KR20170064508A - Method for Providing Transaction by Mutual Consent of Certification Value - Google Patents

Abstract

According to the method of providing a transaction through the authentication value agreement of the present invention, a communication is established between the issuer server that has interworked with the smartphone of the user via the data network and issued the transaction means to the smartphone, And a relay server connected to the smartphone and a separate device for communicating with the smartphone via a telephone network, the method comprising the steps of: when a program assigned to the smart phone is installed, A value for generating an authentication value in a program of the smartphone through an information exchange procedure of receiving the user identification value for identifying the user and providing the user identification value to the issuer server, A device that identifies the device that executed the program while relaying to agree The relay server transmits the identification information to the issuer server, and when the relay server performs the information exchange procedure of multiplexing the data network and the telephone network, the relay server transmits the program of the smartphone corresponding to the device identification value Communicates with the issuer server, identifies a transaction means identification value for identifying the transaction means to be used in the transaction among the transaction means issued by the issuer to the user corresponding to the user identification value, and provides the identification information to the issuer server, An authentication value generated through an information exchange procedure of using at least one of the device identification value and the user identification value and the information exchange procedure of multiplying the data network and the telephone network in the program of the smartphone via the data network And provides the issuer server with the transaction means identification value, And a user identification value, and stored in a storage medium of the issuer server. When the issuer server confirms the agreement value with the program of the smartphone through the received value and authenticates the validity of the authentication value, The server performs a process of processing the transaction through the transaction means corresponding to the transaction means identification value that is matched with the received identification value.

Description

A method for providing a transaction through agreement of an authentication value {Method for Providing Transaction by Mutual Consent of Certification Value}

The present invention relates to a system and method for transmitting and receiving data between a smartphone and an issuer server that interacts with a smartphone of a user via a data network, The method comprising: receiving, by a relay server, a user identification value that identifies the user from a program of the smart phone through a data network, when the program designated in the smart phone is installed; And a device for executing the program is identified by relaying a value for generating an authentication value in a program of the smartphone to agree with the issuer server through an information exchange procedure of using the data network and the telephone network And provides it to the issuer server, Wherein the relay server communicates with the program of the smartphone corresponding to the device identification value through the data network so as to correspond to the user identification value in the issuer The relay server identifies a transaction means identification value for identifying a transaction means to be used in a transaction among the transaction means issued to the user and provides the transaction means identification value to the issuer server, Value and an authentication value generated through a value agreed through an information exchange procedure of multiplying the data network and the telephone network in the program of the smart phone and provides the authentication value to the issuer server, Value is matched with the device identification value and the user identification value, And the issuer server confirms a value agreed with the program of the smartphone through the received value at the issuer server, and when the validity of the authentication value is authenticated, the issuer server matches the received identification value with the stored transaction value And a method of providing a transaction through an authentication value agreement that performs a procedure of processing the transaction through a transaction means corresponding to the identification value.

Phone bill service is provided to charge the communication fee of the mobile phone. When the subscriber information of the user registered in the communication company and the mobile phone number are provided from the user's computer through the subscriber information and the mobile phone number, the subscriber information and the communication fee-based payment limit are authenticated The payment amount is charged to the communication fee charged to the mobile phone in the next month after approving payment for the payment amount based on the communication charge based payment limit.

The reason why the above-mentioned phone bill service can be stably provided is that the communication medium to which the mobile phone is connected to provide the phone bill service is a circuit switched voice call network in which a third party can not intervene. That is, since the voice communication network basically communicates with the circuit switching system, a third party on the communication line for the authentication number to be transmitted to the mobile phone through the text message of the voice call network at the server side for the phone bill service It is very difficult to intervene in a text message or to steal it without permission.

Recently, smart phones that can access both the data communication network and the voice communication network have been activated. When the smartphone accesses the voice call network, the security function for the voice call network is the same as that of the mobile phone. However, the smartphone can be connected to a data communication network in addition to the voice communication network. Since the data communication network is basically a TCP / IP based Internet network, third party intervention or hacking can be performed at any time. For example, if a hacking program for referencing the text message to the smartphone and automatically reporting it to a third party (or a hacker) is loaded, the third party (or hacker) Billing service, and payment approval.

In the end, security problems caused by the data communication network must be solved through the data communication network. Unlike voice call networks, various security solutions that prevent intervention or hacking of third parties are being developed and applied to the data communication network, and the stability thereof is periodically verified.

An object of the present invention is to relate communication between a smartphone and an issuer server that issues a transaction means to a user via a data network and interworks with a smart phone of a user, The method comprising: receiving, by the relay server, a user identification value that identifies the user through a data network from a program of the smartphone when a program assigned to the smart phone is installed; And transmitting the authentication value to the issuer server through an information exchange procedure in which the data network and the telephone network are used in a plurality of ways, And transmits the device identification value to the issuer server The relay server communicates with the program of the smartphone corresponding to the device identification value through the data network so that the issuer transmits the device identification value to the user through the data network, Identifying the transaction means identification value for identifying the transaction means to be used in the transaction among the transaction means issued to the user corresponding to the identification value, and providing the same to the issuer server; and in the second step, And receives an authentication value generated through a value agreed with at least one of the device identification value and the user identification value and an information exchange procedure of multiplying the data network and the telephone network in the program of the smartphone, Wherein the transaction means identification value includes a device identification value and a device identification value, The issuer server confirms a value agreed with the program of the smartphone through the received value at the issuer server and verifies the validity of the authentication value, And a transaction value corresponding to the identification value of the transaction unit matching the received identification value in the transaction unit.

A method for providing a transaction through an authentication value agreement according to the present invention includes relaying a communication between an issuer server that issues a transaction means to a user via a data network and a smartphone of the user, And a relay server connected to the smartphone and a separate device for communicating with the smartphone via a telephone network, the method comprising the steps of: when a program assigned to the smart phone is installed, A value for generating an authentication value in a program of the smartphone through an information exchange procedure of receiving the user identification value for identifying the user and providing the user identification value to the issuer server, A device that identifies the device that executed the program while relaying to agree And providing the data to the issuer server by checking the star value, when the relay server performs an information exchange procedure of using the data network and the telephone network in a multiplexed manner, A second step of communicating with the program of the issuer to identify the transaction means identification value for identifying the transaction means to be used in the transaction among the transaction means issued to the user corresponding to the user identification value by the issuer, The relay server transmits a value agreed with at least one of the device identification value and the user identification value via the data network and the information exchange procedure of using the data network and the telephone network in the program of the smartphone, And a third step of receiving the generated authentication value and providing it to the issuer server, The means identification value is matched with the device identification value and the user identification value and stored in the storage medium of the issuer server, and the issuer server confirms the agreed value with the program of the smartphone through the received value, The issuer server performs the transaction through the transaction means corresponding to the transaction means identification value that is matched with the received identification value in the issuer server.

A method for providing a transaction through an authentication value agreement according to the present invention is characterized in that the first step is a step of bi-directionally exchanging the program of the smartphone with the designated information through the data network, An information exchange procedure for confirming the information transmitted from the phone through the telephone network is performed so that a value for generating an authentication value in the program of the smartphone is relayed so as to be agreed with the issuer server and the program is executed during the information exchange procedure Checking the device identification value for identifying a device, and providing the device identification value to the issuer server.

In a method of providing a transaction through an authentication value agreement according to the present invention, in the transaction, the relay server requests generation of an authentication value for the transaction from the program of the smartphone using the message specification of the data network And providing the value generation request information.

A method for providing a transaction through agreement of an authentication value according to the present invention is a method executed through a program provided in a smartphone of a user capable of multiple connections to a data network and a telephone network, A second step of performing a procedure for transmitting information including a user identification value input through the interface to a relay server relaying communication between a first step and an issuer server issuing a transaction means to a user, A step of performing a procedure for maintaining one or more subsequent values agreed with the relay server on a designated medium of the smart phone based on at least one information exchange procedure performed by using the data network and the telephone network after the installation of the relay server At the time of the transaction with the third step, confirmation of the generated authentication value for authenticating the transaction using the transaction means And a fifth step of performing a procedure for transmitting the authentication value to the relay server, wherein the succeeding value is used for generating the authentication value or transmitted together with the authentication value .

The second step may include transmitting the information input through the interface to the relay server through the data network or transmitting the information through the relay network to the relay server through the telephone network, The relay device transmits information input through the interface to a communication device associated with the server or transmits a part of the information input through the interface to the relay server through the data network, And transmits the remaining part of the input information.

The method according to the present invention may further comprise the step of outputting an interface for receiving or selecting information on the transaction means issued by the issuer to the user, And the second step further comprises performing a procedure for transmitting the input information to the relay server through the interface to identify the transaction means.

The method may further include receiving and storing a device identification value that identifies a device corresponding to a smartphone that has installed and executed the program through the data network, .

The method of providing a transaction through an authentication value agreement according to the present invention may further comprise confirming received value generation request information to generate the authentication value from the relay server at the time of transaction .

The value generation request information may be pushed through a message standard of the data network or may be transmitted to a message module of the smartphone based on a message standard of the telephone network, Is confirmed from the received message.

A method for providing a transaction through an authentication value agreement according to the present invention includes the steps of checking at least one transaction detail value among a transaction amount value, a merchant identification value, and a purchase product identification value through the received value generation request information And further comprising:

In the method of providing a transaction through an authentication value agreement according to the present invention, the sum value may be a transaction means identification value for identifying a transaction means to be used for a transaction, a device corresponding to a smartphone installing and executing the program A dynamic seed determination value for determining a dynamic seed value required to generate the authentication value, and a key generation function value required for generating the authentication value, And at least one value that is not included.

A smartphone for generating a voluntary authentication value and providing a card transaction according to the present invention is a smartphone connectable to a data communication network and a voice communication network, the smart phone including: issuer information identifying a issuer issuing at least one card to a user; And an interface for outputting an interface for inputting a user identification value matched with the issuer information registered in the issuer; and a relay server connected to the issuer when the issuer information and the user identification value are inputted through the interface, A user registration unit for transmitting the issuer information and the user identification value; a user registration unit for transmitting the issuer information and the user identification value, At least one subsequent sum value not pre-agreed with the issuer server is transmitted to the issuer server And a dynamic seed value dynamically determined based on the fixed seed value held in the medium and the dynamic seed determination value to the agreed key generation function to generate an authentication value for dynamically generating a volatile authentication value Wherein the relay server relays the user identification value to the issuer server corresponding to the issuer information, and the issuer server relays the user identification value to the issuer server, (N > = 1) card issued by the issuer to the user based on the user identification value, based on the user identification value of the smart card (or program module of the smart phone) After determining a transaction means identification value for identifying at least one user transaction means to be used for the card transaction of the user, Connecting the stage identification and the device identification value and the seed value and the agreed fixed value, a dynamic seed crystals, and the key generation function values will be stored in the storage medium.

