KR102172855B1 - Method for Providing Server Type One Time Code for Medium Separation by using User’s Handheld type Medium - Google Patents

Abstract

According to the method for providing a server-type disposable code based on media separation using a user's portable medium of the present invention, in the method executed through a server capable of communicating with a wireless terminal having a program that interfaces with a portable medium owned by the user, the server Is a program of the wireless terminal that recognizes a designated portable medium among the user-owned portable media separated from the user-owned wireless terminal and the medium, and is used to provide a one-time code of a designated number of digits dynamically generated through the server or a designated code server. When the authentication information for the authentication procedure is processed to be stored in a designated storage medium, and the program of the wireless terminal recognizes the user's designated portable medium separated from the wireless terminal, the server recognizes the portable medium. Confirms M (M≥2) parameter information transmitted according to a specified procedure configured through a program of, and the server checks m (1≤m≤M) parameter information specified through authentication information stored in the storage medium. When the validity of the m parameter information is authenticated, the server dynamically generates a one-time code of a specified number of digits through the server or a one-time code of a specified number of digits dynamically generated through a specified code server Is processed to be provided as a program of the wireless terminal, and the disposable code is dynamically generated through a server separate from the wireless terminal and a medium or a separate code server, and can be used for an authentication procedure through a program of the wireless terminal. .

Description

Method for Providing Server Type One Time Code for Medium Separation by using User's Handheld type Medium}

The present invention is a method executed through a server capable of communicating with a wireless terminal having a program that interfaces with a portable medium owned by the user, wherein the server is among the portable media owned by the user separated from the wireless terminal owned by the user. Processes to store authentication information for an authentication procedure for providing a one-time code of a designated number of digits dynamically generated through the server or a designated code server with a program of the wireless terminal that recognizes a designated portable medium to be stored in a designated storage medium, and the wireless When the program of the terminal recognizes the user's designated portable medium that is separated from the wireless terminal and the medium, the server is configured through the program of the wireless terminal that recognized the portable medium and transmitted according to the specified procedure. The number of parameter information is checked, and the server processes the validity of m (1 ≤ m ≤ M) parameter information specified through the authentication information stored in the storage medium to be authenticated, and the server processes the validity of the m parameter information In the case of authentication, a one-time code of a specified number of digits is dynamically generated through the server or a one-time code of a specified number of digits dynamically generated through a specified code server is checked and processed to be provided as a program of the wireless terminal, and the one-time code is , It relates to a method for providing a server-type one-time code based on media separation using a portable medium of a user that is dynamically generated through a server separated from the wireless terminal and a medium or a separate code server and can be used for an authentication procedure through a program of the wireless terminal.

In order for a one-time code called OTP (One Time Password) to be used for payment or financial transactions, the conditions of “media separation” in Article 34 (2) 5 of the Electronic Financial Supervisory Regulations must be established. Currently, the Financial Supervisory Service determines which method satisfies the conditions for media separation, and until now, the method recognized as media separation is a terminal that uses a sealed OTP generator and an OTP dynamically generated through an OTP card for financial transactions. Only the input method is recognized as media separation.

However, the method that is currently recognized as media separation is inconvenient because the user has to possess OTP-based authentication media such as OTP generator and OTP card, and excessive cost is required to produce such an OTP-based authentication medium. In the process of inputting the dynamically generated OTP to the terminal through the OTP card and OTP card, errors due to incorrect input frequently occur.

An object of the present invention for solving the above problems is a method executed through a server capable of communicating with a wireless terminal having a program that interfaces with a portable medium owned by a user, wherein the server is Authentication information for the authentication procedure for providing a one-time code with a specified number of digits dynamically generated through the server or a designated code server with a program of the wireless terminal that recognizes a designated portable medium among the portable media owned by the user separated from the terminal In the first step of processing to be stored in a designated storage medium and when the program of the wireless terminal recognizes the user's designated portable medium separated from the wireless terminal, the server uses the program of the wireless terminal that recognizes the portable medium. A second step of checking M (M≥2) parameter information transmitted according to a configured and specified procedure, and the server performs m (1≤m≤M) parameter information specified through authentication information stored in the storage medium. A third step of processing the validity to be authenticated, and the server dynamically generates a one-time code of a specified number of digits through the server when the validity of the m parameter information is authenticated, or a specified number of digits dynamically generated through a specified code server. A fourth step of processing the one-time code to be provided as a program of the wireless terminal, wherein the one-time code is dynamically generated through a server separated from the wireless terminal and a medium or a separate code server to program the wireless terminal. It is to provide a method of providing a server-type one-time code based on media separation using a user's portable medium that can be used for the authentication procedure through

A method for providing a server-type disposable code based on media separation using a user's portable medium according to the present invention is a method executed through a server capable of communicating with a wireless terminal having a program that interfaces with a portable medium owned by the user, wherein the server Is a program of the wireless terminal that recognizes a designated portable medium among the user-owned portable media separated from the user-owned wireless terminal and the medium, and is used to provide a one-time code of a designated number of digits dynamically generated through the server or a designated code server. The first step of processing authentication information for the authentication procedure to be stored in a designated storage medium, and when the program of the wireless terminal recognizes the user's designated portable medium separated from the wireless terminal, the server recognizes the portable medium. The second step of checking M (M≥2) parameter information that is configured through a program of a wireless terminal and transmitted according to a specified procedure, and the server performs m (1≤m≤) specified through authentication information stored in the storage medium. A third step of processing the validity of M) parameter information to be authenticated, and the server dynamically generates a one-time code of a specified number of digits through the server when the validity of the m parameter information is authenticated, or a specified code server A fourth step of checking a one-time code with a specified number of digits dynamically generated through the program to be provided as a program of the wireless terminal, wherein the one-time code is dynamically generated through a server separated from the wireless terminal or a separate code server. It is generated and characterized in that it can be used for an authentication procedure through a program of the wireless terminal.

According to the present invention, the portable medium includes a code image medium recognizable through a camera unit provided in the wireless terminal, and a proximity wireless communication medium recognizable by transmitting and receiving a radio frequency signal through a proximity wireless communication unit provided in the wireless terminal, It characterized in that it comprises a medium that combines at least one or two or more.
According to the present invention, the authentication information includes: information identifying a communication means of the wireless terminal, information for authenticating whether the wireless terminal equipped with the program is a device having a valid physical configuration unit, and confirming a program provided in the wireless terminal Including one or more of information for authentication, information for verifying whether a program provided in the wireless terminal is forged or altered, information for authenticating a user using a program provided in the wireless terminal, information for authenticating the portable medium, It characterized in that it is made.

delete

According to the present invention, the server is characterized in that it further comprises the step of processing to be stored in a designated storage medium by receiving media identification information for identifying the portable medium owned by the user.

delete

delete

delete

According to the present invention, the server further comprises the step of checking whether a program for recognizing the portable medium is mounted in the user's wireless terminal by performing a designated communication procedure with the program of the wireless terminal.

delete

According to the present invention, the third step is characterized in that when the m number of parameter information is authenticated, a wireless terminal in a state in which a program for recognizing the portable medium is driven is identified as a one-time code medium that outputs the one-time code. To do.

delete

delete

delete

delete

According to the present invention, the server performs a fifth step of checking the one-time code transmitted through the user terminal used by the user after being provided as a program of the wireless terminal, and the server processes the validity of the confirmed one-time code to be authenticated. The sixth step and the server further comprises a seventh step of providing a result of authenticating the validity of the disposable code to the program of the wireless terminal or the user terminal.

delete

delete

According to the present invention, by recognizing the user's portable medium physically separated from the user's wireless terminal by the medium recognition unit of the wireless terminal, the wireless terminal in which the program interfacing with the portable medium is operated is authenticated as a one-time code-based authentication medium. And, by generating a one-time code on a server physically separated from the wireless terminal and outputting it as if it was generated through the program of the wireless terminal, even when used in the wireless terminal as well as the user terminal physically separated from the wireless terminal There is an advantage of providing a one-time code-based authentication medium at low cost and no inconvenience in use compared to a conventional OTP-based authentication medium while establishing the conditions for media separation.

1 is a diagram showing the configuration of a server-type disposable code system based on media separation according to an embodiment of the present invention.
2 is a diagram showing a functional configuration of a wireless terminal and a program according to an exemplary method of the present invention.
FIG. 3 is a diagram illustrating an information registration process for authenticating a wireless terminal in a state in which a program that interfaces with a portable medium is operated according to an exemplary method of the present invention with a one-time code-based authentication medium.
4 is a diagram illustrating a process of recognizing a proximity wireless communication medium according to an exemplary method of the present invention.
5 is a diagram illustrating a process of recognizing a code image medium according to another exemplary embodiment of the present invention.
6 is a one-time code-based authentication medium that authenticates a wireless terminal in a state in which a program that interfaces with a portable medium is operated according to an implementation method of the present invention, and provides a one-time code with a specified number of digits dynamically generated on the network as a program of the wireless terminal. It is a diagram showing the process of outputting.
7 is a diagram illustrating a process of authenticating a disposable code according to an implementation method of the present invention.

Hereinafter, the operating principle of a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. However, the drawings and the description to be described below are for a preferred implementation method among various methods for effectively describing the features of the present invention, and the present invention is not limited to the following drawings and description. For example, the configuration unit provided on the server side may be implemented on the terminal side, or conversely, the configuration unit provided on the terminal side may be implemented on the server side.

In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to the intention or custom of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following examples are a means for efficiently explaining the technical idea of the present invention to those of ordinary skill in the art to which the present invention belongs. Only.

1 is a diagram showing the configuration of a server-type disposable code system based on media separation according to an embodiment of the present invention.

