KR20130018061A - Method and system for operating one time code by using connectionless network seed - Google Patents

Abstract

The present invention relates to a single-use code operating method and system using a non-connected network seed, the single-use code operating system according to the present invention, a single-use code using a connectionless network seed of the server that can communicate with the terminal device providing a service to the user In the operating system, a seed value confirmation unit for checking n (1≤n≤N) seed values displayed on the terminal device to be input to the user's wireless terminal, and n seed values displayed on the terminal device are inputted. Disposable code receiving unit for receiving the one-time code generated by the application of the wireless terminal from the terminal device, and the one-time code authentication unit for processing the validity of the received disposable code using the n seed values displayed on the terminal device And at least one service procedure mapped with the authentication result of the one-time code is performed. It is provided with a service control unit for controlling.

Description

Method and System for Operating One Time Code by Using Connectionless Network Seed}

The present invention generates a one-time code through the application of the wireless terminal by inputting the seed value displayed on the terminal device to be provided with the service to the user's wireless terminal, and then input the generated one-time code to the terminal device to the terminal device Through this, the requested service is provided to the user.

One time password (OTP) is used as a means of non-face-to-face authentication. The disposable number is generated through a separate OTP device, or is generated by an application provided in the user's wireless terminal, and the user can be authenticated non-face-to-face by inputting the generated disposable number into a terminal device to which a service is provided. have.

However, the disposable number generated by the application mounted on the wireless terminal has a problem that cannot be as reliable as the disposable number generated through the OTP device. That is, since the OTP device is manufactured and distributed in a sealed state (for example, a state in which the battery can not be replaced), the reliability of the disposable number can be guaranteed more than a certain level, while the wireless terminal can be exploited at any time by hacking or the like. The reliability of the disposable number cannot be guaranteed safely.

In particular, in the case of a wireless terminal that can be connected to a data network such as a smart phone, hacking as well as the user's jailbreak frequently occurs, there is a problem that can not guarantee the reliability of the disposable number even more.

An object of the present invention for solving the above problems, the application provided in the user's wireless terminal receives at least one seed value displayed on the terminal device to be provided with the service to generate a one-time code to output to the terminal device and When the terminal device receives and transmits the one-time code, the service mapped with the authentication result of the one-time code is authenticated to the terminal device after authenticating the one-time code generated by the application based on the seed value displayed on the terminal device. The present invention provides a method and system for operating a disposable code using a connectionless network seed to be provided.

Disposable code operating system according to the present invention is a one-time code operating system using a connectionless network seed of a server that can communicate with a terminal device providing a service to a user, n displayed on the terminal device to be input to the user's wireless terminal A seed value confirmation unit for confirming (1 ≦ n ≦ N) seed values, and a one-time code for receiving a one-time code generated by an application of a wireless terminal in which n seed values displayed on the terminal device are input, from the terminal device; A receiving unit, a disposable code authentication unit for processing the validity of the received disposable code using the n seed values displayed on the terminal device, and at least one service procedure mapped to the authentication result of the disposable code is performed. It has a service control unit for controlling.

According to the present invention, the one-time code operation system may further include a seed value determination unit for determining the n seed values, and a seed value providing unit for outputting the determined n seed values to the terminal device. And a service recognizing unit recognizing a service to be provided to the terminal device among at least one service mapped with the authentication result of the one-time code, wherein the seed value checking unit is indicated by the terminal device to provide the recognized service. You can see the seed value of the dog.

According to the present invention, the one-time code operating system, an identification value acquisition unit for obtaining an identification value that uniquely identifies at least one of the user, the wireless terminal and the application, and using the identification value as a medium of the one-time code Further comprising a service mapping unit for mapping the authentication result and the payment means of the user, and when the disposable code is received, further comprising an identification value confirmation unit for confirming the identification value to be used as the medium, the service control unit is the disposable When the code is authenticated, the payment service for the user may be provided through a payment means of the user mapped with the authentication result. On the other hand, when the application is mounted on the user's wireless terminal, the one-time code operating system may further include a validity authentication unit for authenticating at least one of the user's wireless terminal and the application.

According to the present invention, the one-time code operating system includes the code generation algorithm when the application is mounted on a user's wireless terminal, and further includes (Nn) seed values (or seed determination rules). The apparatus may further include an authentication rule holding unit that maintains the authentication rule.

According to the present invention, the one-time code operating system, a seed value extraction unit for extracting (Nn) seed values used by the application to generate the one-time code from the code authentication rule corresponding to the one-time code, and the terminal device A seed value configuration unit configured to configure N seed values required for verifying the disposable code, including n seed values and (Nn) seed values shown in the figure, and agreeing the N seed values with an application of the wireless terminal. Verification code generation unit for generating a verification code by substituting the generated code generation algorithm, the one-time code authentication unit may compare the generated verification code and the one-time code to authenticate the validity of the one-time code.

According to the present invention, the one-time code operation system further comprises an authentication server verification unit for verifying the authentication server for authenticating the one-time code from the code authentication rule agreed with the application of the wireless terminal, the one-time code authentication unit the authentication The n seed values and the one-time code are transmitted to the server so that the validity of the one-time code is authenticated by the authentication server.

Disposable code operation method according to the present invention, in the one-time code operation method using a connectionless network seed of the server that can communicate with the terminal device providing a service to the user, n displayed on the terminal device to be input to the user's wireless terminal Confirming (1 ≦ n ≦ N) seed values, receiving a one-time code generated by an application of a wireless terminal to which n seed values displayed on the terminal device are input, from the terminal device, and Authenticating the validity of the received disposable code using the n seed values displayed on the device, and controlling at least one service procedure mapped with the authentication result of the disposable code to be performed.

According to the present invention, the one-time code operation method may further include determining the n seed values and providing the determined n seed values to the terminal device.

According to the present invention, the one-time code operation method further comprises the step of recognizing a service to be provided to the terminal device of at least one service mapped to the authentication result of the one-time code, wherein the n seed values, the The terminal may be displayed to provide the recognized service.

According to the present invention, the method of operating the one-time code, obtaining an identification value that uniquely identifies at least one of the user, the wireless terminal and the application, and using the identification value as a medium, the authentication result of the one-time code and Mapping the payment means of the user, and if the one-time code is received, further comprising the step of identifying an identification value to be used as the medium, and if the one-time code is authenticated, the authentication result The payment service for the user may be provided through a payment means of the user mapped with. On the other hand, when the application is mounted on the user's wireless terminal, the method may further include authenticating at least one of the user's wireless terminal and the application.

According to the present invention, the one-time code operating method includes the code generation algorithm when the application is mounted on a user's wireless terminal, and further includes (Nn) seed values (or seed determination rules). The method may further include maintaining an authentication rule.

According to the present invention, the method for operating a one-time code, extracting (Nn) seed values used by the application to generate the one-time code from a code authentication rule corresponding to the one-time code, and n displayed on the terminal device. Constructing N seed values required for verifying the disposable code, including the N seed values and the (Nn) seed values, and substituting the N seed values into a code generation algorithm agreed with the application of the wireless terminal. And generating a verification code, wherein the one-time code may be compared with the generated verification code to be authenticated.

According to the present invention, the one-time code operation method further comprises the step of confirming the authentication server for authenticating the one-time code from the code authentication rule agreed with the application of the wireless terminal, the one-time code is transferred to the authentication server. Can be authenticated.

In the one-time code operating method according to the present invention, in the method of operating a one-time code using a connectionless network seed executed by a wireless terminal having a processor, a memory unit, a key input unit, a screen output unit and at least one communication module, The method includes inputting n (1 ≦ n ≦ N) seed values displayed on a terminal device to which a service is to be provided among N (N ≧ 1) seed values to be inserted into the code generation algorithm, and the n inputted values N seed values including a seed value are configured, a step of generating a disposable code by substituting the configured N seed values into the code generation algorithm, and outputting the generated disposable code to be delivered to the terminal device. The steps are as follows.

According to the present invention, the one-time code operation method may further include verifying whether the inputted n seed values are displayed on the terminal device.

