

According to one embodiment, the device engagement action may include a pre-action for the electronic device 101 to transmit the mobile identification data to the reader device 301 online. For example, the electronic device 101 may generate address information (eg, URL) and a one-time token of the server 201 and include it in the device engagement data, and the reader device 301 may include an identification code (eg, : Device engagement data can be read via QR code and/or barcode) or OOB (eg NFC) communication.

According to an embodiment, in the data transfer operation, the reader device 301 accesses the server 201 according to address information of the server 201 included in the device engagement data of the electronic device 101, and the electronic device 101 ) may include an operation of online requesting the mobile ID data including the token delivered to the server 201 . According to an embodiment, the server 201 may check the token obtained from the reader device 301 , and transmit the mobile ID data requested by the reader device 301 to the reader device 301 online. Here, the communication channel for online communication between the server 201 and the reader device 301 may be protected by encrypted communication using HTTPS (hypertext transfer protocol secure).

An embodiment of the present disclosure may include an example of operation in an offline mode in which the electronic device 101 operates in a state in which the mobile ID is directly issued from the server 201 in a system structure for a mobile ID service. For example, according to an embodiment of the present disclosure, a user may be issued a mobile ID using the electronic device 101 , and register an ID photo used in the mobile ID to correspond to the real ID in the server 201 . It is possible to update the photo selected by the user, not the photo that has been edited.

Referring to FIG. 3 , the electronic device 101 according to an embodiment may include a communication module 192 , a display module 160 , a camera module 180 , a memory 130 , and a processor 120 . .

The communication module 192 may support a legacy network (eg, a 3G network and/or a 4G network), a 5G network, an out of band (OOB), and/or a next-generation communication technology (eg, a new radio (NR) technology). According to an embodiment, the communication module 192 may correspond to the wireless communication module 192 as illustrated in FIG. 1 . The communication module 192 according to an embodiment includes a first communication module configured to support wireless communication of the electronic device 101 through a first network (eg, a cellular network), and an OOB (eg, NFC, BLE, and/or Alternatively, it may include a second communication module configured to support wireless communication of the electronic device 101 based on wireless fidelity (Wi-Fi) 2.4 GHz. According to an embodiment, the electronic device 101 may communicate with the server 201 through the first network using the first communication module. According to an embodiment, the electronic device 101 uses a second communication module to communicate with a second network different from the first network (eg, short-range communication such as Bluetooth, NFC, Wi-Fi direct, or infrared data association (IrDA)). network) to communicate with the reader device 301 .

The display module 160 may visually provide information (eg, a mobile ID) to the outside (eg, a user) of the electronic device 101 . According to an embodiment, the display module 160 includes a touch sensing circuit (or a touch sensor) (not shown), a pressure sensor capable of measuring the intensity of a touch, and/or a touch panel for detecting a magnetic field type stylus pen (eg, : a digitizer), and based on a touch sensing circuit, a pressure sensor and/or a touch panel, a signal for a specific position of the display module 160 (eg, voltage, light quantity, resistance, electromagnetic signal and/or electric charge quantity) A touch input and/or a hovering input (or a proximity input) may be sensed by measuring a change in . According to an embodiment, the display module 160 may be configured as a liquid crystal display (LCD), an organic light emitted diode (OLED), an active matrix organic light emitted diode (AMOLED), or a flexible display. can

The display module 160, under the control of the processor 120, provides a variety of information (eg, a mobile identification layout), an image object and/or a code object (eg, a capture layout) corresponding to a mobile identification request from a user or reader device 301 . : QR code and/or barcode)) can be provided visually. For example, the display module 160 may display related information corresponding to the mobile ID on the execution screen of the service application 330 , the mobile ID data stored in the memory 130 , or the execution screen of the service application 330 . can

The camera module 180 may capture still images and moving images. According to an embodiment, the camera module 180 may support photographing (eg, taking a selfie) for an ID photo to be used in a mobile ID while executing the service application 330 under the control of the processor 120 .

The memory 130 may correspond to the memory 130 as described in the description with reference to FIG. 1 . According to an embodiment, the memory 130 may store various data used by the electronic device 101 . The data may include, for example, input data or output data for the service application 330 (eg, the program 140 of FIG. 1 ) and a command related thereto. According to an embodiment, the memory 130 may store instructions that cause the processor 120 to operate when executed. For example, the service application 330 may be stored as software (eg, the program 140 of FIG. 1 ) on the memory 130 , and may be executable by the processor 120 .

The service application 330 may be an application that can use the mobile ID service (eg, a mobile ID application), and may include a fast identity online (FIDO) authentication function for user authentication.

The memory 130 may include a security area 340 . According to an embodiment, the security area 340 may store personal information included in the mobile ID, identification information, and/or encryption key. According to an embodiment, the mobile ID according to the present disclosure may represent, for example, a mobile electronic ID (eg, eID, electronic identification), and the electronic ID may include a national ID card, driver's license, health insurance card, and/or may be used to encompass all identification cards such as electronic passports. According to an embodiment, the electronic device 101 may separately set the security area 340 in the memory 130 to enhance the security of the mobile ID, and the security area 340 may include a built-in security chip or a built-in security area ( For example, eSE, embedded secure element) may be implemented.

The processor 120 may control each of the server 201 or the reader device 301 and a related operation for providing a mobile ID service. According to an embodiment, the processor 120 may control an operation related to updating the ID photo of the mobile ID when the electronic device 101 issues the mobile ID from the server 201 or in a state in which it is issued. According to an embodiment, the processor 120 includes a service module 310 (or service means) that can use the mobile ID service and a security module 320 that can control a security-related operation when using the mobile ID service ( or security means). For example, the service module 310 may process a function corresponding to the service application 330 , and the security module 320 may process a function corresponding to the security area 340 .

According to an embodiment, the components (eg, the service module 310 and the security module 320 ) included in the processor 120 may be understood as, for example, a hardware module (eg, circuitry). However, various embodiments are not limited thereto. For example, components included in the processor 120 (eg, the service module 310 and the security module 320 ) may include a software structure in addition to or alternatively to a hardware structure. According to an embodiment, the components (eg, the service module 310 and the security module 320 ) included in the processor 120 are a storage medium (eg, a storage medium readable by the processor 120 ). It may be implemented as software (eg, the service application 330 and the security area 340) including one or more instructions stored in the memory 130). According to an embodiment, the operations performed by the processor 120 may be stored in the memory 130 and, when executed, may be executed by instructions that cause the processor 120 to operate.

The electronic device 101 according to an embodiment of the present disclosure includes a communication module (eg, the communication module 192 of FIG. 1 ), a memory (eg, the memory 130 of FIG. 1 ), and a display module (eg, the display module of FIG. 1 ). a display module 160), and a processor operatively connected to the communication module, the memory, and the display module (eg, the processor 120 in FIG. 1), wherein the processor 120 provides a mobile ID service for executing an application for, obtaining ID information based on a user input, displaying the ID information through the display module, and obtaining an image for an ID photo of a mobile ID based on a photo update request, and the image performs face matching based on , and based on the result of the face matching, transmits a message requesting issuance of a mobile ID based on the image to the server through the communication module, and through the communication module, the Receive a mobile ID including an ID photo corresponding to the image from the server, and store the mobile ID in a secure area of the memory.

According to an embodiment of the present disclosure, when the application is executed, the processor 120 performs user authentication for releasing a security function related to the execution of the application, and based on the result of the user authentication, the execution of the application It is set to display a screen, and the user authentication may include biometric authentication and/or password authentication based on a fast identity online (FIDO) authentication method.

