KR101792249B1 - Method for Processing Card Transactions by using Code-Image - Google Patents

Abstract

The present invention relates to a method of processing a card transaction using a code image, the method comprising the steps of: executing a user's mobile phone with a camera and a server, The user's mobile phone reads the encoded bit stream and extracts the card information of the user stored in the designated storage medium as a unique identification Authenticated whether or not at least one specified authentication value including a valid card identification value included in the encoded bit string and including a volatile authentication value dynamically generated in a chip or a module in the card for one time use is included in the encoded bit string, Identify the valid card in the column Value and at least one specified authentication value including the volatile authentication value, the program of the user's mobile phone confirms one or more designated authentication values including a valid card identification value included in the encoded bit string and the volatile authentication value The program of the user's cellular phone transmits to the designated server at least one authentication value including the identified card identification value and the volatile authentication value, and the validity of the authentication value including the volatile authentication value is authenticated The card identification information of the user corresponding to the card identification value is confirmed from the designated storage medium and processed so as to be used for the transaction requested from the program of the user's mobile phone.

Description

[0001] The present invention relates to a method for processing a card transaction using a code image,

The present invention relates to a method executed by a user's mobile phone and a server having a camera, wherein a program of the user's mobile phone photographs and recognizes a code image electronically output on one side of a card carried by the user via the camera, A valid card identification value for uniquely identifying the card information of the user stored in the designated storage medium by reading the encoded bit stream by the program of the user's mobile phone is extracted in the encoded bit stream Authenticating whether or not at least one specified authentication value including a volatile authentication value dynamically generated as a one-time use in a chip or a module inside the card is included in the encoded bit string, and adding the valid card identification value and the volatile authentication value to the encoded bit string Contains one or more specified Wherein the program of the user's mobile phone identifies one or more specified authentication values including a valid card identification value included in the encoded bit string and the volatile authentication value, And transmits the at least one authentication value including the identification value and the volatile authentication value to a designated server, and after the validity of the authentication value including the volatile authentication value is authenticated by the server, And a process of processing the card information of the user of the user's mobile phone to be used for a transaction requested from the program of the user's mobile phone.

A method of providing a card transaction (for example, payment settlement, financial transaction, etc.) using an IC card equipped with an IC (Integrated Circuit) chip or an MS card provided with a magnetic stripe (MS) A face-to-face transaction method in which a card transaction is provided by reading card information recorded in the IC chip (or a magnetic strip) through a reader, and a face-to-face transaction method in which a user performs non- Face transaction method in which non-face-to-face card transactions are provided by keying in the received card information. However, the face-to-face transaction method must have a card reader. The non-face-to-face transaction method requires complicated non-face-to-face authentication procedures in order to authenticate a user in a non-face-to- It has discomfort.

Recently, smart phones that are equipped with processors and various additional devices that are more capable of voice calls than mobile phones and are free to install and operate applications are being activated. Due to the activation of such a smartphone, there is a need to use the smartphone as a means of card transaction to provide payment (or financial transaction). If the smart phone is used as a means of card transaction, since the smart phone does not have a card reader, the non-face-to-face transaction method of the key input method will be adopted as the card transaction method provided through the smart phone.

However, while the smartphone is free to mount and operate the application, it is vulnerable to jailbreak as compared to the conventional mobile phone, and unlike the conventional personal computer, there is a risk that the smartphone can be lost at any time. Card transactions will become more complex than conventional key entry methods.

On the other hand, in Korea, to provide non-face-to-face transactions, KFTC's 2-factor security recommendation must be satisfied. The two-factor security recommendation is that the physical media providing non-face-to-face transactions and the physical media providing security for non-face-to-face transactions must be separated. Transactions that do not meet the two- The amount is also limited.

In other words, there is no difficulty in providing various card transactions through the smart phone based on the technology developed so far. However, due to the physical and operational characteristics of the smart phone, And it is inevitable that it will be provided in a form in which the problem and the inconvenience are concentrated.

In order to solve the above-described problems, an object of the present invention is to provide a method for executing via a user's mobile phone and a server having a camera, And extracts a coded bit stream encoded in the code image, and the program of the user's mobile phone reads the coded bit stream and uniquely identifies the card information of the user registered and registered in the designated storage medium Authenticates whether or not at least one specified authentication value including a valid card identification value included in the encoded bit string and including a volatile authentication value dynamically generated in a chip or a module in the card for one time use is included in the encoded bit string, The valid card identification value and the watermark The program of the user's mobile phone confirms one or more specified authentication values including a valid card identification value included in the encoded bit string and the volatile authentication value when at least one specified authentication value including a surname authentication value is included, The program of the user's cellular phone transmits to the designated server at least one authentication value including the identified card identification value and the volatile authentication value, and after the validity of the authentication value including the volatile authentication value is authenticated, The card identification information of the user corresponding to the card identification value is confirmed from the storage medium and is used for the transaction requested by the program of the user's mobile phone.

delete

A card transaction processing method using a code image according to the present invention is a method executed by a user's mobile phone having a camera and a server, the method comprising the steps of: A step of extracting a coded bit stream encoded in the code image by capturing and recognizing a code image outputted as a coded bit stream; Authenticating whether or not at least one specified authentication value including a volatile authentication value included in the encoded bit string and dynamically generated as a disposable one in a chip or a module inside the card is included in the encoded bit string, And a step Wherein when a card identification value and at least one specified authentication value including the volatile authentication value are included, the program of the user's mobile phone includes a valid card identification value included in the encoding bit string and one or more designated authentication A fourth step of the program of the user's cellular phone transmitting at least one authentication value including the identified card identification value and the volatile authentication value to a designated server; And a fifth step of performing a process of processing the card information of the user corresponding to the card identification value from the designated storage medium to be used for the transaction requested from the program of the user's cellular phone after the validity of the authentication value including the authentication value And a control unit.
The card transaction processing method using a code image according to the present invention may further include receiving or confirming transaction information for a transaction using user card information corresponding to the card identification value.
In the card transaction processing method using a code image according to the present invention, the fourth step may further include the step of the program of the user's mobile phone transmitting the transaction information to the server, And processing the transaction for the transaction information using the card information of the identified user.
The method may further include the step of providing the confirmed card information of the user to the program of the user's mobile phone in the server and the step of providing the program of the user's mobile phone to the user of the user's mobile phone, And processing the transaction corresponding to the transaction information using the card information of the transaction information.
In the card transaction processing method using the code image according to the present invention, the card identification value of the encoded bit string may be authenticated through the authentication value provided in the user's mobile phone, An identification value is authenticated or an encrypted card identification value is decrypted when a card identification value of the encoding bit string is encrypted or a digital signature is included in a card identification value of the encoding bit string, And a step of authenticating a validity of an authentication value of the encoded bit string when the authentication value specified in the column is included in the column of the encoded bit string.
The card transaction processing method using a code image according to the present invention is characterized in that the authentication value further includes a fixed authentication value stored in the card from which the code image is output.
In the card transaction processing method using a code image according to the present invention, the card identification value may include at least one of an address value of a storage medium storing the card information of the user, and a unique identification value mapped with the card information of the user And the like.
The card transaction processing method using a code image according to the present invention is characterized in that the card information of the user is stored in a storage medium of a card company issuing a card corresponding to the card information.
The terminal device according to the present invention is characterized in that a coding bit string including a card identification value associated with user card information stored in a storage medium on a communication network is stored in a form of a code image in which bright or dark cells are arranged according to a predetermined matrix arrangement structure A code image recognizing unit for recognizing the code image electronically outputted on one side of the card through a camera and extracting the encoded bit stream if the code image is electronically output on one side of the card, A bit stream reading unit for extracting a valid card identification value from the encoded bit stream on the basis of the authentication result; Acquiring user card information associated with the card identification value from the medium And a transaction approval request unit configured to configure transaction request data including the user card information and the transaction information to be transmitted to a server on the communication network.

The terminal device according to the present invention is characterized in that when a coded bit string including user card information is electronically output on one side of a card in the form of a code image in which light or dark cells are aligned according to a predetermined matrix alignment structure, A code image recognizing unit for recognizing the code image electronically output on one side of the card and extracting the encoded bit stream; and a code image recognizing unit for extracting the user card information from the encoded bit stream through a user input value input from the user A bit stream reading unit for obtaining valid user card information from the encoded bit stream on the basis of the authentication result; and an access control unit configured to form transaction request data including the user card information and transaction information, To the server on the server side It is.

According to the present invention, the terminal device comprises: an interface output part for displaying the transaction information and outputting an interface for inputting at least one card information configuration value constituting the user card information; And an interface processing unit for automatically inputting the card information configuration value of the user card information to each input item of the interface.

According to the present invention, the terminal apparatus further includes a configuration value verifying unit for verifying at least one card information configuration value included in the user card information, and the transaction approval request unit transmits the confirmed card information configuration value to a transaction protocol And the transaction request data including the user card information and the transaction information is configured to be transmitted to the server on the communication network.