According to the present invention, the user registration unit transmits the issuer information and the user identification value to the relay server through the data communication channel, or transmits the issuer information and the user identification value to the communication device associated with the relay server through the voice communication network, And transmits a part of the user identification value and the issuer information to the relay server through the data communication channel and transmits the issuer information to the communication device associated with the relay server through the voice communication network And transmit the remaining part of the user identification value.

According to the present invention, the personalization processing unit internally determines at least one subsequent sum value and transmits the sum value to the relay server through the data communication channel, and if the sum approval information for the subsequent sum value is received, Or after determining at least one after-sum value internally and sending it to the communication device connected to the relay server through the voice communication network, and when the approval approval information for the subsequent sum value is received, Value is stored in the medium, or the sum value is determined by the relay server through the data communication channel, and the sum value is received and stored in the medium, and the agreement approval information for the sum value is transmitted. Alternatively, After receiving the summed value from the relay server and storing the summed value in the medium, Transmission, and the relay server can relay after the agreed value to the issuer server.

According to the present invention, when a data communication channel is connected to the issuer server, the personalization processor internally determines at least one subsequent sum value, transmits the at least one subsequent sum value to the issuer server through the data communication channel, Value is received on the medium, or the sum value is determined by the issuer server on the data communication channel, and the sum value is received and stored in the medium, and then an agreement on the post-sum value is received Authorization information can be transmitted.

According to the present invention, when a voice call channel is connected to a voice communication channel associated with the issuer server, the personalization processing unit internally determines at least one subsequent sum value to be associated with the issuer server through the voice communication network When the acceptance information of the consensus value is received, the consensus value is stored in the medium or the issuer server determines the consensus value through the voice communication network, And may transmit the agreement approval information to the sum value after storing.

According to the present invention, the interface output unit further outputs an interface for selecting at least one transaction means among N (N > = 1) cards matched with the card issued by the issuer to the user, and the user registration unit Further transmits the transaction means identification value selected through the interface to the relay server, and the relay server can relay the transaction means identification value to the issuer server.

Alternatively, the interface output unit further outputs an interface for selecting at least one transaction means among N (N > = 1) cards matched with the card issued by the issuer to the user, and the user registration unit And further transmit the selected transaction means identification value to the issuer server.

According to the present invention, a smartphone generating the volatile authentication value and providing a card transaction may identify the smartphone (or a program module of the smart phone) to push at least one transaction related value through the data communication network And a device identification processor for receiving the device identification value and storing the device identification value in a medium.

According to the present invention, the smartphone for generating the volatile authentication value and providing the card transaction may further include a push processing unit for pushing the value generation request information for requesting to internally generate the volatile authentication value.

According to the present invention, the push processing unit may receive the value generation request information through the data communication network based on the device identification value, or generate the value from the message received by the message module based on the message standard of the voice call network The request information can be detected.

According to the present invention, the push processing unit pushes at least one transaction detail value among the transaction amount value, the merchant point identification value, and the purchase item identification value through the data communication network based on the device identification value, Value generation request information or a message including the transaction history value from a message received by the message module based on the message standard of the voice call network and then transmits the value generation request information through the transaction history value .

According to the present invention, the device identification value includes at least one of a device token value and a program identification value allocated to identify the program module of the smartphone through the data communication network, (UICC ID), a MAC (Media Access Control) address, a network identification value, an exchange assignment value, a subscriber number, and a contract number. have.

A method for generating a voluntary authentication value of a smartphone and providing a card transaction according to the present invention is a method for providing a card transaction by matching a issuer information that identifies an issuer issuing at least one card to a user and an issuer information that is matched with issuer information registered in the issuer An issuer information input step of outputting the issuer information and the user identification value to the relay server associated with the issuer when the issuer information and the user identification value are inputted through the interface, And an issuer server corresponding to the issuer information among the fixed seed value, the dynamic seed determination value and the key generation function value necessary for dynamically generating the volatile authentication value in the smartphone, A personalization processing step of agreeing with the issuer server and keeping the sum value on the medium; An authentication value generation step of dynamically generating a volatile authentication value by substituting a dynamic seed value dynamically determined based on the fixed seed value held in the medium and the dynamic seed determination value into the agreed key generation function; Wherein the relay server relays the user identification value to the issuer server corresponding to the issuer information, and the issuer server transmits the identification information to the smartphone (N) of the card issued by the issuer to the user based on the user identification value, at least one of the transaction means matching the N (N > = 1) After determining a transaction means identification value for identifying one user transaction means, the transaction means identification value, the device identification value, Connect group agreed fixed value and the seed value and the key generation seed crystals dynamic function value to be stored in the storage medium.

According to the present invention, the user registration step may include transmitting the issuer information and the user identification value to the relay server through the data communication channel, or transmitting the issuer information and the user identification value to the communication device associated with the relay server through the voice communication network And transmits a part of the user identification value and the issuer information to the relay server through the data communication channel and transmits the issuer information to the relay server through the voice communication network, To transmit the remaining part of the user identification value.

According to the present invention, the personalization processing step internally determines at least one post-sum value, transmits the result to the relay server through the data communication channel, and if the approval information of the post-sum value is received, To the communication device associated with the relay server through the voice communication network, and if the approval information of the sum value is received, Or stores the agreement value in the medium or receives the agreement value from the relay server through the data communication channel, stores the agreement value in the medium, and transmits the agreement approval information to the consensus value, And then stores the sum in the medium. Then, after the sum is approved, The transmission, and the relay server can relay after the agreed value to the issuer server.

According to the present invention, when the data communication channel is connected to the issuer server, the personalization processing step internally determines at least one subsequent sum value, transmits the determined sum value to the issuer server through the data communication channel, When the agreement approval information on the agreement value is received, the agreement value is stored in the medium, or the agreement value is determined by the issuer server on the data communication channel, and the agreement value is received and stored in the medium. Agreement approval information can be transmitted.

According to the present invention, when a voice call channel is connected to a voice communication channel associated with the issuer server, the personalization processing step internally determines at least one subsequent sum value and transmits the voice message to the issuer server When the sum approval information on the subsequent sum value is received after transmitting to the associated communication apparatus, the post-sum value is stored in the medium or the issuer server determines the sum value after receiving the agreement value through the voice communication network, And then send approval information of the sum to the sum value.

According to the present invention, the interface output step further outputs an interface for selecting at least one transaction means among N (N > = 1) cards issued to the user by the issuer and transaction means matching with the card May further transmit the transaction means identification value selected through the interface to the relay server, and the relay server may relay the transaction means identification value to the issuer server.

According to the present invention, the interface output step may further output an interface for selecting at least one transaction means among N (N > = 1) cards matched with the card issued by the issuer to the user, May further transmit the transaction means identification value selected via the interface to the issuer server.

According to another aspect of the present invention, there is provided a method for generating a voluntary authentication value of a smartphone and providing a card transaction, the method comprising: receiving a transaction related value from the smartphone (or a program module of a smart phone) And a device identification processing step of receiving the device identification value for identification and storing the received device identification value in the medium.

According to another aspect of the present invention, there is provided a method of providing a card transaction by generating a volatile authentication value of the smartphone, the method may further include a push processing step of pushing a value generation request information requesting to generate the volatile authentication value internally . The push processing step may include pushing the value generation request information through the data communication network based on the device identification value or detecting the value generation request information from a message received by the message module based on the message specification of the voice call network can do. Alternatively, the push processing step may include pushing at least one transaction detail value among the transaction amount value, the merchant point identification value, and the purchase item identification value through the data communication network based on the device identification value, Or a message including the transaction detail value is detected from a message received by the message module based on the message standard of the voice communication network and then the value generation request information is derived from the transaction detail value have.

A method for generating a voluntary authentication value of a issuer server according to the present invention to provide a card transaction comprises the steps of: sending a transaction value to the smartphone (or program module) to push at least one transaction related value to the smartphone A user identification step of receiving the user identification value inputted through the smartphone (or a program module) through the relay server, Determining at least one user transaction means to be used in the card transaction of the user among the transaction means matching the N (N > = 1) cards issued to the user based on the user transaction means; And a transaction means registration step of storing the transaction identification value and the user identification value in the storage medium, (Or program module) among the fixed seed value, the dynamic seed determination value, and the key generation function value necessary for verifying the volatile authentication value to be dynamically generated in the smartphone (or the program module) (Or a program module) and stores the sum in the storage medium in agreement with the smartphone (or the program module); and a step of acquiring, from the transaction request terminal, A verification value generation step of dynamically generating a volatile verification value by substituting the dynamic seed value dynamically determined through the stored fixed seed value and the dynamic seed determination value into the agreed key generation function when an authentication value is received; An authentication value verification step of comparing the volatile authentication value with the generated volatile verification value and verifying the correspondence And a transaction processing step of, when the correspondence is verified, processing a card transaction for a transaction detail value received from the transaction request terminal through the user transaction means corresponding to the transaction means identification value stored in the storage medium .

According to the present invention, the user registration step may include receiving the user identification value through a data communication channel connected to the smartphone (or the program module), or a communication device associated with the relay server (or issuer server) Receives the user identification value detected from the voice communication network connected between smartphones (or program modules), or receives a part of the user identification value through a data communication channel connected to the smartphone (or program module) After receiving a remaining partial value of the user identification value detected from the voice communication network from the communication device associated with the relay server (or the issuer server), the partial value of the user identification value received via the data communication network and the voice And combines the remaining values received via the network to configure the user identification value Can.

According to the present invention, in the determining of the transaction means, the transaction means identification value for the N transaction means is provided to the smartphone (or program module), and then the transaction for the user transaction means A means identification value may be received.

According to the present invention, the user registration step further receives the transaction means identification value for the user transaction means inputted from the smartphone (or the program module) through the relay server, and the transaction means determination step comprises: The user issuing state of the transaction means corresponding to the transaction means identification value, and then determines the transaction means corresponding to the transaction means identification value as the user transaction means.

According to the present invention, the personalization processing step receives the post-sum value transmitted from the smartphone (or the program module) through the data communication channel, stores the sum value in a storage medium, Or the communication device associated with the relay server (or the issuer server) receives the agreement value detected from the voice communication channel connected to the smartphone (or the program module) (Or a program module), or transmits at least one consensus information to the smartphone (or program module) through the data communication channel, Program module), and when the agreement approval information on the subsequent sum value is received, (Or a program module) through a communication device associated with the relay server (or the issuer server), and then determines a consensus on the consensus value When the information is received, the post-sum value may be stored in the storage medium.