According to the present invention, the n seed values are displayed on the screen of the terminal device in the form of a key input possible key and then keyed through the key input unit, or the terminal device in the form of a content including a code for screen recognition. After being displayed on the screen of the terminal is input through the content sharing transmission using the communication module, or if the wireless terminal is provided in the form of being recognized through the camera unit after being displayed on the screen of the terminal device in the form of a code image in the code image form Is received from the terminal device through the short-range communication between the terminal device and the wireless terminal using the communication module, or received from the terminal device through the NFC module when the NFC module is provided in the wireless terminal It may include at least one input in the form.

According to the present invention, the one-time code may be output through at least one of a reverse path of the path in which the n seed values are input and a path separate from the path in which the seed value is input, and a key combination capable of key input. After the output through the screen output unit in the form of a key input to the terminal device, or outputs through the screen output unit in the form of content containing a code that can recognize the screen and then the terminal through the content sharing delivery configuration of the terminal device The terminal is transmitted to the device, or is output through the screen output unit in the form of a code image recognizable by the camera and then recognized by the camera of the terminal device, or the terminal through the short-range communication between the terminal device and the wireless terminal using the communication module It is output in the form of data transmitted to the device or transferred to the terminal device through the NFC module. It may include at least one output in the form of the transmitted data.

According to the present invention, while generating a one-time code through the application of the wireless terminal, the seed value for generating the disposable code in addition to the seed value maintained in the wireless terminal or the seed value transmitted through the communication network connected to the wireless terminal. By generating a one-time code by receiving the connectionless network seed displayed on the terminal device to be provided with the service, the user's occupation of the wireless terminal is confirmed, and the reliability of the one-time code is improved by a certain level or more.

According to the present invention, by mapping the authentication result of the one-time code generated through the connectionless network seed and the user's payment means, when the one-time code is authenticated to provide a secure non-face-to-face payment through the user's payment means This has the advantage.

1 is a view showing a configuration of a disposable code operating system of the present invention.
2 is a diagram illustrating a configuration of a wireless terminal and an application function of the present invention.
3 is a diagram illustrating a process of mounting and authenticating an application according to an exemplary embodiment of the present invention.
4 is a diagram illustrating a one-time code generation and authentication process according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a view showing the configuration of a one-time code operation system 100 of the present invention.

In more detail, in FIG. 1, an application 215 provided in a user's wireless terminal 200 receives at least one seed value displayed on a terminal device 185 to which a service is provided, and generates a single-use code to generate a single-use code. 185, and when the terminal device 185 receives and transmits the disposable code, the terminal device 185 authenticates the disposable code generated by the application 215 based on the seed value displayed on the terminal device 185. As a system configuration for processing the terminal device 185 to provide a service mapped with the authentication result of the one-time code, a person having ordinary knowledge in the technical field to which the present invention belongs may refer to FIG. Or may be modified to infer various implementation methods (eg, some implementations are omitted, subdivided, or combined) for the disposable code operating system 100. Would, in the present invention are made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 1.

The present invention provides a terminal device 185 that provides at least one service to a user and simultaneously displays at least one seed value to be input to the user's wireless terminal 200, and at least one seed displayed on the terminal device 185. The terminal receives the value and generates a one-time code and outputs the wireless terminal 200 and the terminal device after authenticating the one-time code generated by the application 215 based on the seed value displayed on the terminal device 185. 185) comprises a one-time code operating system 100 composed of at least one server for processing to provide a service mapped with the authentication result of the one-time code.

The terminal device 185 is a general term for a communication device that provides a service mapped with an authentication result of a one-time code, and at least one seed value to be input to the user's wireless terminal 200 is displayed and is based on the seed value. When the one-time code generated by the application 215 of the wireless terminal 200 is input, the input one-time code is transmitted to the one-time code operating system 100, the service mapped to the authentication result of the one-time code is Is provided. According to an embodiment of the present invention, the terminal device 185 is a computer terminal including at least one of a personal computer and a notebook of a user, a merchant terminal including at least one POS terminal and a CAT provided at an affiliated store, and an IPTV provided at home. And a home terminal including at least one set-top box and a home network device, a call terminal including a VoIP phone and an intelligent phone, a financial terminal including a CD / ATM, a kiosk, and the like. Obviously, any terminal having a configuration in which the seed value is displayed, a configuration for receiving the disposable code, and a configuration for transmitting the disposable code to the disposable code operating system 100 may be included in the terminal device 185. It is to be revealed.

The wireless terminal 200 is a generic term for a portable device having an application 215 for generating a one-time code, and at least one seed value displayed on the terminal device 185 is input, based on the input seed value. Generates a one-time code, and outputs the generated one-time code to the terminal device 185. According to an embodiment of the present invention, the wireless terminal 200 may include at least one of a user's smart phone, a mobile phone, a tablet PC, and the like, and in addition to the above-mentioned portable device, the seed value displayed on the terminal device 185 is displayed. It will be apparent that any value having a configuration to generate and output the disposable code can be included in the wireless terminal 200.

Referring to FIG. 1, when the application 215 is mounted as a user's wireless terminal 200, the one-time code operating system 100 may include at least one of the user's wireless terminal 200 and the application 215. It has a validity authentication unit 155 for authenticating one validity, and has an authentication rule holding unit 160 for maintaining a code authentication rule for the disposable code.

The wireless terminal 200 connects to a program providing server (eg, Apple's App Store, etc.) through a communication network, and downloads and installs an application 215 having the program configuration shown in FIG. The application 215 has an identifier for distinguishing the application from other programs mounted in the wireless terminal 200, or a separate management server designated at the same time the application 215 is driven (for example, an Apple APNS server). Etc.) may be assigned a token for identifying the application 215, wherein the validity authentication unit 155 may include an identifier embedded in the application 215 through at least one communication network of an accessible data network and a voice network. Tokens assigned to the application 215 are identified to confirm the application 215 provided to the wireless terminal 200.

When the application 215 is confirmed, the validity authentication unit 155 authenticates the validity of the application through at least one communication network of a data network and a voice network to which the wireless terminal 200 is accessible.

First, the validity authentication unit 155 checks the user information identifying the user and the communication company server to which the wireless terminal 200 is subscribed, and at least one of a data network and a voice network to which the wireless terminal 200 is accessible. At least one of a user's subscription state and an occupancy state of the wireless terminal 200 may be authenticated through a communication network of the wireless terminal 200. For example, the validity authentication unit 155 provides the user information and the wireless terminal 200 information to the communication company server, so that the subscriber of the wireless terminal 200 is authenticated through the communication company server. Can be processed. Alternatively, the validity authentication unit 155 generates an authentication number capable of authenticating whether the user occupies the wireless terminal 200, and the wireless terminal (200) through a message exchange protocol of a voice network to which the wireless terminal 200 is accessible. 200 after the authentication number is sent, the wireless terminal 200 receives the authentication number inputted from the wireless terminal 200 through a data network accessible to the wireless terminal 200 through the voice network. Compare with the authentication number sent or the authentication number received from the user terminal used by the user located near the wireless terminal 200 and compared with the authentication number sent to the wireless terminal 200 through the voice network. By doing so, it is possible to authenticate whether the user occupies the wireless terminal 200. On the other hand, authenticating the user's subscription status and occupancy status for the wireless terminal 200 may be omitted or replaced by another authentication method (for example, face-to-face authentication, public certificate authentication, etc.) according to the intention of the skilled person.

According to the first application authentication method of the present invention, the application 215 may be downloaded with an identifier for identifying the application having the program configuration of FIG. 2 assigned thereto, and the validity authentication unit 155 may be downloaded. Receives and reads an identifier assigned to the application 215 from the wireless terminal 200, it is possible to authenticate whether the application 215 is an application having the program configuration of FIG.