According to the present invention, the authentication processing unit of the terminal device logs in to the specified authentication server through the user input value or compares the user input value with the authentication value received from the specified authentication server provided in the terminal device, Or if the authentication result of the user input value and the authentication value is derived as a predicted operation result value, or if a public key certificate is provided in the memory unit (or USIM) of the terminal device, Wherein the verification unit checks whether the user input value is valid through the authentication function or extracts the authentication value from the encoded bit string when the encoded bit string includes the authentication value and compares the user input value with the extracted authentication value Or if the user input value and the extracted authentication value are checked (Or a part of the coded bit string) based on the user input value when the encoding bit string (or a part of the coded bit string) is encrypted, Or if the digital signature is included in the encoded bit string, it can be authenticated by using one or more of checking whether the digital signature is valid based on the user input value.

According to the present invention, when the authentication result of the authentication processing unit is a predicted result value, the bit string reading unit of the terminal device extracts a valid card identification value by reading the encoded bit string, or extracts a part of the encoded bit string Or a valid card identification value can be extracted by combining a part of the encoded bit string with the authentication result value.

According to the present invention, when the authentication result of the authentication processing unit is a predicted result value, the bit string reading unit of the terminal reads out the encoded bit string and extracts valid user card information, or extracts a part of the encoded bit string It is possible to replace the authentication result value with the authentication result value or extract the valid user card information by combining a part of the encoded bit string and the authentication result value.

According to the present invention, the encoding bit stream of the terminal device further includes a volatile authentication value dynamically generated in the card, and the authentication processing unit compares the user input value with the volatile authentication value to confirm whether or not the user input value matches the volatile authentication value, It can be confirmed whether the verification result of the input value and the volatile authentication value is derived as the predicted calculation result value.

According to the present invention, the encoded bit stream of the terminal device further includes a volatile authentication value dynamically generated in the card, and the transaction request data may further include a volatile authentication value extracted from the encoded bit stream.

According to the present invention, the encoding bit stream of the terminal apparatus further includes at least one fixed authentication value stored in the card, and the authentication processing unit compares the user input value and the fixed authentication value to check whether they match, It can be confirmed whether the verification result of the input value and the fixed authentication value is derived from the predicted calculation result value.

According to the present invention, the encoding bit stream of the terminal apparatus further includes a fixed authentication value stored in the card, and the transaction request data may further include a fixed authentication value extracted from the encoded bit stream.

According to the present invention, the encoded bit string of the terminal further includes an encryption key value, and the transaction approval request unit encrypts the transaction request data (or a part of the transaction request data) through the encryption key value, As shown in FIG.

According to the present invention, the encoded bit string of the terminal apparatus further includes a key generation value for generating an encryption key, and the transaction approval request unit transmits the transaction request data (or the transaction request data) through the encryption key dynamically generated through the key generation value Transaction request data) to be transmitted to the server on the communication network.

According to the present invention, the encoding bit stream of the terminal apparatus further includes an electronic signature key value, and the transaction approval requesting unit transmits an electronic signature (or part of the transaction request data) To be transmitted to the server on the communication network.

According to the present invention, the terminal device includes a camera and is provided with a mobile phone, a smart phone, an ATM (Automatic Teller Machine) / CD (Cash Dispenser), a CAT (Credit Authorization Terminal) , A personal computer, and the like.

A system according to the present invention includes: a storage medium for holding user card information and a card identification value in association with each other; a recognition unit for recognizing a code image electronically output from a terminal device having a camera through a communication network, Authentication processing means for processing authentication that is set so as to effectively extract the card identification value from the encoded bit stream through the user input value; Bit stream reading means for extracting a valid card identification value from the encoded bit stream, card information extracting means for extracting user card information associated with the card identification value from the storage medium, And a transaction processing means for processing the transaction of the transaction.

According to the present invention, the authentication processing unit compares the user input value with the stored authentication value to check whether the user input value matches with the stored authentication value, or whether the verification result of the user input value and the authentication value is derived from the predicted calculation result value, Extracting the authentication value from the encoded bit string when the encoded bit string includes the authentication value, comparing the extracted user authentication value with the extracted user authentication value, or checking whether the user input value matches the extracted authentication value, The verification value is extracted from the encoded bit string when the verification result of the value is derived from the predicted operation result value or the authentication bit value is included in the encoded bit string and then combined with the user input value to generate a verification value The verification value is compared with the stored authentication value, Or if the verification result of the verification value and the authentication value is derived as the predicted operation result value or if the encoding bit string (or a part of the encoding bit string) is encrypted, (Or a part of a coded bit string) is normally decrypted, or, when the coded bit string includes an electronic signature, checking whether the digital signature is valid based on the user input value, can do.

According to the present invention, when the authentication result of the authentication processing unit is a predicted result value, the bit stream reading means of the system reads out the encoded bit stream and extracts a valid card identification value, or extracts a part of the encoded bit stream Or a valid card identification value can be extracted by combining a part of the encoded bit string with the authentication result value.

According to the present invention, the transaction processing means of the system processes the user card information to be transmitted to the terminal device, or when the transaction information is received from the terminal device, a transaction including the user card information and the transaction information The request data can be processed to be transmitted to the card company server (or the financial company server).

According to the present invention, the encoded bit stream of the system further includes a volatile authentication value dynamically generated in the card, and the authentication processing means compares the user input value with the volatile authentication value to confirm whether or not they match, It can be confirmed whether the verification result of the input value and the volatile authentication value is derived as the predicted calculation result value.

According to the present invention, the encoding bit stream of the system further includes a fixed authentication value stored in the card, and the authentication processing means compares the user input value with the fixed authentication value to check whether they match or not, And the verification result of the fixed authentication value are derived as the predicted calculation result value.

According to the present invention, a code image obtained by coding card information or an identification value for extracting card information stored in a storage medium is electronically output to one side of a card, And the card image is recognized through the provided camera and the card transaction is processed. Thus, the terminal device (smartphone) can be conveniently and safely applied with 2-factor security using a camera without having a separate card reader There is an advantage to providing card transactions.

1 is a diagram illustrating a transaction processing system according to an embodiment of the present invention.
FIGS. 2A, 2B, and 2C are diagrams illustrating a card structure for outputting a code image and processing a transaction according to an embodiment of the present invention.
3 is a diagram showing a module configuration according to an embodiment of the present invention.
FIG. 4 is a diagram showing a functional configuration of a generation module according to an embodiment of the present invention.
5 is a diagram illustrating a functional configuration of a terminal device according to an embodiment of the present invention.
6 is a diagram illustrating a server configuration for processing a transaction through a code image according to an embodiment of the present invention.
7 is a diagram illustrating a code image-based transaction process according to an embodiment of the present invention.
8 is a diagram illustrating a code image-based transaction process according to another embodiment of the present invention.
9 is a diagram illustrating a code image-based transaction process according to another embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram showing a configuration of a transaction processing system according to an embodiment of the present invention.

In more detail, FIG. 1 includes a code image including an encoded bit string including a card identification value associated with user card information stored in a storage medium 630 on a communication network, or an encoded bit string into which the user card information is embedded (Or user card information) included in the encoded bit string is recognized by recognizing the code image through the terminal device 500, and then, And the transaction requested by the user through the terminal device 500 is processed using the card information (or the card information extracted from the encoded bit stream) associated with the card identification value.

According to the present invention, the transaction processing system includes a card 200 for electronically outputting a code image including an encoded bit string into which the card identification value (or user card information) is inserted, on one side, (Or the user card information) included in the encoded bit stream and then extracts the card information (or the encoded bit stream from the encoded bit stream) associated with the card identification value by recognizing the code image electronically output on one side of the card 200 And a terminal device 500 for processing transactions requested by the user using the extracted card information.

The card 200 is any one of an IC card, an MS card, and a plastic card 200 having a configuration for electronically outputting a code image on one side.

The terminal device 500 is a general term of a device having a camera and connected to a communication network and includes a mobile phone, a smart phone, an ATM (Automatic Teller Machine) / CD (Cash Dispenser) A point of sale terminal, and a personal computer, and may be selected from various devices having a camera and connected to a communication network according to an implementation method.

If the transaction processed by using the code image electronically output on one side of the card 200 is on-line commerce, the transaction processing system may be a shop server 105 (for example, an Internet shopping mall) A payment server 110 connected to the store server 105, a bank server 115 or a financial company server 125 connected to the payment agency server 110, And a card issuer server 120 connected to the subscriber server 115.

Or a transaction processed using a code image electronically output on one side of the card 200 is mobile commerce, the transaction processing system includes a payment agency server 110 connected to the terminal device 500, A bank server 115 or a financial company server 125 connected to the server 110 and a card issuer server 120 connected to the bank server 115.

Alternatively, when the transaction processed by using the code image electronically output on one side of the card 200 is an off-line commercial transaction, the transaction processing system may include a subscriber server 115 connected to the terminal device 500, 115 and a card issuer server 120 connected to the card issuer server 120.