According to an embodiment of the present disclosure, the processor 120 detects a user input requesting issuance of a mobile ID from a user, and based on the user input, a user for determining suitability of a user requesting issuance of the mobile ID It is configured to perform authentication and provide an interface related to obtaining the identification information based on the result of the user authentication, and the user authentication for determining the suitability may include a public certificate authentication and/or text message authentication. .

According to an embodiment of the present disclosure, the processor 120 may acquire the ID information through a user input, photographing a physical ID, contacting a physical ID, and/or interacting with a server.

According to an embodiment of the present disclosure, the processor 120 detects an input for updating the picture based on a specified object for updating the picture, activates a camera module based on the input, and performs a preview. It can be provided to provide guidelines related to photography.

According to an embodiment of the present disclosure, the processor 120 may perform face verification based on matching between the image and the image stored in the secure area of the memory.

According to an embodiment of the present disclosure, the processor 120 determines whether the face matching succeeds, and when the face matching fails, provides a guide related to re-photography, and when the face matching succeeds, The message including the ID information, the image, and photo update request information for requesting to correct the photo of the mobile ID using the image may be transmitted to the server.

According to an embodiment of the present disclosure, the processor 120 may manage an expiration period related to the mobile ID.

According to an embodiment of the present disclosure, the processor 120 may guide the update of the mobile ID based on a predetermined time point specified in the expiration period.

According to an embodiment of the present disclosure, the processor 120 may provide a related notice to the user to update the mobile ID and/or renew the physical ID at a predetermined time specified in the expiration period.

Hereinafter, an operation method of the electronic device 101 will be described in detail. Operations performed by the electronic device 101 to be described below may be executed by the processor 120 including at least one processing circuitry of the electronic device 101 . According to an embodiment, the operations performed by the electronic device 101 may be stored in the memory 130 and, when executed, may be executed by instructions that cause the processor 120 to operate.

According to an embodiment, the electronic device 101 matches (or verifies) various biometric information (eg, face authentication data and/or fingerprint authentication data) for a user to use various security services of the electronic device 101 . You can save the model. According to an embodiment, FIG. 4 may show an example of first issuing a mobile ID to the electronic device 101 through wireless communication between the electronic device 101 and the server 201 .

Referring to FIG. 4 , in operation 401 , the electronic device 101 may perform user authentication. According to an embodiment, when the initial issuance of the mobile ID is requested, the electronic device 101 determines whether the user is an actual user (or owner) of the electronic device 101 for issuance of the mobile ID (eg, a user requesting mobile ID issuance). In order to check whether the user registered in the electronic device 101 and the electronic device 101 are the same person), user authentication, which is a binding operation, may be performed. For example, the electronic device 101 may perform user authentication through at least one designated authentication method such as biometric authentication (eg, face authentication or fingerprint authentication), password authentication, public certificate authentication, and/or text message authentication. can

In operation 403, the electronic device 101 may obtain identification information. According to an embodiment, when user authentication is completed, the electronic device 101 may acquire the user's real ID or ID information from the server 201 based on a user input. For example, the electronic device 101 provides the user with a guide for obtaining ID information (eg, a guide related to direct input, ID photo taking, contact with a physical ID, and/or receiving ID information from a server) to the user, You can have them enter your ID information from

According to an embodiment, the user may directly input information on the physical identification card according to a guide to input information on the physical identification card, and the electronic device 101 may obtain identification information based on information input from the user. .

According to some embodiments, the user may photograph the physical ID using the camera module 180 according to a guide to photograph the physical ID, and the electronic device 101 performs optical character recognition (OCR) and/or ID information may be obtained based on image recognition. According to an embodiment, the user may contact the physical ID at a designated location of the electronic device 101 according to a guide to contact the physical ID with the electronic device 101 , and the electronic device 101 detects the touch of the physical ID Based on this, information stored in the real ID may be acquired using the communication module 192 through the IC chip or RFID included in the ID. According to an embodiment, the electronic device 101 requests the user's ID information from the server 201 after user authentication to the server 201 storing the user's ID information in order to obtain the ID information. ID information can be obtained. According to an embodiment, the electronic device 101 may provide (eg, display) a list of photos stored in the memory 130 and acquire an image based on a user's selection.

In operation 405, the electronic device 101 may obtain a picture of the user. According to an embodiment, the electronic device 101 may display the obtained identification information through the display module 160 . According to an embodiment, the user may selectively perform whether to update a photo (eg, an ID photo) to be used for a mobile ID using the displayed ID information.

For example, the mobile ID that can be issued to the user in the current state may be a mobile ID having the same photo (eg, ID photo) included in the physical ID (eg, driver's license) issued as a real thing. Accordingly, the user may wish to update the photo at the time of issuance of the physical ID to the photo of the user's face at the current time. According to an embodiment, the electronic device 101 may selectively provide a guide for a photo update operation according to a setting of the electronic device 101 when obtaining identification information in an operation for issuing a mobile ID, Based on the user's selection, the user's photo may be acquired from the user's selfie or from a photo pre-stored in the memory 130 of the electronic device 101 .

According to an embodiment, the electronic device 101 may activate the camera module 180 of the electronic device 101 to update a photo, and may take a photo (eg, take a selfie) from the user. According to some embodiments, the electronic device 101 may additionally provide a condition and/or a guide for taking a picture having a standard suitable for a mobile ID in a picture taking operation. An operation of guiding photo taking corresponding to the standard of a mobile ID card will be described with reference to the drawings to be described later.

In operation 407, the electronic device 101 may perform face information matching (or verification). According to an embodiment, the electronic device 101 compares the face image of the captured photo and the face image of the photo stored in the electronic device 101 to determine whether the captured photo is a photo of the user of the electronic device 101 . User authentication can be performed by matching. For example, the electronic device 101 may use the face authentication model stored in the memory 130 (eg, the security area 340 ) of the electronic device 101 to determine whether the photographed picture is of the user. According to some embodiments, the electronic device 101 may request the user to retake the picture when the taken picture and the stored picture do not match, and if the failure is repeated more than a specified number of times, a step before updating the picture (eg: ID information acquisition operation), or may end (or initialize) the mobile ID issuance operation.

In operation 409, when face information matching is successful, the electronic device 101 may request the server 201 to issue a mobile ID with an updated photo of the ID based on the captured picture. For example, the electronic device 101 may transmit a mobile ID issuance request including a photographed photo to the server 201 . According to an embodiment, when the face information matching is successful, the electronic device 101 determines that the captured photo is the face data of the real user, and uses the face data (eg, the captured photo) to display the photo of the mobile ID. It may be requested to the server 201 to issue a modified mobile ID. According to an embodiment, when the electronic device 101 requests issuance of a mobile ID, identification information of the electronic device 101 (eg, a device identifier of the electronic device 101 and/or a phone number of the electronic device 101) and / Alternatively, at least some information of the identification information obtained in operation 403 may be provided to the server 201 .

In operation 411 , the server 201 may verify the electronic device 101 based on receiving the update request from the electronic device 101 . According to an embodiment, the server 201 may verify whether the electronic device 101 is a device suitable for a mobile ID request by interacting with the electronic device 101 . For example, the server 201 may determine whether or not the identification information obtained from the electronic device 101 matches the identification information previously stored (or registered) in the server 201 related to the electronic device 101 . there is.

In operation 413 , the server 201 may update (or change) the photo data related to the user ID of the electronic device 101 registered in the server 201 with the photo data received from the electronic device 101 . According to an embodiment, when updating a photo of an ID, the server 201 may set a period during which the updated photo can be used (eg, photo expiration period) and manage the expiration period for the updated photo. . For example, the expiration period may be set for a policy or security issue of the server 201 .