In more detail, this drawing 1 is a one-time code for receiving and outputting a one-time code of a specified number of digits dynamically generated on a network through a user's wireless terminal 200 equipped with a program 235 that interfaces non-contact with a portable medium owned by the user. It shows a system configuration that authenticates with a base authentication medium and provides and outputs a one-time code with a specified number of digits dynamically generated on the network by the program 235 of the authenticated wireless terminal 200. In the technical field to which the present invention belongs For those of ordinary skill in the art, various implementation methods for the configuration of the media separation-based server-type disposable code system by referring and/or modifying this Figure 1 (e.g., some components are omitted, subdivided, or combined implementation Method) may be inferred, but the present invention includes all of the above inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 1. For example, the notation of “designated server” or “separate server” in this figure 1 is a specific function of performing some of the functions of the component shown in this figure 1 or performing a linkage operation provided to the component part by proxy. It refers to a server provided in an institution, and in this case, the configuration unit of FIG. 1 may be implemented in a form of requesting a part of the function or acting on behalf of the server according to a designated path, or receiving the result.

The server-type disposable code system based on media separation of the present invention is capable of communicating with the user's wireless terminal 200 having a program 235 that interfaces with a portable medium owned by the user, and a program 235 that interfaces with the portable medium. ), a procedure for authenticating the wireless terminal 200 in a driven or activated state with a one-time code-based authentication medium that outputs a one-time code, and a one-time code with a specified number of digits dynamically generated on the network is applied to the authenticated wireless terminal 200. It comprises an operating server 100 that performs a process to be provided as a program 235. On the other hand, the operation server 100 shown in the present Figure 1 is an example of a system configuration for explaining an embodiment in which the media separation-based server type one-time code system is implemented, and the media separation-based server type one-time code system of the present invention is It is not limited to being implemented in one server corresponding to the operation server 100, or by the physical/logical name of the server corresponding to the operation server 100. According to the implementation method of the present invention, the media separation-based server-type one-time code system is implemented through one server implemented by a specific provider, as shown in this figure 1, as well as two different implementations by two or more affiliated providers. It may be implemented through the above server, or may be implemented in the form of a function module added to an already provided server, or may be implemented in a form in which each implementation method described above is combined, and the present invention is the media separation-based server It should be clearly stated that all embodiments implementing the type disposable code system are included. Therefore, each component of the operation server 100 shown in this figure 1 can be variously modified in a form in which some components are omitted or integrated according to the number and type of servers implementing the media separation-based server-type disposable code system, The present invention includes all of the above-described variant implementation methods.

The user's wireless terminal 200 is a generic term for a portable wireless communication device owned or used by a user who owns at least one portable medium, and may preferably include a user's mobile phone, a smart phone, a tablet PC, or the like. The user's wireless terminal 200 includes a medium recognition unit 220 capable of recognizing a portable medium owned by the user, and the program 235 is connected to the user's portable medium through the medium recognition unit 220. Interface. A preferred embodiment of the wireless terminal 200 will be referred to FIG. 2.

According to the present invention, the portable medium recognized by the medium recognition unit 220 of the wireless terminal 200 is dynamically generated on the network and separated by a disposable code displayed on the program 235 of the wireless terminal 200. It is a generic term for a configuration in which the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is operated is authenticated with a one-time code-based authentication medium while establishing the condition. It is implemented in a form that can be recognized without contact while being separated from the wireless terminal 200.

According to an embodiment of the present invention, the portable medium includes at least one code among a card, a device, and a tag capable of printing or electronically outputting a code image recognizable through the camera unit 215 provided in the wireless terminal 200. At least one of an image medium and at least one proximity wireless communication medium of at least one of a non-contact IC card, an RF card, an RF device, and an RFID capable of transmitting and receiving a radio frequency signal through the proximity wireless communication unit 210 provided in the wireless terminal 200 One or a combination of two or more may be included. When the portable medium is a code image medium, the medium recognition unit 220 of the wireless terminal 200 includes a camera unit 215 provided in the wireless terminal 200, and the portable medium is a proximity wireless communication medium. In this case, the medium recognition unit 220 of the wireless terminal 200 may include a proximity wireless communication unit 210 implemented by a Near Field Communication (NFC) chip provided in the wireless terminal 200. For example, the portable medium may be manufactured in the form of a card in which a code image (eg, a two-dimensional barcode, etc.) is printed, a non-contact IC card in which a code image is printed, or the like.

The operation server 100 is a generic term for a server capable of direct communication according to a designated communication protocol with a program 235 provided in the user's wireless terminal 200 or through a designated relay server, preferably a one-time code A server provided in an institution that relays the based authentication procedure, a server provided in an institution that performs a one-time code-based authentication procedure (e.g., OTP authentication center, etc.), an institution that uses a one-time code-based authentication procedure (e.g. , An insurance company, a portal, a content provider, a game company, etc.).

Referring to FIG. 1, the operation server 100 includes a member subscription/authentication unit 105 for receiving or authenticating a user of the program 235 provided in the wireless terminal 200 as a member. If the wireless terminal 200 in which the program 235 that interfaces with the portable medium is operated is authenticated as a one-time code-based authentication medium without a separate membership registration (for example, the program 235 provided in the wireless terminal 200) If the one-time code-based authentication medium authentication is possible only with the validity authentication or authentication that the user possesses the portable medium), the membership registration/authentication unit 105 may be omitted, and the present invention is not limited thereto. .

The member registration/authentication unit 105 communicates with the program 235 provided in the wireless terminal 200 to receive user information (eg, name, social security number, IPIN, etc.) input through the program 235. , After verifying the unique identifier that identifies the user with the member account entered by the user or the internally assigned unique value, the unique identifier is registered in the designated member D/B (not shown), and related laws related to personal information Accordingly, the user information may be registered in the member D/B, partially registered, or omitted.

According to the implementation method of the present invention, the member registration/authentication unit 105 interlocks with a server of a media issuing institution (eg, a credit card company, a financial company such as a bank) that issued the portable media owned by the user, Through the program 235 provided in the terminal 200, the user who uses the program 235 can be authenticated, and a procedure for verifying whether the user is a valid owner or user of the portable medium can be performed. Some of the information can be shared with the media issuing agency. When it is verified that the user is a valid owner or user of the portable medium, the unique identifier may be registered in the member D/B when it is verified that the user is a valid owner or user of the portable medium. According to an embodiment of the present invention, the unique identifier is input and received from the user each time the user processes one-time code-based authentication using the program 235, or the memory unit of the wireless terminal 200 ( 230) or SE (Secure Element, USIM (Universal Subscriber Identify Module) mounted on or detached from the wireless terminal 200), IC (Integrated Circuit) chip, external memory (eg, SD memory, etc.) ), the user is received in the process of processing the one-time code-based authentication using the program 235, and the authentication procedure can be performed.

Referring to FIG. 1, the operation server 100 includes a program authentication unit 110 that performs a procedure for authenticating the validity of the program 235 provided in the wireless terminal 200. If the operation server 100 is provided in an institution other than an institution that produces or operates the program 235, the validation of the program 235 is a designated program provided in the institution producing or operating the program 235 It can be processed by the picture management server (not shown), and in this case, the program authentication unit 110 can be omitted.

The program authentication unit 110 performs a procedure for authenticating the validity of the program 235 using one or more of the first to sixth program authentication methods described in the description of FIG. 2, and Validity authentication may be performed in combination with the membership registration procedure, and the present invention is not limited thereby. A preferred embodiment of the program authentication procedure will be referred to FIG. 2.

In the present invention, the validity authentication for the program 235 provided in the wireless terminal 200 may be performed at least once for the first time after the program 235 is downloaded and mounted in the wireless terminal 200, Figure 2 One or more of the first to sixth program authentication methods described in the description of may be used. Meanwhile, the validation of the validity of the program 235 provided in the wireless terminal 200 may be repeatedly performed each time a one-time code of a specified number of digits dynamically generated on the network is received and output through the program 235. , Preferably, at least one of the first to sixth program authentication methods described in the description of FIG. 2 (eg, a method that can be performed without user input) may be used. In the present invention, the validity authentication for the program 235 is a necessary condition for authenticating the wireless terminal 200 in a state in which the program 235 interfacing with the portable medium is driven with a one-time code-based authentication medium.

According to the implementation method of the present invention, the program authentication unit 110 may modify one or more of the program 235 of the wireless terminal 200 and the first to sixth program authentication methods described in the description of FIG. It is possible to check whether a program 235 for recognizing the portable medium is mounted in the user's wireless terminal 200 by performing a communication procedure according to the combined method.

According to the implementation method of the present invention, the program authentication unit 110 interlocks with the member registration/authentication unit 105 and/or at least one of the first to sixth program authentication methods described in the description of FIG. 2 or A procedure for authenticating a user who uses the program 235 through the program 235 provided in the user's wireless terminal 200 is performed through a modified or combined method. For example, the program authentication unit 110 provides user information registered through the member registration/authentication unit 105 and a communication number (eg, phone number, etc.) of the wireless terminal 200 to a communication company. User authentication can be performed.

According to the implementation method of the present invention, the program authentication unit 110 determines an app authentication value (= unique information) for unique identification and authentication of the program 235 when the validity of the program 235 is authenticated. And, the determined app authentication value may be provided to the user's wireless terminal 200 through the program 235 and stored in the memory unit 230 or SE.

Referring to Figure 1, the operation server 100 receives and outputs a one-time code of a designated number of digits dynamically generated on the network through a program 235 of the wireless terminal 200 that recognizes the portable medium owned by the user. An information storage unit 115 that performs a procedure of storing authentication information for processing to be processed in a designated storage medium 180 is provided. The storage medium 180 may be provided in the operation server 100, or may be provided in a separate server interoperable with the operation server 100, and a part of the storage medium 180 (e.g., , A medium storing part of the authentication information) may be provided in the operation server 100 and the remaining part may be provided in a separate server capable of interworking.