Alternatively, when the transaction processed using the code image electronically output on one side of the card 200 is a non-face financial transaction or an ATM / CD transaction, the transaction processing system may be a financial transaction server connected to the terminal device 500 125).

According to the present invention, the merchant server 105, the payment agent server 110, the bank server 115, the card company server 120, and the financial company server 125 can receive transaction request data transmitted from the terminal device 500 And processes the transactions requested by the terminal device 500. [

If a transaction to be processed using the code image electronically output on one side of the card 200 is relayed through the relay server 130, the transaction processing system is connected to the communication channel with the terminal device 500, And a relay server 130 in which a communication channel is connected to at least one of the payment agent server 110, the financial company server 125, and the subscriber server 115.

The relay server 130 is connected to the terminal device 500 through a communication channel and transmits the transaction request data transmitted from the terminal device 500 to the payment agent server 110, ), And the subscriber server (115).

2a, 2b and 2c are diagrams showing a card structure for outputting a code image and processing a transaction according to an embodiment of the present invention.

2A, 2B, and 2C illustrate an encoding bit string including a card identification value associated with user card information stored in a storage medium 630 on a communication network, or an encoding bit string into which the user card information is inserted (X * y) adjacent or intersecting bright or dark cells according to a predetermined matrix alignment structure and converts the code image into a code image, and then electronically through an output module 235 provided on one side of the card 200 Fig.

The card 200 includes an upper layer coating medium portion 205 made of a transparent material, an upper layer insulating medium portion 210 provided inside the upper layer coating medium portion 205, And a lower layer coating medium portion 220 formed on the outer side of the lower insulating medium portion 215. The lower layer coating medium portion 220 may include a lower layer insulating medium portion 215, The card 200 has a width of 85.6 mm / 54 mm and a thickness of each component of the card 200 is 0.7 mm or more and 1.2 mm or less.

The upper layer coating medium portion 205 may include a pattern printed layer of the upper insulating medium portion 210. The upper layer coating medium portion 205 may include a pattern printed on the outer side of the upper insulating medium portion 210, And performs a function of preventing damage. The lower layer coating medium part 220 may further include a pattern print layer on which a predetermined pattern is printed outside the lower layer insulating medium part 215. In this case, Thereby preventing the data from being damaged.

When the card 200 is an IC card, the card 200 may further include an IC chip 225 embedded in a junction between the upper insulating medium portion 210 and the lower insulating medium portion 215. In this case, the card 200 includes a COB (chip on board) part electrically connected to the eight contact terminals provided on the IC chip 225 and exposed on the upper layer coating medium part 205, The antenna unit 250 may receive one or more radio frequency signals transmitted from the terminal device 500 proximate to the IC chip 225 and apply the RF signals to the IC chip 225. [ The antenna unit 250 may be embedded in the junction between the upper insulating medium unit 210 and the lower insulating medium unit 215 so that the upper insulating medium unit 210 and the lower insulating medium unit 215 are formed. If the card 200 is not an IC card, the IC chip 225, the COB unit, and the antenna unit 250 may be omitted.

When the card 200 is an MS card, the card 200 may further include a magnetic strip 230 provided on the outer side of the lower insulation medium portion 215. If the lower layer coating media portion 220 is provided on the card 200, the magnetic strip 230 may be exposed to the outside of the lower layer coating media portion 220. If the card 200 is not an MS card, the magnetic strip 230 may be omitted.

According to the present invention, a card (200) including at least one of a credit card, a check card, a debit card, a cash card, an electronic passbook, and a membership card issued to the user and outputting the code image electronically to one side of the card 200 and the user card may be the same card or another card.

The card 200 is provided on one side of the card 200 and includes an output module 235 for electronically outputting a code image.

The output module 235 is a thin display that can be embedded in the upper insulating medium portion 210 while the upper insulating medium portion 210 inside the upper coating medium portion 205 is bent together. The output module 235 may be formed in the form of an electronic paper or a thin liquid crystal display (LCD) having a thickness of about 0.4 mm, and may be provided on one side of the card 200.

According to an embodiment of the present invention, the output module 235 has a code image display area for displaying a code image composed of adjacent or intersecting bright or dark cells in the horizontal / vertical directions x * y in accordance with a predetermined matrix alignment structure do. According to the intention of the person skilled in the art, the output module 235 has at least one numerical display area for displaying a number of digits specified in the code image display area, a character display area for displaying characters, and a symbol display area for displaying symbols can do.

The matrix alignment structure may include at least one of a matrix alignment structure of a data matrix standard of the ISO / IEC 16022 standard or a matrix alignment structure of a QR code standard of the ISO / IEC 18004 standard. However, the matrix alignment structure is not limited to the data matrix standard or the QR code standard, and various standards such as the PDF417 standard or the maxicode standard may be used, and the present invention is not limited to the matrix alignment structure.

The card 200 includes an input module provided on one side of the card 200 to generate a code image output request signal for requesting the code display region of the output module 235 to display the matrix display value 240).

The input module 240 induces a user's operation (e.g., pressure with a finger) through a printed design of the printed layer of the upper insulating medium 210, and a sensing sensor A sensor, and an electronic sensor), and generates a code image output request signal by sensing a user operation through the key button.

According to an embodiment of the present invention, the input module 240 may include a single key button. In this case, the input module 240 may display the matrix image in the code image display area of the output module 235, Value of a user input signal having a predetermined one or more signal patterns requesting to display a code image output request signal in the form of a user input signal.

According to another embodiment of the present invention, the input module 240 may include a plurality of key buttons. In this case, the input module 240 may output a user input signal corresponding to the code image output request signal, A key input signal corresponding to the key button of the key input unit 100 may be generated.

The card 200 stores a card identification value associated with the user card information stored in the storage medium 630 on the communication network among the user cards issued to the user or a storage module 275 for storing the user card information. . Here, the card information includes at least one of credit card information, check card information, debit card information, cash card information, account information, and membership information of the user card.

The card identification value may include at least one unique identification value stored in the storage medium 630 in association with the address value of the storage medium 630 in which the user card information is stored and the user card information.

If the user card information is stored in the storage module 275, the user card information may be sorted according to the card information arrangement structure and stored in the storage module 275. Herein, the card information alignment structure includes a COB unit or an antenna unit 250 included in an APDU protocol when reading card information stored in a memory of an IC chip 225 provided in the user card via an IC card reader And a read bit string read from the IC chip 225 through the bit line. Or the card information recorded on the track of the magnetic strip 230 provided on the user card through the MS card reader, the card information alignment structure may include a read bit string read from the track of the magnetic strip 230 It means the data structure it has. However, according to the intention of those skilled in the art, the card information may not be arranged in the card information alignment structure, and the card information may store the card information in a table form.

2A, the storage module 275 is implemented as a memory of a module chip 255 embedded in a junction between an upper insulating medium portion 210 and a lower insulating medium portion 215 of the card 200 . The module chip 255 is an IC chip 225 or an RF chip embedded in a junction between the upper insulating medium portion 210 and the lower insulating medium portion 215. Alternatively, the storage module 275 may be embodied in the form of a memory chip (not shown) embedded in a junction between the upper insulating medium portion 210 and the lower insulating medium portion 215.

Referring to FIGS. 2b and 2c, when the IC chip 225 is provided at the junction of the upper and lower insulation media portions 210 and 215 of the card 200, And may be implemented in a memory of the IC chip 225. If the user card information is stored in the memory of the IC chip 225, a file storing the user card information in the memory of the IC chip 225 corresponds to the storage module.

When the card identification value is stored in the storage module 275, the card 200 generates an encoded bit string into which the card identification value is inserted. When the user card information is stored in the storage module, And a generation module 260 for generating an encoded bit stream into which the card information is inserted.

When the card identification value is stored in the storage module 275 according to an embodiment of the present invention, when the code image output request signal is input through the input module 240, Extracts the card identification value from the module 275, and generates an encoded bit string of a specified number of bits including the card identification value.

Here, the encoded bit stream is a bit stream to be inserted into a data area of a code image data structure that is converted into a code image to be output to the output module 235, and the number of bits of the encoded bit stream is And the card identification value included in the encoded bit stream is less than or equal to the bit number of the data area.

When the user card information is stored in the storage module 275 according to another embodiment of the present invention, when the code image output request signal is input through the input module 240, Extracts the card identification value from the module 275, and generates an encoded bit string of a specified number of bits including the user card information. Here, the user card information included in the encoded bit stream is smaller than or equal to the number of bits of the data area.

According to an embodiment of the present invention, the card identification value or the user card information may be regarded as binary data to be included in the matrix alignment structure and may be included in the encoding bit string. In this case, The code system of the value stored in the module 275 is maintained.

According to another embodiment of the present invention, the card identification value or the user card information may be coded according to the code system of the matrix alignment structure and included in the encoding bit stream. For example, when the matrix alignment structure is a data matrix standard, the card identification value or the user card information may be coded according to an 11-ary code system using numbers '0' to '9''To' 27 'or' 27 'or' 27 'to' 27 'or' 27 'and spaces using uppercase alphabetic characters'A' through 'Z' , The uppercase alphabetic characters 'A' through 'Z', numbers '0' through '9' and spaces, endpoints, commas, minus, and / And can be coded into the encoding bit stream.