Alternatively, the application 215 may encrypt and transmit information that the one-time code operating system 100 may automatically identify through a communication company server among information allocated to the wireless terminal 200 and at least one communication network through the identifier. In this case, the validity authentication unit 155 receives the encrypted information, decrypts the encrypted information through a decryption key corresponding to the identifier, and compares the encrypted information with the information identified through the communication company server, thereby verifying that the application ( 215 may be authenticated as an application having the program configuration of FIG. 2 running on the user's wireless terminal 200. Here, the identifier is a public key, and the decryption key may be a private key associated with the public key or a symmetric key. On the other hand, the encrypted information includes information (eg, phone number, network ID, system ID, base station ID, exchanger ID, etc.) assigned to the wireless terminal 200 based on the voice network to which the wireless terminal 200 is accessible. In addition, the wireless terminal 200 may include at least one of information (for example, chip serial number, USIM information, MAC address, etc.) allocated to a physical component mounted on the wireless terminal 200.

According to the second application authentication method of the present invention, the application 215 may be assigned a token value uniquely identifying the application 215 on a communication network, and the validity authentication unit 155 may be assigned the application 215. The validity of the application can be authenticated by receiving the token value from the terminal, or by receiving and decrypting and comparing the wireless terminal 200 allocation information encrypted through the token value.

According to the third application authentication method of the present invention, the application 215 may be mounted with a certificate, the validity authentication unit 155 according to the key value or key exchange protocol and encryption / decryption rules included in the certificate. The validity of the application can be authenticated. Meanwhile, at least one identification key value may be exchanged in the process of authenticating the application 215 through the certificate, and the validity authentication unit 155 assigns the wireless terminal 200 allocation information encrypted through the identification key value. By receiving and decrypting and comparing and authenticating, validity of the application can be authenticated.

According to the fourth application authentication method of the present invention, the validity authentication unit 155 generates an authentication number and sends it to the wireless terminal 200 through a message exchange protocol of a voice network to which the wireless terminal 200 can access. By receiving and comparing the authentication number input through the application 215, it is possible to authenticate the validity of the application.

According to the fifth application authentication method of the present invention, the validity authentication unit 155 may authenticate the validity of the application by combining the first to fourth application authentication methods.

The authentication rule holding unit 160 is a code generation algorithm provided in the application 215 to generate a one-time code and the application 215 is to be assigned to the code generation algorithm to generate the one-time code N (N Code authentication including (Nn) seed values other than n (1≤n≤N) seed values to be input to the wireless terminal 200 after being displayed as the terminal device 185 among ≥1 seed values. The rules may be checked and maintained, and code generation rules may be agreed with the application 215 as necessary. Here, the (Nn) seed values may include a value exchanged with the application 215 (or a processed value) in the process of authenticating the validity of the wireless terminal 200 or the application. However, when the disposable code can be generated using only the n seed values, the (Nn) seed values may be omitted.

Meanwhile, if there is at least one seed value dynamically determined among the (Nn) seed values, the authentication rule holding unit 160 dynamically determines the at least one seed value in the code authentication rule. Keep it inclusive.

Alternatively, if there is at least one seed value (eg, a time value) that should be agreed with the application 215 among the (Nn) seed values, the authentication rule holding unit 160 may execute the application 215 through a communication network. And at least one seed value corresponding to the object of the agreement is agreed and then included in the code authentication rule.

Referring to FIG. 1, the one-time code operation system 100 may include an identification value obtaining unit 145 for obtaining an identification value uniquely identifying at least one of the user, the wireless terminal 200, and the application 215. And a service mapping unit 150 for mapping the authentication result of the one-time code to at least one service to be provided to the user by using the identification value as a medium. When the service is a payment service, the service mapping is performed. The unit 150 uses the identification value as a medium to map the authentication result of the disposable code and the payment means of the user.

The identification value obtaining unit 145 identifies a user identification value uniquely identifying the user, a wireless terminal identification value uniquely identifying the wireless terminal 200 of the user on which the application 215 is mounted, and the application 215. Obtain at least one identification value of the uniquely identifying application identification value. Here, the identification value is inputted from a user or automatically obtained from the wireless terminal 200 (or a communication company server subscribed to by the wireless terminal 200) in the process of authenticating the validity of the wireless terminal 200 or the application. Or may be obtained dynamically through at least one data exchange with the application 215.

Here, the user identification value may include at least one of a user's member account (ID), a social security number, an e-mail address, an ID number, and the like. Meanwhile, the user identification value may be obtained in the form of being registered from a user terminal used by the user, in addition to the wireless terminal 200 of the user, and the present invention is not limited thereto.

The wireless terminal identification value is a telephone number assigned to the user's wireless terminal 200, a fixed address (for example, IP or MAC), a serial number of the USIM, a unique code stored in the USIM, the wireless terminal 200 subscribes It may include at least one subscriber number and network ID registered in one carrier.

The application identification value is a value that uniquely identifies an application 215 provided to the user's wireless terminal 200 among the applications 215 of the same kind, a key value (or unique number) determined based on the identifier, and the application. At least one token assigned to 215 may be included.

The service mapping unit 150 confirms at least one service to be mapped with the authentication result of the one-time code. If the service to be mapped is a payment service, the service mapping unit 150 receives the payment means information of the user input by the user from the wireless terminal 200 (or the user terminal used by the user), and the identification value. By connecting and storing the identification value obtained by the acquisition unit 145 and the payment means information of the user, the authentication value of the one-time code and the user payment means are mapped using the identification value as a medium. On the other hand, if the service to be provided based on the authentication result of the one-time code is a user authentication service, the service mapping unit 150 confirms the server address information to be provided with the user authentication service, the identification value acquisition unit 145 By connecting and storing the identification value obtained by the server address information, using the identification value as a medium to map the authentication result of the one-time code and the user authentication service.

Referring to FIG. 1, the one-time code operation system 100 may include a service recognition unit 130 that recognizes a service to be provided to the terminal device 185 among at least one service mapped with an authentication result of the one-time code. And, when the service is recognized, determines n (1 ≦ n ≦ N) seed values to be displayed by the terminal device 185 among N (N ≧ 1) seed values required to generate the disposable code. A seed value determining unit 125 and a seed value providing unit 105 for providing the determined n seed values to the terminal device 185 and outputting the seed values are determined. Here, the n seed values are network seeds transmitted through a network, but from the viewpoint of the wireless terminal 200 generating the disposable code, the n seed values are not received through the network to which the wireless terminal 200 is connected. This is a connectionless network seed in that it is input from a heterogeneous medium separated from the terminal 200, that is, the terminal device 185.

The service recognition unit 130 is a terminal device 185 for providing at least one service mapped to the authentication result of the one-time code, or a service providing server 190 for providing the service to the terminal device 185 ( The service mapping unit 150 recognizes a service to be provided to the terminal device 185 from at least one service mapped with the authentication result of the one-time code by the service mapping unit 150. When the mapped service is a user authentication service, the service providing server 190 may include at least one of a web server, a banking server, a financial company server, and a card company server supporting one-time code-based user authentication. It is not limited to this. Alternatively, when the mapped service is a payment service, the service providing server 190 may include at least one of a shopping mall server, a bansa server, a payment agency server, and a payment approval server.

According to an embodiment of the present invention, the service recognition unit 130 receives identification information that can be matched with an identification value corresponding to a medium for mapping the authentication result and the service of the one-time code from the service providing server 190, The service mapped with the authentication result of the one-time code may be recognized based on the received identification information.

On the other hand, if the mapped service is a payment service, the service recognition unit 130 is the payment amount to be paid by the user from the service providing server 190 (or the terminal device 185) and the payment requesting institution (eg , Shopping mall, payment merchant, etc.), and the payment approval process is performed through a payment approval server corresponding to each payment method. For example, the payment information is received from at least one of a shopping mall server, a bansa server, a payment agent server, the payment approval process for the payment information is a payment approval server corresponding to the payment means mapped to the authentication result of the one-time code It can be done through.

When the service to be provided to the terminal device 185 is recognized, the seed value determining unit 125 dynamically determines n seed values to be displayed by the terminal device 185 among N seed values required to generate the disposable code. do. The n seed values may be assigned to the code generation algorithm, and may be one or more key combinations of numbers, letters, and symbols, or may be contents or data generated by encoding the key combinations. Alternatively, the n seed values may be data including a binary code.