In operation 415 , the server 201 may generate a mobile ID using the updated photo data. According to an embodiment, the server 201 may apply (or replace) a photo of a pre-registered physical ID with an updated photo, and may generate a mobile ID for issuing to the electronic device 101 .

In operation 417 , the server 201 may transmit the mobile ID to the electronic device 101 . For example, the server 201 may transmit the mobile ID to the electronic device 101 to issue the mobile ID to the electronic device 101 . According to an embodiment, when issuing a mobile ID, the server 201 may transmit information on an expiration period related to an updated photo together and store it in the security area 340 of the electronic device 101 . For example, the expiration period may be managed by the server 201 and may also be managed by the electronic device 101 .

In operation 419 , the electronic device 101 may receive the mobile ID from the server 201 , and store the mobile ID in the secure area 340 of the memory 130 . According to an embodiment, when receiving information on the expiration period together with the mobile ID, the electronic device 101 may store the mobile ID and the expiration period in the security area 340 by mapping (or relating to) the expiration period. According to an embodiment, the electronic device 101 may provide a notice to the user based on the expiration period. For example, the electronic device 101 may request the user to update the photo of the mobile ID through a notification before the expiration period is reached or at a specified point in time (eg, one week before the expiration, one month, or one day before the expiration). , after the expiration period, the use of the corresponding photo in the mobile ID may be restricted, and the use of the mobile ID may also be restricted.

5 is a flowchart illustrating a method of operating an electronic device according to various embodiments of the present disclosure;

According to an embodiment, in FIG. 5 , when the electronic device 101 issues a mobile ID (eg, mobile driver's license) from the server 201, an ID photo to be used in the mobile ID is updated, and the mobile ID with the ID photo updated is updated. It can represent the operation of receiving and saving.

Referring to FIG. 5 , in operation 501 , the processor 120 of the electronic device 101 may execute an application (eg, a service application 330 or a mobile identification application). According to an embodiment, the processor 120 may control the display module 160 to execute a specified application for the mobile ID and display an execution screen of the application based on a user input.

In operation 503, the processor 120 may perform user authentication. According to an embodiment, the processor 120 may receive a user input requesting issuance of a mobile ID through an application, and perform an operation for user authentication based on the user input. According to an embodiment, the processor 120 performs biometric authentication (eg, face authentication, User authentication may be performed through at least one designated authentication method such as iris authentication or fingerprint authentication), password authentication, public certificate authentication, and/or text message authentication.

In operation 505, the processor 120 may obtain identification information. According to an embodiment, when the user authentication is completed, the processor 120 may acquire the user's real ID or ID information from the server based on the user input. For example, the processor 120 provides the user with a guide for obtaining ID information (eg, a guide related to direct input, ID photo taking, physical ID contact, and/or receiving ID information from a server) to the user, You can select a method for entering identification information from

According to an embodiment, the user directly inputs information on the physical ID, takes a picture of the physical ID, contacts the physical ID with a designated location of the electronic device 101 to perform data communication, or receives the user's ID information. ID information may be input based on an input for requesting and receiving the user's ID information from the stored server 201 . According to an embodiment, the processor 120 may acquire identification information corresponding to the real identification card in an automatic or manual method based on any one method according to a user input.

In operation 507, the processor 120 may display the obtained identification information. According to an embodiment, the processor 120 may control the display module 160 to display the obtained identification information through the execution screen of the application. An example thereof will be described with reference to FIG. 7 to be described later.

In operation 509 , the processor 120 may acquire an image (eg, a face image) based on the photo update request. According to an embodiment, the user may selectively perform whether or not to update the photo to be used for the mobile ID by using the displayed ID information. According to an embodiment, the processor 120 may acquire an image from a user's selfie taking or a picture pre-stored in the memory 130 of the electronic device 101 based on the user's selection.

For example, the processor 120 activates the camera module 180 of the electronic device 101 based on the user's input for updating a photo (eg, taking a selfie), and taking a picture from the user (eg, taking a selfie) can be performed. According to some embodiments, the processor 120 may additionally provide a condition and/or a guide for taking a picture having a standard suitable for a mobile ID in a picture taking operation. According to an embodiment, an operation of guiding photo taking corresponding to the standard of a mobile ID will be described with reference to the drawings to be described later.

In operation 511 , the processor 120 may perform face matching (or face verification). According to an embodiment, the processor 120 matches an image (eg, a face image) obtained by taking a photo (eg, taking a selfie) with an image (eg, a face image) stored in the electronic device 101 to authenticate the user can be performed. For example, the processor 120 compares and analyzes the image of the face authentication model stored in the memory 130 (eg, the security area 340 ) of the electronic device 101 and the acquired image, and the acquired image is the user. It is possible to identify whether it is an image of According to an embodiment, a face matching operation will be described with reference to drawings to be described later.

In operation 513 , when face matching is successful, the processor 120 may request the server 201 to issue a mobile ID. According to an embodiment, the processor 120 may request the server 201 to issue a mobile ID based on the acquired image. For example, the processor 120 may transmit a mobile ID issuance request message including ID information, acquired image, and photo update request information to the server 201 through the communication module 192 . According to an embodiment, when the face matching is successful, the processor 120 may request the server 201 to correct and issue a photo of the mobile ID using the acquired image.

In operation 515 , the processor 120 may receive the mobile ID from the server 201 . According to an embodiment, the processor 120 may receive, from the server 201 , a mobile ID including a photo according to the acquired image through the communication module 192 .

In operation 517 , the processor 120 may store the mobile ID. According to an embodiment, when the mobile ID is received, the processor 120 may store the received mobile ID in the secure area 340 of the memory 130 . According to some embodiments, the processor 120 may store the personal information included in the mobile ID and the associated encryption key in the secure area 340 .

Referring to FIG. 6 , in operation 601 , the processor 120 of the electronic device 101 may execute an application (eg, a service application 330 or a mobile identification application) that can use a mobile ID service. According to an embodiment, the processor 120 may execute a designated application for the mobile ID based on a user input. According to an embodiment, when the application is executed, the processor 120 displays an authentication screen related to user authentication or displays the execution screen of the application, depending on whether the application policy or security is set. can be controlled According to an embodiment, in the case of the application, the user's personal information may be included, a security function (or lock function) may be set for security, and the user authenticates the user to release the security function related to the execution of the application You can use the application later.

In operation 603, the processor 120 may perform user authentication (eg, first user authentication). According to an embodiment, when detecting the execution of the application, the processor 120 may perform user authentication according to the security setting of the application. For example, the processor 120 may perform user authentication to identify whether the user has access to the usage right of the application.

According to an embodiment, user authentication related to application execution may include, for example, biometric authentication (eg, fingerprint, iris, face recognition, voice, and/or vein authentication) based on a fast identity online (FIDO) authentication method and/or or password authentication. According to an embodiment, when user authentication is successful, the processor 120 may control the display module 160 to display an execution screen of an application. According to some embodiments, the user authentication operation in operation 603 may be integrally performed after operation 605 according to the setting of the electronic device 101 .

In operation 605, the processor 120 may detect a mobile ID issuance request. According to an embodiment, the processor 120 may receive a user input requesting issuance of a mobile ID through a designated menu of the application (eg, a mobile ID issuance menu). According to some embodiments, the processor 120 may perform user authentication (eg, second user authentication) for determining suitability of a user requesting issuance of a mobile ID based on a user input requesting issuance of a mobile ID. there is. For example, in order to additionally confirm whether the current user requesting issuance of the mobile ID and the actual user (or owner) of the electronic device 101 are the same user, the processor 120 may be configured separately from the first user authentication (or Additionally), user authentication may be performed through at least one designated authentication method such as public certificate authentication and/or text message authentication.