The information storage unit 115 includes at least one unique information (eg, a user's unique identifier, etc.) identified in the process of the member registration/authentication unit 105 processing a member registration, and the program authentication unit 110 Unique information received from the program 235 in the process of authenticating the validity of the program 235 provided in the wireless terminal 200, and unique information allocated to the program 235 in the process of authenticating the program 235 , A program 235 for interfacing one or more of the unique information stored in the memory unit 230 of the wireless terminal 200 or the SE through the program 235 in the authentication process of the program 235 with the portable medium The wireless terminal 200 in the driven state is processed to be stored in the designated storage medium 180 as authentication information for authenticating with a one-time code-based authentication medium. When provided in the storage medium 180 in the operation server 100, the information storage unit 115 stores the authentication information in the storage medium 180, and is connected to the operation server 100. When the storage medium 180 (or a part of the storage medium 180) is provided in the storage server, the information storage unit 115 may request the storage server to store the unique information as the authentication information. .

According to an embodiment of the present invention, the information storage unit 115 requests at least one authentication information from a program 235 provided in the wireless terminal 200, and the program 235 of the wireless terminal 200 The wireless terminal 200 in the driven state of the program 235 interfacing with the portable medium through the authentication information transmitted from is stored in the storage medium 180 designated to authenticate as a one-time code-based authentication medium.

According to the implementation method of the present invention, the authentication information is information identifying the communication means of the wireless terminal 200 (eg, may include a phone number assigned to the wireless terminal 200) The program 235 is provided Information that authenticates whether the wireless terminal 200 is a device with a valid physical component (that is, the program 235 is not operating in the emulator, but the user's wireless device with physical components such as a mobile phone, smartphone, tablet PC, etc. Information for authenticating whether the terminal 200 is operating, for example, information stored in the memory unit 230 or SE of the wireless terminal 200, a chip mounted on the wireless terminal 200 (eg, various communication chips, screen control chips Information stored in any physical component, etc.), information for checking and authenticating the program 235 provided in the wireless terminal 200 (e.g., version of the program 235, certified program It is possible to include an app authentication value assigned to 235, an app identification value assigned to the program 235, etc.), information for verifying whether the program 235 provided in the wireless terminal 200 is forged or altered (for example, Each version of the program 235 may include hash information obtained by hashing a file corresponding to the program 235, a hash algorithm for generating hash information, a key value to be substituted for the hash algorithm in addition to the file), the wireless terminal 200 ), one or more of information for authenticating a user who uses the program 235 provided in (e.g., a unique identifier registered during the membership registration process, PIN information registered by the user, etc.), and information for authenticating the portable medium It can be made including.

Meanwhile, when the authentication information includes information for authenticating the portable medium, the program 235 of the wireless terminal 200 performs a procedure for recognizing the portable medium owned by the user through the medium recognition unit 220, and , Recognition information recognized from the portable medium can be provided, and the information storage unit 115 is a wireless terminal in a state in which a program 235 that interfaces the recognition information recognized from the portable medium with the portable medium is driven ( 200) may be processed to be stored in the designated storage medium 180 as authentication information for authenticating the one-time code-based authentication medium.

Referring to Fig. 1, the operation server 100 includes a media registration unit 120 that receives media identification information for identifying a portable medium owned by the user and processes it to be stored in a designated storage medium 180, When the portable medium includes a proximity wireless communication medium, a key information registration unit 125 is provided to process a set of key information for acquiring designated identification information from the proximity wireless communication medium to be stored in a designated secure medium.

Before, during, and after the membership registration process through the member registration/authentication unit 105 is performed, or before, during, and after the program authentication process is performed through the program authentication unit 110 When a registration of a portable medium issued by a specific medium issuing organization is requested at a specified time or when the program 235 can recognize a plurality of portable media issued to a user by a plurality of media issuing agencies, the media registration unit 120 ) Receives media identification information for identifying a portable medium owned by the user from the program 235 of the wireless terminal 200, and stores the received medium identification information in a designated storage medium 180 or the authentication information And stored in the storage medium 180. The medium identification information may be stored in the same storage medium 180 in the storage medium 180 storing the authentication information or may be stored in a separate storage medium 180.

According to the implementation method of the present invention, the medium identification information is a serial number printed on the surface of the portable medium owned by the user, and the portable medium is recognized through the medium recognition unit 220 provided in the wireless terminal 200. It may include at least one of the acquired recognition information.

Meanwhile, if the portable medium corresponding to the medium identification information includes a proximity wireless communication medium, the key information registration unit 125 is designated from the proximity wireless communication medium through the proximity wireless communication unit 210 of the wireless terminal 200 A key information set for acquiring recognition information is checked, and a procedure of processing the identified key information set to be stored in a designated security medium is performed. Here, the key information set is a set of key values corresponding to the key set stored in the PSAM of the payment terminal, and recognition information designated from the proximity wireless communication medium through the proximity wireless communication unit 210 of the wireless terminal 200 without PSAM It is a generic term for key values to obtain.

According to the implementation method of the present invention, the security medium is a Universal Subscriber Identify Module (USIM) mounted on or detached from the key management server 182 and the wireless terminal 200 provided on the network so as to correspond to the proximity wireless communication medium. ), an integrated circuit (IC) chip, at least one SE (Secure Element) of an external memory chip, a storage medium 180 for storing the authentication information, and a Trusted Service (TSM) on a network capable of communicating with the wireless terminal 200 Management), may include at least one.

According to the implementation method of the present invention, in the case of authenticating the wireless terminal 200 in a state in which a program 235 interfacing with a plurality of portable media is driven with a one-time code-based authentication medium, the key information registration unit 125 The key information set corresponding to the portable medium may be processed to be stored in a designated security medium, or a single integrated key information set for a plurality of portable media may be stored in a designated security medium. The registration process of the key information set may be performed through a separate key management server 182, in which case the key information registration unit 125 requests registration of the key information set through the key management server 182 Or, you can perform a procedure to receive the results.

Referring to Figure 1, the operation server 100 is configured through the program 235 of the wireless terminal 200 that recognizes the portable medium and transmitted according to a specified procedure M (M≥2) parameter information An information confirmation unit configured through the receiving information receiving unit 130 and the program 235 of the wireless terminal 200 that recognizes the portable medium and confirming M (M≥2) parameter information transmitted according to a specified procedure 140, and when the portable medium includes a proximity wireless communication medium, the program 235 of the wireless terminal 200 provides a set of key information for recognizing the portable medium of the wireless terminal 200. A key information providing unit 135 is provided to perform a process of processing to be provided to the program 235.

When the portable medium owned by the user includes a proximity wireless communication medium, the program 235 of the wireless terminal 200 is the proximity wireless communication through the proximity wireless communication unit 210 provided in the wireless terminal 200. The medium may be driven or activated (eg, displayed on the screen in a standby state in the background) by being interfaced through proximity wireless communication. Alternatively, when the portable medium is a proximity wireless communication medium or a code image medium, the program 235 may be driven or activated by a user's manipulation. The program 235 driven or activated in the wireless terminal 200 performs a procedure of authenticating the wireless terminal 200 in a state in which the program 235 interfacing with the portable medium is driven as a one-time code-based authentication medium. do.

On the other hand, when the portable medium owned by the user includes a proximity wireless communication medium and a security medium storing the key information set of the proximity wireless communication medium is provided on the network, the program 235 of the wireless terminal 200 Requests a set of key information for acquiring designated identification information from the proximity wireless communication medium, and the key information providing unit 135 transmits a program 235 of the wireless terminal 200 from a security medium on the network to the portable medium. A key information set for recognizing is checked, and a procedure of processing so that the identified key information set is provided to the program 235 of the wireless terminal 200 is performed. The provision of the key information set may be performed through a separate key management server 182 or TSM. To this end, the key information providing unit 135 may request the key management server 182 or the TSM to provide the key information set or perform a procedure of receiving the result.

The program 235 of the wireless terminal 200 is M number of programs according to a specified procedure to authenticate the wireless terminal 200 in a state in which the program 235 that recognizes the user's portable medium is operated as a one-time code-based authentication medium. Configure and transmit parameter information. The program 235 of the wireless terminal 200 may transmit M parameter information at one time, and may transmit information for a specified number of times according to a specified path. In this way, the procedure for configuring and transmitting the M number of parameter information is implemented by the function provided in the program 235, and the one-time code-based authentication of the present invention is used to determine the number of times to be transmitted using which path according to what procedure. Organizations involved in the treatment can be determined by mutual consultation.

The information receiving unit 130 receives M parameter information configured through a program 235 of the wireless terminal 200 that recognizes the portable medium and transmitted according to a specified procedure. The information checking unit 140 checks the M parameter information received through the information receiving unit 130, or checks the parameter information received by a separate server linked according to a procedure for transmitting the M parameter information. I can.

According to an embodiment of the present invention, the M parameter information is recognized from the portable medium to drive the program 235 (for example, a portable medium owned by a user is a proximity wireless communication medium, and the portable medium is When the program 235 is automatically driven by being interfaced to the medium recognition unit 220 of the wireless terminal 200, information recognized from the proximity wireless communication medium to drive the program 235), the portable medium Information on the recognized and driven program 235 (eg, version of the program 235, app identification value, app authentication value, etc.), information generated by the program 235 according to a specified procedure (eg, program ( 235) and the operation server 100 through a key value exchanged according to the key exchange procedure, hash information for the program 235, a code generation algorithm or a random number algorithm designated in the program 235 of the wireless terminal 200 Dynamically generated code values, etc.), information recognized by the program 235 from the portable medium (e.g., when the portable medium is a code image medium, a code image is photographed and read, and the bit string encoded in the code image is Recognized code values, address values, etc., code values read from the proximity wireless communication medium through proximity wireless communication from the proximity wireless communication medium in case the portable medium is a proximity wireless communication medium, serial number, card information, etc.), the program (235) Information that authenticates the information recognized from this portable medium (e.g., information that is decrypted when the information recognized from the portable medium is encrypted, information recognized from the portable medium, and the result of performing a designated operation, etc.) ), one or more of the information obtained by recognition of the program 235 from the portable medium (e.g., information provided to the program 235 from the server designated using the address value or code value recognized from the portable medium) It may include.