According to another aspect of the present invention, there is provided a method of generating a voluntary authentication value of a issuer server and providing a card transaction, the method comprising: receiving at least one identification value of the user identification value and the device identification value from a transaction request terminal; And a push processing step of pushing the value generation request information requesting the smartphone (or program module) corresponding to at least one identification value to generate the volatile authentication value using the agreed value. The push processing step may push the value generation request information through the data communication network based on the device identification value or send a message including the value generation request information through the message standard of the voice call network. Alternatively, the push processing step may include pushing at least one transaction detail value among the transaction amount value, the merchant point identification value, and the purchase item identification value through the data communication network based on the device identification value, The smartphone (or program module) can derive the value generation request information from the transaction history value.

According to the present invention, in a smartphone which is connectable to both a data communication network and a voice communication network, a validity of the card transaction through the volatile authentication value internally generated in the smart phone, regardless of an attempt of hacking the smart phone by the data communication network, So that the card transaction of the user requested by the issuer server can be processed safely and conveniently.

1 is a diagram illustrating a configuration of a smartphone function according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of an issuer server and a card transaction system according to an embodiment of the present invention.
3 is a diagram illustrating a process of registering and personalizing user transaction means of a smartphone (or program module) according to an embodiment of the present invention.
4 is a diagram illustrating a process of registering and personalizing user transaction means of the issuer server according to an embodiment of the present invention.
5 is a flowchart illustrating a process of verifying a volatile authentication value in a issuer server and processing a card transaction according to an embodiment of the present invention.
6 is a diagram illustrating a process of dynamically generating a volatile authentication value in a smartphone (or a program module) according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention. In addition, the names of functionally identical or similar functional components in the embodiments shown below will be described using the same names.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram illustrating a functional configuration of a smartphone 100 according to an embodiment of the present invention.

1 is a block diagram showing a configuration of an issuer server 200 through a relay server 270 in cooperation with a user transaction means for processing a card transaction of a user and a volatile authentication value to be internally generated at the time of card transaction in the smartphone 100 ), Agrees with the issuer server 200 the values necessary for internally generating a volatile authentication value in the smartphone 100, and then uses the agreed value at a card transaction time using the volatile authentication value 1 is a block diagram illustrating a configuration of a program function for internally generating and outputting the volatile authentication value according to an exemplary embodiment of the present invention. Various embodiments of the present invention will be described with reference to the accompanying drawings. However, the present invention is not limited to the embodiments shown in the drawings. Only the method is not limited that technical feature. In particular, the configuration of the smartphone 100 shown in FIG. 1 may further include a configuration of a smartphone 100 that is currently / in the future, and the present invention is not limited thereto.

1, the smartphone 100 includes a control unit 101, a memory unit 111, a screen output unit 102, a key input unit 103, a sound output unit 104, a sound input unit 105, A wireless LAN communication module 108, a short range wireless communication module 107, a USIM reader 109 and a USIM 110 and a battery 106 for power supply.

The controller 101 is a generic term for controlling the operation of the smartphone 100. The controller 101 includes at least one processor and an execution memory, BUS). According to the present invention, the control unit 101 loads at least one program code provided in the smartphone 100 into the execution memory through the processor, and outputs the result to at least one function And controls the operation of the smartphone 100. [ Hereinafter, a functional unit of the program module 115 implemented in the form of program code for the sake of convenience of the present invention will be described in the control unit 101 of FIG. 1.

The memory unit 111 is a general term of a nonvolatile memory included in the smartphone 100 and includes at least one program code executed through the control unit 101 and at least one data set used by the program code And stores it. The memory unit 111 basically includes a system program code and a system data set corresponding to the operating system of the smartphone 100, a communication program code and communication data set for processing a wireless communication connection of the smartphone 100, One application program code and application data set are stored, and the program code and data set for implementing the present invention are also stored in the memory unit 111. [

The screen output unit 102 is composed of a screen output device (e.g., a liquid crystal display (LCD) device) and an output module for driving the screen output device 102. The screen output unit 102 is connected to the control unit 101 via a bus, And outputs an operation result corresponding to the screen output to the screen output device.

The key input unit 103 comprises a key input device having at least one key button (or a touch screen device interlocked with the screen output unit 102) and an input module for driving the key input unit. The control unit 101, And inputs a command for commanding various operations of the control unit 101 or data necessary for the operation of the control unit 101. [

The sound output unit 104 is composed of a speaker for outputting a sound signal and a sound module for driving the speaker. The sound output unit 104 is connected to the control unit 101 through a bus, And outputs the result of the operation through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 105 includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits the sound data input through the microphone to the controller 101. The sound module encodes and encodes a sound signal input through the microphone.

The wireless network communication module 108 is a collective term for communicating wireless communication. The wireless network communication module 108 includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving a radio frequency signal of a specific frequency band. The control unit 101 is connected to the control unit 101 via a bus and transmits the calculation result corresponding to the wireless communication among the various calculation results of the control unit 101 through the wireless communication or receives the data through the wireless communication, And simultaneously maintains the procedure of connection, registration, communication, and handoff of the wireless communication. According to the present invention, the wireless network communication module 108 connects the smartphone 100 to the voice communication network 170 and may connect the smartphone 100 to the data communication network 160 in some cases .

According to an embodiment of the present invention, the wireless network communication module 108 is a mobile communication module that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to a CDMA / WCDMA standard . In the meantime, according to the intentions of those skilled in the art, the wireless network communication module 108 may be an IEEE 802.16? The wireless communication module 108 may further include a portable Internet communication module configured to perform at least one of connection to a portable Internet, location registration, data communication, and handoff according to a standard. In the wireless communication module 108, Is not to be construed as limiting the scope of the present invention.

The short-range wireless communication module 107 comprises a short-range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance. Preferably, the short-range wireless communication module 107 includes RFID communication, Bluetooth communication, Wi- , And public wireless communications. According to an embodiment of the present invention, the short range wireless communication module 107 may be integrated with the wireless network communication module 108. According to the present invention, the short range wireless communication module 107 connects the smart phone 100 to the data communication network 160.

The USIM reader unit 109 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module mounted or detached from the smartphone 100 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM 110 is an SIM type card having an IC chip conforming to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader 109, An IC chip memory for storing a program code for a chip and a data set; and a memory for storing the program code for the IC chip or extracting the data set in accordance with at least one command transmitted from the smartphone 100 And transmitting the processed data to the input / output interface.

The input / output interface includes at least one of a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), a programming power supply (VPP), and an input / output , The processor interfaces with the USIM reader 109 via the contact. The IC chip memory stores system program codes and system parameters corresponding to the operating system of the IC chip and at least one security module, and stores at least one communication required for the wireless communication network connection of the smartphone 100 in a fixed storage area (Subscriber Identity Module) information including parameters. According to an embodiment of the present invention, the IC chip memory includes at least one storage area for each applet issuer (for example, SD (Security Domain)) storing program codes (= applets) and data sets produced by at least one applet issuer )).

According to the present invention, the smartphone 100 receives a message (e.g., a short message, a long message, a multimedia message, etc.) through the voice communication network 170 of the smartphone 100, And a message module 112 for transmitting a message through the message module 112. The program module 115 of FIG. 1 may operate in conjunction with the message module 112. FIG.

The message module 112 may receive and store and output the message transmitted from the issuer server 200 (or the relay server 270) through the voice communication network 170. [ The data area of the message received from the issuer server 200 (or the relay server 270) is readable according to the format (or data structure) designated by the issuer server 200 (or the relay server 270) Lt; RTI ID = 0.0 > 1 < / RTI >

1, the program module 115 includes a device that identifies the smartphone 100 (or program module 115) to push at least one transaction-related value through the data communication network 160, And a device identification processing unit (120) for receiving the identification value and storing it in a medium.

Here, the device identification value may include at least one of a device token value and a program identification value assigned to identify the program module 115 of the smartphone 100 through the data communication network 160, The medium for storing the identification value includes at least one of the memory unit 111 or the memory of the USIM 110. [

The device identification processing unit 120 receives the device identification value corresponding to the device token identifying the smartphone 100 (or the program module 115) according to the APNS (Apple Push Notification Service) standard, ) Or in the memory of the USIM 110.

Alternatively, the device identification processing unit 120 may provide the phone number assigned to the smartphone 100 to the issuer server 200 (or the relay server 270) Or the device ID value for identifying the smartphone 100 (or the program module 115) from the memory module 111 or the USIM 110 from the memory module 111 or the relay server 270.

According to another embodiment of the present invention, the device identification value may include a telephone number, an electronic serial number, a USIM serial number (UICC ID, etc.) identifying the smartphone 100 through the voice call network 170, ), A MAC address (Media Access Control Address), a network identification value, an exchange assignment value, a subscriber number, and a contract number. If the device identification value is a value that can identify the smartphone 100 through the voice communication network 170, the device identification value may correspond to the voice communication network 170 joining process of the smartphone 100, The memory unit 111 or the USIM 110 in the process of connecting the network 170. In this case, the device identification processing unit 120 may be omitted.

1, the program module 115 inputs issuer information identifying the issuer who issued at least one card to the user and a user identification value matched with the issuer information registered in the issuer And an interface output unit 125 for outputting an interface to the relay server 270. When the issuer information and the user identification value are inputted through the interface, the relay server 270 transmits the issuer information and the user identification value to the relay server 270, And a relay server 270. The relay server 270 relays the user identification value to the issuer server 200 corresponding to the issuer information.

Here, the issuer may include a card company or a financial institution that issues a card having at least one MS (Magnetic Stripe) and IC (integrated circuit) chip to the user according to a predetermined card issuing procedure.

The card issued to the user is a credit card in which credit card information is recorded in at least one of the MS and IC chips, a check card in which check card information is recorded, a cash card in which cash card information is recorded, Card or a financial IC card in which at least one of credit card information, check card information, cash card information, debit card information, customer account information, and customer passbook information is recorded in the IC chip have.

According to the present invention, the card issued to the user corresponds to at least one user transaction means. For example, a credit card corresponds to a credit card transaction means that processes a credit transaction requested by a credit card company through a credit line, and a check card corresponds to a debit card requested by a credit card company through the balance of a connection account established in a financial company affiliated with a credit card company The debit card corresponds to debit card transaction means for processing debit transactions requested to the financial company through the balance of the connection account opened in the financial company, and the cash card corresponds to the debit card transaction means for dealing with the connection account And corresponds to a cash card transaction means for processing a transaction. Further, the financial IC card may correspond to at least one of the credit card transaction means, the check card transaction means, the debit card transaction means, and the cash card transaction means, or may correspond to at least one transaction means of the customer account transaction And a customer passbook transaction means for processing a financial transaction for a customer account linked to the customer passbook.

The user identification value includes at least one of a name and a resident registration number (or a part of a resident registration number) of the issuer when the issuer issuing the card is an individual. If the issuer is a corporation, the user identification value includes a name of the issuer, A part of the registration number), and a business registration number (or a part of the business registration number).