In operation 607, the processor 120 may obtain identification information. According to an embodiment, when user authentication is completed, the processor 120 provides an interface for obtaining identification information, and based on the interface, user input, physical identification photographing, physical identification contact, and/or server ID information can be obtained by interacting with For example, the processor 120 provides the user with a guide for obtaining ID information (eg, a guide related to direct input, ID photo taking, physical ID contact, and/or receiving ID information from a server) to the user, You can select a method for entering identification information from

According to an embodiment, the user directly inputs information on the physical ID, takes a picture of the physical ID, contacts the physical ID with a designated location of the electronic device 101 to perform data communication, or receives the user's ID information. ID information may be input based on an input for requesting and receiving the user's ID information from the stored server 201 (eg, ID issuing server). The electronic device 101 obtains identification information corresponding to the real ID in an automatic (eg, acquisition by photographing or communication) or manual (eg, by direct input) method based on any one method according to a user input. can be obtained

In operation 609, the processor 120 may display the obtained identification information. According to an embodiment, the processor 120 may control the display module 160 to display the obtained identification information through the execution screen of the application. An example thereof will be described with reference to FIG. 7 to be described later.

In operation 611, the processor 120 may determine whether to update the photo. According to an embodiment, after displaying the identification information, the processor 120 may determine whether there is a user input for selecting a specified object (eg, the object 730 of FIG. 7 ) for photo update from the user. For example, the user may selectively update the photo to be used for the mobile ID based on the displayed ID information (eg, image information corresponding to the ID photo of the physical ID).

In operation 611 , when there is no photo update request (eg, 'No' in operation 611 ), in operation 613 , the processor 120 may request the server 201 to issue a mobile ID. According to an embodiment, the processor 120 transmits ID information to the server 201 in response to a user input for selecting a designated object (eg, the object 750 in FIG. 7 ) for issuing a mobile ID without a photo update request. may be provided (eg, transmitted) to the server 201 to issue a mobile ID corresponding to the ID information.

In operation 611 , when there is a photo update request (eg, 'Yes' in operation 611 ), in operation 615 , the processor 120 may activate the camera module 180 . According to an embodiment, the processor 120 activates the camera module 180 of the electronic device 101 based on the user's input for updating a photo (eg, taking a selfie), and taking a picture from the user (eg, taking a selfie) shooting) can be performed. According to some embodiments, the processor 120 may additionally provide a condition and/or a guide for taking a picture having a standard suitable for a mobile ID in a picture taking operation. According to an embodiment, an operation of guiding photo taking corresponding to the standard of a mobile ID will be described with reference to the drawings to be described later.

According to some embodiments, when there is a photo update request, the processor 120 may provide (eg, display) a photo list stored in the memory 130 of the electronic device 101 . For example, the processor 120 displays a list of photos stored in the memory 130 of the electronic device 101 through the display module 160 based on the user's input for updating photos (eg, selecting a saved photo), and , may receive an input for a photo from the user. For example, although not shown in FIG. 6 , the processor 120 may provide an option to take a photo or select a photo in response to a photo update selection, and may acquire an image from a photo taken or a stored photo according to the user's selection. .

According to an embodiment, the processor 120 displays at least one photo (eg, a recent photo within a specified period (eg, one week or one month)) designated based on the captured (acquired) date from among the stored photo list. It may be displayed through the module 160 , and an input for a photo may be received from the user. According to an embodiment, the processor 120 displays, through the display module 160, at least one photo that meets the specifications of the mobile ID from among at least one designated photo based on the captured date, and receives an input for the photo from the user. can receive According to another embodiment, the processor 120 may display, through the display module 160, at least one picture that meets the specifications of the mobile ID from among the stored picture list, and may receive an input for the picture from the user.

In operation 617 , the processor 120 may acquire an image. According to an embodiment, the processor 120 may acquire an image (eg, a face image) from the camera module 180 based on photographing. According to an embodiment, the processor 120 may acquire an image selected by the user based on the photo list. According to an embodiment, the processor 120 may display the acquired image through the display module 160 based on the image acquisition, and may include an operation of deactivating the camera module 180 .

In operation 619 , the processor 120 may perform face matching (or face verification). According to an embodiment, the processor 120 matches an image (eg, a face image) obtained by taking a photo (eg, taking a selfie) with an image (eg, a face image) stored in the electronic device 101 to authenticate the user can be performed. For example, the processor 120 compares and analyzes the image of the face authentication model stored in the memory 130 (eg, the security area 340 ) of the electronic device 101 and the acquired image, and the acquired image is the user. It can be identified whether it is an image of According to an embodiment, an operation of matching a face will be described with reference to drawings to be described later.

In operation 621 , the processor 120 may determine whether face matching is successful based on the result of face matching. According to an embodiment, when the processor 120 identifies the same user (eg, a user's face) based on the acquired image and the stored image, the processor 120 may determine the success of face matching. According to another embodiment, when the processor 120 identifies that the user is not the same user (eg, user face) based on the acquired image and the stored image, the processor 120 may determine that the face matching fails.

In operation 621 , when face matching fails (eg, 'No' in operation 621 ), in operation 623 , the processor 120 may provide a guide related to re-photographing. According to an embodiment, when the acquired image and the stored image do not match, the processor 120 may control the display module 160 to display a guide to failure and a guide to requesting retake of a photo to the user.

According to an embodiment, the processor 120 may proceed to operation 615 based on a user input in response to re-taking a photo and perform operations 615 and subsequent operations. According to some embodiments, if the processor 120 fails to match the face more than a specified number of times, it may proceed to an operation prior to photo update (eg, an operation to obtain identification information) or terminate (or initialize) the operation of issuing a mobile identification card. there is.

In operation 621 , when face matching is successful (eg, 'Yes' in operation 621 ), in operation 625 , the processor 120 may request the server 201 to issue a mobile ID. According to an embodiment, the processor 120 responds to a user input for selecting an object (eg, the object 720 in FIG. 7 ) for issuing a mobile ID after image acquisition (eg, taking a picture for updating a picture), The ID information and the acquired image may be provided (eg, transmitted) to the server 201 , and the server 201 may be requested to issue a mobile ID corresponding to the ID information and the acquired image. For example, the processor 120 may transmit a mobile ID issuance request message including ID information, acquired image, and photo update request information to the server 201 through the communication module 192 .

According to an embodiment, when the face matching is successful, the processor 120 corrects the ID photo of the mobile ID using the acquired image (eg, replaces the ID photo of the physical ID with another acquired image-based photo). It may request the server 201 to issue.

In operation 627 , the processor 120 may receive the mobile ID from the server 201 . According to an embodiment, the processor 120 may receive, from the server 201 , a mobile ID including a photo according to the acquired image through the communication module 192 .

In operation 629 , the processor 120 may store the mobile ID. According to an embodiment, when the mobile ID is received, the processor 120 may store the received mobile ID in the secure area 340 of the memory 130 . According to some embodiments, the processor 120 may store the personal information included in the mobile ID and the associated encryption key in the secure area 340 .

According to an embodiment, FIG. 7 may show an example of a user interface in a state verified by input of ID information for issuance of a mobile ID and verification by the server after the execution of the application.