Here, the n seed values are in the form of a key combination that can be keyed through the key input unit 202 of the wireless terminal 200 equipped with the application 215, a content form including a screen recognizable code, and a 2D barcode. It may be determined in the form of a code image including a, at least one of the form of data transferable through Near Field Communication (NFC) or short-range communication. For example, when the n seed values are two, one seed value may be determined in the form of a key combination, and the other seed value may be determined in the form of a code image.

According to an embodiment of the present invention, the n seed values may be encrypted in a structure that can be decrypted by the application 215 or modified through a one-to-one function of a structure that can be restored by the application 215. Alternatively, at least one seed value among the n seed values may include a check value or a value system configured to verify that the seed value is the seed value displayed on the terminal device 185 by the application 215. Can be.

When the n seed values are determined, the seed value providing unit 105 transmits the determined n seed values to the terminal device 185. For example, when a browser is output to the terminal device 185, the seed value providing unit 105 may include the n seed values on a web page and transmit the same to the terminal device 185. Alternatively, when a program capable of receiving the n seed values is operating in the terminal device 185, the seed value providing unit 105 may transmit the n seed values to the program. Meanwhile, when the terminal device 185 is provided with a program for determining and outputting the n seed values, the seed value determining unit 125 and the seed value providing unit 105 may be omitted. It is not limited.

Referring to FIG. 1, the one-time code operating system 100 includes n (1 ≦ n ≦ N) indicated by a terminal device 185 to which a service is to be provided among N (N ≧ 1) seed values required to generate the one-time code. Seed value confirming unit 120 for checking the seed values, and the application 215 of the wireless terminal 200 according to a seed input path specified between the terminal device 185 and the user's wireless terminal 200. When the one-time code generated by the application 215 is output to the terminal device 185 along the equatorial one code output path based on the N seed values including the input n seed values, the terminal device A one-time code receiving unit 110 for receiving a one-time code generated by the application 215 provided in the user's wireless terminal 200 by using the n seed values from 185, wherein the one-time code is If received, And a identification value confirmation unit 115 to confirm the identification value to be used as a medium.

The seed value confirming unit 120 is a seed value determined by the seed value determining unit 125, a seed value provided to the terminal device 185 by the seed value providing unit 105, and the terminal device 185. Determine the n seed values that are determined by the program provided and include one or more of the indicated seed values.

The n seed values displayed on the terminal device 185 are input to the application 215 of the wireless terminal 200 according to a seed input path designated between the terminal device 185 and the user's wireless terminal 200. The application 215 of the wireless terminal 200 generates a one-time code based on the N seed values including the input n seed values, and then between the wireless terminal 200 and the terminal device 185. The generated one-time code is output according to one code output path specified in the equator, and the terminal device 185 receives the one-time code according to the code output path. When the terminal device 185 transmits the input disposable code, the disposable code receiving unit 110 is provided in the wireless terminal 200 of the user using the n seed values from the terminal device 185. Receive the one-time code generated by the application 215.

When the one-time code is received, the identification value checking unit 115 confirms an identification value corresponding to a medium for mapping the authentication result of the one-time code and the service.

If the identification value corresponding to the medium is a user identification value, the identification value check unit 115 is a user's member ID (ID), resident registration number, mail entered by the user before or during the reception of the one-time code The user identification value including at least one of an address and an identification number is checked.

Alternatively, if the identification value corresponding to the medium is a wireless terminal identification value, the identification value confirming unit 115 checks the telephone number of the user wireless terminal 200 input by the user before or during the reception of the disposable code. A phone number, a fixed address (for example, IP or MAC), a serial number of a USIM, a unique code stored in a USIM, and the wireless terminal stored in a designated storage medium mapped to a user identification value inputted from the user or stored in a designated storage medium. The terminal 200 checks the wireless terminal identification value including at least one registered subscriber number and a network ID.

Alternatively, if the identification value corresponding to the medium is a wireless terminal identification value, the identification value checking unit 115 is a key value (or unique) of the application 215 input by the user before or during the reception of the one-time code Number) or a key value (or unique number) of an application 215 stored in a designated storage medium mapped to a user identification value input from the user, and at least one token assigned to the application 215. Check the application identification value.

Referring to FIG. 1, the one-time code operating system 100 processes the one-time code authentication unit 140 to process the validity of the received one-time code by using n seed values displayed on the terminal device 185. And a service control unit 135 for controlling at least one service procedure mapped with an authentication result of the one-time code when the one-time code is authenticated.

The one-time code authentication unit 140 processes the received one-time code to authenticate itself or through an authentication server 195 associated with the one-time code operation system 100.

When the one-time code is authenticated by itself according to the first one-time code authentication method of the present invention, the one-time code operating system 100, the application 215 from the code authentication rule corresponding to the one-time code is the one-time code The seed value extracting unit 165 extracts (Nn) seed values used to generate the N, and includes the n seed values and the (Nn) seed values displayed on the terminal device 185 to verify the disposable code. Verification to generate a verification code by substituting the seed value configuration unit 170 constituting the N seed values and the N seed values into a code generation algorithm agreed with the application 215 of the wireless terminal 200. A code generation unit 175 is further provided, and the one-time code authentication unit 140 compares the generated verification code with the one-time code to authenticate the validity of the one-time code.

The seed value extracting unit 165 corresponds to the received one-time code among the code authentication rules maintained in the authentication rule holding unit 160 based on the identification value confirmed by the identification value checking unit 115. Check the authentication rule, and extract (Nn) seed values used by the application 215 to generate the one-time code from the code authentication rule. If there is a seed value to be dynamically determined among the (Nn) seed values, the seed value is dynamically determined according to the seed determination rule included in the code authentication rule. However, when only the n seed values are used to generate the disposable code, the process of checking the (Nn) seed values may be omitted.

The seed value configuration unit 170 includes the n seed values identified by the seed value confirmation unit 120 and the (Nn) seed values extracted by the seed value extraction unit 165. It configures N seed values necessary to generate verification code for verifying.

The verification code generation unit 175 generates the verification code by substituting the N seed values into a code generation algorithm used by the application 215 provided in the user's wireless terminal 200 to generate the disposable code. The one-time code authentication unit 140 compares the received one-time code with the generated verification code and authenticates whether the one-time code is valid.

If the validity of the one-time code is authenticated, the service control unit 135 controls to perform at least one service procedure mapped to the authentication result of the one-time code.

On the other hand, when authenticating the one-time code through the authentication server 195 according to the second one-time code authentication method of the present invention, the one-time code operating system 100, the application 215 of the wireless terminal 200 And an authentication server verification unit 180 for verifying the authentication server 195 for authenticating the one-time code from the code authentication rule agreed with the one-time code authentication unit 140 to the authentication server 195. n seed values and one-time codes are transferred to the authentication server 195 so that the validity of the one-time codes is authenticated.

The authentication server verification unit 180 is a code corresponding to the received one-time code of the code authentication rule maintained in the authentication rule holding unit 160 based on the identification value confirmed by the identification value confirmation unit 115 Check the authentication rule, and check the authentication server 195 for authenticating the one-time code from the code authentication rule.

When the authentication server 195 is confirmed, the one-time code authentication unit 140 checks the n seed values confirmed by the seed value checking unit 120 and the received disposable code with the verified authentication server 195. And transmit the identification value confirmed by the identification value checking unit 115 as necessary.

The authentication server 195 configures N seed values including the n seed values, and then the application 215 provided with the N seed values in the wireless terminal 200 of the user generates the one-time code. Verification code is generated by substituting the code generation algorithm. When the verification code is generated, the authentication server 195 compares the one-time code and the generated verification code to authenticate the validity of the one-time code, and then the authentication code of the one-time code authentication unit 140 Answer

If the validity of the one-time code is authenticated by the authentication server 195, the service controller 135 controls to perform at least one service procedure mapped with the authentication result of the one-time code.

When the authentication result of the one-time code and the payment means of the user are mapped using the identification value as a medium, the service control unit 135 checks the payment means of the user mapped to the authentication result of the one-time code, and the user The payment approval server corresponding to the payment means controls the payment approval process of the payment information through the payment means.

2 is a diagram showing the functional configuration of the wireless terminal 200 and the application 215 of the present invention.