According to the first embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 registers the data After connecting the data communication channel with the relay server 270 through the communication network 160, the issuer information and the user identification value input through the interface are transmitted to the relay server 270 through the data communication network 160 And the relay server 270 relays the user identification value to the issuer server 200 corresponding to the issuer information. The issuer server 200 confirms the device identification value for identifying the smartphone 100 (or the program module 115 of the smartphone 100) (or if the relay server 270 confirms the device identification information) (N > = 1) issued by the issuer to the user based on the user identification value, and is used for the card transaction of the user among the at least one transaction means And identifies a transaction means identification value that identifies at least one user transaction means. If there is only one card issued to the user by the issuer, the issuer server 200 concatenates the device identification value with a transaction means identification value that identifies the transaction means matching the card issued to the user And stores it in the storage medium 255. On the other hand, if the issuer has two or more cards issued to the user, the issuer server 200 transmits two or more transaction means identification values, which identify the two or more cards through the data communication network 160, (Or program module 115). In this case, the interface output unit 125 outputs an interface for selecting one of the N-means identification values, and the user registration unit 130 transmits the selected transaction means identification value to the data communication network The issuer server 200 transmits the device identification value to the issuer server 200 and stores the device identification value in the storage medium 255 by connecting the device identification value and the transaction means identification value.

Here, the transaction means identification value includes a transaction means number (for example, a card number (or part of a card number), an account number (or a part of an account number), a passbook number (or part of a passbook number) (E.g., a card name, an account name, a passbook name, etc.) and a transaction means identifier (e.g., an identification number, an identification code, an alias, etc. connected to the transaction means).

According to the second embodiment of the present invention, the interface output unit 125 outputs the issuer information, the user identification value, and one or more transactions matching N (N > = 1) cards issued by the issuer to the user The user registration unit 130 outputs an interface for inputting a transaction means identification value for identifying at least one user transaction means to be used for the card transaction of the user among the means, And transmits the issuer information, the user identification value, and the transaction unit identification value, which are input through the interface, to the relay server 270 through the data communication network 160 , And the relay server (270) relays the user identification value and the transaction means identification value to the issuer server (200) corresponding to the issuer information. The issuer server 200 confirms the device identification value for identifying the smartphone 100 (or the program module 115 of the smartphone 100) (or if the relay server 270 confirms the device identification information) After receiving the device identification value and the transaction means identification value from the relay server 270, authenticates whether the card corresponding to the transaction means identification value is the card issued to the user based on the user identification value, And stores them in the storage medium 255.

According to the third embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 transmits the issuer information through the voice communication network 170 (E.g., an ARS server, a CTI device, etc.) associated with the relay server 270. If the incoming call information of the communication device 280 is stored in the memory unit 111, the user registration unit 130 transmits the call information to the communication device 280 through the voice communication network 170, And the voice call channel can be connected by requesting a call connection. Or if the device identification value of the smartphone 100 identifiable through the voice communication network 170 is stored in the relay server 270 or the communication device 280, The voice call channel can be connected by receiving a call connection requested from the communication device 280 through the voice communication network 170. [ If the voice communication channel is connected to the communication device 280, the user registration unit 130 transmits the issuer information and the user identification value, which are input through the interface, to the communication device 280 The communication device 280 confirms the device identification value of the smartphone 100 that can be identified through the voice communication network 170 and transmits the DTMF signal received through the voice communication channel to the issuer And provides the device identification value, the issuer information, and the user identification value to the relay server 270 after detecting the information and the user identification value. The relay server (270) relays the device identification value and the user identification value to the issuer server (200) corresponding to the issuer information, and the issuer server (200) (N > = 1) issued to the user from the at least one user transaction means for identifying the at least one user transaction means to be used in the card transaction of the user among the at least one transaction means. If there is only one card issued to the user by the issuer, the issuer server 200 concatenates the device identification value with a transaction means identification value that identifies the transaction means matching the card issued to the user And stores it in the storage medium 255. On the other hand, if the issuer has two or more cards issued to the user, the issuer server 200 transmits two or more transaction means identification values, which identify the two or more cards through the data communication network 160, (Or program module 115). In this case, the interface output unit 125 outputs an interface for selecting one of the N-means identification values, and the user registration unit 130 transmits the selected transaction means identification value to the data communication network The issuer server 200 transmits the device identification value to the issuer server 200 and stores the device identification value in the storage medium 255 by connecting the device identification value and the transaction means identification value. If the issuer server 200 and the smartphone 100 (or the program module 115) communicate through the data communication network 160 in the process of generating the volatile authentication value, the device identification value Is a device identification value of the data communication network 160 associated with the device identification value of the voice communication network 170. [

According to the fourth embodiment of the present invention, the interface output unit 125 outputs the issuer information, the user identification value, and one or more transactions matching N (N? 1) cards issued by the issuer to the user The user registration unit 130 outputs an interface for inputting a transaction means identification value for identifying at least one user transaction means to be used for the card transaction of the user among the means, 270 to the communication device 280 associated with the voice communication channel. If the incoming call information of the communication device 280 is stored in the memory unit 111, the user registration unit 130 transmits the call information to the communication device 280 through the voice communication network 170, And the voice call channel can be connected by requesting a call connection. Or if the device identification value of the smartphone 100 identifiable through the voice communication network 170 is stored in the relay server 270 or the communication device 280, The voice call channel can be connected by receiving a call connection requested from the communication device 280 through the voice communication network 170. [ If the voice communication channel is connected to the communication device 280, the user registration unit 130 transmits the issuer information, the user identification value, and the transaction unit identification value, which are input through the interface, to the voice communication channel through the DTMF signal of the voice communication channel The communication device 280 confirms the device identification value of the smartphone 100 identifiable through the voice communication network 170 and transmits the DTMF signal received through the voice communication channel to the communication device 280. [ And provides the device identification value, the user identification value, and the transaction means identification value to the relay server (270). The relay server (270) relays the device identification value, the user identification value and the transaction means identification value to the issuer server (200) corresponding to the issuer information, and the issuer server (200) And stores the device identification value in the storage medium 255 by connecting the device identification value and the transaction identification value to each other. If the issuer server 200 and the smartphone 100 (or the program module 115) communicate through the data communication network 160 in the process of generating the volatile authentication value, the device identification value Is a device identification value of the data communication network 160 associated with the device identification value of the voice communication network 170. [

According to the fifth embodiment of the present invention, the interface output unit 125 outputs an interface for inputting the issuer information and the user identification value, and the user registration unit 130 registers the data Transmits a part of the user identification value and issuer information inputted through the interface after connecting the data communication channel with the relay server (270) through the communication network (160) And connects the voice communication channel with the communication device 280 associated with the relay server 270. If the incoming call information of the communication device 280 is stored in the memory unit 111, the user registration unit 130 transmits the call information to the communication device 280 through the voice communication network 170, And the voice call channel can be connected by requesting a call connection. Or if the device identification value of the smartphone 100 identifiable through the voice communication network 170 is stored in the relay server 270 or the communication device 280, The voice call channel can be connected by receiving a call connection requested from the communication device 280 through the voice communication network 170. [ If the voice communication channel is connected to the communication device 280, the user registration unit 130 transmits the issuer information and a remaining part of the user identification value to the communication device 280 through the DTMF signal of the voice communication channel, And the communication device 280 confirms the device identification value of the smartphone 100 that can be identified through the voice communication network 170 and extracts the user identification value from the DTMF signal received through the voice communication channel, And provides the remainder of the user identification value and the device identification value to the relay server 270. The relay server (270) relays the remaining part of the user identification value and the device identification value to the issuer server (200) corresponding to the issuer information, and the issuer server (200) 160, and the rest of the values received via the voice network 170 to form a user identification value, and then, based on the user identification value, the issuer transmits the user identification value to the user (N > = 1) issued by the user to at least one of the at least one user transaction means to be used in the card transaction of the user among the at least one transaction means. If there is only one card issued to the user by the issuer, the issuer server 200 concatenates the device identification value with a transaction means identification value that identifies the transaction means matching the card issued to the user And stores it in the storage medium 255. On the other hand, if the issuer has two or more cards issued to the user, the issuer server 200 transmits two or more transaction means identification values, which identify the two or more cards through the data communication network 160, (Or program module 115). In this case, the interface output unit 125 outputs an interface for selecting one of the N-means identification values, and the user registration unit 130 transmits the selected transaction means identification value to the data communication network The issuer server 200 transmits the device identification value to the issuer server 200 and stores the device identification value in the storage medium 255 by connecting the device identification value and the transaction means identification value.

According to the sixth embodiment of the present invention, the interface output unit 125 outputs the issuer information, the user identification value, and one or more transactions matching N (N? 1) cards issued by the issuer to the user The user registration unit 130 outputs an interface for inputting a transaction means identification value for identifying at least one user transaction means to be used for the card transaction of the user among the means, And transmits a part of at least one of the issuer information, the user identification value and the transaction unit identification value input through the interface after connecting the data communication channel with the relay server 270 through the interface. Here, the user registration unit 130 may transmit the partial value of the user identification value and the entire value of the transaction unit identification value through the data communication channel, or may transmit the partial value of the transaction unit identification value and the entire Or a value of both the user identification value and the transaction means identification value can be transmitted through the data communication channel, thereby enabling transmission through the voice communication network 170 Some of the remaining values are determined. After a part of at least one of the issuer information, the user identification value, and the transaction means identification value is transmitted through the data communication network 160, the user registration unit 130 transmits, And connects the voice communication channel with the communication device 280 associated with the communication device 270. If the incoming call information of the communication device 280 is stored in the memory unit 111, the user registration unit 130 transmits the call information to the communication device 280 through the voice communication network 170, And the voice call channel can be connected by requesting a call connection. Or if the device identification value of the smartphone 100 identifiable through the voice communication network 170 is stored in the relay server 270 or the communication device 280, The voice call channel can be connected by receiving a call connection requested from the communication device 280 through the voice communication network 170. [ If the voice communication channel is connected to the communication device 280, the user registration unit 130 transmits at least one remaining value of the issuer information, the user identification value, and the transaction means identification value to the DTMF signal To the communication device 280 via the voice communication network 170. The communication device 280 confirms the device identification value of the smartphone 100 that can be identified through the voice communication network 170 and receives And a remaining part of at least one of the user identification value and the transaction means identification value and the device identification value from the relay server 270). The relay server (270) relays the remaining part of at least one of the user identification value and the transaction means identification value and the device identification value to the issuer server (200) corresponding to the issuer information, The user terminal 200 forms a user identification value by combining a part of the user identification value received through the data communication network 160 and the remaining values received through the voice communication network 170, ) And a remaining value received via the voice call network 170 to form a transaction means identification value, and then, based on the user identification value, the transaction means identification value Is authenticated as a card issued to the user. If the card corresponding to the transaction means identification value is authenticated by the card issued to the user, the issuer server 200 stores the device identification value and the transaction means identification value in the storage medium 255 .