According to an embodiment of the present invention, the parameter information further includes PIN information registered by a user using the program 235 of the wireless terminal 200, or input information displayed on the user terminal 190 used by the user. At least one of information generated by the program 235 using information displayed on the user terminal 190 may be further included.

Referring to Figure 1, the operation server 100, through the storage medium 180, the authentication processing unit 145 that performs a process to process the validity of m (1≤m≤M) parameter information to be authenticated. And, when the validity of the m number of parameter information is authenticated, a code generation unit 150 that performs a process of dynamically generating a one-time code of a specified number of digits, and the generated one-time code of a specified number of digits to the wireless terminal It includes a code providing unit 155 that performs a process of processing to be provided to the program 235 of (200).

According to the implementation method of the present invention, some of the M parameter information received by the information receiving unit 130 or confirmed through the information checking unit 140 (e.g., m (1≦m<M) Parameter information) or the entire parameter information (eg, M parameter information) is information for authenticating the wireless terminal 200 in a state in which the program 235 that recognizes the user's portable medium is driven with a one-time code-based authentication medium Depending on the implementation method, some parameter information (e.g., m'(1≤m'<M) parameter information) or all parameter information (e.g., M parameter information) is a one-time code of a specified number of digits. It can be used as the seed value needed to generate.

The authentication processing unit 145 is in a state in which the program 235 that recognizes the user's portable medium among the M parameter information received by the information receiving unit 130 or verified through the information checking unit 140 is driven. By comparing and authenticating m (1 ≤ m ≤ M) parameter information designated as information for authenticating the wireless terminal 200 with a one-time code-based authentication medium and authentication information stored in the storage medium 180, or performing a specified verification operation By authenticating whether a predicted result is obtained, a procedure of authenticating the wireless terminal 200 in a state in which the program 235 that recognizes the user's portable medium is operated is authenticated as a one-time code-based authentication medium.

According to a deformable implementation method of the present invention, a predicted result is derived by comparing and authenticating part or all of the m parameter information and authentication information stored in part or all of the storage medium 180 or performing a designated verification operation. The authentication process may be processed through one or more authentication servers 184 provided with the storage medium 180, and in this case, the authentication processing unit 145 uses the authentication server 184 for the authentication. A process of providing parameter information and receiving an authentication result for the provided parameter information from the authentication server 184 may be performed. If the parameter information necessary for the authentication is directly provided from the program 235 of the wireless terminal 200 to the authentication server 184, the authentication processing unit 145 is configured to provide the parameter information from the authentication server 184. You can perform the procedure of receiving the authentication result for. For example, the authentication server 184 is a server of a communication company to which the wireless terminal 200 is subscribed, a server of a media issuing organization that issued a portable medium to the user, and an organization that produces or operates the program 235. It may include at least one of the servers.

According to a preferred implementation method of the present invention, the procedure for authenticating the wireless terminal 200 in a state in which the program 235 interfacing with the portable medium is driven with a one-time code-based authentication medium is based on multiple authentication of multiple parameters different from each other. To do. That is, the conventional authentication procedure is performed in the form of a single authentication including only user authentication. Although such single authentication can only authenticate the validity of the user, the program 235 that interfaces with the portable medium is running. It is difficult to authenticate the wireless terminal 200 with a one-time code-based authentication medium. In the authentication of the present invention, the user who owns the portable medium uses the program 235 provided in the wireless terminal 200 of the physical configuration he is using, and the program 235 is in effect and the interface with the portable medium. Only when it is authenticated, the wireless terminal 200 in the state in which the program 235 is driven can be authenticated with a one-time code-based authentication medium. For such authentication, the present invention preferably provides multiple authentication for a plurality of different parameters. Here, what parameter is used as the authentication value, “The user who owns the portable medium uses the program 235 provided in the wireless terminal 200 of the physical configuration that he or she is using, and the program 235 is A person skilled in the art can select and determine from among the above-described plurality of parameters within the category of establishing the condition of "authentication that the interface with the portable medium in a valid state" is established.

When the validity of the m parameter information is authenticated, the code generation unit 150 performs a process of dynamically generating a one-time code of a specified number of digits. Here, the one-time code of the designated number of digits is a generic term for a one-time code that is dynamically generated on the network and provided to the program 235 of the wireless terminal 200, and is preferably dynamically generated N (N≥2) digits of code, Alternatively, n (1≦n<N) codes among the N-digit codes may be included. If the designated number of single-use codes is n (1≤n<N) codes, (Nn) codes are generated through the processor of the portable medium, generated through the program 235, or the wireless terminal The program 235 of the wireless terminal 200 is generated through at least one of those generated by the processor of at least one SE of the USIM mounted or detached from or detached from the 200, an IC chip, and an external memory embedded chip. It can be output with n codes.

According to an embodiment of the present invention, the one-time code of the designated number of digits may be generated through the code generation unit 150. Alternatively, the one-time code of the designated number of digits may be dynamically generated through a separate code server 186 linked to the operation server 100, and for this purpose, the code generation unit 150 is used as the code server 186 You can request the generation of a code or perform a procedure of receiving a dynamically generated disposable code.

According to an embodiment of the present invention, in order to dynamically generate the one-time code of the specified number of digits, a specified code generation algorithm and K (K≥2) seed values are required, and preferably, the K seed values are at least one dynamic seed. It may include a value (eg, a time value, a random number value, etc.) and one or more fixed seed values. Some of the fixed seed values may be authentication information stored in the storage medium 180.

According to the first one-time code generation method of the present invention, the code generation unit 150 or the code server 186 is equipped with the code generation algorithm (eg, MD4, MD5, SHA, etc.), and a designated storage medium 180 ), after storing at least one fixed seed value among the K seed values in the designated storage medium 180, at least one dynamic seed value among the K seed values when the validity of the m parameter information is authenticated. It is possible to determine and check the stored fixed seed values, and apply the determined/confirmed K seed values to a designated code generation algorithm to dynamically generate a one-time code of a designated number of digits.

According to the second one-time code generation method of the present invention, the code generation unit 150 or the code server 186 is equipped with the code generation algorithm, and at least one of K seed values is fixed to the designated storage medium 180 After storing the seed value in the designated storage medium 180, m'(1≤m) to be used as a seed value for generating the one-time code among the M parameter information when the validity of the m parameter information is authenticated. '≤M) parameter information is checked, and the identified m'parameter information is included in K seed values and applied to a designated code generation algorithm to dynamically generate a one-time code of a designated number of digits.

According to the second one-time code generation method of the present invention, the code generation unit 150 or the code server 186 includes the code generation algorithm, and when the validity of the m parameter information is authenticated, the M Among the parameter information, m'(1≤m'≤M) parameter information to be used as a seed value for generating the one-time code is checked, and the identified m'seed values are designated using the K seed values. By applying it to the code generation algorithm, it is possible to dynamically generate a one-time code with a specified number of digits.

When the validity of the m parameter information is authenticated through the authentication processing unit 145 and a one-time code with a specified number of digits is dynamically generated through the code generation unit 150 or the code server 186, the code providing unit 155 ) Performs a procedure of processing the generated disposable code of the designated number of digits to be provided to the program 235 of the wireless terminal 200.

According to an implementation method of the present invention, the one-time code of the designated number of digits is encrypted and transmitted in a form that can be decrypted through the program 235 of the wireless terminal 200, and the program of the wireless terminal 200 ( 235) can be transformed into a form that can be restored and transmitted. For example, the code providing unit 155 may change the position of the disposable code in a form that can be restored through the program 235 of the wireless terminal 200, or change the disposable code to the wireless terminal 200. After being modified by substituting a function that can be restored through the program 235, the modified disposable code may be provided to the program 235 of the wireless terminal 200. Even if the one-time code modified as described above is exposed during the transmission/reception process, it cannot be restored unless it is the program 235, and even if it is restored after hard work, the life-time of the one-time code is already elapsed. .

Referring to Figure 1, the operation server 100, the code receiving unit 160 for receiving the one-time code transmitted through the user terminal 190, and after being provided to the program 235 of the wireless terminal 200, the A code verification unit 165 for checking the one-time use code transmitted through the user terminal 190, a code authentication unit 170 for processing the validity of the identified one-time code to be authenticated, and a program of the wireless terminal 200 (235) or a service providing unit 175 that provides a result of authenticating the validity of the disposable code to the user terminal 190.

The disposable code provided as the program 235 of the wireless terminal 200 may be displayed on the screen of the wireless terminal 200 on which the program 235 is displayed as generated through the program 235 of the wireless terminal 200 , The disposable code displayed through the program 235 of the wireless terminal 200 may be input and transmitted through the user terminal 190 used by the user, or transmitted by an induced user manipulation. For example, when the user terminal 190 is a separate terminal separated from the wireless terminal 200, the disposable code may be input and transmitted through the user terminal 190. If the user terminal 190 is the wireless terminal 200, the disposable code can be transmitted by a user operation (eg, clicking a confirmation button) induced by an interface displayed on the screen of the wireless terminal 200. have.

The code receiving unit 160 receives the one-time code transmitted through the user terminal 190 through the above procedure. The one-time code transmitted through the user terminal 190 may be directly received from the user terminal 190 or relayed through a designated relay server.

The code verification unit 165 uses the M parameter information received from the program 235 of the wireless terminal 200 and the authentication information stored in the storage medium 180 to use the program 235 of the wireless terminal 200. ), and then inputted through the user terminal 190 used by the user and transmitted to check the one-time code.