The card 200 generates code image data including the encoding bit stream in a data area of the code image data structure, and generates x * y (x, y) corresponding to the code image data on the basis of the finder pattern of the matrix alignment structure. A coding module 265 for generating a code image by adjacently or intersecting the cells of the input module 240 and a coding module 260 for coding the user card information through the generation module 260 based on the code image output request signal of the input module 240 The encoding module 265 generates a code image including the encoded bit stream and controls the generated code image to be output through the code image display area of the output module 235 And a control module 270.

When the encoded bit string is generated through the generation module 260, the encoding module 265 generates one or more bit strings corresponding to a code image data structure corresponding to the matrix alignment structure before / after the encoded bit string A prefix bit string, a header bit string, a trailer bit string, etc.) are added to generate code image data. Here, the code image data is a bit string to be converted into a code image composed of x * y adjacent or intersecting light or dark cells in the horizontal / vertical direction according to the matrix alignment structure.

When the code image data is generated, the encoding module 265 generates a code image by adjacently or intersecting x * y cells corresponding to the code image data on the basis of the finder pattern of the matrix alignment structure, The control module 270 outputs the generated code image to the code image display area of the output module 235. [

2A, the storage module 275, the generation module 260, the encoding module 265, and the control module 270 are connected to the joint portions of the upper and lower insulation media portions 210 and 215 And may be implemented in the form of embedded module chip 255.

2B, when the IC chip 225 is provided in the card 200, the storage module 275 is implemented in a memory of the IC chip 225, and the generation module 260, The control module 270 and the control module 270 may be embodied in the form of a module chip 255 embedded in the junction of the upper insulating medium portion 210 and the lower insulating medium portion 215 and connected to the IC chip 225, And the output module 235 and the input module 240 are connected to the module chip 255.

Referring to FIG. 2C, when the IC chip 225 is provided in the card 200, the storage module 275 is implemented in the memory of the IC chip 225, and the generation module 260, The output module 235 and the input module 240 may be implemented in the form of a program module that is operated through the processor of the IC chip 225. The output module 235 and the input module 240 may be integrated with the IC chip 225, Lt; / RTI >

The card 200 includes at least one module of the card 200 among the output module 235, the storage module 275, the generation module 260, the encoding module 265, and the control module 270, And a battery 245 for applying power to the battery.

The battery 245 is embedded in the junction of the upper insulating medium portion 210 and the lower insulating medium portion 215 and overlaps with other components (for example, IC chip 225, antenna, etc.) embedded in the junction portion The card 200 may be manufactured so as not to increase the thickness of the card 200 and be embedded in the joint.

The card 200 receives a radio frequency signal transmitted from the terminal device 500 close to the card 200 and guides the driving power from the radio frequency signal to the output module 235, And an antenna unit 250 for applying power to at least one module included in the card 200 among the generating module 260, the encoding module 265, and the control module 270.

The antenna unit 250 applies the received radio frequency signal to the generation module 260 (or a separate signal conversion module (not shown)) to transmit the radio frequency signal from the terminal device 500 to the card 200 So that at least one signal value included in the radio frequency signal is extracted.

If the IC chip 225 is provided at the junction of the upper insulating medium portion 210 and the lower insulating medium portion 215 and the antenna connected to the IC chip 225 is provided, An antenna connected to the IC chip 225 may be shared and used.

3 is a diagram showing a module configuration according to an embodiment of the present invention.

In more detail, in FIG. 3, the encoded bit string into which the card identification value or the user card information is inserted is converted into a code image composed of adjacent or intersecting bright or dark cells in the horizontal / vertical directions x * y in accordance with a predetermined matrix alignment structure And outputting it electronically. 3 illustrates a method of implementing the storage module 275, the generating module 260, the encoding module 265, and the control module 270 in the form of a module chip 255. However, It is to be clearly understood that the module is not limited in any way, and that the module can be implemented in at least one of the modes of operation (or combination of modes) shown in Figures 2a, 2b and 2c.

According to an embodiment of the present invention, the storage module 275 stores a card identification value associated with user card information stored in a storage medium 630 on a communication network, and the generation module 260 generates a card identification value And generates the inserted encoded bit stream.

According to another embodiment of the present invention, the storage module 275 stores user card information, and the generation module 260 generates an encoded bit string into which the user card information is inserted.

The encoding module 265 codes the encoded bit stream generated by the generation module 260 to generate code image data, and generates the generated code image data as a code image to be output to the display area of the display module 260 , The control module 270 controls the code image generated by the encoding module 265 to be output to the code image display area of the output module 235. [

When the input module 240 includes a plurality of key buttons, the storage module 275 compares the key input values generated through the key buttons of the input module 240, The control module 270 may store the user authentication value for authenticating the user authentication value, and when one or more key input signals to be compared with the user authentication value are inputted through the input module 240, And may authenticate a user requesting the output module 235 to output a code image by comparing the key input value and the user authentication value.

Alternatively, when the input module 240 includes one key button, the storage module 275 compares the two or more signal pattern values that can be generated through the key buttons of the input module 240 to authenticate the user When the code image output request signal is generated through the input module 240, the control module 270 reads the signal pattern of the input code image output request signal and outputs a signal pattern value And to authenticate a user requesting the output module 235 to output a code image by comparing the detected signal pattern value with the user pattern value. Here, the signal pattern is a signal generation pattern including at least one of a time at which the key button is pushed to generate the code image output request signal, a number of times the key button is pressed, and an interval at which the key button is pushed twice or more.

If two or more disparate code images are set to be output through the output module 235 according to an embodiment of the present invention, if the input module 240 has one key button, the storage module 275 stores the input The control module 270 stores two or more kinds of signal pattern values that can be generated through the key buttons of the module 240 and two or more kinds of disparate code image types, The signal pattern of the image output request signal is read and a signal pattern matching the stored signal pattern value is detected. If any one of the signal patterns matching the signal pattern value is detected, the control module 270 controls the code image associated with the detected signal pattern to be output to the code image display area of the output module 235 .

Or if two or more different code images are set to be output through the output module 235 and the input module 240 is provided with a plurality of key buttons, The control module 270 stores the key input values generated through the key buttons of the input module 240 in association with two or more key input values inputted through the key buttons and two or more kinds of different code image types, A value matching the key input value is detected. If the key input value is detected, the control module 270 controls the code image associated with the detected key input value to be output to the code image display area of the output module 235.

According to an embodiment of the present invention, the generation module 260 generates a volatile authentication value of a specified number of digits using one or more seed values. To this end, the storage module 260 stores one of seed values used to generate the volatile authentication value The above fixed seed values can be stored. Here, the volatile authentication value is an authentication value that can be used only once as an authentication value at the time when the encoded bit string is constructed, and can not be reused.

If the volatile authentication value is generated, the generation module 260 may further insert the generated volatile authentication value into the encoding bit string. If the output module 235 is provided with at least one additional display area among a numeric display area, a character display area, and a symbol display area, the control module 270 determines whether the generated volatile authentication value is included in the additional display area So that the display can be controlled.

According to an embodiment of the present invention, the storage module 275 stores one or more fixed authentication values for the card 200, and the generation module 260 stores the encryption bit string in the storage module 275 More than one fixed authentication value can be inserted. Here, the fixed authentication value may include any value that is fixed to be inserted into the encoding bit stream, except for the card identification value or the user card information. For example, the fixed authentication value may include a password value of the user card. If the IC chip 225 is provided in the card 200, the fixed authentication value may be selected from among the values stored in the IC chip 225. Or when the modules are implemented in a chip form, the fixed authentication value may include the serial number (or serial number) of the chip.

According to the embodiment of the present invention, the storage module 275 stores the encryption key value, and the generation module 260 encrypts the encryption bit string (or a part of the encoding bit string) using the encryption key value . For example, the generation module 260 may selectively encrypt a card identification value or user card information included in the encoded bit stream.

Alternatively, the storage module 275 may store a key generation value for generating the encryption key, and the generation module 260 may dynamically generate an encryption key value through the key generation value, Or a part of the encoded bit string) through the generated encryption key value.

According to an embodiment of the present invention, the storage module 275 stores an encryption key value to be transmitted to the terminal device 500 that recognizes the code image, and the generation module 260 converts the encryption key value into the encryption bit value You can insert it further into the column.

Alternatively, the storage module 275 may store a key generation value for dynamically generating an encryption key value to be transmitted to the terminal device 500 that recognizes the code image, and the generation module 260 may generate a key generation value An encryption key value may be generated and inserted into the encoding bit stream.

Alternatively, the storage module 275 may store a key generation value to be used in generating the encryption key in the terminal device 500 that recognizes the code image, and the generation module 260 may generate the key generation value in the encoding bit string Can be inserted.