According to another embodiment of the present invention, at least one identification value of the user identification value and the transaction means identification value and the issuer information are transmitted to the relay server (not shown) according to the message exchange standard instead of the DTMF signal of the voice communication network 170 270, so that the present invention is not limited thereto.

Referring to FIG. 1, the program module 115 includes a issuer server 200 corresponding to the issuer information among a fixed seed value, a dynamic seed determination value, and a key generation function value for dynamically generating a volatile authentication value And a personalization processor 135 for agreeing with the issuer server 200 and keeping the at least one subsequent sum value unchanged in the medium.

According to the present invention, the program module 115 transmits at least one of the fixed seed value, the dynamic seed determination value, and the key generation function value to the issuer Is downloaded to the smartphone (100) through the data communication network (160) while being kept in agreement with the server (200), and is downloaded to the issuer server (200) by at least one subsequent unassigned value .

For example, the program module 115 may be configured such that any one of the fixed seed value, the dynamic seed determination value, and the key generation function value is not precomputed at the time of development (or registration in a program providing server In this case, the personalization processor 135 may rearrange the fixed seed value, the dynamic seed determination value, and the key generation function value with the issuer server 200.

Alternatively, the program module 115 is developed (or registered) in a state where the key generation function value pre-agreed with the issuer server 200 is programmed and loaded at the development (or registration) time, The personalization processor 135 may rearrange the issuer server 200 and the fixed seed value and the dynamic seed decision value.

Alternatively, the program module 115 may develop (or register) a key generation function value and a dynamic seed determination value pre-agreed with the issuer server 200 at the time of development (or registration) In this case, the personalization processor 135 may rearrange the fixed seed value with the issuer server 200.

Alternatively, the program module 115 may code the key generation function value pre-agreed with the issuer server 200 at the time of development (or registration) and store the key generation function value in the memory of the memory unit 111 or the USIM 110 (Or registered) in a program-coded state so as to use a specific value among the stored values as the fixed seed value. In this case, the personalization processing unit 135 may update the issuer server 200 and the dynamic seed determination value You can agree later.

According to an embodiment of the present invention, the personalization processor 135 may determine at least one of the fixed seed value, the dynamic seed determination value, and the key generation function value, which is not pre-agreed with the issuer server 200, And provides it to the issuer server 200. When the data communication channel is connected between the smartphone 100 and the issuer server 200, the sum value is provided to the issuer server 200 through the relay server 270, May be provided directly to the issuer server 200 via the channel.

For example, if the fixed seed value is included in the post-sum value, the personalization processor 135 may dynamically generate the fixed seed value through the random number function, or may generate the fixed seed value through the memory unit 111 or the USIM 110, The fixed seed value can be determined as a specific value among the values stored in the memory.

Alternatively, if the dynamic seed determination value for determining the synchronized time value as the dynamic seed of the volatile authentication value is included in the post-sum value, the personalization processor 135 determines the synchronized time value among at least two time ranges (Which may be omitted if it is determined at the time of development (or registration) of the program module 115), or to assign a time corresponding to the synchronization time range to the key generation function (For example, the hash function and the number of digits of the dynamic seed) of at least one of two or more rules for converting the seed conversion rule into a value (which may be omitted if it is determined at the development (or registration) time of the program module 115) And determine a dynamic seed determination value including at least one of the determined synchronization time range and seed conversion rule.

Alternatively, if a dynamic seed determination value for determining a random number value to be exchanged with the issuer server 200 as the dynamic seed value of the volatile authentication value is included in the succeeding value, the personalization processing unit 135 may determine that the issuer server 200) and a random number exchange rule of two or more rules for exchanging the random number value (may be omitted if it is determined at the time of development (or registration) of the program module 115), or for the random number exchange (Such as a server address (or telephone number) and a network type (data communication network 160 or voice communication network 170)) for connecting the issuer server 200 to a communication channel (Or may be omitted if it is determined at the time of development (or registration) of the radio base station 115), and then determine a dynamic seed determination value including at least one of the determined random number exchange rule and exchange target information.

Alternatively, if the key generation function value is included in the succeeding value, the personalization processing unit 135 determines a key generation algorithm of two or more cache generation algorithms (the development (or registration) of the program module 115) (Or omitted if it is determined at the time of development (or registration) of the program module 115), or a function parameter value that is basically substituted into any one of the key generation algorithms is determined , And may determine a key generation function value including at least one of the determined key generation algorithm and the function parameter value.

When at least one subsequent sum value to be rearranged with the issuer server 200 among the fixed seed value, the dynamic seed value, and the key generation function value is determined according to an embodiment of the present invention, the personalization processor 135 Connects the data communication channel with the issuer server 200 through the data communication network 160 based on the device identification value (if the issuer server 200 can communicate with the issuer server 200 through the relay server 270) And transmits the sum value to the issuer server 200 through a data communication channel connected to the issuer server 200. [ If the approval information of the sum value is received from the issuer server 200 through the data communication channel, the personalization processor 135 stores the sum value in the memory unit 111 or the USIM 110 ).

Alternatively, when at least one subsequent sum value to be rearranged with the issuer server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value is determined, the personalization processing unit 135 determines whether the voice call network The communication device 280 is connected to the voice device 280 connected to the issuer server 200 via the communication device 170 and the communication device 280 is connected to the voice device through the DTMF signal of the voice communication channel connected to the communication device 280. [ And sends out the sum of the above values. The issuer server (200) checks at least one subsequent sum value detected from the DTMF signal received by the communication device (280). If the approval information of the sum of the subsequent sum is received from the communication device 280 associated with the issuer server 200 through the DTMF signal of the voice communication channel, In the memory of the memory unit 111 or the USIM 110. [

According to another embodiment of the present invention, the personalization processor 135 may include at least one of the fixed seed value, the dynamic seed decision value, and the key generation function value, which is not pre-agreed with the issuer server 200 From the issuer server (200).

If at least one subsequent sum of the fixed seed value, the dynamic seed value, and the key generation function value is received according to another embodiment of the present invention, the personalization processor 135 may determine that the fixed seed value and the dynamic seed determination Value and a key generation function value from the issuer server 200 via the data communication network 160 based on the device identification value and transmits the received at least one subsequent sum value Value in the memory of the memory unit 111 or the USIM 110 and transmits approval information of the sum to the issuer server 200 through the data communication channel.

Alternatively, if at least one of the fixed seed value, the dynamic seed determination value, and the key generation function value is received, the personalization processing unit 135 may transmit the personal information to the issuer server 200 , Receives a subsequent sum value from the communication device 280 through a DTMF signal of a voice communication channel connected to the communication device 280, And stores the sum value in the memory of the memory unit 111 or the USIM 110 and then transmits the DTMF signal of the voice call channel to the communication device 280 And the agreement approval information is transmitted to the issuer server 200.

Referring to FIG. 1, the program module 115 may include a push processing unit 140 for pushing value generation request information requesting to generate a volatile authentication value using the agreed value.

The push processing unit 140 transmits the issuer server 200 and the issuer server 200 to the issuer server 200 in a state in which the fixed seed value, dynamic seed determination value, Or relay server 270) using the agreed-upon value, to generate a volatile authentication value.

(Or program module 115) through the data communication network 160 to the memory of the memory unit 111 or the USIM 110 according to an embodiment of the present invention. The push processing unit 140 receives the value generation request information pushed from the issuer server 200 (or the relay server 270) through the data communication network 160 based on the device identification value do.

Alternatively, when the device identification value for identifying the smartphone 100 (or the program module 115) is stored in the memory of the memory unit 111 or the USIM 110 through the data communication network 160 as described above , The push processing unit 140 transmits a transaction amount value pushed from the issuer server 200 (or the relay server 270) through the data communication network 160 based on the device identification value, And at least one transaction detail value among the product identification values. If the transaction detail value includes the value generation request information, the push processing unit 140 can confirm the value generation request information included in the transaction detail value. If the transaction detail value does not include the value generation request information, the push processing unit 140 determines that the transaction history value has been received from the issuer server 200 (or the relay server 270) It can be regarded as being requested to generate a value.

According to another embodiment of the present invention, when the device identification value identifies the smartphone 100 through the voice call network 170, the push processing unit 140 may identify the smart phone 100 through the voice call network 170 The mobile terminal 100 may read at least one message received by the message module 112 of the smartphone 100 to detect a message including the value generation request information.

Alternatively, when the device identification value identifies the smartphone 100 through the voice communication network 170, the push processing unit 140 transmits the device identification value to the smart phone 100 through the voice communication network 170 100, and detects a message including at least one transaction detail value among a transaction amount value, an affiliate store identification value, and a purchase item identification value. If the transaction detail value includes the value generation request information, the push processing unit 140 can confirm the value generation request information included in the transaction detail value. If the transaction detail value does not include the value generation request information, the push processing unit 140 determines that the transaction history value has been received from the issuer server 200 (or the relay server 270) It can be regarded as being requested to generate a value.

Referring to FIG. 1, the program module 115 determines at least one dynamic seed value based on a dynamic seed determination value held in the medium, and determines a fixed seed value held in the medium and the determined dynamic seed value An authentication value generation unit 145 for dynamically generating a volatile authentication value by substituting the generated key generation function into the agreed key generation function, and an authentication value output unit 150 for outputting the generated volatile authentication value to the screen.

The issuer server 200 generates the volatile authentication value through the key input unit 103 in a state where the fixed seed value, the dynamic seed determination value, and the key generation function value for dynamically generating the volatile authentication value are agreed When the request command is inputted or the value generation request information is pushed through the push processing unit 140, the authentication value generation unit 145 generates a predetermined user authentication for generating the volatile authentication value , Biometric authentication, etc.), and determines at least one dynamic seed value based on the dynamic seed determination value held in the medium, which is agreed with the issuer server 200. Here, the dynamic seed value is a random number exchanged with the issuer server 200 based on a seed value determined based on a synchronization time range of the dynamic seed determination value, a seed conversion rule, or a random number exchange rule of the dynamic seed determination value And a seed value determined based on the seed value.

If the authentication value generator 145 generates the volatile authentication value itself without generating the volatile authentication value from the issuer server 200 according to the embodiment of the present invention, It is optional. On the other hand, if the volatile authentication value is generated by the issuer server 200 in response to a request for generating the volatile authentication value, the authentication value generation unit 145 may pass the user authentication.

When the dynamic seed value is determined, the authentication value generator 145 obtains the fixed seed value and the determined dynamic seed value, which are agreed with the issuer server 200, to the issuer server 200 And substitutes the input value of the agreed key generation function and dynamically generates a volatile authentication value corresponding to the result.

When the volatile authentication value is dynamically generated, the authentication value output unit 150 outputs the generated volatile authentication value through the screen output unit 102.