The code authentication unit 170 generates a comparison code by applying the same seed value to the same code generation algorithm as the method in which the code generation unit 150 generated the one-time code, and the comparison code and the received one-time code It is possible to verify the validity of the disposable code by comparing. Depending on the implementation method, after storing the one-time code provided to the program 235 of the wireless terminal 200, it is possible to verify the validity of the one-time code by comparing it with the received one-time code. Meanwhile, the validation of the one-time code may be performed through a designated code server 186, and for this purpose, the code authentication unit 170 requests the code server 186 to authenticate the validity of the one-time code, or You can perform the procedure of receiving.

According to the implementation method of the present invention, in order to establish a condition for media separation, the one-time code is dynamically generated through the code generation unit 150 and the validity of the one-time code can be authenticated through the code server 186. Or, conversely, the one-time code may be dynamically generated through the code server 186 and the validity of the one-time code may be authenticated through the code authentication unit 170.

The service provider 175 may provide a result of authenticating the validity of the one-time code to the program 235 of the wireless terminal 200 or the user terminal 190 as a result of an authentication service request using the one-time code. I can. Meanwhile, when a payment or financial transaction is requested using the one-time code, the service provider 175 processes the requested payment or financial transaction as a result of the authentication service request using the one-time code. After that, the result of performing the payment settlement or financial transaction procedure may be provided. The service providing unit 175 may be implemented on a server provided in a separate service providing institution that provides the service. In this case, the service providing unit 175 is a server provided in the service providing institution, and the disposable code You can perform a procedure to provide the result of verifying the validity of the product.

2 is a diagram showing a functional configuration of a wireless terminal 200 and a program 235 according to an embodiment of the present invention.

In more detail, this drawing 2 authenticates the wireless terminal 200 in a state of interface with a portable medium owned by a user with a one-time code-based authentication medium that receives and outputs a one-time code with a specified number of digits dynamically generated on the network. As showing the configuration of the program 235 and the wireless terminal 200 corresponding to the configuration of the program 235 that receives and outputs the dynamically generated one-time code of a specified number of digits, a person having ordinary knowledge in the technical field to which the present invention belongs If so, it will be possible to infer various implementation methods for the functions of the wireless terminal 200 by referring and/or modifying this Figure 2, but the present invention includes all the inferred implementation methods, and The technical features are not limited only by the illustrated implementation method. Preferably, the wireless terminal 200 of FIG. 2 may include at least one of various smart phones capable of wireless communication, various tablet PCs, various PDAs, and various mobile phones.

Referring to Fig. 2, the wireless terminal 200 includes a control unit 201, a memory unit 230, a screen output unit 202, a key input unit 203, a sound output unit 204, and a sound input unit 205. And a camera unit 215, a wireless network communication unit 208, a short-range wireless communication unit 207, a proximity wireless communication unit 210, a USIM reader unit 225, and a USIM, and a battery 206 for power supply do. Depending on the implementation method, a separate SE may be mounted or detached in addition to the USIM.

The control unit 201 is a generic term for a configuration that controls the operation of the wireless terminal 200, and includes at least one processor and an execution memory, and each component and a bus provided in the wireless terminal 200 ( BUS). According to the present invention, the control unit 201 loads at least one program code provided in the wireless terminal 200 into the execution memory through the processor and calculates, and calculates the result of at least one configuration through the bus. Transfer to the negative to control the operation of the wireless terminal 200. Hereinafter, for convenience, the configuration of the program 235 of the present invention implemented in the form of a program code will be illustrated and described in the control unit 201.

The memory unit 230 is a generic term for a nonvolatile memory corresponding to a storage resource of the wireless terminal 200, and includes at least one program code executed by the control unit 201 and at least one program code used by the program code. Save and maintain the dataset. The memory unit 230 basically includes a system program code and a system data set corresponding to the operating system of the wireless terminal 200, a communication program code and a communication data set for processing wireless communication connection of the wireless terminal 200, and at least One application program code and application data set are stored, and a program code and data set corresponding to the program 235 of the present invention are also stored in the memory unit 230.

The screen output unit 202 is composed of a screen output unit (eg, LCD (Liquid Crystal Display)) corresponding to the output resource of the wireless terminal 200 and a driving module that drives the screen output unit, and interlocks with the control unit 201 Thus, among the various calculation results of the control unit 201, the calculation result corresponding to the screen output is output to the screen output device.

The key input unit 203 includes one or more user input devices corresponding to the input resources of the wireless terminal 200 (eg, buttons, keypads, touch pads, and a touch screen interlocking with the screen output unit 202) and driving them. It is composed of a driving module, and is interlocked with the control unit 201 to input a command for commanding various operations of the control unit 201 or input data required for the operation of the control unit 201.

The sound output unit 204 is composed of a speaker corresponding to the output resource of the wireless terminal 200 and a driving module that drives it, and is interlocked with the control unit 201 to generate sound among various calculation results of the control unit 201. The calculation result corresponding to the output is output through the speaker. The driving module decodes sound data to be output through the speaker and converts it into a sound signal.

The sound input unit 205 includes a microphone corresponding to an input resource of the wireless terminal 200 and a driving module that drives the microphone, and transmits sound data input through the microphone to the control unit 201. The driving module encodes and encodes the sound signal input through the microphone.

The camera unit 215 is composed of an optical unit corresponding to the camera resource of the wireless terminal 200, a charge coupled device (CCD), and a driving module that drives the same, and in the form of a bitmap input to the CCD through the optical unit. Acquire image data or image data. The data acquired through the camera unit 215 may include image data in the form of a still image or video data in the form of a moving image.

According to an embodiment of the present invention, the proximity wireless communication unit 210 performs a function of the media recognition unit 220 for recognizing at least one code image medium among a card, a device, and a tag capable of printing or electronically outputting a code image. Perform.

The wireless network communication unit 208 and the short-range wireless communication unit 207 are generic terms of communication resources for connecting the wireless terminal 200 to a designated communication network. Preferably, the wireless terminal 200 may include a wireless network communication unit 208 as a basic communication resource, and may include one or more short-range wireless communication units 207.

The wireless network communication unit 208 is a generic term for communication resources for connecting the wireless terminal 200 to a wireless communication network via a base station, and an antenna for transmitting and receiving a radio frequency signal of a specific frequency band, an RF module, a baseband module, and a signal It is configured to include at least one processing module, and is connected to the control unit 201 to transmit an operation result corresponding to wireless communication among various calculation results of the control unit 201 through a wireless communication network or receive data through a wireless communication network. Then, the transmission is transmitted to the control unit 201, and procedures of access, registration, communication, and handoff of the wireless communication are performed. According to the present invention, the wireless network communication unit 208 may connect the wireless terminal 200 to a telephone communication network including a communication channel and a data channel through an exchange, and in some cases, packets without going through the exchange It is possible to connect to a data network that provides communication-based wireless network data communication (eg, the Internet).

According to the method of the present invention, the wireless network communication unit 208 performs at least one of access to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to CDMA/WCDMA/LTE standards. Includes composition. Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 208 may further include a portable Internet communication configuration that performs at least one access to the mobile Internet, location registration, data communication, and handoff according to the IEEE 802.16 related standard. It should be clear that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 208. That is, the wireless network communication unit 208 is a generic term for a configuration unit that connects to a wireless communication network through a cell-based base station regardless of the frequency band of the radio section or the type or protocol of the communication network.

The short-range wireless communication unit 207 is a generic term for communication resources for connecting a communication session using a radio frequency signal as a communication medium within a certain distance (e.g., 10m) and connecting the wireless terminal 200 to a communication network. , Preferably, the wireless terminal 200 may be connected to a communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to an exemplary method of the present invention, the short-range wireless communication unit 207 may be implemented in a form integrated or separated from the wireless network communication unit 208. According to the present invention, the short-range wireless communication unit 207 connects the wireless terminal 200 to a data network providing packet communication-based short-range wireless data communication through a wireless AP.

The proximity wireless communication unit 210 uses a radio frequency signal as a communication medium at a close distance (eg, within 10 cm) to process one or more proximity wireless communication among two-way proximity wireless communication, full-duplex proximity wireless communication, and half-duplex proximity wireless communication. As a generic term for resources, proximity wireless communication can be preferably processed according to the NFC (Near Field Communication) standard of the 13.56Mz frequency band. Alternatively, the proximity wireless communication unit 210 may process proximity wireless communication according to the ISO 18000 series standard, and in this case, may process proximity wireless communication for a frequency band other than the 13.56Mz frequency band. For example, the proximity wireless communication unit 210 may operate in a reader mode, a tag mode, or a two-way communication mode. Meanwhile, the proximity wireless communication unit 210 may be included in a communication resource for connecting the wireless terminal 200 to a communication network according to an object to be communicated in proximity.

According to the implementation method of the present invention, the proximity wireless communication unit 210 functions of the medium recognition unit 220 to recognize at least one proximity wireless communication medium of a contactless IC card, an RF card, an RF device, and RFID owned by the user. Perform.

The USIM reader unit 225 is a generic term for exchanging at least one data set with a Universal Subscriber Identity Module mounted or detached from the wireless terminal 200 based on ISO/IEC 7816 standards. As a result, the data set is exchanged in a half-duplex communication method through an application protocol data unit (APDU).

The USIM is a SIM type card equipped with an IC chip according to the ISO/IEC 7816 standard, an input/output interface including at least one contact point connected to the USIM reader unit 225, and at least one IC chip program code And an IC chip memory for storing a data set and an IC chip memory connected to the input/output interface to calculate the program code for the IC chip or extract (or process) the data set according to at least one command transmitted from the wireless terminal 200 It includes a processor that transmits to the input/output interface.