According to an embodiment, FIG. 7 may show an example of a user interface (eg, an example screen) of a mobile ID that can be provided in an operation of issuing a mobile ID in the electronic device 101 . Various embodiments are not limited thereto, and the user interface for issuing a mobile identity may be implemented in various forms (eg, different arrangement positions of each information, a display form of each information, and/or a structure of each information) depending on the implementation. can

Referring to FIG. 7 , the user interface displays a card image 710 , identification information 720 , a photo update object 730 , a correction object 740 , and/or a registration object 750 corresponding to the real thing of the physical ID. may include According to an embodiment, the card image 710 may be an image of a physical ID or may include an image generated based on identification information input by a user. According to an embodiment, the photo image (eg, ID photo) displayed through the card image 710 in the mobile ID issuance operation may be an image corresponding to the ID photo of the physical ID. According to an embodiment, the identification information 720 may include information directly input by the user based on a physical ID, or information extracted and automatically inputted based on character recognition (eg, OCR) from a photographed image. there is.

According to an embodiment, the user interface may include a camera object (eg, the camera object 900 of FIG. 9A ) for supporting photo taking for updating an ID photo (eg, updating a photo) used in the mobile ID. there is. According to an embodiment, while the electronic device 101 displays input (or generated) information related to the mobile ID based on the user interface, based on the user input selecting the photo update object 730, The camera module 180 may be activated, and an execution screen related to picture taking for photo update may be displayed by overlaying it on the user interface, or the user interface may be switched to an execution screen related to picture taking and provided.

According to an embodiment, the user may correct erroneously input information based on the selection of the correction object 740 or register the mobile ID based on information input based on the selection of the registration object 750 . According to an embodiment, when detecting the selection of the registration object 750 , the electronic device 101 may transmit the input information to the server 201 to request issuance of the mobile ID.

According to an embodiment, when the update of the photo for the mobile ID is completed, the electronic device 101 uses the same photo (eg, a photo before performing the update) among the mobile IDs stored in the security area 340 . You can also change the photo on your mobile ID. For example, when the first photo of the first mobile ID is updated to the second photo among the mobile IDs stored in the memory 130 (eg, the security area 340) of the electronic device 101, the electronic device 101 , it is possible to identify at least one second mobile ID including the same photo as the first photo from among the stored mobile IDs.

According to an embodiment, the electronic device 101 may update the photo of at least one second mobile ID identified from among the stored mobile IDs to the second photo. According to an embodiment, the electronic device 101 may propose to the user whether to update the photo of at least one second mobile ID (eg, provide an interface for requesting confirmation of whether to update the photo of another mobile ID). can

According to an embodiment, the electronic device 101 may receive one or more different types of mobile IDs for each server 201 (eg, an ID issuing server), and when executing a mobile ID, the electronic device 101 may be issued from the same issuing server. It is also possible to obtain updated update information from other mobile IDs, and update information of the executed mobile IDs based on the obtained update information.

According to an embodiment, in FIG. 8 , an operation of updating (eg, updating a photo) an identification photo of a mobile ID (eg, mobile driver's license) issued by the server 201 in the electronic device 101 may be illustrated.

Referring to FIG. 8 , in operation 801 , the processor 120 of the electronic device 101 may execute an application (eg, a service application 330 or a mobile identification application) that can use a mobile ID service. According to an embodiment, the processor 120 may execute a designated application for the mobile ID based on a user input. According to an embodiment, when the application is executed, the processor 120 displays an authentication screen related to user authentication or displays the execution screen of the application, depending on whether the application policy or security is set. can be controlled According to an embodiment, the application may include the user's personal information, a security function (or lock function) may be set for security, and the user may use the application after user authentication to release the security function there is.

In operation 803, the processor 120 may perform user authentication (eg, first user authentication). According to an embodiment, when detecting the execution of the application, the processor 120 may perform user authentication according to the security setting of the application. For example, the processor 120 may perform user authentication to identify whether the user has access to the usage right of the application.

According to an embodiment, user authentication related to application execution includes, for example, biometric authentication (eg, fingerprint, iris, facial recognition, voice, and/or vein authentication) and/or password authentication based on a FIDO authentication method. can do. According to an embodiment, when user authentication is successful, the processor 120 may control the display module 160 to display an execution screen of an application. According to some embodiments, the user authentication operation in operation 803 may be integrally performed after operation 805 according to the setting of the electronic device 101 .

In operation 805 , the processor 120 may call and display the mobile ID. According to an embodiment, the processor 120 may receive a user input requesting a mobile ID through an application. According to an embodiment, the processor 120 may call the mobile ID stored in the secure area 340 of the memory 130 and display it through the display module 160 based on a user input. For example, the processor 120 may call the mobile ID stored in the secure area 340 and control the display module 160 to display the called mobile ID through the execution screen of the application. An exemplary screen on which a mobile identification card is displayed according to an embodiment will be described with reference to the drawings to be described later.

In operation 807 , the processor 120 may detect a photo update request. According to an embodiment, after displaying the mobile ID, the processor 120 may determine whether there is a user input for selecting a designated object for photo update (eg, the object 900 of FIG. 9A ) from the user. For example, the user may check the ID photo from the displayed mobile ID, and selectively update the ID picture used in the mobile ID.

According to some embodiments, the processor 120 may perform user authentication (eg, second user authentication) based on a user input requesting a photo update of the mobile ID. For example, in order to additionally confirm whether the current user who requests the photo update of the mobile ID and the actual user (or owner) of the electronic device 101 are the same user, the processor 120 may separate from the first user authentication. (or additionally), user authentication may be performed through at least one designated authentication method such as public certificate authentication and/or text message authentication.

In operation 809 , in response to a photo update request, the processor 120 may activate the camera module 180 (eg, a front camera module) of the electronic device 101 . According to an embodiment, the processor 120 may activate the camera module 180 of the electronic device 101 based on a user's input for updating a photo, and may take a photo (eg, take a selfie) from the user. there is. According to some embodiments, the processor 120 may additionally provide a condition and/or a guide for taking a picture having a standard suitable for a mobile ID in a picture taking operation. According to an embodiment, an operation of guiding photo taking corresponding to the standard of a mobile ID will be described with reference to the drawings to be described later.

According to some embodiments, when there is a photo update request, the processor 120 may provide (eg, display) a photo list stored in the memory 130 of the electronic device 101 . For example, the processor 120 displays a list of photos stored in the memory 130 of the electronic device 101 through the display module 160 based on the user's input for updating photos (eg, selecting a saved photo), and , may receive an input for selecting a photo from the user. For example, although not shown in FIG. 8 , the processor 120 may provide an option to take a photo or select a photo in response to a photo update selection, and may acquire an image from a photo taken or a stored photo according to the user's selection. .

In operation 811 , the processor 120 may acquire an image. According to an embodiment, the processor 120 may acquire an image (eg, a face image) from the camera module 180 based on photographing. According to an embodiment, the processor 120 may acquire an image selected by the user based on the photo list. According to an embodiment, the processor 120 may display the acquired image through the display module 160 based on the image acquisition, and may include an operation of deactivating the camera module 180 .

In operation 813 , the processor 120 may perform face matching (or face verification). According to an embodiment, the processor 120 matches an image (eg, a face image) obtained by taking a photo (eg, taking a selfie) with an image (eg, a face image) stored in the electronic device 101 to authenticate the user can be performed. For example, the processor 120 compares and analyzes the image of the face authentication model stored in the memory 130 (eg, the security area 340 ) of the electronic device 101 and the acquired image, and the acquired image is the user. It can be identified whether it is an image of According to an embodiment, an operation of matching a face will be described with reference to drawings to be described later.

In operation 815 , the processor 120 may determine whether face matching is successful based on the result of face matching. According to an embodiment, when the processor 120 identifies the same user (eg, a user's face) based on the acquired image and the stored image, the processor 120 may determine the success of face matching. According to another embodiment, when the processor 120 identifies that the user is not the same user (eg, user face) based on the acquired image and the stored image, the processor 120 may determine that the face matching fails.