FIG. 2 is a diagram illustrating a configuration of a card issuer server 200 and a card transaction system according to an embodiment of the present invention.

FIG. 2 is a block diagram illustrating a system for synchronizing a user's transaction with a volatile authentication value generated internally in the smartphone 100 shown in FIG. 1 at the time of card transaction, An issuer server 200 for processing a card transaction through the user transaction means based on a volatile authentication value generated internally by the smartphone 100 at the time of the card transaction, 2, the issuer server 200 and the card transaction system may be implemented in various ways (for example, in a case where some constituent units Or an aggregate, or a combined implementation), but the present invention encompasses all such contemplated embodiments, The technical features thereof are not limited only by the method shown in FIG.

According to the present invention, the issuer server 200 is provided with a server operating unit 245 which performs a unique function of each server. Here, the server operating unit 245 is a collective term for all the functional configurations other than the functional configurations provided in the server for realizing the functions of the present invention. The present invention is not limited to the functions performed by the server operating unit 245 No.

Referring to FIG. 2, the issuer server 200 includes a smart card 100 (or program module 115) for pushing at least one transaction related value to the smartphone 100 (or program module 115) And a device identification unit 210 for identifying the device identification value allocated to the storage medium 255 and storing the device identification value in the storage medium 255. The device identification value may include at least one of a device token value and a program identification value assigned to identify the program module 115 of the smartphone 100 through the data communication network 160. [

The device identification unit 210 processes the device token to be allocated to the smartphone 100 (or the program module 115) according to an APNS (Apple Push Notification Service) standard, (Or program module 115) as a device identification value that uniquely identifies the smartphone 100 (or program module 115) and stores the device token in the storage medium 255. [

The relay server 270 receives the telephone number assigned to the smartphone 100 through the data communication network 160 and then authenticates the received telephone number through the voice communication network 170, May assign a program identification value that uniquely identifies the smartphone 100 (or the program module 115) on the communication network 160. In this case, the device identification unit 210 regards the program identification value assigned to the smartphone 100 (or the program module 115) by the relay server 270 as the device identification value, Lt; / RTI > Meanwhile, the device identification unit 210 may assign the program identification value to the smartphone 100 (or the program module 115). In this case, the device identification unit 210 may identify the program identification value It can be regarded as the device identification value and stored in the storage medium 255.

According to another embodiment of the present invention, the device identification unit 210 receives a telephone number assigned to the smartphone 100 through the data communication network 160, After allocating a program identification value for uniquely identifying the smartphone 100 (or the program module 115) on the data communication network 160 after authenticating the telephone number of the voice communication network 170, A telephone number corresponding to the device identification value and a program identification value which is a device identification value of the data communication network 160 may be connected and stored in the storage medium 255. [

According to another embodiment of the present invention, the device identification value may include a telephone number, an electronic serial number, a USIM serial number (UICC ID, etc.) identifying the smartphone 100 through the voice call network 170, ), A MAC address (Media Access Control Address), a network identification value, an exchange assignment value, a subscriber number, and a contract number. If the device identification unit 210 can identify the device identification information of the smartphone 100 (or the program module 115) that can be identified through the voice communication network 170 through the data communication network 160, The device identification information of the voice call network 170 may be stored in the storage medium 255 as it is.

2, the issuer server 200 includes a user registration unit (not shown) for receiving a user identification value input through the relay server 270 via the smartphone 100 (or the program module 115) And at least one user transaction means for use in the card transaction of the user among at least one transaction means matching N (N > = 1) cards issued by the issuer to the user based on the user identification value And a transaction means registration unit (230) for storing the transaction means identification value for identifying the user transaction means in the storage medium (255) in connection with the device identification value.

The smartphone 100 (or the program module 115) inputs the issuer information identifying the issuer who issued the at least one card to the user and the user identification value matched with the issuer information registered in the issuer The relay server 270 relays the user identification value to the issuer server 200 corresponding to the issuer information, and the user registration unit 240 transmits the user identification value to the relay server 270, Lt; RTI ID = 0.0 > 270 < / RTI >

According to an embodiment of the present invention, the smartphone 100 (or the program module 115) can transmit the user identification value through the data communication network 160 of the smartphone 100, The issuer server 270 receives the issuer information and the user identification value transmitted from the smartphone 100 (or the program module 115) through the data communication channel, (200).

According to another embodiment of the present invention, the smartphone 100 (or the program module 115) may be connected to the communication device 280 associated with the issuer server 200 and a voice connected between the smartphone 100 The relay server 270 may transmit the user identification value through the DTMF signal of the communication channel and the relay server 270 may transmit the DTMF signal of the voice communication channel to the communication device 280, And relays the user identification value to the issuer server 200 corresponding to the issuer information.

According to another embodiment of the present invention, the smartphone 100 (or the program module 115) transmits some configuration values of the user identification value through the data communication network 160 and transmits DTMF (Or program module 115) transmitted from the smartphone 100 (or the program module 115) through the data communication channel, and transmits the remaining configuration values of the user identification value to the relay server 270. [ Receiving a portion of the user identification value and a remaining portion of the user identification value received by the communication device 280 associated with the server via the DTMF signal of the voice communication network 170, After the user identification value is configured by combining a part of the user identification value received through the voice communication network 160 with the remaining values received through the voice communication network 170, By issuer server 200 corresponding to the information to relay the user identification value.

When the user identification value is received by the user registration unit 240 through the relay server 270, the transaction means determination unit 235 determines whether the user identification value of the N issued by the issuer to the user Identifies a transaction means identification value that identifies at least one user transaction means to be used in the card transaction of the user card.

If the issuer has only one card issued to the user, the transaction means determination unit 235 identifies a transaction means identification value that identifies the transaction means matching with the card issued to the user, The registration unit 230 connects the user identification value and the transaction means identification value to the device identification value and stores the connection identification value in the storage medium 255.

On the other hand, if the issuer has more than two cards issued to the user, the transaction means determination unit 235 determines whether the two or more cards that identify the two or more cards through the data communication network 160 or the voice communication network 170 And provides the transaction means identification value to the smartphone 100 (or the program module 115). In this case, the smartphone 100 (or the program module 115) outputs an interface for selecting one of the N means of transaction means identification values, and transmits the selected transaction means identification value through the interface And transmits it to the issuer server 200 through the data communication network 160 or the voice communication network 170. The transaction registering unit 230 registers the user identification value and the transaction means identification value in the device identification value And stores it in the storage medium 255. [

Meanwhile, the smartphone 100 (or the program module 115) selects (or selects) a transaction means identification value that identifies at least one user transaction means to be used in the card transaction of the user among the user identification value and the N cards In this case, the relay server 270 receives the transaction means identification value and transmits it to the issuer server corresponding to the issuer information, And the user registration unit 240 may further receive the transaction means identification value from the relay server 270. For example, When the user identification value and the transaction means identification value are received from the relay server 270, the transaction means determination unit 235 determines whether the user transaction means corresponding to the transaction means identification value Authenticate whether it matches the issued card. If the transaction means identification value is authenticated, the transaction means registration unit 230 stores the transaction means identification value and the user identification value in a storage medium 255 by connecting them.

Referring to FIG. 2, the issuer server 200 dynamically generates a volatile verification value for verifying a volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) (Or program module 115) that is not pre-agreed with the smartphone 100 (or program module 115) among the required fixed seed value, dynamic seed determination value, and key generation function value, And a personalization processing unit 225 for storing the personalization processing unit 225 in the storage medium 255. [ The personalization processing unit 225 confirms the device identification value of the smartphone 100 (or the program module 115) and transmits the device identification value to the smartphone 100 (or the program module 115) Can be concatenated to agree on the value of the post-sum. Alternatively, the personalization processor 225 may agree with the smartphone 100 (or the program module 115) through the relay server 270.

According to an embodiment of the present invention, the personalization processor 225 may determine whether the fixed seed value, the dynamic seed determination value, and the key generation function value are identical with the smartphone 100 (or the program module 115) Determines at least one subsequent sum dynamically and provides it to the smartphone 100 (or program module 115).

For example, if the fixed seed value is included in the post-sum value, the personalization processor 225 may dynamically generate the fixed seed value through a random number function or may be stored in a database storing a plurality of seed values It is possible to determine a specific value among the values as the fixed seed value.

Alternatively, if the dynamic seed determination value that determines the synchronized time value as the dynamic seed of the volatile authentication value is included in the post-sum value, the personalization processing unit 225 determines the synchronized time value among at least two time ranges One of two or more rules for determining a synchronization time range of any one of them, or converting a time corresponding to the synchronization time range into a seed value that can be substituted into a key generation function (for example, a hash function and a dynamic The number of digits of the seed, and the like), and then determine a dynamic seed determination value including at least one of the determined synchronization time range and the seed conversion rule.

Alternatively, if a dynamic seed determination value for determining a random number value exchanged with the smartphone 100 (or the program module 115) as the dynamic seed of the volatile authentication value is included in the subsequent sum value, the personalization processor 225 Determines a random number exchange rule of any one of two or more rules for exchanging the random number value with the smartphone 100 (or the program module 115), or determines the random number exchange rule of the smartphone 100 (For example, the program module 115 or the program module 115) and the type of the network (the data communication network 160 or the voice communication network 170) to be connected to the communication channel, It is possible to determine the dynamic seed determination value including at least one of the exchange object information.

Alternatively, if the key generation function value is included in the post-sum value, the personalization processing unit 225 determines one of the two or more key generation algorithms, And determining a key generation function value including at least one of the determined key generation algorithm and the function parameter value.

According to one embodiment of the present invention, at least one subsequent sum value to be rearranged with the smartphone 100 (or the program module 115) among the fixed seed value, the dynamic seed determination value, and the key generation function value is determined The personalization processor 225 connects the data communication channel with the smartphone 100 (or the program module 115) through the data communication network 160 based on the device identification value (if it is already connected And transmits the sum value to the smartphone 100 (or the program module 115) through a data communication channel connected to the smartphone 100 (or the program module 115). If the approval information of the sum value of the subsequent sum value is received from the smartphone 100 (or the program module 115) through the data communication channel, the personalization processor 225 stores the sum value in the storage medium (255).

Alternatively, when at least one subsequent sum value to be rearranged with the smartphone 100 (or the program module 115) among the fixed seed value, the dynamic seed determination value, and the key generation function value is determined, 225 connects the voice communication channel with the communication device 280 associated with the smartphone 100 (or the program module 115) through the voice communication network 170 and is connected to the communication device 280 And transmits the subsequent sum value to the communication device 280 through the DTMF signal of the voice communication channel. The smartphone 100 (or program module 115) checks at least one subsequent sum value detected from the DTMF signal received at the communication device 280. [ If the approval information of the sum of the subsequent sum is received from the communication device 280 associated with the smartphone 100 (or the program module 115) through the DTMF signal of the voice communication channel, 225) stores the sum value in the storage medium (255).