According to a modified implementation method of the present invention, a program code for dynamically generating (Nn) codes among N-digit disposable codes is in the memory area of the SE mounted or detached from the wireless terminal 200 including the USIM. The program code may be provided, and the (Nn) codes may be dynamically generated through the processor of the SE.

The program 235 of the present invention is downloaded from a program providing server (eg, Apple's App Store, etc.) through a data network to which the communication resource is accessible and stored in the memory unit 230. The downloaded program 235 operates in conjunction with the operation server 100 and may be manually driven by a user, or automatically driven (or activated) after user confirmation by receiving a message. Meanwhile, a separate program 235 may be running in advance to automatically drive the program 235 after user confirmation or automatically, and the present invention is not limited thereby.

Referring to Fig. 2, the program 235 of the wireless terminal 200 connects to the operation server 100 through a data network to which the communication resource is accessible and joins the user as a member or A member registration/authentication unit 240 to be authenticated, and a program authentication unit 245 for authenticating the validity of the program 235 through at least one communication network accessible through the communication resource.

The program 235 includes communication connection macro information for accessing the operation server 100 through a data network to which the communication resource is accessible, and the member registration/authentication unit 240 is the screen output unit 202 User information (e.g., name, resident registration number, etc.) and an interface for inputting a member account are output through the data network, and user information input through the interface to the operation server 100 and The user is registered as a member by sending a member account.

Meanwhile, the user's membership subscription may be subscribed through a separate user terminal 190 in addition to the wireless terminal 200. Therefore, when the user is already registered as a member or has been registered as a member through the user terminal 190, the member registration/authentication unit 240 outputs an interface for inputting a member account of the user, and A member account input through the interface is transmitted to the operation server 100 through a data network to authenticate whether the user is a member.

The program authentication unit 245 authenticates the validity of the program 235 to the operation server 100 through at least one of a data network and a telephone communication network to which the communication resource is accessible. According to the implementation method of the present invention, the process of authenticating the validity of the program 235 is an encryption/decryption communication process agreed in advance between the program 235 and the operation server 100, and for convenience, the encryption/decryption Detailed description of the process will be omitted.

According to the first program authentication method of the present invention, the program 235 provides the program providing server in a state in which a unique key value (= unique information) that can identify that the program is operated by the operation server 100 is set. It is downloaded through, and in this case, the program authentication unit 245 transmits the unique key value to the operation server 100, or to the operation server 100 and a designated key exchange protocol based on the unique key value. By going through the following key exchange procedure, it is possible to certify that the program 235 is a program operated by the operation server 100. Meanwhile, the program authentication unit 245 stores at least one unique key value stored in the memory unit 230 or SE of the wireless terminal 200 or allocated to a communication network in the process of transmitting the unique key value to the operation server 100. By transmitting information together with the unique key value, it is possible to simultaneously authenticate that the program 235 is a program operated by the operation server 100 and that the program 235 is running in the wireless terminal 200. I can.

According to the second program authentication method of the present invention, after the program 235 is downloaded through the program providing server, an app identification value that uniquely identifies the program 235 on the data network according to a specified procedure (eg, Apple A device token, etc. allocated by APNS of) may be allocated, and in this case, the program authentication unit 245 transmits the app identification value (= unique information) to the operation server 100, so that the program ( 235) can be authenticated as a program operated by the operation server 100. Meanwhile, in the process of transmitting the app identification value to the operation server 100, the program authentication unit 245 stores at least one unique device stored in the memory unit 230 or SE of the wireless terminal 200 or allocated to a communication network. By transmitting information together with the app identification value, it is possible to simultaneously authenticate that the program 235 is a program operated by the operation server 100 and that the program 235 is running in the wireless terminal 200. I can.

According to the third program authentication method of the present invention, the program 235 hashes at least one file corresponding to the program 235 according to a specified hash algorithm to construct hash information, and the hash information By transmitting to 100, it is possible to certify that the program 235 is a valid program operated by the operation server 100. Meanwhile, the program authentication unit 245 may configure the hash information by further using a key value determined internally in the process of configuring the hash information or exchanged with the operation server 100. In addition, the program authentication unit 245 is stored in the memory unit 230 or SE of the wireless terminal 200 in the process of transmitting the hash information to the operation server 100, or at least one unique information allocated to a communication network. By transmitting together with the hash information, it is possible to simultaneously authenticate that the program 235 is a program operated by the operation server 100 and that the program 235 is running in the wireless terminal 200. .

According to the fourth program authentication method of the present invention, in the program 235, at least one key value, a key exchange protocol, and an encryption/decryption rule are set, and an authentication procedure for authenticating the program 235 is defined using this. The certificate can be downloaded through the program providing server in a loaded state. In this case, the program authentication unit 245 includes at least one key value and a key exchange protocol set in the certificate according to the authentication procedure defined in the certificate. And it is possible to authenticate that the program 235 is a program operated by the operation server 100 by selectively using an encryption/decryption rule. Meanwhile, the program authentication unit 245 further uses at least one unique information stored in the memory unit 230 of the wireless terminal 200 or the SE or allocated to the communication network in the authentication process in the process of using the certificate, It is possible to simultaneously authenticate that the program 235 is a program operated by the operation server 100 and that the program 235 is running in the wireless terminal 200.

According to the fifth program authentication method of the present invention, when the wireless terminal 200 receives the authentication number sent from the operation server 100 through the message exchange protocol of the telephone communication network, the received authentication number is By receiving input and transmitting it to the operation server 100 through the data network, it is possible to authenticate that the program 235 is a program operated by the operation server 100. Meanwhile, the program authentication unit 245 stores at least one unique information stored in the memory unit 230 or SE of the wireless terminal 200 or allocated to a communication network in the process of transmitting the authentication number to the operation server 100 By transmitting together with the authentication number, it is possible to simultaneously authenticate that the program 235 is a program operated by the operation server 100 and that the program 235 is running in the wireless terminal 200. .

According to the sixth program authentication method of the present invention, the program authentication unit 245 from the operation server 100 through an authentication method that selectively combines one or more of the first to fourth program authentication methods ( 235), and the present invention is not limited thereto.

During the process of performing the first to sixth program authentication methods, the operation server 100 is a designated dynamically generated network through the program 235 of the wireless terminal 200 that recognizes the portable medium owned by the user. A procedure of storing authentication information for processing to receive and output a one-time code of digits in the designated storage medium 180 may be performed.

Referring to Figure 2, the program 235 of the wireless terminal 200 is an authentication for authenticating the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is driven with a one-time code-based authentication medium. It includes an information registration unit 250 that performs a procedure of registering information in a designated storage medium 180.

Meanwhile, in the process of performing the first to sixth program authentication methods, all authentication information necessary for authenticating the wireless terminal 200 in a state in which the program 235 to interface with the portable medium is driven with a one-time code-based authentication medium When not stored in the designated storage medium 180, the information registration unit 250 is the portable medium when the portable medium owned by the user is recognized through the medium recognition unit 220 provided in the wireless terminal 200. A procedure of registering authentication information for authenticating the wireless terminal 200 in a state in which the program 235 interfacing with the driver is operated with a one-time code-based authentication medium is registered in the designated storage medium 180.

According to the implementation method of the present invention, the authentication information is information identifying a communication means of the wireless terminal 200, and the wireless terminal 200 equipped with the program 235 has a valid physical component. Information for recognition and authentication, information for checking and authenticating the program 235 provided in the wireless terminal 200, information for verifying whether the program 235 provided in the wireless terminal 200 is forged or altered, the wireless terminal One or more of the information for authenticating a user using the program 235 provided in 200 and information for authenticating the portable medium may be included, and the information registration unit 250 configures or inputs the authentication information. An interface for receiving is displayed, and authentication information configured or input according to the interface is transmitted to the operation server 100 according to a specified procedure.

Referring to FIG. 2, the program 235 of the wireless terminal 200 includes a medium registration unit 120 that performs a procedure of registering media identification information identifying a portable medium owned by the user in a designated storage medium 180. ), and when the portable medium includes a proximity wireless communication medium and a security medium storing a set of key information of the proximity wireless communication medium is an SE mounted or detached from the wireless terminal 200, the proximity A key information storage unit 260 performs a procedure of storing a set of key information for acquiring designated identification information from a wireless communication medium in an SE mounted or detached from the wireless terminal 200.

The media registration unit 120 displays an interface for receiving media identification information identifying a portable medium owned by the user, and transmits the media identification information input through the interface to the operation server 100 according to a specified procedure. do. Meanwhile, when the medium identification information includes recognition information to be recognized from the portable medium owned by the user, the medium registration unit 120 recognizes and recognizes the portable medium owned by the user through the medium recognition unit 220 Information may be obtained, and the acquired recognition information may be transmitted to the operation server 100 according to a specified procedure.

Meanwhile, when the portable medium includes a proximity wireless communication medium and a security medium storing a set of key information of the proximity wireless communication medium is an SE mounted or detached from the wireless terminal 200, the key information storage unit ( 260) receives a set of key information for acquiring designated recognition information from the proximity wireless communication medium from the operation server 100, and mounts or detaches the received key information set to the wireless terminal 200 Perform the procedure to store in. The procedure of storing the key information set in the SE may be performed according to an OTA procedure.

Referring to Fig. 2, the program 235 of the wireless terminal 200 recognizes a portable medium owned by a user through a medium recognition unit 220 provided in the wireless terminal 200 to obtain designated recognition information. The information acquisition unit 265 is provided.

When the wireless terminal 200 in which the program 235 that interfaces with the portable medium is driven is used as a one-time code-based authentication medium, the user makes the medium recognition unit 220 recognize the portable medium owned by the user. If the portable medium includes a proximity wireless communication medium, the program 235 may be driven or activated by a user bringing the proximity wireless communication medium close to the communication range of the proximity wireless communication unit 210. Meanwhile, the program 235 may be driven or activated by the user's manipulation.