In more detail, FIG. 2 illustrates a configuration of an application 215 and a wireless terminal 200 corresponding to a program configuration of receiving a seed value displayed on the terminal device 185 to be provided with a service and dynamically generating and outputting a single-use code. As those skilled in the art to which the present invention pertains, various implementation methods for the function of the wireless terminal 200 may be inferred by referring to and / or modifying the drawing 2, but the present invention is It is made including all the inferred implementation methods, the technical features are not limited only to the implementation method shown in FIG.

Referring to FIG. 2, the wireless terminal 200 includes a control unit 205, a memory unit 211, a screen output unit 201, a key input unit 202, a sound output unit 203, and a sound input unit 204. And a camera unit 205, a wireless network communication module 208, a short range wireless communication module 207, an NFC module 209, a USIM reader unit 210, and a USIM, and a battery 206 for power supply. Equipped.

The controller 205 is a generic term for a configuration for controlling the operation of the wireless terminal 200. The controller 205 includes at least one processor and an execution memory. Each of the components and the bus provided in the wireless terminal 200 includes a plurality of components. BUS). According to the present invention, the control unit 205 loads and executes at least one program code included in the wireless terminal 200 through the processor into the execution memory, and calculates at least one result through the bus. By transmitting to the negative to control the operation of the wireless terminal 200. Hereinafter, the configuration of the application 215 of the present invention implemented in the form of program code for convenience will be described in the control unit 205.

The memory unit 211 is a generic term for a nonvolatile memory corresponding to a storage resource included in the wireless terminal 200, and includes at least one program code executed through the controller 205 and at least used by the program code. Store and maintain one data set. The memory unit 211 basically includes a system program code and a system data set corresponding to an operating system of the wireless terminal 200, a communication program code and a communication data set for processing a wireless communication connection of the wireless terminal 200, and at least One application program code and an application data set are stored, and the program code and data set corresponding to the application 215 of the present invention are also stored in the memory unit 211.

The screen output unit 201 includes a screen output device (for example, a liquid crystal display (LCD) device) corresponding to an output resource provided in the wireless terminal 200 and a screen output module for driving the same. 205 is connected to a bus and outputs a calculation result corresponding to a screen output among various calculation results of the controller 205 to the screen output device.

The key input unit 202 is composed of a key input device (or a touch screen device linked with the screen output unit 201) corresponding to the input resources provided in the wireless terminal 200 and a key input module for driving the key input device. The controller 205 is connected to a bus and inputs a command for instructing various operations of the controller 205, or inputs data required for the operation of the controller 205.

The sound output unit 203 includes a speaker corresponding to an output resource provided in the wireless terminal 200 and a sound module for driving the speaker, and is connected to the control unit 205 by a bus and the control unit 205. The operation result corresponding to the sound output is output from the various operation results of the through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 204 includes a microphone corresponding to an input resource provided in the wireless terminal 200 and a sound module for driving the microphone, and transmits sound data input through the microphone to the controller 205. do. The sound module encodes and encodes a sound signal input through the microphone.

The camera unit 205 includes an optical unit, a charge coupled device (CCD), and a camera module for driving the same, and acquires bitmap data input to the CCD through the optical unit. The bitmap data may include both still image data and moving image data.

The wireless network communication module 208 and the short range wireless communication module 207 are communication resources provided in the wireless terminal 200, and the wireless network communication module 208 is connected to a wireless communication network through a base station, The wireless communication module 207 connects to a local area communication device or a wireless AP located at a short distance.

The wireless network communication module 208 is a general term for a communication configuration for connecting the wireless terminal 200 to wireless communication, and includes an antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving radio frequency signals of a specific frequency band. It is configured to include at least one, connected to the bus by the control unit 205 and transmits a calculation result corresponding to the wireless communication of the various calculation results of the control unit 205 through wireless communication, or receives data through wireless communication The controller 205 transmits the data to the controller 205 and maintains the procedure of connection, registration, communication, and handoff of the wireless communication. According to the present invention, the wireless network communication module 208 may connect the wireless terminal 200 to a voice network including a voice channel and a data channel via a switch, and in some cases, a packet without passing through the switch. It can be connected to a data network that provides data communications based on switched communications.

According to an exemplary embodiment of the present invention, the wireless network communication module 208 is configured to perform at least one mobile communication network connection, location registration, call processing, call connection, data communication, and handoff according to the CDMA / WCDMA standard. It includes. Meanwhile, according to the intention of the person skilled in the art, the wireless network communication module 208 may further include a portable Internet communication configuration for performing at least one connection, location registration, data communication, and handoff to the portable Internet according to the IEEE 802.16 standard. It is apparent that the present invention is not limited by the wireless communication configuration provided by the wireless network communication module 208.

The short range wireless communication module 207 is a short range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance, and preferably includes at least one of Wi-Fi communication, Bluetooth communication, and public wireless communication. Can be. According to an embodiment of the present invention, the short range wireless communication module 207 may be integrated with the wireless network communication module 208. According to the present invention, the short range wireless communication module 207 connects the wireless terminal 200 to a packet switched communication-based data network through a wireless AP.

The NFC module 209 is a proximity communication module that transmits data between terminals at a close distance of about 10 cm according to an NFC (Near Field Communication) standard that uses the 13.56 Mz frequency band of the ISO 18000 series wireless communication standard. The short range wireless communication module 207 may be integrally implemented or may be implemented as a separate communication module. According to the intention of the person skilled in the art, the NFC module 209 may provide proximity communication of another frequency band (eg, 900Mhz band, etc.) supported by the ISO 18000 series standard in addition to the 13.56Mz frequency band. No. Meanwhile, the NFC module 209 may be included in a communication resource provided in the wireless terminal 200 according to a target to which the NFC module 209 communicates in close proximity.

The USIM reader unit 210 is a generic term for a configuration for exchanging at least one data set with a universal subscriber identity module (Universal Subscriber Identity Module) mounted on or detached from the wireless terminal 200 based on ISO / IEC 7816 standard. As an example, the data sets are exchanged in a half-duplex communication through an APDU (Application Protocol Data Unit).

The USIM is a SIM type card having an IC chip according to the ISO / IEC 7816 standard, an input / output interface including at least one contact point connected to the USIM reader unit 210, and at least one IC chip program code. And an IC chip memory for storing a data set, and a program code for the IC chip or extracting (or processing) the data set according to at least one command transmitted from the wireless terminal 200 connected to the input / output interface. It includes a processor for transmitting to the input and output interface.

The application 215 of the present invention is downloaded from a program providing server (eg, Apple's App Store, etc.) through the data network to which the communication resource is accessible, and stored in the memory unit 211. The downloaded application 215 is driven manually or automatically. In order to automatically drive the application 215, a separate program may be driven in advance, whereby the present invention is not limited.

According to the present invention, the wireless terminal 200 may register the application 215 by authenticating the validity of the application by accessing the one-time code operating system 100 using the communication resource. If the code generation rule for generating the one-time code is not set by the application 215, the application 215 is an authentication server for authenticating the one-time code operating system 100 (or the one-time code through the communication resource). (195)) and the code generation rule, wherein the code generation rule comprises at least one seed value (or seed determination rule) and one or more code generation algorithms.

Referring to FIG. 2, the application 215 of the wireless terminal 200 accesses the one-time code operation system 100 through a data network to which the communication resource is accessible, and registers the user as a member or is a member of the user. A membership authentication / authentication unit 220 that authenticates the qualification, and an application authentication unit 225 that authenticates the validity of the application through at least one communication network to which the communication resource is accessible, and in the application 215. When the code generation rule is not provided, the rule setting unit 230 may be further provided to set the code generation rule in the application 215.

The application 215 has communication connection macro information for accessing the one-time code operation system 100 through a data network to which the communication resource is accessible, and the member registration / authentication unit 220 includes the screen output unit ( 201) outputs an interface for inputting user information (eg, name, social security number, etc.) and a member account through which the user is registered as a member, and inputs through the interface to the one-time code operation system 100 through the data network. Registered user information and a member account to register the user as a member.