According to an embodiment of the present invention, the storage module 275 stores a public certificate of the user, and when the user authentication is completed by the control module 270, The encoding bit stream (or a part of the encoded bit stream) can be encrypted through at least one key value. For example, the encoded bit stream (or a portion of the encoded bit stream) may be encrypted using the secret key value of the public key certificate or may be encrypted using the private key value.

Alternatively, the storage module 275 stores the user's public key certificate, and when the user authentication is completed by the control module 270, the generation module 260 transmits at least one key value included in the public key certificate (E. G., The card identification value or the user card information) inserted in the encoded bit stream, and insert the electronic signature into the encoded bit stream. The generation module 260 may encrypt a portion of the encoded bit string inserted in the encoded bit string through the private key value of the public key certificate and then insert the encrypted value into the encoded bit string using the digital signature of the partial value.

Alternatively, the storage module 275 stores the user's public key certificate, and when the user authentication is completed by the control module 270, the generation module 260 generates the key code value May further insert at least one key value to be used in the terminal apparatus 500 that recognizes the encoded bit string. For example, the generation module 260 may include the public key included in the public key certificate in the encoding bit stream.

4 is a functional block diagram of a generation module 260 according to an embodiment of the present invention.

In more detail, FIG. 4 illustrates a functional configuration of a generation module 260 that generates a volatile authentication value using one or more seed values.

Referring to FIG. 4, the generation module 260 includes a dynamic seed acquiring unit 405 for acquiring at least one dynamic seed value, a fixed seed acquiring unit 410 for acquiring fixed one or more fixed seed values, A value generator 415 for generating a volatile authentication value by substituting the dynamic seed value and the fixed seed value into an input value of a predetermined random number generator RNG, And a bit string forming unit 425 for adding the volatile authentication value to the inserted encoded bit string. When a binary value of T bits is generated through the value generating unit 415, the binary value of the generated T bit And a value converting unit 420 for converting the input character string into one or more character values, symbol values, and numeric values by substituting the predetermined encoding rule into the predetermined encoding rule.

The dynamic seed value includes a time value obtained from the timer 400, a random number generated through a random number generator (RNG), and a random number generated through a random number generator (RNG) And may include any one value. If the card 200 is provided with the antenna unit 250, the dynamic seed value may be a radio frequency signal generated by the terminal apparatus 500 close to the card 200 and received through the antenna unit 250, And may include a signal value determined by reading the signal value. Here, the timer 400 may be provided in a chip having the generation module 260 or in the form of a separate counter module connected to the module chip 255.

The fixed seed value may include one or more stored values stored in the storage module 275. If the IC chip 225 is provided in the card 200, the fixed seed value may include one or more stored values stored in the memory of the IC chip 225. If the card 200 is provided with the antenna unit 250, the fixed seed value is extracted from the memory of the terminal device 500 close to the card 200, And may include a signal value determined by reading the frequency signal.

When at least one dynamic seed value is obtained through the dynamic seed acquiring unit 405 and one or more fixed seed values are acquired through the fixed seed acquiring unit 410, And generates the volatile authentication value by substituting the dynamic seed value and the fixed seed value into a random number generator (RNG) to which a random number algorithm for generating a value is applied. If there are a plurality of volatile authentication values, the value generator 415 repeatedly generates the volatile authentication values using the respective dynamic seed values and fixed seed values corresponding to the respective volatile authentication values, The plurality of volatile authentication values may be determined by dividing the generated value by regions after generating values equal to or longer than the combined length of the lengths of the volatile authentication values.

According to an embodiment of the present invention, the value generator 415 substitutes the dynamic seed value and the fixed seed value as an input value of a random number generator (RNG) for generating a number value of S (S? 1) After generating the number value of the S number of digits, the number value of s (1? S? S) number of the number value of the S number of digits may be determined as the volatile authentication value.

According to another embodiment of the present invention, the value generator 415 substitutes the dynamic seed value and the fixed seed value as an input value of a random number generator (RNG) for generating a binary T (T> 1) After generating the binary value of T bits, the binary of t (1? T? T) bits of the binary of T bits can be determined as the volatile authentication value.

When a binary value of T bits is generated through the value generating unit 415, the value converting unit 420 substitutes the binary value of the generated T bits into a predetermined encoding rule, And a numeric value, or into a combination value of one or more of the characters, symbols, and numbers.

5 is a diagram illustrating a functional configuration of a terminal apparatus 500 according to an embodiment of the present invention.

5 illustrates an example of a method of recognizing a code image electronically output on one side of a card 200, extracting an encoded bit stream, extracting user card information (or a card identification associated with the user card information Value) to request a transaction, and a program function configuration of the terminal device 500. The terminal device 500 shown in FIG.

The terminal device 500 is a general term of a device having a camera and connected to a communication network and may be a mobile phone, a smart phone, an ATM (automatic teller machine) / CD (cash dispenser) A communication unit 530, a camera unit 520, and a power supply unit (not shown). The control unit 505, the memory unit 545, the communication unit 530, the camera unit 520, 525 and may further include a screen output unit 510, a key input unit 515 and a USIM 540 and a USIM reader unit 535 according to the purpose. Those skilled in the art will be able to deduce various components added to the components other than the components described above depending on the type of the terminal device 500, It will be evident that the invention is not limited by the scope of the claims.

The control unit 505 is a generic term for controlling the operation of the terminal apparatus 500. The controller 505 includes at least one processor and an execution memory, BUS). The control unit 505 loads at least one program code included in the terminal apparatus 500 through the processor and loads the program code into the execution memory and transfers the result to at least one functional unit through the bus, And controls the operation of the terminal apparatus 500. Hereinafter, the functional unit implemented in the form of program code for realizing the present invention will be described in the control unit 505 for convenience.

The memory unit 545 is a general term of the nonvolatile memory included in the terminal apparatus 500 and includes at least one program code executed through the control unit 505 and at least one data set used by the program code And stores it. The memory unit 545 basically includes a system program code and a system data set corresponding to the operating system of the terminal apparatus 500, a communication program code and a communication data set for processing a communication connection of the terminal apparatus 500, And the program code and data set for implementing the present invention are also stored in the memory unit 545. [

The communication unit 530 is a collective term for a communication module that connects a communication channel with the server 100 on the communication network and includes at least one of a wired network communication unit 530, a wireless network communication unit 530 and a local communication unit 530. The wired network communication unit 530 includes a communication module for connecting a communication channel using a wired communication line as a communication medium, and identifies a communication object based on an IP address or a domain name. The wireless network communication unit 530 includes a communication module for connecting a communication channel by using a radio frequency signal transmitted and received by the base station as a communication medium, and performs wireless network connection, registration, communication, and handoff. The short range communication unit 530 includes a communication module for connecting a communication channel using a radio frequency signal as a communication medium within a predetermined distance. Preferably, the short range communication unit 530 includes a communication module such as RFID communication, Bluetooth communication, Wi- And communication.

The camera unit 520 includes the optical unit, a CCD (Charge Coupled Device), and a camera module for driving the CCD unit, and acquires bitmap data input to the CCD through the optical unit. The bitmap data may include both still image data and moving image data.

The screen output unit 510 includes a screen output device (e.g., an LCD (Liquid Crystal Display) device) and an output module 235 for driving the screen output device 510. The control unit 505, And outputs the result of the operation corresponding to the screen output to the screen output device.

The key input unit 515 includes a key input device having at least one key button (or a touch screen device connected to the screen output unit 510) and an input module 240 for driving the key input device. 505 and a bus, and inputs a command for commanding various operations of the control unit 505 or data necessary for the operation of the control unit 505.

The USIM reader unit 535 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module that is mounted or detached from the terminal apparatus 500 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM 540 is a SIM type card having a chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader 535, A chip memory for storing a code and a data set; a processor for calculating the program code for the chip or extracting (or processing) the data set in accordance with at least one command transmitted from the terminal device 500 in connection with the input / output interface, And a processor for transmitting the data to the input / output interface.

The input / output interface includes at least one of a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), a programming power supply (VPP), and an input / output , The processor interfaces with the USIM reader unit 535 via the contact. The chip memory stores system program codes and system parameters corresponding to the operating system of the chip and at least one security module, and stores at least one communication parameter required for the wireless communication network connection of the terminal apparatus 500 in a fixed storage area (Subscriber Identity Module) information. According to an embodiment of the present invention, the chip memory includes at least one application issuer storage area (for example, SD (Security Domain)) storing program codes (= applets) produced by at least one applet issuer and a data set, ).

Referring to FIG. 5, the terminal 500 includes an interface output unit 550 for displaying the transaction information and outputting an interface for inputting at least one card information configuration value constituting the user card information .

The interface output unit 550 displays the transaction information when transaction information is inputted through the key input unit 515 or transaction information is received from the communication network through the communication unit 530, And outputs one or more card information configuration values to be combined with the transaction means information of the transaction protocol among the one or more card information configuration values to be configured.