When the portable medium is interfaced with the wireless terminal 200, the information acquisition unit 265 recognizes and designates a portable medium owned by the user through the medium recognition unit 220 provided in the wireless terminal 200. Acquire recognition information.

If the portable medium is a code image medium, the information acquisition unit 265 captures and reads a code image printed or electronically outputted on the code image medium through the camera unit 215 and encoded in the code image. The bit stream may be extracted, and the extracted bit stream may be analyzed according to a designated encoding rule to obtain recognition information including at least one or a combination of a code value of a designated code system or an address value of a designated server.

Meanwhile, if the portable medium is a proximity wireless communication medium, the information acquisition unit 265 uses a key for recognizing identification information designated from the proximity wireless communication medium through a security medium storing a set of key information on the proximity wireless communication medium. The information set is checked, and identification information designated from the proximity wireless communication medium is read through the checked key information set. If the read recognition information is encrypted, the information acquisition unit 265 may decrypt the encrypted recognition information using a key value included in the key information set. Preferably, the identification information recognized from the proximity wireless communication medium may include at least one of a serial number, a unique code, and card information.

Referring to Figure 2, the program 235 of the wireless terminal 200, when the portable medium is recognized through the medium recognition unit 220 provided in the wireless terminal 200, the program 235 An information configuration unit 270 configuring M parameter information for authenticating the wireless terminal 200 with an authentication medium that receives and outputs a one-time code of a specified number of digits dynamically generated on the network, and the configured M parameter information It includes an information transmission unit 275 for transmitting to the server.

When the portable medium is recognized through the medium recognition unit 220 provided in the wireless terminal 200, the information configuration unit 270 provides the program 235 to dynamically generate the wireless terminal 200 on the network. Configure M parameter information for authentication with an authentication medium that receives and outputs a one-time code of a specified number of digits. The M parameter information is recognized from the portable medium to drive the program 235, information on the program 235 driven when the portable medium is recognized, and the program 235 is generated according to a specified procedure. Among the information, information recognized by the program 235 from the portable medium, information obtained by authenticating the information recognized by the program 235 from the portable medium, and information acquired by the program 235 recognized from the portable medium, It may contain more than one piece of information. Preferably, the M number of parameter information may further include unique information uniquely stored in the memory unit 230 of the wireless terminal 200 or SE, or may include hash information obtained by hashing a file corresponding to the program 235. I can. The M parameter information may further include PIN information registered by a user who uses the program 235 of the wireless terminal 200. The M parameter information may include at least one of information inputting information displayed on the user terminal 190 used by the user, and information generated by the program 235 using information displayed on the user terminal 190. I can.

The information transmission unit 275 transmits M parameter information configured through the information configuration unit 270 to the operation server 100 according to a specified number of times through at least one path specified according to a specified procedure. The operation server 100 performs a procedure of authenticating the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is driven through the M parameter information as a one-time code-based authentication medium.

Referring to Fig. 2, the program 235 of the wireless terminal 200 includes a code receiving unit 280 for receiving a one-time code of a designated number of digits dynamically generated on the network based on the result of authenticating the validity of the parameter information, and And a code output unit 285 for outputting the received one-time code of the designated number of digits, and a procedure for dynamically generating (Nn) codes when the received one-time code is n codes of N-digit number of codes. A code generation unit 290 may be provided to perform, and a code transmission unit 295 for transmitting the output one-time code to a designated server according to an implementation method may be provided.

When the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is driven is authenticated as a one-time code-based authentication medium, the operation server 100 dynamically generates and transmits a one-time code of a specified number of digits. The code receiving unit 280 receives a one-time code with a specified number of digits dynamically generated on the network based on a result of verifying the validity of the parameter information. If the one-time code is encrypted, the code receiving unit 280 may perform a procedure of decrypting the encrypted one-time code. Alternatively, when the one-time code is transformed into a restorable structure, the code receiving unit 280 may perform a procedure of restoring the transformed one-time code.

The code output unit 285 outputs the one-time code received through the code receiving unit 280 through the screen output unit 202. Preferably, the output one-time code is input through the user terminal 190 used by the user and transmitted to the operation server 100. Meanwhile, when the received one-time code is n codes among N-digit one-time codes, the code generation unit 290 may perform a procedure of generating (Nn) codes, and in this case, the code output unit 285 ) May output an N-digit one-time code by combining n codes received through the code receiving unit 280 and (Nn) codes generated through the code generation unit 290.

For example, when the portable medium is provided with a processor as a short-range wireless communication medium, the code generation unit 290 requests (Nn) codes as a short-range wireless communication medium, and is dynamically configured through the processor of the short-range wireless communication medium. Generated (Nn) codes can be received. The code generation unit 290 determines one or more seed values required to generate the (Nn) codes in the process of requesting (Nn) codes from the short-range wireless communication medium (eg, time value confirmation) or Check (e.g., check information to be used as seed values among values stored in the memory unit 230 or SE, check the seed values received to generate (Nn) codes from the operation server 100, and check the n codes. Seed) to provide the short-range wireless communication medium. Alternatively, the code generation unit 290 may generate (Nn) codes by applying one or more seed values specified to a specified code generation algorithm. Alternatively, when a processor is provided in the SE mounted or detached from the wireless terminal 200, the code generating unit 290 requests (Nn) codes from the SE, and dynamically generated ( Nn) codes can be received. In the process of requesting (Nn) codes from the SE, the code generation unit 290 may determine or verify one or more seed values required to generate the (Nn) codes and provide the SE to the SE.

If the user terminal 190 using the one-time code-based service is the wireless terminal 200 equipped with the program 235, the code transmission unit 295 transfers the output one-time code to the operation server 100. Can be transmitted. The operation server 100 performs a procedure of authenticating the received one-time code.

FIG. 3 is a diagram illustrating an information registration process for authenticating a wireless terminal 200 in a state in which a program 235 that interfaces with a portable medium is driven according to an exemplary method of the present invention with a disposable code-based authentication medium.

In more detail, FIG. 3 shows a process of signing up a user as a member to authenticate the wireless terminal 200 in a state in which the program 235 that interfaces with the user's portable medium is operated with a one-time code-based authentication medium. It shows the process of authenticating the validity of the program 235 mounted on 200, the process of registering one or more authentication information, and the process of registering a portable medium owned by a user, and is common in the technical field to which the present invention belongs. Those of skill in the art will be able to infer various implementation methods for the information registration process (e.g., implementation methods in which some steps are omitted or the order is changed) by referring and/or modifying this Figure 3, but the present invention Is made including all of the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 3.

Referring to Figure 3, when the program 235 is downloaded to the user's wireless terminal 200, installed and driven (300), the program 235 of the wireless terminal 200 is the program through the operating server 100 The procedure of registering the user of (235) as a member is performed (305).

The operation server 100 performs a procedure for authenticating the validity of the program 235 of the wireless terminal 200 in conjunction with the program 235 of the wireless terminal 200 (310). If the validity of the program 235 is not authenticated, the operation server 100 outputs a program 235 validity authentication error to the program 235 of the wireless terminal 200 (315).

On the other hand, when the validity of the program 235 of the wireless terminal 200 is authenticated, the operation server 100 provides the wireless terminal 200 in a state in which the program 235 to interface with the user's portable medium is operated. Performs a procedure of registering authentication information for authentication with a base authentication medium and storing it in a designated storage medium 180 (320), and the program 235 of the wireless terminal 200 performs a procedure of registering the authentication information. Do (320). Meanwhile, some of the authentication information may be provided from a separate server (eg, a server of a media issuing organization) other than the program 235 of the wireless terminal 200, and the present invention is not limited thereto.

When the registration procedure of the authentication information is performed, the operation server 100 is a portable medium for using the wireless terminal 200 in a state in which the program 235 to interface with the user's portable medium is operated as a one-time code-based authentication medium Performs a procedure of registering the media identification information in the designated storage medium 180 (325), and the program 235 of the wireless terminal 200 performs a procedure of registering the portable medium (325).

If the registered portable medium is a proximity wireless communication medium, the operation server 100 checks a key information set for recognizing identification information from the proximity wireless communication medium and performs a procedure of registering it in a designated security medium (330 ), the security medium receives and stores a key information set corresponding to the proximity wireless communication medium (335).

4 is a diagram illustrating a process of recognizing a proximity wireless communication medium according to an exemplary embodiment of the present invention.

In more detail, FIG. 4 shows the user in the program 235 of the wireless terminal 200 in order to authenticate the wireless terminal 200 in a state in which the program 235 that interfaces with the proximity wireless communication medium is operated as a one-time code-based authentication medium. It shows the process of recognizing the proximity wireless communication medium of, and for those of ordinary skill in the art to which the present invention belongs, the process of recognizing the proximity wireless communication medium by referring and/or modifying this Figure 4 is shown. Various implementation methods (e.g., implementation methods in which some steps are omitted or the order is changed) may be inferred, but the present invention includes all of the inferred implementation methods, and only the implementation methods shown in FIG. The technical features are not limited.

Referring to FIG. 4, a program 235 included in the user's wireless terminal 200 is driven or activated as a proximity wireless communication medium is recognized (400), and the wireless terminal 200 is interlocked with the operation server 100. ) Performs a procedure for verifying the validity of the program 235 (405). If the validity of the program 235 is not authenticated, the operation server 100 outputs a program 235 validity authentication error to the program 235 of the wireless terminal 200 (410).

On the other hand, if the validity of the program 235 of the wireless terminal 200 is authenticated, the program 235 of the wireless terminal 200 checks the key information set from the designated security medium (415), and then retrieves the key information set. In order to authenticate the wireless terminal 200 in a state in which the program 235 is driven from the proximity wireless communication medium using a one-time code-based authentication medium, designated identification information is read (420).

5 is a diagram illustrating a process of recognizing a code image medium according to another exemplary embodiment of the present invention.