In operation 815 , when face matching fails (eg, 'No' in operation 815 ), in operation 817 , the processor 120 may provide a guide related to re-photographing. According to an embodiment, when the acquired image and the stored image do not match, the processor 120 may control the display module 160 to display a guide to failure and a guide to requesting retake of a photo to the user. According to an embodiment, the processor 120 may proceed to operation 809 based on a user input in response to re-taking a photo and perform operations 809 and subsequent operations. According to an exemplary embodiment, when face matching (or face verification) fails a specified number of times or more, the processor 120 may proceed to an operation prior to photo update (eg, an operation for displaying a mobile ID or an operation for executing an application).

In operation 815 , when face matching is successful (eg, 'Yes' in operation 815 ), in operation 819 , the processor 120 requests the server 201 to update a photo of the ID photo of the mobile ID and issuance of the mobile ID (eg, 'Yes' in operation 815 ). : reissue) can be requested. According to an embodiment, the processor 120 provides (eg, transmits) the acquired image to the server 201 in response to a user input or automatically after acquiring the image (eg, taking a picture for updating a picture), and acquiring The server 201 may be requested to issue a modified mobile ID (eg, update the ID photo and reissue it) using the image.

According to an embodiment, when the processor 120 requests for issuance of a modified mobile ID, ID information previously stored in the security area 340 and/or designated identification information capable of identifying the electronic device 101 (eg: A mobile ID reissuance request message including the device identifier of the electronic device 101 and/or the phone number of the electronic device 101 that has been issued the mobile ID, and the acquired image and photo update request information through the communication module 192 It can be transmitted to the server 201 . According to an embodiment, when the face matching is successful, the processor 120 may request the server 201 to correct and issue an ID photo of the mobile ID using the acquired image.

In operation 821 , the processor 120 may receive the mobile ID from the server 201 . According to an embodiment, the processor 120 may receive, from the server 201 , a mobile ID including a photo according to the acquired image through the communication module 192 .

In operation 823 , the processor 120 may update (or store) the mobile ID. According to an embodiment, when the mobile ID is received, the processor 120 may store the received mobile ID in the secure area 340 of the memory 130 . According to some embodiments, the processor 120 may delete the mobile ID previously stored in the security area 340 and update (eg, replace) the mobile ID with the received mobile ID. According to an embodiment, as the electronic device 101 receives the mobile ID including the updated photo, the previously issued (or stored) mobile ID may be deleted from the security area or use may be restricted.

According to various embodiments, when updating the ID photo of the mobile ID, the electronic device 101 and/or the server 201 may set a period (eg, photo expiration period) during which the updated ID photo can be used, and update the ID photo. You can manage the expiration period for the ID photo. For example, the expiration period may be set for a policy or security issue of the server 201 , may be managed by the server 201 , or may be managed by the electronic device 101 .

According to an embodiment, the electronic device 101 and/or the server 201 may provide a notice to the user based on the expiration period. For example, before the expiration period is reached, the electronic device 101 requests the user to update the photo of the mobile ID through a notification at a specified point in time (eg, one week before, one month, or one day before the expiration) to prove You can guide the periodic update of photos. As another example, the server 201 may transmit the related notice to the electronic device 101 at a predetermined time specified in the expiration period, and the electronic device 101 may receive the related notice and provide it to the user.

According to some embodiments, the electronic device 101 and/or the server 201 may manage the renewal period (or expiration period) of the mobile ID (eg, corresponding to the actual renewal period of the physical ID), and at a specified point in time They may guide you to renew your physical ID.

According to an embodiment, FIGS. 9A and 9B may show an example of a user interface (eg, an example screen) of a mobile ID that can be provided by the electronic device 101 . Various embodiments are not limited thereto, and the user interface for the mobile ID may be implemented in various forms (eg, different arrangement positions of each information, a display form of each information, and/or a structure of each information) depending on implementation. .

Referring to FIGS. 9A and 9B , FIG. 9A may show an example of a first user interface that provides information of a mobile ID based on text and an identification code, and FIG. 9B shows a mobile ID in the form of a physical ID (eg: An example of the second user interface provided in the form of a card) may be shown. According to an embodiment, the first user interface and the second user interface may be toggled between (or switched) based on a user input (eg, toggle input).

As shown in FIG. 9A , the first user interface includes an image 910 corresponding to an ID photo, an identification code 920 (eg, a QR code and/or a barcode), and valid (or count) time information for displaying the identification code. 930 , and/or a toggle object 940 for toggling between user interfaces. According to an embodiment, the first user interface may include a camera object 900 for supporting photo taking for an ID photo update (eg, photo update) used in a mobile ID. According to an embodiment, the electronic device 101 executes an application to easily recognize the mobile ID and some information included in the mobile ID based on the first user interface (eg, a QR code and/or barcode) may be provided, for example, the first user interface may be provided in a portrait mode.

As shown in FIG. 9B , the second user interface may provide the mobile ID in the form of a card corresponding to the actual ID of the physical ID, and a card image 950 and/or a toggle object 960 for toggle between the user interfaces. ) may be included. For example, the second user interface of the card image 950 may provide, in the card image 950 , an image corresponding to an identification photo and text of some identification information included in the mobile ID.

According to an embodiment, the second user interface may include a camera object 900 for supporting photo taking for an ID photo update (eg, photo update) used in a mobile ID. According to an embodiment, the electronic device 101 may execute an application to provide the mobile ID card in the form of an intuitively recognizable card based on the first user interface, for example, the second user interface may Can be provided in landscape mode.

According to an embodiment, the first user interface and the second user interface may be provided by switching the first user interface in the portrait mode and the second user interface in the landscape mode according to a user selection using the toggle objects 940 and 960 . can

According to an embodiment, while the electronic device 101 displays the mobile ID based on the first user interface or the second user interface, based on a user input for selecting the camera object 900, the camera module 180 may be activated, and an execution screen related to picture taking for photo update may be displayed overlaid on the user interface, or the user interface may be switched to an execution screen related to picture taking and provided.

According to an embodiment, in FIG. 10 , examples of various algorithms (or modules) 1000 for a guide method during a photo taking operation in the electronic device 101 and a face matching method for user verification during a face recognition operation are shown. can According to an embodiment, the electronic device 101 may provide the user with a photo taking when a photo update of the mobile ID is requested, and update the ID photo used in the mobile ID.

According to an embodiment, the electronic device 101 may acquire an image by operating the camera module 180 to take a picture so that the entire outline of the user's face is revealed. According to some embodiments, the electronic device 101 provides guide lines (eg, positions of shoulders, eyes, nose, and input) through a preview so that the entire contour of the user's face can be captured to the user. It can induce you to take an image suitable for use as an ID photo for your mobile ID.

According to an embodiment, the electronic device 101 may perform face matching (or face recognition) for user verification based on the obtained image to verify the obtained image. 10 may show an example of the algorithm 1000 for taking a picture and matching a face, and the algorithm 1000 may be implemented as a hardware structure or a software structure by a related module (or means).

As shown in FIG. 10 , the electronic device 101 extracts a person and a background 1010 , an image determination 1020 , a face region extraction 1030 , a facial landmark extraction 1040 , and liveness ) determination 1050 , facial feature point extraction 1060 , and/or facial similarity determination 1070 , or each module capable of executing these algorithms 1000 .

According to an embodiment, in block 1010 , the electronic device 101 may extract a person and a background based on an image obtained after taking a picture. According to an embodiment, the electronic device 101 may extract the background and the person area from the acquired image by using the person and background extraction module. According to an embodiment, when the background and the person area are not extracted from the obtained image, the electronic device 101 may induce the user to take a picture again.