Referring to FIG. 5 according to an embodiment of the present invention, the terminal apparatus 500 may be configured such that an encoded bit string including a card identification value associated with user card information stored in a storage medium 630 on a communication network is stored in a predetermined matrix When the bright or dark cells are electronically output on one side of the card 200 in the form of an aligned code image according to the alignment structure, A code image recognizing unit 555 for recognizing the image and extracting the encoded bit stream, an authentication processing unit 555 for processing authentication set to extract the card identification value from the encoded bit stream through a user input value inputted from a user, A bit stream reading unit 565 for extracting a valid card identification value from the encoded bit stream based on the authentication result, A card information acquiring unit 570 for acquiring user card information associated with the card identification value from the storage medium 630, and a server 100 on the communication network constituting transaction request data including the user card information and transaction information The transaction approval requesting unit 585 processes the transaction approval requesting unit 585 to transmit the transaction approval request.

A card identification (ID) associated with user card information stored in the storage medium 630 on the communication network through an output module 235 provided on one side of the card 200 having the configuration shown in FIGS. 2a, 2b, The code image recognizing unit 555 recognizes the code image based on the user's operation through the key input unit 515 when the code image obtained by arranging the coded bit string including the value The image of the code electronically outputted on one face of the card 200 is captured through the camera unit 520 to obtain image data, the code image is read according to a matrix alignment structure corresponding to the code image, And extracts an encoded bit stream generated in the card 200 and included in the code image.

The authentication processing unit 560 extracts an encoding bit stream from the code image before capturing a code image electronically output on one side of the card 200 through the camera unit 520, , Requests the user to input a pre-designated user input value through the key input unit 515, and extracts the card identification value from the encoded bit stream extracted from the code image through the input user input value Handles one or more authentication.

According to the first authentication method of the present invention, when the user input value includes the ID / PW and the authentication server which logs in through the ID / PW is designated, the authentication processing unit 560 transmits the key input unit 515 And authenticates the authenticating device to authenticate the card identification value from the encoded bit stream by checking whether the user is normally logged in to the authentication server through the user input value have. Here, the authentication server may be one of the servers shown in FIG. 1, or a server associated with the server shown in FIG.

According to the second authentication method of the present invention, when an authentication value to be compared with a user input value is provided to the terminal device 500 or an authentication value to be compared with the user input value is received from the designated authentication server, The authentication processing unit 560 compares the user input value input through the key input unit 515 with the authentication value received from the specified authentication server provided in the terminal apparatus 500 or by checking whether they match or not, The card identification value can be effectively extracted from the card identification value.

Or when the terminal device 500 is provided with a user input value and an authentication value to be subjected to a specified verification operation or an authentication value to be performed by the user input value and a specified verification operation is received from the specified authentication server, The authentication processing unit 560 performs a verification operation specified by the user input value input through the key input unit 515 and the authentication value received from the authentication server provided in the terminal device 500 or specified, It is possible to process authentication that effectively extracts the card identification value from the encoded bit stream by checking whether the result is derived as a predicted operation result value.

According to the third authentication method of the present invention, when a public key certificate is provided in the memory unit 545 (or the USIM 540) of the terminal device 500, the authentication processor 560 obtains a value It is possible to process the authentication for effectively extracting the card identification value from the encoded bit stream by checking whether the user input value input through the key input unit 515 is valid through the authentication function. For example, when a user input value corresponding to a PIN (Personal Identification Number) of the authorized certificate is input through the key input unit 515, the authentication processing unit 560 transmits the authorized certificate It is possible to confirm whether the user input value is valid through the PIN authentication function of the user.

According to the fourth authentication method of the present invention, when an authentication value to be compared with the user input value is included in the encoding bit stream extracted from the code image, the authentication processing unit 560 reads the authentication value Extracts the card identification value from the encoded bit string by comparing the user input value input through the key input unit 515 with the authentication value extracted from the encoded bit string and verifies whether or not they match with each other, Lt; / RTI >

The authentication processing unit 560 extracts the authentication value from the designated position of the encoded bit string and transmits the authentication value to the key input unit 515. In the case where the user input value and the authentication value to be subjected to the specified verification operation are included in the encoded bit string, From the encoded bit string, a verification operation specified by the user input value input through the encoding bit string and the authentication value extracted from the encoded bit string, and then verifying that the result of the verification operation is derived as a predicted operation result value, It is possible to process authentication that effectively extracts the identification value.

When the encoded bit string further includes the volatile authentication value dynamically generated in the card 200 according to an embodiment of the present invention, the authentication processing unit 560 compares the user input value with the volatile authentication value Or verify whether the verification result of the user input value and the volatile authentication value is derived as the predicted calculation result value.

Alternatively, when the encoded bit string further includes one or more fixed authentication values stored in the card 200, the authentication processing unit 560 compares the user input value with the fixed authentication value, It can be confirmed whether the verification result of the input value and the fixed authentication value is derived from the predicted calculation result value.

According to the fifth authentication method of the present invention, when the encoded bit string (or a part of the encoded bit string) extracted from the code image is encrypted, the authentication processing unit 560 reads the user input (Or a part of the coded bit stream) is decrypted normally based on the value of the coded bit stream, thereby authenticating to extract the card identification value from the coded bit stream effectively. Here, the encrypted encoded bit stream (or a part of the encoded bit stream) may be decoded using the user input value as a decryption key. Alternatively, the encrypted encoded bit stream (or a part of the encoded bit stream) may be decoded through a decryption key generated using the user input value as a seed. Alternatively, the encrypted encoded bit string (or a portion of the encoded bit string) may be extracted from the memory unit 545 (or the USIM 540) using the user input value as an identifier or may be extracted from a separate key management database And decrypted through the received decryption key. (Or a part of the coded bit string) is a key value extracted from the user input value and the memory unit 545 (or USIM 540) or received from a separate key management database (not shown) The decryption key may be decrypted through a decryption key.

According to the sixth authentication method of the present invention, when the digital signature is included in the encoded bit stream extracted from the code image, the authentication processing unit 560 determines whether the digital signature is valid based on the user input value, It is possible to process authentication that effectively extracts the card identification value from the encoded bit stream.

However, the authentication method for effectively extracting the card identification value from the encoded bit stream extracted from the code image is not limited to the first to sixth authentication methods described above, and the authentication method may be variously And that the present invention encompasses all of the above acceptable authentication schemes.

When the authentication result value by any one of the first to sixth authentication methods (or a combination of two or more) is a predicted result value, the bit string reader 565 reads the encoded bit string from the card 200 And extracts a valid card identification value by reading the coded bit stream based on the coded code system. Alternatively, when a card identification value including an intended error value is extracted from the encoded bit string, the bit string reading unit 565 reads the intended error value as the authentication result value derived by the authentication processing unit 560 It is possible to extract a valid card identification value. Or a card identification value in which some values are omitted from the encoded bit string, the bit string reading unit 565 combines the encoded bit string and the authentication result value derived by the authentication processing unit 560, The identification value can be extracted.

When the card identification value is encrypted according to an embodiment of the present invention, the bit string reading unit 565 reads the encryption key value from the card 200 through the encryption key value associated with the encryption key value, Decrypted card identification value. Here, the decryption key value is obtained based on a user input value.

Alternatively, when an electronic signature value is attached to the card identification value, the bit string reading unit 565 can verify the electronic signature. Here, the digital signature is decrypted by using the public key of the user stored in the memory 545 (or the USIM 540) or the key management server on the communication network And then compared with the original card identification value.

If a valid card identification value is extracted from the coded bit stream based on the authentication result of the authentication processing unit 560, the card information acquisition unit 570 associates the card identification value with the user card information through the communication network and stores the card identification value And provides the card identification value to the server (100) operating the storage medium (630). Here, the storage medium 630 may include at least one of a relay server 130, a payment agent server 110, a bank server 115, a card issuer server 120, and a financial company server 125 shown in FIG. As shown in FIG. The server 100 extracts user card information associated with the card identification value from the storage medium 630 and transmits the extracted user card information to the terminal apparatus 500. The card information obtaining unit 570 obtains the user card information .

According to another embodiment of the present invention, the storage medium 630 may be allocated to the storage area of the memory 545 (or the USIM 540). In this case, And extracts the user card information associated with the card identification value from the storage area of the memory unit 545 (or USIM 540).

When the user card information is acquired, the transaction approval requesting unit 585 configures transaction request data including the user card information and the transaction information, and the transaction request data is transmitted to the terminal apparatus 500 to the server 100 on the communication network to which the communication channel is connected.

When the encoded bit string further includes a volatile authentication value dynamically generated in the card 200 according to an embodiment of the present invention, the transaction request data may further include a volatile authentication value extracted from the encoded bit string .

Alternatively, when the encoded bit string further includes one or more fixed authentication values stored in the card 200, the transaction request data may further include a fixed authentication value extracted from the encoded bit string.