Meanwhile, membership of the user may be subscribed through a separate user terminal in addition to the wireless terminal 200. Therefore, when the user is already registered as a member or as a member through the user terminal, the member registration / authentication unit 220 outputs an interface for inputting the member account of the user and establishes the data network. By transmitting the member account input through the interface to the one-time code operation system 100 to authenticate whether the user is a member.

Before or after the user's membership / authentication, the application authentication unit 225 is the one-time code operating system 100 of the application through the communication network of at least one of the data network and the voice network to which the communication resources are accessible. Authenticate validity

According to the first application authentication method of the present invention, the application 215 may be downloaded with a unique key value assigned to identify that the application is operated by the one-time code operating system 100, the application The authentication unit 225 may transmit the unique key value to the one-time code operating system 100, in which case the one-time code operating system 100 reads the unique key value, thereby allowing the application 215 to read the unique key value. The application 215 may be authenticated by the one-time code operating system 100.

Alternatively, the application authenticator 225 may encrypt and transmit information that can be automatically identified by the one-time code operating system 100 among the information allocated to the wireless terminal 200 and at least one communication network through the unique key value. In this case, the one-time code operating system 100 receives the encrypted information, decrypts the encrypted information through a decryption key corresponding to the unique key value, and compares and authenticates the information identified through the communication company server. Thus, it is possible to authenticate whether the application 215 is running on the user's wireless terminal 200 as the application 215 operated by the one-time code operating system 100.

According to the second application authentication method of the present invention, the application 215 may be assigned a token value uniquely identifying the application 215 on a communication network, and the application authentication unit 225 may read the token value. By transmitting to the one-time code operating system 100, or by encrypting the information assigned to the wireless terminal 200 through the token value and transmitted to the one-time code operating system 100, it is possible to authenticate the validity of the application. .

According to the third application authentication method of the present invention, the application 215 may be mounted with a certificate, the application authentication unit 225 according to the key value or key exchange protocol and encryption / decryption rules included in the certificate The application 215 may authenticate that the application is operated by the one-time code operating system 100. Meanwhile, at least one identification key value may be exchanged in the process of authenticating the application 215 through the certificate, and the application authentication unit 225 may allocate information to the wireless terminal 200 through the identification key value. By encrypting and transmitting to the one-time code operating system 100, it is possible to authenticate the validity of the application.

According to the fourth application authentication method of the present invention, the wireless terminal 200 receives an authentication number from the one-time code operating system 100 through a message exchange protocol of a voice network, and receives the received authentication number from the application ( 215 may be received and transmitted to the one-time code operating system 100 through a data network, thereby validating the validity of the application.

According to the fifth application authentication method of the present invention, the application authentication unit 225 may authenticate the validity of the application by combining the first to fourth application authentication methods.

The application authenticator 225 receives and maintains an application identification value uniquely identifying the application 215 from the one-time code operating system 100 while authenticating the validity of the application, or the one-time code in the application authentication process. The unique value of at least one of the values exchanged with the operating system 100 may be determined and maintained as the application identification value, and the application identification value may be used as a seed value for generating a one-time code or form a secure channel. Can be used in the process.

The rule setting unit 230 may agree with the one-time code operating system 100 at least one seed value that must be agreed in advance among seed values required for dynamically generating the one-time code, and the at least one agreed upon. The seed value of can be stored in the storage resource.

If a code generation rule is not agreed between the application 215 and the one-time code operating system 100, the rule setting unit 230 is configured through the one-time code operating system 100 (or the authentication server ( 195) the code generation rule can be agreed upon and maintained in the application 215).

Here, the code generation rule is a code generation algorithm for generating the one-time code, the type of seed values and conversion specifications (e.g., hash functions, number of bytes of hashed values, etc.) that can be assigned to the code generation algorithm, and the code generation. Contains seed values (or seed decision rules) to assign to the algorithm.

Alternatively, when the seed value (or seed determination rule) to be assigned to the code generation algorithm is not agreed between the application 215 and the one-time code operating system 100, the rule setting unit 230 may set the one-time code. At least one seed value (or seed determination rule) may be maintained in the application 215 through the operating system 100 (or directly with the authentication server 195 side).

According to the present invention, the one-time code operation system 100 may self-certify the one-time code, or may be authenticated through a separate authentication server 195 associated with it.

When the one-time code is authenticated by itself according to the first one-time code authentication method of the present invention, the code authentication rule may include the code generation algorithm, a type of seed value assignable to the code generation algorithm, and a conversion standard (eg, a hash). Function, number of bytes of hashed value, etc.) and seed value (or seed determination rule) to be assigned to the code generation algorithm.

When the one-time code is authenticated through the authentication server 195 according to the second one-time code authentication method of the present invention, the code authentication rule is the address of the authentication server 195 to authenticate the one-time code and the authentication server ( On 195 may include at least one parameter value (for example, a parameter for determining the seed value registered in the authentication server 195) to be used to authenticate the one-time code.

Referring to FIG. 2, the application 215 of the wireless terminal 200 includes a seed value input unit 235 which receives n seed values displayed on the terminal device 185 through a designated seed input path, and the seed input. A seed value configuration unit 245 constituting N seed values including n seed values input through a path, and a one-time code generation for generating a disposable code by substituting the configured N seed values into the code generation algorithm. And a disposable code output unit 255 for outputting the generated disposable code to the terminal device 185 through a designated code output path, wherein the n seed values are inputted to the terminal device. A seed value verification unit 240 may be further provided to verify whether the value is displayed at 185.

The disposable code generator 250 includes a code generation algorithm for generating a disposable code using N seed values, and the seed value input unit 235 is a terminal device among N seed values to be substituted into the code generation algorithm. N seed values indicated at 185 are inputted through the designated seed input path.

The seed input path may include at least one of a key input path, a content sharing transmission path, a camera recognition path, a short range communication path, and an NFC path.

The key input path refers to a seed input path in which the n seed values are displayed on the screen of the terminal device 185 in the form of a key input possible key and then are keyed by the user through the key input unit 202. .

The content sharing delivery path is displayed on the screen of the terminal device 185 in the form of a content in which the n seed values include a screen recognizable code. It means a seed input path input to the terminal 200. For example, the content sharing delivery protocol is a protocol for providing a so-called N-Screen, and includes a digital living network alliance (DLNA) protocol based on short-range communication or a cloud computing method through a content relay server. ) May include a protocol.

The camera recognition path is displayed on the screen of the terminal device 185 in the form of a code image (eg, 2D barcode image) in which the n seed values are encoded, and then analyzes an image photographed by the camera unit 205. The seed input path is input in a form in which n seed values are recognized.

The short-range communication path is a short-range communication between the terminal device 185 and the wireless terminal 200 using the short-range wireless communication module 207 when the short-range communication device capable of short-range communication is provided in the terminal device 185. Through the n seed values means a seed input path inputted in a form received from the terminal device 185.

In the NFC path, when the terminal device 185 supports NFC, the n seed values are transmitted through the NFC between the terminal device 185 and the wireless terminal 200 using the NFC module 209. A seed input path input in a form received from the device 185.

When the n seed values are encrypted in a decryptable structure by the application 215 according to the first embodiment of the present invention, the seed value verification unit 240 decrypts the encrypted seed values. It is possible to verify whether the inputted n seed values are displayed on the terminal device 185 by decrypting the encrypted seed values through the decryption key.

According to the second embodiment of the present invention, when the n seed values are transformed into a structure that can be restored by the application 215, the seed value verification unit 240 transforms the n seed values into a one-to-one function. By restoring the modified n seed values to the original seed values, it is possible to verify whether the input n seed values are displayed on the terminal device 185.

According to the third embodiment of the present invention, when the n seed values include check values verifiable by the application 215, the seed value verifying unit 240 may include at least one seed among the n seed values. By determining whether the check value is included in the value, it is possible to verify whether the input n seed values are displayed on the terminal device 185. For example, the check value is a quotient of a bit value calculated by substituting a bit value included in one or more seed values into a specified bit operation, or a specified arithmetic operation (eg, one seed value divided by another seed value). Etc.) and the calculated result value. According to the present invention, the verification values may be variously applied in various ways and are not limited to specific types and methods.