In more detail, FIG. 5 shows the user's program 235 of the wireless terminal 200 in order to authenticate the wireless terminal 200 in a state in which the program 235 that interfaces with the code image medium is driven as a one-time code-based authentication medium. It shows the process of recognizing the code image medium, and for those of ordinary skill in the art to which the present invention belongs, various implementation methods for the process of recognizing the code image medium by referring to and/or modifying this Figure 5 (E.g., some steps are omitted or the order of implementation is changed), but the present invention includes all of the above inferred implementation methods, and the technical features of the implementation method shown in FIG. This is not limited.

Referring to Figure 5, when the program 235 provided in the user's wireless terminal 200 is driven or activated (500), the program 235 of the wireless terminal 200 is linked with the operation server 100 A procedure for authenticating the validity of the program 235 of the wireless terminal 200 is performed (505). If the validity of the program 235 is not authenticated, the operation server 100 outputs a program 235 validity authentication error to the program 235 of the wireless terminal 200 (510).

On the other hand, when the validity of the program 235 of the wireless terminal 200 is authenticated, the program 235 of the wireless terminal 200 acquires the right to use the camera unit 215 of the wireless terminal 200 In step 515, it is checked whether the code image of the code image medium owned by the user is captured through the camera unit 215 based on the acquired use right (520). If the user's code image medium is photographed, the program 235 of the wireless terminal 200 interprets the code image to obtain recognition information encoded in the code image (525).

6 is a one-time code-based authentication medium that authenticates the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is operated according to the implementation method of the present invention, and wirelessly transmits a one-time code of a specified number of digits dynamically generated on the network. A diagram showing a process of providing and outputting the program 235 of the terminal 200.

In more detail, in FIG. 6, when designated recognition information is recognized from the user's portable medium through the process shown in FIG. 4 or 5, M parameter information including the recognition information is transmitted according to a designated procedure, A designated number of digits dynamically generated on the network when the wireless terminal 200 in which the program 235 that interfaces with the portable medium is driven is authenticated as a one-time code-based authentication medium through designated m parameter information among the M parameter information It shows a process of providing and outputting the disposable code of the wireless terminal 200 to the program 235 of the wireless terminal 200, and those of ordinary skill in the technical field to which the present invention belongs, refer to and/or modify this Figure 6 Various implementation methods for the process of authenticating the wireless terminal 200 on which the program 235 is driven with a one-time code-based authentication medium and outputting a one-time code dynamically generated on the network (e.g., some steps are omitted, or The modified implementation method) may be inferred, but the present invention includes all the inferred implementation methods, and the technical features are not limited only by the implementation method shown in FIG. 6.

Referring to FIG. 6, when designated recognition information from the user's portable medium is recognized through the process shown in FIG. 4 or 5, the program 235 of the wireless terminal 200 is recognized from the user's portable medium. M pieces of parameter information including information are configured (600) and transmitted to the operation server 100 according to a specified procedure (605).

The operation server 100 receives or checks the M parameter information transmitted from the program 235 of the wireless terminal 200 according to the specified procedure (610), and the M parameters through the designated storage medium 180 Among the information, in order to authenticate the wireless terminal 200 in a state in which the program 235 that interfaces with the portable medium is driven as a one-time code-based authentication medium, a procedure for authenticating the validity of m parameter information designated is performed (615).

If the designated m parameter information is not authenticated, the operation server 100 outputs a parameter information authentication error to the program 235 of the wireless terminal 200 (620). On the other hand, when the designated m parameter information is authenticated, the operation server 100 performs a procedure of dynamically generating a one-time code of a designated number of digits based on the authentication result for the m parameter information (625). The one-time code of the designated number of digits may be dynamically generated by including at least one designated parameter among the M parameters in a seed value.

If the one-time code of the specified number of digits is generated, the operation server 100 provides the dynamically generated one-time code of the specified number of digits to the program 235 of the wireless terminal 200 (630), and the wireless terminal ( The program 235 of 200) receives a one-time code with a specified number of digits dynamically generated on the network as described above (635), and outputs an N-digit one-time code for authentication of the one-time code (640). If the received one-time code of the designated number of digits is an N-digit one-time code, the program 235 of the wireless terminal 200 may output the received one-time code as it is. Meanwhile, if the received one-time code of the designated number of digits is a one-time code of n digits, the program 235 of the wireless terminal 200 performs a procedure of generating (Nn) codes, and the received n codes and the A one-time code of N digits can be output by combining the generated (Nn) codes.

Figure 7 is a diagram showing the authentication process of the disposable code according to the implementation method of the present invention.

In more detail, FIG. 7 shows a process of authenticating the disposable code provided and output to the program 235 of the wireless terminal 200 through the process shown in FIG. 6, and is generally used in the technical field to which the present invention belongs. If you have knowledge of, you will be able to infer various implementation methods for the authentication process of the disposable code (for example, some steps are omitted or the order is changed) by referring and/or modifying this figure 7 , The present invention includes all the inferred implementation methods, and the technical features are not limited only by the implementation method illustrated in FIG. 7.

Referring to FIG. 7, after the one-time code dynamically generated on the network through the process shown in FIG. 6 is provided and outputted to the program 235 of the wireless terminal 200, the user terminal 190 used by the user is After receiving or checking the one-time code output through the program 235 of the wireless terminal 200 certified as a one-time code-based authentication medium (700), the input or confirmed one-time code to the operation server 100 according to a specified procedure Is transmitted (705).

The operation server 100 receives or checks the one-time code transmitted from the user terminal 190 according to a specified procedure (710), is provided to the program 235 of the wireless terminal 200, and then the user terminal ( 190), the authentication procedure for the one-time code received/confirmed is performed (715). If the validity of the one-time code is not authenticated, the operation server 100 outputs a validity authentication error of the one-time code to the program 235 of the wireless terminal 200 (720). On the other hand, if the validity of the one-time code is authenticated, the operation server 100 transmits a result of authenticating the validity of the one-time code to the program 235 of the wireless terminal 200 (725), or After providing a service corresponding to the result of authenticating the validity, the result is transmitted (725), and the program 235 of the wireless terminal 200 is the result of authenticating the validity of the one-time code or the result of improving the service. Receives and outputs (730).

100: operation server 105: member registration/authentication unit
110: program authentication unit 115: information storage unit
120: media register 125: key information register
130: information receiving unit 135: key information providing unit
140: information verification unit 145: authentication processing unit
150: code generation unit 155: code providing unit
160: code receiving unit 165: code checking unit
170: code authentication unit 175: service provider
180: storage medium 200: wireless terminal
210: proximity wireless communication unit 215: camera unit
220: medium recognition unit 235: program

Claims (24)

In a method executed through a server capable of communicating with a wireless terminal having a program that interfaces with a portable medium owned by a user,
The server is a program of the wireless terminal that recognizes a designated portable medium among the user-owned portable media separated from the user-owned wireless terminal and the medium, and provides a one-time code of a designated number of digits dynamically generated through the server or a designated code server. A first step of processing the authentication information for an authentication procedure to be stored in a designated storage medium;
When the program of the wireless terminal recognizes the user's designated portable medium separated from the wireless terminal and the medium, the server is configured through a program of the wireless terminal that recognized the portable medium and transmitted according to a specified procedure. 2) a second step of confirming information on the parameters;
A third step of processing the server to authenticate validity of m (1≤m≤M) parameter information designated through authentication information stored in the storage medium; And
When the validity of the m parameter information is authenticated, the server dynamically generates a one-time code of a specified number of digits through the server or checks a one-time code of a specified number of digits dynamically generated through a specified code server to program the wireless terminal. A fourth step of processing to be provided as; includes,
The one-time code is dynamically generated through a server separated from the wireless terminal and the medium or a separate code server, and can be used for an authentication procedure through a program of the wireless terminal. How to provide a disposable cord.
The method of claim 1, wherein the portable medium,
A code image medium recognizable through a camera unit provided in the wireless terminal,
Media separation base using a user's portable medium, characterized in that it comprises a medium combining at least one or two or more of the proximity wireless communication media recognizable by transmitting and receiving radio frequency signals through the proximity wireless communication unit provided in the wireless terminal Server type one-time code provision method.
The method of claim 1, wherein the authentication information,
Information identifying the communication means of the wireless terminal,
Information for authenticating whether the wireless terminal equipped with the program is a device with a valid physical component,
Information for verifying and authenticating programs provided in the wireless terminal,
Information for verifying whether the program provided in the wireless terminal is forged or altered,
Information for authenticating a user who uses a program provided in the wireless terminal,
A method for providing a server-type disposable code based on media separation using a user's portable medium, characterized in that comprising one or more pieces of information among the information for authenticating the portable medium.
delete The method of claim 1,
The server further comprises the step of processing media identification information that identifies the portable medium owned by the user to be registered and stored in a designated storage medium. Delivery method.
delete delete delete delete delete The method of claim 1,
The server further comprises the step of confirming whether a program for recognizing the portable medium is mounted on the user's wireless terminal by performing a designated communication procedure with the program of the wireless terminal. Method of providing server-type disposable code based on media separation.
delete The method of claim 1, wherein the third step,
Media separation base using a user's portable medium, characterized in that when the m parameter information is authenticated, a wireless terminal in a state in which a program for recognizing the portable medium is operated is identified as a one-time code medium that outputs the one-time code. Server type one-time code provision method.
delete delete delete delete delete delete delete delete The method of claim 1,
The server is provided as a program of the wireless terminal and a fifth step of checking the one-time code transmitted through the user terminal used by the user;
A sixth step of processing, at the server, the validity of the identified disposable code is authenticated; And
The server further comprises a seventh step of providing a result of authenticating the validity of the disposable code to the program of the wireless terminal or the user terminal; server-type disposable based on media separation using a user's portable medium, characterized in that it further comprises How to provide code.

delete delete

Images