Alternatively, when the encryption bit string further includes an encryption key value generated by the card 200 or stored in the card 200, the transaction approval requesting unit 585 transmits the transaction request data (Or a part of the transaction request data) to be transmitted to the server 100 on the communication network, and the encrypted transaction request data (or a part of the transaction request data) is decrypted in the server 100. [

Alternatively, when the encoded bit string further includes a key generation value generated by the card 200 or stored in the card 200, the transaction approval requesting unit 585 generates an encryption The transaction request data (or a part of the transaction request data) may be encrypted and transmitted to the server 100 on the communication network through the key, and the encrypted transaction request data (or a part of the transaction request data) 100).

Alternatively, when the digital signature key value stored in the card 200 is included in the encoded bit string, the transaction approval requesting unit 585 transmits the transaction request data (or a part of the transaction request data) To be transmitted to the server 100 on the communication network, and the attached digital signature is verified by the server 100. [

The server 100 that processes the transaction based on the transaction request data includes the relay server 130, the store server 105, the payment agency server 110, the bus server 115, A server 120, and a financial company server 125. [

Meanwhile, in the method for extracting an encoded bit stream including the card identification value through the code image recognition unit 555, the terminal apparatus 500 receives the user input value from a user, It is possible to transmit the column and the user input value to the server 100 of the communication network. In this case, the server 100 processes the authentication configured to effectively extract the card identification value from the encoded bit stream through the user input value, and extracts, from the encoded bit stream, the card identification value The user card information associated with the card identification value can be extracted from the storage medium 630 and transmitted to the terminal device 500. A detailed description of the server 600 for processing the extracted user card information is shown in FIG. And will be described hereinafter.

Referring to FIG. 5 according to another embodiment of the present invention, the terminal device 500 may include a code bit stream including user card information, a code image format in which bright or dark cells are arranged according to a predetermined matrix arrangement structure A code image recognition unit that recognizes the code image electronically output from the one side of the card 200 through the camera unit 520 and extracts the encoded bit stream, An authentication processing unit 560 for processing the authentication information to effectively extract the user card information from the encoded bit stream through a user input value input from a user, A bit string reading unit 565 for extracting valid user card information from the column, And a transaction approval requesting unit 585 for processing the data to be transmitted to the server 100 on the communication network.

The encoded bit string including the user card information is output through an output module 235 provided on one side of the card 200 having the configuration shown in FIGS. 2a, 2b, and 2c according to a predetermined matrix alignment structure The code image recognizing unit 555 recognizes the code image electronically output on one side of the card 200 through the camera unit 520 and outputs the code image to the card image recognizing unit 555. [ (200) and extracts the encoded bit stream included in the code image.

The authentication processing unit 560 extracts an encoding bit stream from the code image before capturing a code image electronically output on one side of the card 200 through the camera unit 520, , And processes the authentication set to effectively extract the user card information from the encoded bit stream using any one of the first to sixth authentication methods (or two or more combined authentication methods).

When the authentication result obtained by the authentication processing of the authentication processing unit 560 is a predicted result value, the bit string reading unit 565 reads the encoded bit string from the card 200, And extracts valid user card information by reading the bit string. Or if the user card information including the intended error value is extracted from the coded bit stream, the bit stream reader 565 reads the intended error value as the authentication result value derived by the authentication processor 560 It is possible to extract valid user card information. Or if the user card information in which some values are omitted from the coded bit string is extracted, the bit string reading unit 565 combines the coded bit string and the authentication result value derived by the authentication processing unit 560, Card information can be extracted.

When the user card information is encrypted according to the embodiment of the present invention, the bit string reader 565 reads the user card information from the card 200 using the encryption key value associated with the encryption key value, It is possible to decrypt the user card information. Here, the decryption key value is obtained based on a user input value.

Alternatively, when an electronic signature value is attached to the user card information, the bit string reading unit 565 can verify the electronic signature. Here, the digital signature is decrypted by using the public key of the user stored in the memory 545 (or the USIM 540) or the key management server on the communication network And then compared with the original user card information.

When valid user card information is extracted from the encoded bit stream based on the authentication result of the authentication processing unit 560, the transaction approval request unit 585 constructs transaction request data including the user card information and the transaction information And transmits the transaction request data to the server 100 on the communication network through which the communication channel is connected to the terminal apparatus 500 through the communication unit 530. [

Referring to FIG. 5, when the user card information is acquired, the terminal device 500 automatically sets the card information configuration value of the user card information to each input item of the interface output through the interface output unit 550 And an interface processing unit 580 for inputting the input data.

The user card information associated with the card identification value extracted from the encoded bit string is acquired through the card information acquisition unit 570 or the user card information is acquired from the encoded bit string through the bit string reading unit 565 The interface processing unit 580 automatically inputs the card information configuration value of the user card information to each input item of the interface output through the interface output unit 550. [

5, the terminal apparatus 500 further includes a configuration value checking unit 575 for checking one or more card information configuration values included in the user card information. The transaction approval request unit 585, And transmits the transaction request data including the user card information and the transaction information to the server 100 on the communication network so that the transaction request data is transmitted to the server 100 on the communication network do.

The transaction approval requesting unit 585 transmits the transaction request data to the server 100 on the communication network through which the communication channel is connected or transmits the transaction request data to the server 100 through the communication channel And can be transmitted to the server 100 on the communication network.

FIG. 6 is a diagram illustrating a server configuration for processing a transaction through a code image according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a case where a terminal 200 recognizes a code image electronically output on one side of a card 200 and extracts an encoded bit stream. When the encoded bit stream and a key input user input value are transmitted A transaction processing server 600 having the storage medium 630 among the servers shown in FIG. 1 and receiving the encoded bit stream and a user input value may extract the card identification value And extracts user card information associated with the card identification value from the storage medium 630 to process a transaction requested by the user.

According to the present invention, the transaction processing server 600 includes the relay server 130, the shop server 105, the payment agency server 110, the bus server 115, the card company server 120, And a storage medium 630 that stores and manages the user card information and the card identification value of the financial company server 125 in association with each other.

Referring to FIG. 6, the transaction processing server 600 recognizes a code image electronically output from the terminal device 500 having a camera through a communication network, on one side of the card 200, An authentication processing means (610) for processing an authentication set to effectively extract the card identification value from the encoded bit stream through the user input value, a data receiving means (605) for receiving an input user input value, A bit string reading means (615) for extracting a valid card identification value from the encoded bit string based on the authentication result, card information extracting means (614) for extracting user card information associated with the card identification value from the storage medium And transaction processing means (625) for processing the user card information in the transaction of the terminal device (500).

When the terminal 500 extracts a coded bit stream including a card identification value from a code image electronically output on one side of the card 200 and transmits the coded bit stream and a user input value keyed in from the user, The receiving means 605 receives the encoded bit stream and a user input value through a communication network, and the authentication processing means 610 validates the card identification value from the received encoded bit stream through the received user input value Processes one or more certificates set to be extracted.

According to the first authentication method of the present invention, the authentication processing unit 610 compares the user input value with the stored authentication value and determines whether the user input value matches with the stored authentication value, or whether the verification result of the user input value and the authentication value It is possible to process the authentication for extracting the card identification value from the encoded bit stream effectively.

According to the second authentication method of the present invention, when an authentication value is included in the encoded bit string, the authentication processing unit 610 extracts the authentication value from the encoded bit string, And verifying whether the user input value and the verification result of the extracted authentication value are derived as the predicted calculation result value, thereby validating the card identification value from the encoded bit stream Lt; / RTI >

When the encoded bit stream further includes a volatile authentication value dynamically generated in the card 200 according to an embodiment of the present invention, the authentication processing unit 610 compares the user input value with the volatile authentication value, Or whether the verification result of the user input value and the volatile authentication value is derived as the predicted calculation result value.

Alternatively, when the encoded bit string further includes one or more fixed authentication values stored in the card 200, the authentication processing unit 610 compares the user input value with the fixed authentication value, It can be confirmed whether the verification result of the user input value and the fixed authentication value is derived from the predicted calculation result value.

According to the third authentication method of the present invention, when an authentication value is included in the encoded bit string, the authentication processing unit 610 extracts the authentication value from the encoded bit string and combines it with the user input value to obtain a verification value And comparing the verification value with the stored authentication value and verifying whether or not the verification value matches with the stored authentication value or verifying whether the verification value of the verification value and the verification value of the authentication value are derived from the predicted calculation result value, Can be processed effectively.

According to the fourth authentication method of the present invention, when the encoded bit string (or a part of the encoded bit string) is encrypted, the authentication processing means 610 reads the encrypted encoded bit string (A part of the bit string) is normally decrypted, authentication can be performed to extract the card identification value from the encoded bit string effectively.

According to the fifth authentication method of the present invention, when the digital signature is included in the encoded bit string, the authentication processing unit 610 determines whether the digital signature is valid based on the user input value, It is possible to process the authentication for extracting the card identification value effectively.