According to the fourth exemplary embodiment of the present invention, when the n seed values have a value system verifiable by the application 215, the seed value verifying unit 240 includes at least one seed value among the n seed values. By determining whether the value system is configured, it is possible to verify whether the input n seed values are displayed on the terminal device 185. Here, the value system may include a system for specifying the size (or number of bits) of each seed value and the value (or bit) of a specific position position.

When the disposable code is generated through N seed values according to an embodiment of the present invention, the seed value configuration unit 245 maintains the remaining (Nn) seed values except for the n seed values. And N seed values including the inputted n seed values and the held (Nn) seed values. On the other hand, when the disposable code can be generated only through the inputted n seed values, the seed value configuration unit 245 may configure the inputted n seed values as N seed values.

The one-time code output unit 255 maintains and executes a code generation algorithm for generating the one-time code by executing an executable program code, and substitutes the configured N seed values into the code generation algorithm to the terminal device 185. Dynamically generates one-time code to output to be delivered.

The disposable code may include only dynamic code dynamically generated through the code generation algorithm, and may be formed in a form in which a fixed code designated to the dynamic code is combined according to the intention of a person skilled in the art. For example, the fixed code may be a bank identification number (BIN), and in this case, the disposable code may be a disposable card number in which the BIN and a dynamic code are combined.

The disposable code output unit 255 outputs the generated disposable code to the terminal device 185 through one or more code output paths. Here, the code output path may include at least one reverse path of the seed input path to which the n seed values are input and a separate path different from the path to which the seed value is input.

The code output path may include a key input path in which the single-use code is output through the screen output unit 201 in the form of a key combination capable of key input and then keyed in to the terminal device 185 by a user. .

Alternatively, the code output path is output through the screen output unit 201 in the form of a content in which the disposable code is a screen recognizable code, and then the terminal according to at least one content sharing delivery protocol of DLNA and cloud computing. It may include a content sharing delivery path delivered to the device 185.

Alternatively, the code output path may include a camera recognition path recognized through the camera of the terminal device 185 after the disposable code is output through the screen output unit 201 in the form of a code image recognizable by a camera. Can be.

Alternatively, the code output path may include a short-range communication path in which the single-use code is output to the terminal device 185 through short-range communication between the terminal device 185 and the wireless terminal 200 using the communication module. It may include.

Alternatively, the code output path may include an NFC path in which the disposable code is output in the form of data transmitted to the terminal device 185 through the NFC module 209.

3 is a diagram illustrating a process of mounting and authenticating an application 215 according to an embodiment of the present invention.

More specifically, Figure 3 is combined with the user registration / authentication through the wireless terminal 200 of the user to mount and authenticate the application 215 having the functional configuration shown in Figure 2 on the wireless terminal 200 Referring to FIG. 3, the user's wireless terminal 200 downloads and drives an application 215 from a program providing server through a data network (300). If the user is not registered as a member, the application 215 receives user information and a member account and transmits the received information to the one-time code operation system 100 (305). The one-time code operation system 100 authenticates the user name with the user name for the user (310), and if the user's real name is authenticated and stores the member account and the user information (315). The user terminal receives a member account from the user and logs in (320).

The one-time code operating system 100 authenticates the validity of the application provided in the wireless terminal 200 through at least one communication network (325), the wireless terminal 200 is the one-time code operating system 100 In operation 325, the application is authenticated to validate the validity of the application. In the process of authenticating the validity of the application, at least one of a user subscription state and a user occupation state of the wireless terminal 200 may be further authenticated.

When the validity of the application is authenticated, the one-time code operating system 100 may agree a code generation rule with the application 215 (330), and the code generation rule is agreed in advance or an agreement is reached. If unnecessary, the process 330 can be omitted. In addition, the one-time code operating system 100 sets and maintains a code authentication rule based on the code generation rule of the application 215 (340).

The one-time code operating system 100 determines an identification value that uniquely identifies at least one of the user, wireless terminal 200 and application 215 (345), the identification value from the wireless terminal 200 A value input and received, or a value assigned to the wireless terminal 200 is received, or a value used in the member registration / authentication process is included, or assigned on a communication network to which the wireless terminal 200 is connected. A value may be determined through at least one of what is obtained (345).

The one-time code operation system 100 confirms a service to be mapped with the authentication result of the one-time code (335), using the identification value as a medium to map the authentication result of the one-time code and the identified service (355) ). If the mapped service is a payment service, the one-time code operation system 100 receives payment means information of the user from the wireless terminal 200 and stores the identification value and the payment means information in association with each other. The identification value may be used as a medium to map the authentication result of the disposable code and the payment means. Meanwhile, a code authentication rule for authenticating the one-time code is also mapped to the identification value.

4 is a diagram illustrating a one-time code generation and authentication process according to an embodiment of the present invention.

In more detail, in FIG. 4, the application 215 illustrated in FIG. 2 receives at least one seed value displayed on the terminal device 185, generates a single-use code, and outputs the disposable code to the terminal device 185. When the device 185 receives and transmits the one-time code, the device 185 authenticates the one-time code generated by the application 215 based on the seed value displayed on the terminal device 185 and then uses the one-time code to the terminal device 185. Referring to FIG. 4, the one-time code operating system 100 recognizes a service mapped to an authentication result of a one-time code, as shown in FIG. 4. After determining n seed values to be displayed to the terminal device 185 to be provided with the recognized service (405), the determined n seed values are provided to the terminal device 185 and outputted (410). However, when the terminal device 185 is provided with a program configuration for determining and outputting the n seed values, the above process can be omitted, and the present invention is not limited thereto.

The terminal device 185 receives and displays the n seed values (415), and the displayed n seed values are transmitted through the designated seed input path between the terminal device 185 and the wireless terminal 200. In operation 420, the wireless terminal 200 receives n seed values displayed on the terminal device 185 through the seed input path (425).

The application 215 of the wireless terminal 200 verifies whether the input n seed values are the seed values displayed on the terminal device 185 (430). If the seed value is not verified, the application 215 of the wireless terminal 200 outputs verification error information about the seed value (435a), and if the seed value is verified, the code generation rule is applied. After configuring N seed values including the n seed values (435b), the N seed values are substituted into the code generation algorithm according to the code generation rule to dynamically generate the disposable code (440), and the wireless The disposable code is output to the terminal device 185 through a code output path between the terminal 200 and the terminal device 185 (445).

The terminal device 185 receives the disposable code from the wireless terminal 200 through the code output path (450), and transmits the input disposable code to the disposable code operating system 100 (455). .

The one-time code operation system 100 checks n seed values indicated by the terminal device 185 (460), and the application of the wireless terminal 200 based on the n seed values from the terminal device 185. When the one-time code generated through 215 is received (465), the identification value corresponding to the medium for mapping the authentication result of the one-time code and the service (payment means) is confirmed (470). When the mapped service is a payment service, the identification value is used as a medium for mapping the authentication result of the one-time code and the user's payment means.

The one-time code operating system 100 configures N seed values including n seed values indicated by the terminal device 185 according to a code authentication rule corresponding to the identified identification value (475). After generating verification codes by substituting N seed values into a code generation algorithm according to an authentication rule (480), the one-time code is verified by comparing the one-time code with the verification code (485). Meanwhile, the one-time code operation system 100 may transmit the n seed values and the one-time code to the authentication server 195 maintaining the code authentication rule so that the one-time code is authenticated.

If the one-time code is not authenticated, the one-time code operating system 100 outputs error information of the one-time code to the terminal device 185 (490a), and if the one-time code is authenticated, the identification value. By controlling the service procedure mapped to the authentication result of the one-time use code as a medium (490b), the service is provided through the terminal device 185 (495). If the mapped service is a payment service, the one-time code operation system 100 confirms the payment means of the user mapped to the authentication result of the one-time code using the identification value as a medium, and through the payment approval server. The payment through the payment means is controlled to be processed, and the approval result of the payment is provided to the terminal device 185.