According to another embodiment of the present invention, the personalization processing unit 225 may determine that the fixed seed value, the dynamic seed determination value, and the key generation function value are not pre-agreed with the smartphone 100 (or the program module 115) And receives at least one subsequent sum value from the smartphone 100 (or the program module 115).

When at least one subsequent sum value of the fixed seed value, the dynamic seed value, and the key generation function value is received according to another embodiment of the present invention, the personalization processing unit 225 may determine that the fixed seed value and the dynamic seed determination (Or the program module 115) via the data communication network 160 based on the device identification value of the value and the value of the key generation function, (Or the program module 115) via the data communication channel after storing the received at least one subsequent sum value in the storage medium 255. In this case, .

Alternatively, if at least one of the fixed seed value, the dynamic seed determination value, and the key generation function value is received, the personalization processing unit 225 may transmit the generated value to the smartphone 100 through the voice call network 170, (Or the program module 115), and forwards the voice message to the communication device 280 from the communication device 280 via the DTMF signal of the voice communication channel connected to the communication device 280 And stores the received at least one subsequent sum value in the storage medium 255 and then transmits the DTMF signal of the voice communication channel to the communication device 280 to approve the sum of the subsequent sum value And the agreement approval information is transmitted to the smartphone 100 (or the program module 115).

Referring to FIG. 2, the issuer server 200 includes a terminal device interworking unit 205 for receiving at least one of the user identification value and the device identification value from the transaction request terminal device 290, Generates value generation request information for requesting to generate a volatile authentication value using the agreed value within the smartphone 100 (or the program module 115) based on the received at least one identification value, (Or the program module 115) of the mobile terminal 100 (or the program module 115). If the volatile authentication value is generated in the smartphone 100 (or the program module 115) by the user's key input command, the push processing unit 215 may be omitted.

The terminal device interlocking unit 205 can communicate with an affiliate terminal (e.g., a credit inquiry terminal, a point-of-purchase terminal) through the terminal server. Alternatively, the terminal device interlocking unit 205 may communicate with the user terminal through the PG server (or the shopping server), or may communicate directly with the user terminal. Alternatively, the terminal device interlocking unit 205 may communicate with a financial terminal (e.g., CD / ATM) (not shown).

The terminal device interlocking unit 205 receives at least one identification value of the user identification value and the device identification value from at least one transaction request terminal device 290 of the merchant terminal, the user terminal, and the financial terminal. It is preferable that the device identification value received by the terminal device interlocking unit 205 includes a device identification value identifiable through the voice communication network 170. In accordance with the intention of a person skilled in the art, It is possible to include the identification value.

When the device identification value of the data communication network 160 is allocated to the smartphone 100 (or the program module 115) according to an embodiment of the present invention, the push processing unit 215 transmits the device identification value (Or the program module 115) via the data communication network 160 based on the at least one identification value received via the wireless communication interface 205. [

Alternatively, when the device identification value of the data communication network 160 is allocated to the smartphone 100 (or the program module 115) as described above, the push processing unit 215 transmits the terminal device interlocking unit 205 (Or the program module 115) via the data communication network 160 based on at least one identification value received through the at least one identification value of at least one of the transaction amount value, In this case, the smartphone 100 (or the program module 115) may derive the value generation request information through the transaction history value.

According to another embodiment of the present invention, the push processing unit 215 may transmit the identification information of the smartphone (or the smartphone) via the voice call network 170 based on at least one identification value received through the terminal- 100), the smartphone 100 (or the program module 115) may read at least one message received by the message module and transmit the message including the value creation request information to the message module And may detect a message including the value generation request information.

Alternatively, the push processing unit 215 may transmit the transaction amount to the message module of the smartphone 100 through the voice call network 170 based on the at least one identification value received through the terminal device interlock unit 205, The smartphone 100 (or the program module 115) may send a message containing at least one transaction detail value among the transaction value, the merchant identification value, and the purchase item identification value, A message may be read to detect a message including the transaction history value, and the value generation request information may be derived from the transaction history value.

Referring to FIG. 2, the issuer server 200 receives a dynamically generated volatile authentication value from the transaction request terminal 290 in the smartphone 100 (or the program module 115) And a determination unit that determines at least one dynamic seed value based on the dynamic seed determination value held in the storage medium (255), determines a fixed seed value held in the storage medium (255) A verification value generation unit 220 for dynamically generating a volatile verification value by substituting the seed value into the agreed key generation function, and a verification unit 220 for comparing the received volatile authentication value with the generated volatile verification value, A value verification unit 260 for comparing the transaction history value received from the transaction request terminal device 290 with the transaction history value received from the transaction request terminal device 290 through the user transaction means corresponding to the transaction means identification value stored in the storage medium 255, About And a transaction processing unit 250 to process the de transactions.

When the smartphone 100 (or the program module 115) generates and outputs the volatile authentication value internally using at least one value agreed with the issuer server 200, the output volatile authentication value is The transaction request terminal device 290 transmits the dynamically generated volatile authentication value in the smartphone 100 (or the program module 115), and the transaction request terminal device 290 transmits the dynamically generated volatile authentication value to the transaction request terminal device 290, The device interlocking unit 205 receives the volatile authentication value.

When the volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) is received from the transaction request terminal 290, the verification value generator 220 generates the verification value of the smartphone 100 (Or program module 115) to determine at least one dynamic seed value based on the dynamic seed determination value stored in the storage medium 255. [ Here, the dynamic seed value is a random number exchanged with the issuer server 200 based on a seed value determined based on a synchronization time range of the dynamic seed determination value, a seed conversion rule, or a random number exchange rule of the dynamic seed determination value And a seed value determined based on the seed value.

When the dynamic seed value is determined, the verification value generation unit 220 generates a verification seed value, which is agreed with the smartphone 100 (or the program module 115) and stored in the storage medium 255, Value into the input value of the key generation function agreed with the smartphone 100 (or the program module 115) and dynamically generates the volatile verification value corresponding to the result.

If the volatile authentication value is generated in the state that the volatile authentication value is received, the authentication value verification unit 260 compares the volatile authentication value with the generated volatile verification value to verify the correspondence, The transaction processing unit 250 confirms the user transaction means corresponding to the transaction means identification value stored in the storage medium 255 and transmits the transaction request to the transaction request terminal device 290 ) To the terminal device interlocking unit (205). Here, the transaction details value may be received together with at least one of the user identification value and the device identification value, received together with the volatile authentication value, or separately received, and the transaction details value may be And the present invention is not limited by the manner of receiving.

FIG. 3 is a diagram illustrating a process of registering and personalizing user transaction means of the smartphone 100 (or the program module 115) according to an embodiment of the present invention.

3 shows an example of a case where an application corresponding to the program module 115 shown in FIG. 1 is downloaded to the smartphone 100 of the user and then the program module 115 is issued through the relay server 270 A user transaction means is registered in the voucher server 200 and the program module 115 is personalized by agreeing at least one value necessary for dynamic generation of the volatile authentication value with the issuer server 200 , Those skilled in the art will be able to refer and / or modify Figure 3 to illustrate the various ways of implementing and registering user transaction means (e.g., some steps omitted, or in order It will be understood by those skilled in the art that various changes and modifications may be made therein without departing from the scope of the invention as defined in the appended claims. Its technical characteristics are not limited.

Referring to FIG. 3, when an application corresponding to the program module 115 shown in FIG. 1 is downloaded to the smartphone 100 of the user and the program module 115 is executed, The identification processing unit 120 receives a device identification value for pushing at least one transaction-related value through the data communication network 160, and stores the received device identification value in the medium (300). If the transaction related value is pushed (e.g., a message or a DTMF signal) through the voice communication network 170 or the device identification value assigned to the voice communication network 170 on the data communication network 160, If the transaction related value can be identified by identifying the phone 100 (or the program module 115), the process of storing the device identification value may be omitted. However, among the device identification values of the voice communication network 170, an identification value not stored in the medium of the smartphone 100 (for example, a dynamically allocated access point of the voice communication network 170 of the smartphone 100 The device identification processing unit 120 may receive the device identification value of the voice call network 170 and store the device identification value in the medium.

The interface output unit 125 outputs the issuer information and the interface for inputting the user identification value 305. If the issuer information and the user identification value are input through the interface 310, 130 transmits or transmits the issuer information and the user identification value to the relay server 270 through at least one of the data communication network 160 and the voice communication network 170. The relay server (270) relays the user identification value to the issuer server (200) corresponding to the issuer information.

According to an embodiment of the present invention, the interface output unit 125 may further output an interface for inputting a transaction means identification value corresponding to a user transaction means, to an interface for inputting a user identification value, If the identification value is input 325, the user registration unit 130 may further transmit the transaction identification value to the relay server 270 through one or more of the data communication network 160 and the voice communication network 170, (330), and the relay server (270) relays the transaction means identification value to the issuer server (200) corresponding to the issuer information.

According to another embodiment of the present invention, the interface output unit 125 may identify one or more transaction means corresponding to N cards issued to the user at the request of the issuer server 200 provided with the user identification value The user registration unit 130 may output an interface for selecting the transaction means identification value corresponding to the user transaction means 320. If the transaction means identification value is input 325, (330) the transaction means identification value to the relay server (270) through at least one of the mobile communication network (170) and the voice communication network (170), and the relay server (270) And transmits it to the issuer server 200 corresponding to the user information.

The issuer server 200 registers the user transaction means on the basis of the user identification value by connecting the transaction means identification value corresponding to the user transaction means and the user identification value to the storage medium 255.

The user registration unit 130 checks whether the user transaction means is registered in the issuer server 200 based on the user identification value 335. If the user transaction means is not registered 330, The output unit 125 outputs an interface for inputting (or selecting) the transaction means identification value (320). If the transaction means identification value is input (325), the user registration unit (130) And the voice communication network 170 to the relay server 270, and the relay server 270 transmits the transaction means identification value to the issuer information And may register the user transaction means by relaying to the corresponding issuer server 200 (330).

Meanwhile, the program module 115 stores a fixed seed value, a dynamic seed determination value, and a key generation function value necessary for dynamically generating the volatile authentication value in the smartphone 100 (or the program module 115) Module 115, or may be downloaded in a state of being connected to a medium on a communication network storing the fixed seed value, the dynamic seed determination value, and the key generation function value. In this case, The seed value, the dynamic seed determination value, and the key generation function value in the memory of the memory unit 111 or the USIM 110 (360).