According to an embodiment, when the background and the human region are extracted from the acquired image, the electronic device 101 may perform image discrimination on the acquired image in block 1020 . According to an embodiment, the electronic device 101 uses the image identification module to determine the background color of the picture, the overall brightness of the person (or object) area, and the location of the person area (eg, whether the face area is located in the center of the image). , and/or the size of the person area (eg, whether the face is not small in the photo) may be determined to confirm whether the obtained image is an image that can be used as an ID photo in the mobile ID.

According to an embodiment, when it is determined that the obtained image is an image inappropriate to be used as an ID photo in the mobile ID, the electronic device 101 may induce the user to take a photo again.

According to an embodiment, when determining that the acquired image is an image that can be used as an ID photo in the mobile ID, the electronic device 101 may extract a face region from the acquired image in block 1030 . According to an embodiment, the electronic device 101 may extract a face region from the person region of the obtained image by using the face region extraction module. According to an embodiment, the electronic device 101 detects elements such as darkness of the face region, sunglasses, eyes closed or blindfolded, and/or wearing a hat through image determination with respect to the extracted face region, the user You can induce them to take pictures again.

According to an embodiment, when the electronic device 101 extracts (eg, exists) a facial region from the human region of the obtained image, in block 1040 , facial landmarks (eg, eyes, nose, and / or region of the mouth). According to an embodiment, the electronic device 101 may search for an eye, nose, and/or mouth region in the face region of the acquired image by using the facial landmark extraction module. According to an embodiment, when a landmark (eg, an area of the eyes, nose, and/or mouth) is not extracted from the face region, the electronic device 101 may induce the user to take a picture again.

According to an embodiment, when the landmark exists in the face region, in block 1050 , the electronic device 101 may determine whether it is lively. According to an embodiment, the electronic device 101 may perform face recognition (or face recognition) for liveness detection in a face region using the liveness determination module. According to an embodiment, the electronic device 101 may determine whether or not liveness (eg, face recognition or face recognition) is performed based on the extraction of facial feature points. For example, the liveness determination module may include a facial feature point extraction module.

According to an embodiment, in block 1060 , the electronic device 101 may extract a face landmark based on the face region of the obtained image. According to an embodiment, the electronic device 101 may extract facial feature points based on landmarks (eg, eyes, nose, mouth, eyebrows, and/or face shape) of a face region using the facial feature point extraction module. can In an embodiment, the facial feature points are indicated by dotted points for each specific part of the face (eg, eyes, nose, mouth, and/or mouth), for example, a certain number of points using point markup. A face (or face) can be recognized by extracting facial features from points.

According to an embodiment, the electronic device 101 may determine the degree of facial similarity between the acquired image and the stored image based on the extracted facial feature points. According to an embodiment, the electronic device 101 may determine the face similarity between the acquired image and the image stored in the security area 340 using the face similarity determining module.

According to an embodiment, the electronic device 101 measures the similarity between the acquired image and the stored image, and when the similarity score is, for example, lower than a face recognition threshold (eg, a reference similarity score), the image is returned to the user It can induce you to take pictures. According to an embodiment, the electronic device 101 determines the similarity between the acquired image and the stored image, and when the similarity score is, for example, higher than a face recognition threshold, the acquired image is related to the same user as the stored image. image can be considered. In an embodiment, the face recognition threshold can be adjusted according to the setting of the electronic device 101 , and the security level can be increased by setting the high threshold value when matching a face for a mobile ID.

According to an embodiment, the electronic device 101 may be in a state in which the mobile ID issued from the server 201 is stored in the security area 340 . According to an embodiment, in FIG. 11 , at least some information (or information required for user verification) of the mobile ID stored in the electronic device 101 is selected through OOB communication between the electronic device 101 and the reader device 301 and the reader By transmitting to the device 301 , an operation example of verifying a user identity by a verifier using the reader device 301 may be indicated. Referring to FIG. 11 , in operation 1101 , the reader device 301 may request a mobile ID from the electronic device 101 . According to an embodiment, the reader device 301 searches for a connectable electronic device 101 using OOB (eg, NFC, BLE, and/or Wi-Fi 2.4GHz) communication, and the found electronic device 101 ) to send a connection request for a mobile ID.

In operation 1103 , the electronic device 101 may check request information based on the connection request of the reader device 301 . According to an embodiment, the electronic device 101 may determine what information the reader device 301 requests based on detecting a connection request from the reader device 301 . For example, the electronic device 101 may determine whether the reader device 301 requests a mobile ID. For example, the electronic device 101 checks the type of mobile ID requested by the reader device 301 (eg, resident registration card, driver's license, passport), and loads the ID requested by the reader device 301 . ) can be prepared.

In operation 1105 , the electronic device 101 may verify the reader device 301 . According to an embodiment, the electronic device 101 is based on identifying that the reader device 301 requests a mobile ID, through a specified authentication protocol between the electronic device 101 and the reader device 301, the reader device ( 301) can verify whether the device is suitable for information transfer.

In operation 1107 , the electronic device 101 may load a mobile ID. According to an embodiment, the electronic device 101 executes an application for a mobile ID based on verifying that the reader device 301 is a suitable device, and calls and displays the mobile ID stored in the secure area 340 . It can be displayed through the module 160 .

In operation 1109 , the electronic device 101 may provide the mobile ID to the reader device 301 . According to an embodiment, the verifier may read the identification code (eg, QR code or barcode) of the mobile ID displayed on the electronic device 101 using the reader device 301 , and the electronic device 101 provides at least some of the personal information included in the mobile identification code (eg, identification information (eg, name, identification information (or license information) and/or photo image)) to the reader device 301 based on the identification code can do. According to some embodiments, the electronic device 101 may provide identification information of the mobile ID to the reader device 301 using OOB (eg, NFC, BLE, and/or Wi-Fi 2.4GHz) communication. .

In operation 1111 , the reader device 301 may display the mobile ID received from the electronic device 101 through the display module. According to an embodiment, the reader device 301 may display the mobile ID from the electronic device 101 based on some information (eg, identification information) included in the mobile ID, for example, in FIG. 9A or The mobile ID may be displayed as a user interface corresponding to the user interface illustrated in 9b.

In operation 1113 , the reader device 301 may acquire an image. According to an embodiment, the reader device 301 may activate a camera module based on an input of a verifier requesting to take a photo, and acquire an image (eg, a face image of a user) captured through the camera module.

In operation 1115 , the reader device 301 may verify the mobile ID received from the electronic device 101 . According to an embodiment, the reader device 301 may identify whether the received mobile ID is forged or altered by performing integrity verification of the received mobile ID. According to an embodiment, the reader device 301 may identify whether identification information (eg, name, license information) of the mobile ID is normal information. According to an embodiment, the reader device 301 may verify the integrity through an information inquiry according to the identification information (eg, an identification information inquiry request through the server 201 ).

In operation 1117 , the reader device 301 may perform face matching (or face verification) based on verifying that the mobile ID is normal information. According to an embodiment, the reader device 301 may verify the mobile ID based on comparative analysis (eg, face matching) between a photo image and an image obtained through photo taking among the identification information of the mobile ID. According to an embodiment, the reader device 301 may perform verification between the photo image and the obtained image based on at least one verification method of comparing facial feature points between the photo image and the obtained image and/or determining the degree of facial similarity. .

In operation 1119 , the reader device 301 may provide a verification result to the verifier. According to an embodiment, the reader device 301 may provide a result of whether the mobile ID is authentic or not in a specified manner, based on the results of the integrity verification and face matching of the mobile ID. For example, the reader device 301 may notify the verifier of the result information based at least on visual, auditory and/or tactile information.