100: disposable code operation system 105: seed value provider
110: disposable code receiving unit 115: identification value check unit
120: seed value check unit 125: seed value determiner
130: service recognition unit 135: service control unit
140: one-time code authentication unit 145: identification value acquisition unit
150: service mapping unit 155: validity authentication unit
160: authentication rule maintenance unit 165: seed value extraction unit
170: seed value configuration unit 175: verification code generation unit
180: authentication server verification unit 185: terminal device
190: service provider server 195: authentication server
200: wireless terminal 215: application
220: member registration / authentication unit 225: application authentication unit
230: rule setting unit 235: seed value input unit
240: seed value verification unit 245: seed value configuration unit
250: disposable code generation unit 255: disposable code output unit

Claims (21)

In the one-time code operating system using a connectionless network seed of a server that can communicate with a terminal device that provides a service to a user,
A seed value checking unit for checking n (1 ≦ n ≦ N) seed values displayed on the terminal device to be input to a user's wireless terminal;
A one-time code receiving unit for receiving a one-time code generated by an application of a wireless terminal to which n seed values displayed on the terminal device are input, from the terminal device;
A one-time code authentication unit for processing the validity of the received one-time code by using n seed values displayed on the terminal device; And
And a service controller configured to control at least one service procedure mapped with an authentication result of the one-time code.
The method of claim 1,
A seed value determiner configured to determine the n seed values; And
And a seed value providing unit configured to provide the determined n seed values to the terminal device and output the n seed values.
The method of claim 2,
And a service recognizing unit recognizing a service to be provided to the terminal device among at least one service mapped to an authentication result of the one-time code.
The seed value confirmation unit,
Disposable code operating system using a non-connected network seed, characterized in that for verifying the n seed values displayed by the terminal device to provide the recognized service.
The method of claim 1,
An identification value obtaining unit obtaining an identification value uniquely identifying at least one of the user, a wireless terminal, and an application; And
The service mapping unit for mapping the authentication result of the one-time code and the payment means of the user using the identification value as a medium, further comprising:
When the disposable code is received, further comprising an identification value confirmation unit for confirming the identification value to be used as the medium,
The service control unit,
When the one-time code is authenticated, the one-time code operating system using a connectionless network seed, characterized in that the payment service for the user is provided through the payment means of the user mapped to the authentication result.
5. The method of claim 4,
When the application is mounted to the user's wireless terminal, the one-time code operating system using a non-connected network seed, characterized in that further comprising a validity authentication unit for authenticating at least one of the user's wireless terminal and the application.
The method of claim 1,
When the application is mounted to a user's wireless terminal, the authentication rule holding unit for maintaining the code authentication rule including the code generation algorithm, and further includes (Nn) seed values (or seed determination rules) Disposable code operation system using a connectionless network seed, characterized in that made.
The method of claim 1,
A seed value extraction unit for extracting (Nn) seed values used by the application to generate the one-time code from a code authentication rule corresponding to the one-time code;
A seed value constructing unit configured to configure N seed values necessary for verifying the disposable code, including n seed values and (Nn) seed values displayed on the terminal device; And
And a verification code generator for generating verification codes by substituting the N seed values into a code generation algorithm agreed with an application of the wireless terminal.
The disposable code authentication unit,
Disposable code operating system using a connectionless network seed, characterized in that to verify the validity of the one-time code by comparing the generated verification code and the one-time code.
The method of claim 1,
Further comprising a authentication server verification unit for verifying the authentication server for authenticating the one-time code from the code authentication rule agreed with the application of the wireless terminal,
The disposable code authentication unit,
Disposable code operating system using a non-connected network seed, characterized in that for passing the n seed value and the one-time code to the authentication server to process the validity of the one-time code by the authentication server.
In the method of operating a one-time code using a connectionless network seed of a server that can communicate with a terminal device providing a service to a user,
Checking n (1 ≦ n ≦ N) seed values displayed on the terminal device to be input to a user's wireless terminal;
Receiving, by the terminal device, a one-time code generated by an application of a wireless terminal to which n seed values displayed on the terminal device are input;
Authenticating the validity of the received disposable code using the n seed values displayed on the terminal device; And
And controlling at least one service procedure mapped with an authentication result of the one-time code to be performed.
The method of claim 9,
Determining the n seed values; And
And providing the determined number of n seed values to the terminal device.
The method of claim 10,
Recognizing, by the service to be provided to the terminal device of at least one service mapped to the authentication result of the one-time code;
The n seed values, the one-time code operation method using a connectionless network seed, characterized in that displayed to the terminal device to provide the recognized service.
The method of claim 9,
Obtaining an identification value that uniquely identifies at least one of the user, a wireless terminal, and an application; And
Mapping the authentication result of the one-time code and the payment means of the user using the identification value as a medium;
When the disposable code is received, further comprising the step of identifying an identification value to be used as the medium,
If the one-time code is authenticated, the one-time code operating method using a connectionless network seed, characterized in that the payment service for the user is provided through the payment means of the user mapped to the authentication result.
13. The method of claim 12,
When the application is mounted to a wireless terminal of the user, the method of operating a one-time code using a connectionless network seed, characterized in that further comprising the step of authenticating at least one of the user's wireless terminal and the application.
The method of claim 9,
When the application is mounted on a user's wireless terminal, the method further comprises maintaining a code authentication rule including the code generation algorithm and further including (Nn) seed values (or seed determination rules). Disposable cord operation method using a disconnected network seed characterized in that.
The method of claim 9,
Extracting (Nn) seed values used by the application to generate the one-time code from a code authentication rule corresponding to the one-time code;
Constructing N seed values required for verifying the disposable code, including n seed values and the (Nn) seed values displayed on the terminal device; And
Generating a verification code by substituting the N seed values into a code generation algorithm agreed with an application of the wireless terminal;
The one-time code is a one-time code operation method using a non-connected network seed, characterized in that the authentication is compared with the generated verification code.
The method of claim 9,
Checking the authentication server for authenticating the one-time code from the code authentication rule agreed with the application of the wireless terminal,
The one-time code, the one-time code operation method using a connectionless network seed, characterized in that the authentication is transmitted to the authentication server.
In the method of operating a one-time code using a connectionless network seed which is executed by a wireless terminal having a processor, a memory unit, a key input unit, a screen output unit and at least one communication module,
Inputting n (1 ≦ n ≦ N) seed values displayed on a terminal device to which a service is to be provided from among N (N ≧ 1) seed values to be inserted into the code generation algorithm;
N seed values including the input n seed values are configured;
Generating the disposable code by substituting the configured N seed values into the code generation algorithm; And
And outputting the generated disposable code to be transmitted to the terminal device.
18. The method of claim 17,
And a step of verifying whether the inputted n seed values are displayed on a terminal device.
The method of claim 17, wherein the n seed values,
After being displayed on the screen of the terminal device in the form of a key input possible key combination, the key is input through the key input unit,
Displayed on the screen of the terminal device in the form of a content containing a code that can recognize the screen, and is input through the content sharing transmission using the communication module,
When the wireless terminal is provided with a camera unit, a code image is displayed on the screen of the terminal device and then input in a form recognized by the camera unit,
It is input in the form of being received from the terminal device through short-range communication between the terminal device and the wireless terminal using the communication module,
If the wireless terminal is provided with an NFC module, the one-time code operation method using a non-connected network seed comprising at least one input in the form received from the terminal device through the NFC module.
The method of claim 17, wherein the disposable cord,
Disposable code operation method using a non-connected network seed, characterized in that output via the at least one path of the reverse path of the path, the n seed value is input, and a separate path different from the path in which the seed value is input.
The method of claim 17, wherein the disposable cord,
After being output through the screen output unit in the form of a key input possible key input to the terminal device,
After output through the screen output unit in the form of a content containing a code that can recognize the screen, it is delivered to the terminal device through the content sharing delivery configuration of the terminal device,
After being output through the screen output unit in the form of a code image recognizable by a camera, it is recognized by the camera of the terminal device,
Outputted in the form of data transmitted to the terminal device through short-range communication between the terminal device and the wireless terminal using the communication module;
Disposable code operation method using a connectionless network seed, characterized in that it comprises at least one output in the form of data transmitted to the terminal device through the NFC module.

Images