On the other hand, the program module 115 has at least one subsequent sum value which is not agreed with the issuer server 200 among the fixed seed value, the dynamic seed determination value, and the key generation function value necessary for dynamic generation of the volatile authentication value The personalization processor 135 may transmit at least one subsequent sum value necessary for dynamically generating the volatile authentication value through at least one of the data communication network 160 and the voice communication network 170 to the issuer server 170. [ (350). ≪ / RTI >

If the at least one post-sum value is agreed with the issuer server 200 in step 355, the personalization processor 135 determines whether the value of the fixed seed value, the dynamic seed value, And stores the function value in the memory of the memory unit 111 or the USIM 110 (360).

4 is a diagram illustrating a process of registering and personalizing a user transaction means of the issuer server 200 according to an embodiment of the present invention.

4 shows an example in which after the application corresponding to the program module 115 shown in FIG. 1 is downloaded to the smartphone 100 of the user, the issuer server 200 shown in FIG. The smartphone 100 (or the program module 115) registers the user transaction means for the user identification value input from the smartphone 100 (or the program module 115) in cooperation with the server 270, (Or program module 115) to personalize the program module 115 by negotiating at least one value required to verify the dynamically generated volatile authentication value in the smartphone 100 Those skilled in the art will be able to refer and / or modify FIG. 4 to illustrate various methods of registering and personalizing the user transaction means (e.g., The present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited thereto.

Referring to FIG. 4, when an application corresponding to the program module 115 shown in FIG. 1 is downloaded to the smartphone 100 of the user and the program module 115 is executed, the issuer server 200 The device identification unit 210 identifies the device identification value assigned to the smartphone 100 (or the program module 115) and stores the device identification value in the storage medium 255 (400). Here, the device identification value may be determined according to the APNS standard, or may be assigned by the issuer server 200 or shared from the relay server 270, / RTI >

The user registration unit 240 determines whether a user identification value requesting registration of the user transaction means is received from at least one smartphone 100 (or the program module 115) to which the device identification value is allocated (405). If the user identification value is received (410), the transaction means determination unit (235) determines at least one user transaction means (415) to be used in the card transaction of the user based on the user identification value. Here, the user transaction means may be determined automatically or in conjunction with the smartphone 100 (or the program module 115).

If the user transaction means is determined (420), the transaction means registration unit 230 concatenates the transaction means identification value corresponding to the user transaction means and the user identification value and stores them in the storage medium 255 (425) .

A fixed seed value, a dynamic seed determination value, and a key generation function value necessary for verifying the dynamically generated volatile authentication value in the smartphone 100 (or the program module 115) The dynamic seed value and the key generation function agreed with the smartphone 100 (or the program module 115) (430) The value is stored in the storage medium 255 (445).

On the other hand, among the fixed seed value, the dynamic seed determination value, and the key generation function value necessary for verifying the volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) (Or program module 115), the personalization processor 225 may dynamically generate (e.g., generate) at least one subsequent sum value within the smartphone 100 (or program module 115) (Or program module 115) at least one post-sum value needed to verify the volatile authentication value to be validated (435). The post-sum value may be agreed through direct communication between the issuer server 200 and the smartphone 100 (or the program module 115), or may be agreed through relay of the relay server 270.

If the sum value is agreed with the smartphone 100 (or the program module 115) 440, the fixed seed value agreed with the smartphone 100 (or the program module 115) And stores the value and the key generation function value in the storage medium 255 (445).

5 is a diagram illustrating a process of verifying a volatile authentication value in the issuer server 200 and processing a card transaction according to an embodiment of the present invention.

5 illustrates an example in which the user transaction means is registered in the issuer server 200 through the process shown in FIG. 3 or 4 and the program module 115 downloaded to the user's smartphone 100 is personalized The issuer server 200 verifies that the volatile authentication value received from the transaction request terminal device 290 is a value dynamically generated in the personalized smartphone 100 (or the program module 115) The process of requesting the transaction from the transaction request terminal 290 will be described in detail with reference to FIG. 5, It will be appreciated that various implementations of the process (e. G., Some steps may be omitted or alternate practice) may be contemplated, but the present invention encompasses all such contemplated practices Is made, the technical features are not limited only with the exemplary method shown in the figure 5.

5, the terminal device interlocking unit 205 of the issuer server 200 determines whether at least one of the user identification value and the device identification value is received from the transaction request terminal device 290 (500 ). If at least one of the user identification value and the device identification value is received from the transaction request terminal 290 in step 505, the push processing unit 215 determines whether the received at least one identification value corresponds to And checks whether it is registered in the storage medium 255 through the illustrated process (510).

If the received identification value is not registered in the storage medium 255 in operation 515, the terminal device interlocking unit 205 transmits a transaction error to the transaction request terminal device 290 in operation 520. If the received identification value is registered in the storage medium 255 in step 515, the push processing unit 215 transmits the identification value to the smart phone 100 through at least one of the data communication network 160 and the voice communication network 170 (Or program module 115) to generate a volatile authentication value (525). Here, the push processing unit 215 may request generation of the volatile authentication value by pushing the value generation request information to the smartphone 100 (or the program module 115). The push processing unit 215 transmits the transaction history value to the smartphone 100 (or the program module 115) if the transaction details value is received from the transaction request terminal unit 290 through the terminal device interlock unit 205. [ The transaction detail value may be pushed to request the generation of the volatile authentication value. If the smartphone 100 (or the program module 115) generates the volatile authentication value based on the user's key command, the process of requesting the push processing unit 215 to generate the volatile authentication value is omitted It can be done.

After that, the terminal device interlocking unit 205 checks whether a volatile authentication value dynamically generated in the smartphone 100 (or the program module 115) is inputted through the transaction request terminal device 290 and received (530). According to the method of the present invention, the volatile authentication value may be received together with at least one of the user identification value and the device identification value, and thus the present invention is not limited thereto.

If the volatile authentication value is not received (535) from the transaction request terminal device 290 within a specified validity time after requesting the dynamic generation of the volatile authentication value by the smartphone 100 (or the program module 115) , The terminal device interlocking unit 205 transmits a transaction error to the transaction request terminal device 290 (520).

On the other hand, when the volatile authentication value is received from the transaction request terminal device 290 within a specified validity time after requesting the dynamic generation of the volatile authentication value to the smartphone 100 (or the program module 115) (Or program module 115), the validation value generator 220 generates a validation value for the smartphone 100 (or the program module 115), if the at least one identification value and the device identification value and the volatile authentication value are received 535 The dynamic seed value dynamically determined based on the fixed seed value and the dynamic seed determination value is dynamically generated in operation 540 by substituting the dynamic seed value into the key generation function agreed with the smartphone 100 (or the program module 115) .

If the volatile verification value is dynamically generated (545), the authentication value verification unit 260 compares the received volatile authentication value with the generated volatile verification value to verify the correspondence (550).

If the correspondence is not verified (555), the terminal device interlocking unit (205) transmits a transaction error to the transaction request terminal device (290) (520). On the other hand, if the correspondence is verified (555), the transaction processing unit 250 transmits a card transaction (for example, card settlement, financial transaction, etc.) to the transaction detail value received from the transaction request terminal device 290 through the user transaction means (560).

FIG. 6 is a diagram illustrating a process of dynamically generating a volatile authentication value in the smartphone 100 (or the program module 115) according to an embodiment of the present invention.

6 shows an example in which the user transaction means is registered in the issuer server 200 through the process shown in FIG. 3 or 4 and the program module 115 downloaded to the user's smartphone 100 is personalized The smartphone 100 (or the program module 115) dynamically generates and outputs a volatile authentication value based on a value agreed with the issuer server 200, Those skilled in the art will appreciate that various implementations of the volatile authentication value generation process (e.g., some of the steps may be omitted or the sequence changed) may be implemented by referring to and / or modifying FIG. 6 It is to be understood that the invention is not limited to the disclosed embodiments, but includes all modes of practicing the invention as set forth in the accompanying drawings.

Referring to FIG. 6, the push processing unit 140 of the program module 115 determines whether to generate a volatile authentication value dynamically using a value agreed with the issuer server 200 (600). When generation of the volatile authentication value is requested through the smartphone 100 or generation of the volatile authentication value is requested from the issuer server 200 through the process shown in Figure 5, (140) determines the dynamic generation of the volatile authentication value.

If the dynamic generation of the volatile authentication value is determined (605), the authentication value generation unit 145 generates the dynamic seed value dynamically determined based on the fixed seed value agreed with the issuer server 200 and the dynamic seed determination value To the key generation function agreed with the smartphone 100 (or the program module 115) to dynamically generate the volatile authentication value (610).

If the volatile authentication value is dynamically generated (615), the authentication value output unit 150 outputs the dynamically generated volatile authentication value to the screen (620), and the volatile authentication value is stored in the transaction And is transmitted to the issuer server 200 through the request terminal device 290.

100: smartphone 115: program module
120: Device identification processing unit 125: Interface output unit
130: user registration unit 135: personalization processing unit
140: push processing unit 145: authentication value generating unit
150: Authentication value output unit 160: Data communication network
170: voice call network 200: issuer server
270: Relay server

Claims (3)

And a second communication unit operable to intercommunicate with the smartphone of the user via the data network and to relay the communication between the issuer server and the smartphone which have issued the transaction means to the user, In a method executed via a relay server,
When a program designated to the smart phone is installed, the relay server receives from the program of the smart phone a user identification value for identifying the user through a data network and provides the user identification value to the issuer server, A device identification value for identifying a device that has executed the program, while relaying a value for generating an authentication value in a program of the smartphone to agree with the issuer server through an information exchange procedure, and providing the device identification value to the issuer server A first step;
Wherein the relay server communicates with the program of the smartphone corresponding to the device identification value through the data network so that the issuer transmits the program identification information corresponding to the user identification value A second step of confirming a transaction means identification value for identifying a transaction means to be used in a transaction among the transaction means issued to the user and providing the transaction means identification value to the issuer server; And
The relay server transmits a value agreed with at least one of the device identification value and the user identification value via the data network and the information exchange procedure of using the data network and the telephone network in the program of the smartphone, And a third step of receiving the generated authentication value and providing it to the issuer server,
Wherein the transaction means identification value is matched with the device identification value and the user identification value and stored in the storage medium of the issuer server,
Wherein the issuer server confirms a value agreed with the program of the smartphone through the received value and verifies the validity of the authentication value, and when the issuer server confirms the validity of the authentication value, And performing a transaction for processing the transaction through the transaction means.
2. The method according to claim 1,
Exchanging the program of the smartphone with the designated information in the bidirectional manner through the data network and simultaneously performing an information exchange procedure for confirming the information transmitted from the smart phone through the telephone network through the separate device, Determining a device identification value for identifying a device that has executed the program during the information exchange procedure while relaying a value for creating an authentication value in the issuer server so as to be agreed with the issuer server and providing the device identification value to the issuer server Wherein the transaction value is an authentication value.
The method according to claim 1,
The relay server providing value generation request information for requesting generation of an authentication value for the transaction from the program of the smartphone using the message standard of the data network, How to provide a transaction through an authentication value agreement.

Images