An operation method performed by the electronic device 101 according to an embodiment of the present disclosure includes an operation of executing an application for a mobile identification service, an operation of acquiring identification information based on a user input, and an operation of displaying the identification information through a display module. Based on the display operation, the operation of obtaining an image for the ID photo of the mobile ID based on the photo update request, the operation of performing face matching based on the image, the operation of performing face matching based on the result of the face matching, through a communication module, Transmitting a message requesting issuance of a mobile ID based on the image to a server, receiving a mobile ID including an ID photo corresponding to the image from the server through the communication module, and the mobile ID may include the operation of storing in the secure area of the memory.

According to an embodiment of the present disclosure, the operation of executing the application includes, when the application is executed, performing user authentication for releasing a security function related to the execution of the application, based on a result of the user authentication, and displaying an execution screen of , wherein the user authentication may include biometric authentication and/or password authentication based on a fast identity online (FIDO) authentication method.

According to an embodiment of the present disclosure, the obtaining of the ID information includes detecting a user input requesting issuance of a mobile ID from a user, and determining suitability of a user requesting issuance of the mobile ID based on the user input An operation of performing user authentication for , and an operation of providing an interface related to obtaining the identification information based on the result of the user authentication, wherein the user authentication for determining the suitability is a public certificate authentication and/or a text message May include authentication.

According to an embodiment of the present disclosure, the operation of acquiring the identification information may include acquiring the identification information through a user input, photographing a physical identification, contacting the physical identification, and/or interacting with a server.

According to an embodiment of the present disclosure, the operation of acquiring the image includes an operation of detecting an input for updating a picture based on a specified object for updating a picture, an operation of activating a camera module based on the input, and a preview ( preview) may include an operation of providing guidelines related to photo taking.

According to an embodiment of the present disclosure, the performing of face matching may include performing face verification based on matching between the image and an image stored in a security area of a memory.

According to an embodiment of the present disclosure, the operation of performing the face matching includes an operation of determining whether the face matching is successful, an operation of providing a guide related to re-photography when the face matching fails, and the face matching If successful, the method may include transmitting the message including the ID information, the image, and photo update request information requesting to modify a photo of the mobile ID using the image to the server.

According to an embodiment of the present disclosure, the operating method performed by the electronic device 101 may include managing an expiration period related to the mobile ID.

According to an embodiment of the present disclosure, the operation of managing the expiration period may include an operation of guiding the update of the mobile ID based on a predetermined time point specified in the expiration period.

According to an embodiment of the present disclosure, the operation of managing the expiration period includes the operation of providing a related notice to the user so as to update the mobile ID and/or renew the physical identification at a predetermined time specified in the expiration period. may include

Various embodiments of the present disclosure disclosed in the present specification and drawings are merely presented as specific examples to easily explain the technical content of the present disclosure and help the understanding of the present disclosure, and are not intended to limit the scope of the present disclosure. Therefore, the scope of the present disclosure should be construed as including all changes or modifications derived from the technical spirit of the present disclosure in addition to the embodiments disclosed herein as being included in the scope of the present disclosure.

Claims

In an electronic device,

communication module;

Memory;

display module; and

a processor operatively coupled to the communication module, the memory, and the display module, the processor comprising:

Run the application for mobile ID service,

Obtain ID information based on user input,

Display the identification information through the display module,

Based on the photo update request, an image for an ID photo of the mobile ID is obtained,

Perform face matching based on the image,

Based on the result of the face matching, through the communication module, transmit a message requesting issuance of a mobile ID based on the image to the server,

Receive a mobile ID including an identification photo corresponding to the image from the server through the communication module, and

An electronic device configured to store the mobile identification card in a secure area of the memory.
The method of claim 1, wherein the processor comprises:

When the application is executed, user authentication is performed to release a security function related to the execution of the application,

Based on the result of the user authentication, it is set to display the execution screen of the application,

The user authentication includes biometric authentication and/or password authentication based on a fast identity online (FIDO) authentication method.
The method of claim 1, wherein the processor comprises:

Detect a user input requesting issuance of a mobile ID from the user,

Based on the user input, performing user authentication for determining suitability of a user requesting issuance of the mobile ID,

Based on the result of the user authentication, it is set to provide an interface related to obtaining the identification information,

The user authentication for determining the suitability is an electronic device including authentication certificate authentication and/or text message authentication.
The method of claim 1, wherein the processor comprises:

An electronic device configured to obtain the identification information through user input, photographing physical identification, contacting physical identification, and/or interacting with a server.
The method of claim 1, wherein the processor comprises:

detecting an input for updating the picture based on a specified object for updating the picture;

Activate the camera module based on the input,

An electronic device configured to provide guidelines related to taking pictures through preview.
The method of claim 1, wherein the processor comprises:

performing face verification based on matching between the image and the image stored in the secure area of the memory;

Determining whether the face matching is successful,

If the face matching fails, a guide related to re-photography is provided,

If the face matching is successful, the electronic device is configured to transmit the message including the ID information, the image, and photo update request information for requesting to correct a photo of a mobile ID using the image to the server.
The method of claim 1, wherein the processor comprises:

manage the expiration period related to the mobile ID,

An electronic device configured to guide the update of the mobile ID based on a predetermined time point specified in the expiration period.
The method of claim 7, wherein the processor comprises:

an electronic device configured to provide a related notice to the user to update the mobile ID and/or renew the physical ID at a predetermined time specified in the expiration period.
A method of operating an electronic device, comprising:

running an application for a mobile ID service;

obtaining identification information based on a user input;

displaying the identification information through a display module;

obtaining an image for an ID photo of the mobile ID based on the photo update request;

performing face matching based on the image;

transmitting, through a communication module, a message requesting issuance of a mobile ID based on the image to a server based on the result of the face matching;

receiving, from the server through the communication module, a mobile ID including an identification photo corresponding to the image; and

and storing the mobile identification card in a secure area of the memory.
The method of claim 9, wherein the running of the application comprises:

When the application is executed, the operation of performing user authentication for releasing a security function related to the execution of the application;

Based on the result of the user authentication, comprising the operation of displaying the execution screen of the application,

The user authentication method includes biometric authentication and/or password authentication based on a fast identity online (FIDO) authentication method.
The method of claim 9, wherein the obtaining of the identification information comprises:

Detecting a user input requesting issuance of a mobile ID from the user;

based on the user input, performing user authentication for determining suitability of a user requesting issuance of the mobile ID;

Based on the result of the user authentication, comprising the operation of providing an interface related to the acquisition of the identification information,

The user authentication for determining the suitability, a method including authentication certificate authentication and / or text message authentication.
The method of claim 9, wherein the obtaining of the image comprises:

detecting an input for updating the picture based on a specified object for updating the picture;

activating the camera module based on the input;

A method comprising the action of providing guidelines related to photographing through a preview.
The method of claim 9, wherein performing the face matching comprises:

performing face verification based on matching between the image and the image stored in the secure area of the memory;

determining whether the face matching is successful;

When the face matching fails, providing a guide related to re-photography;

If the face matching is successful, transmitting the message including the ID information, the image, and photo update request information for requesting to revise a photo of a mobile ID using the image to the server.
10. The method of claim 9,

managing an expiration period related to the mobile ID;

and guiding the update of the mobile identification card based on a predetermined time point specified in the expiration period.
15. The method of claim 14,

and providing a relevant notice to the user to update the mobile ID and/or renew the physical ID at a predetermined time specified in the expiration period.