If the authentication result by any one of the above-described first to fifth authentication methods (or a combination of two or more) is a predicted result value, the bit string reading means 615 reads the encoded bit string from the card 200 And extracts a valid card identification value by reading the coded bit stream based on the coded code system. Alternatively, when a card identification value including an intended error value is extracted from the encoded bit string, the bit string reading means 615 reads the intended error value as the authentication result value derived by the authentication processing unit 560 It is possible to extract a valid card identification value. Or a card identification value in which some values are omitted from the coded bit string, the bit string reading means 615 combines the coded bit string and the authentication result value derived by the authentication processing unit 560, The identification value can be extracted.

When the card identification value is encrypted according to the embodiment of the present invention, the bit string reading means 615 reads the encryption key value from the card 200 through the encryption key value associated with the encryption key value, Decrypted card identification value. Here, the decryption key value is obtained based on a user input value.

Alternatively, when an electronic signature value is attached to the card identification value, the bit string reading means 615 can verify the electronic signature. Here, the digital signature may be verified by comparing the digital signature value attached to the encoded bit string with the original card identification value using the public key of the user registered in the key management server.

If a valid card identification value is extracted from the encoded bit stream based on the authentication result of the authentication processing unit 560, the card information extraction unit 620 extracts, from the storage medium 630, Information is extracted.

According to an embodiment of the present invention, the transaction processing means 625 can transmit the user card information to the terminal device 500 through a communication network, and the terminal device 500 receives the user card information , The transaction is processed according to the designated transaction procedure.

According to another embodiment of the present invention, when transaction information is received from the terminal device 500, the transaction processing means 625 can process transactions corresponding to the transaction information using the user card information have. If the transaction processing server 600 is the card issuer server 120 or the financial company server 125, the transaction processing means 625 approves the transaction on the transaction information using the user card corresponding to the user card information can do. Or if the transaction processing server 600 is one of the relay server 130, the payment agency server 110 and the delivery server 115, the transaction processing means 625 transmits a transaction including the user card information and the transaction information After the approval request data is generated, the generated transaction approval request data may be transmitted to the card issuer server 120 or the financial company server 125 corresponding to the user card so that the transaction on the transaction information is approved.

7 is a diagram illustrating a code image-based transaction process according to an embodiment of the present invention.

In more detail, in FIG. 7, when a code image converted from an encoded bit string in which a card identification value is inserted on one side of a card 200 is electronically output, the terminal device 500 recognizing the code image Acquiring the user card information associated with the identification value, and requesting the transaction through the communication network.

Referring to FIG. 7, the card 200 converts an encoded bit string into a code image and outputs it electronically on one side of the card 200 (700) Upon receipt of the request, the CPU 200 recognizes a code image electronically output on one side of the card 200 through a camera and extracts an encoded bit stream (705). A user set to extract a valid card identification value from the encoded bit stream An input value is input (710).

If the user input value is inputted (715), the terminal device 500 processes at least one set authentication for extracting a valid card identification value from the encoded bit stream through the user input value (720).

If at least one authentication specified through the user input value is completed (725), the terminal device 500 extracts a valid card identification value from the encoded bit string based on the authentication result (730) And transmits the card identification value to the server 100 operating the storage medium 630 (735).

The server 100 extracts user card information associated with the card identification value from the storage medium 630 and transmits it to the terminal apparatus 500 in operation 740. The terminal apparatus 500 transmits the user card information And transaction information including transaction information, and requests a transaction according to a predetermined transaction procedure through a communication network (745), thereby operating a transaction procedure set in the terminal apparatus 500. [

FIG. 8 is a diagram illustrating a code image-based transaction process according to another embodiment of the present invention.

8 illustrates a case where a code image converted from an encoded bit string into which user card information is inserted is electronically output on one side of a card 200. In the terminal device 500 recognizing the code image, Acquiring card information and requesting a transaction through a communication network.

Referring to FIG. 8, the card 200 converts the encoded bit stream into user code information into a code image, and electronically outputs the code image to one side of the card 200 (800) Upon receipt of the request, a code bit string is extracted (805) by recognizing a code image electronically output on one side of the card 200 through a camera, and the encoded bit stream is extracted (805) An input value is inputted (810).

If the user input value is inputted (815), the terminal device 500 processes at least one authentication set for extracting valid user card information from the encoded bit string through the user input value (820).

If at least one authentication specified through the user input value is completed (825), the terminal device 500 extracts valid user card information from the encoded bit string based on the authentication result (830) The transaction request data including the information and the transaction information is configured to request the transaction according to a predetermined transaction procedure through the communication network 835, thereby operating the transaction procedure set in the terminal apparatus 500.

FIG. 9 is a diagram illustrating a code image-based transaction process according to another embodiment of the present invention.

9 illustrates a case where a code image converted from an encoded bit string into which a card identification value is inserted is electronically output on one side of a card 200. In the terminal device 500 that has recognized the code image, If the bit string and the user input value are transmitted to the transaction processing server 600, the transaction processing server 600 extracts the card identification value from the encoded bit string based on the authentication result using the user input value, The transaction of the terminal device 500 is processed using the user card information associated with the transaction information.

Referring to FIG. 9, the card 200 converts an encoded bit stream into a code image and outputs it electronically on one side of the card 200 (900) Upon receipt of the request, the CPU 200 recognizes a code image electronically output on one side of the card 200 through a camera and extracts an encoded bit stream (905). Then, a user set to extract a valid card identification value from the encoded bit stream An input value is input (910).

If the user input value is input 915, the terminal device 500 transmits the encoding bit string and the user input value to the transaction processing server 600 in operation 920, (925) one or more authentication settings set for extracting a valid card identification value from the encoded bit stream through an input value.

If at least one authentication specified through the user input value is not completed (925), the transaction processing server (600) transmits authentication error information to the terminal device (500) (935).

On the other hand, if at least one authentication specified through the user input value is completed (925), the transaction processing server 600 extracts a valid card identification value from the encoded bit stream based on the authentication result (940) (945) the user card information associated with the card identification value from the user card information (630), and causes the transaction of the terminal device (500) to be processed through the user card information (950).

100: server 200: card
205: Upper layer coating medium part 210: Upper layer insulating medium part
215: lower layer insulating medium portion 220: lower layer coating medium portion
225: IC chip 230: magnetic strip
235: output module 240: input module
245: Battery 250: Antenna part
255: module chip 260: generating module
265: encoding module 270: control module
275: Storage module 500: Terminal device
550: Interface output unit 555: Code image recognition unit
560: Authentication processing unit 565: Bit stream reading unit
570: Card information acquisition unit 575: Configuration value verification unit
580: interface processing unit 585: transaction approval request unit

Claims (23)

1. A method executed via a user cell phone and a server having a camera,
A first step of the program of the user's mobile phone capturing and recognizing a code image electronically output on a face of a card held by a user through the camera and extracting an encoded bit stream encoded in the code image;
Wherein a valid card identification value for uniquely identifying the card information of the user stored in the designated storage medium by reading the encoded bit stream is included in the encoded bit stream and is generated dynamically as a one-time use from a chip or module in the card A second step of authenticating whether or not at least one specified authentication value including the volatile authentication value is included in the encoded bit string;
When the user's mobile phone program includes a valid card identification value included in the encoded bit string and the volatile authentication value when the validated card identification value and one or more specified authentication values including the volatile authentication value are included in the encoded bit string A third step of identifying one or more designated authentication values to be authenticated;
A program of the user's cellular phone transmitting at least one authentication value including the identified card identification value and the volatile authentication value to a designated server; And
After the validity of the authentication value including the volatile authentication value is authenticated in the server, the card information of the user corresponding to the card identification value is confirmed from the designated storage medium and processed so as to be used for the transaction requested from the program of the user's cellular phone And a fifth step of performing a procedure of performing a card transaction using the code image.
delete The method according to claim 1,
Further comprising the step of receiving or confirming transaction information for transaction using user card information corresponding to the card identification value.
The method of claim 3,
The fourth step may further include the step of the program of the user's cellular phone transmitting the transaction information to the server,
Wherein the fifth step includes the step of causing the server to process transactions on the transaction information using the card information of the user identified.
4. The method according to claim 3,
Providing the verified user's card information to the program of the user's mobile phone in the server;
And causing the program of the user's mobile phone to process a transaction corresponding to the transaction information using the card information of the user.
2. The method according to claim 1,
Authenticating a card identification value of the encoded bit string through an authentication value provided in the user mobile phone,
Authenticating the card identification value of the encoded bit string through the authentication value received from the authentication server,
Decrypts the encrypted card identification value when the card identification value of the encoded bit string is encrypted,
Verifying the electronic signature when the electronic signature is included in the card identification value of the encoded bit string,
And authenticating the validity of the encoded bit string when the encoded bit string includes an authenticated value, wherein the validity of the encrypted bit string is authenticated by combining at least one or two or more of the encoded bit strings. Using card transaction processing method.
The authentication method according to claim 1,
Further comprising a fixed authentication value stored in the card from which the code image is output.
The card identification system according to claim 1,
The address value of the storage medium storing the card information of the user, and the unique identification value mapped with the card information of the user.
The method according to claim 1,
Wherein the card transaction information is stored in a storage medium of a card issuer issuing a card corresponding to the card information.
delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images