KR101437049B1 - Secure Digital system using Near Field Communication, pair system making a pair with the secure digital system, and providing method thereof - Google Patents

Abstract

An NFC secure digital system, a pair system, and a method of providing the same are disclosed. The secure digital system includes a communication module for performing Near Field Communication (NFC) communication with a pair system that stores at least one of a display device, a security code, or OTP information, a secure digital system, And a control module for controlling to receive, via the communication module, an OTP based on at least a part of the security code, at least a part of the OTP information, or the OTP information from the pair system via the communication module, The module controls at least a portion of the security code received or generated, or the OTP to be displayed on the display device, or at least part of the received or generated security code or a predetermined input UI Or inputting Or at least a part of the generated security code or the OTP to a predetermined authentication system, characterized in that at least a part of the security code or an authentication system for authenticating the OTP includes user identification information Or the device identification information is stored, and the secure digital system that has performed the NFC communication with the pair system corresponds to the user identification information or the device identification information stored in the authentication system so that the authentication can be succeeded.

Description

[0001] The present invention relates to an NFC secure digital system, a pair system constituting a pair with the secure digital system, and a method of providing the secure digital system.

The present invention relates to an NFC secure digital system, a pair system paired with the NFC secure digital system, and a method of providing the same. More particularly, the present invention relates to security authentication information (e.g., (One Time Password)), and to provide a method and system for greatly enhancing security by requiring two devices independent of each other.

Various schemes for authenticating users with various online services through wired and wireless networks are known. Login authentication using login information, authentication using a security card, authentication using a public certificate, or authentication using an OTP (One Time Password).

Of the above various authentication methods, login authentication does not require any specific device, but a person who knows the login information is authenticated as the identity of the account corresponding to the login information. Authentication using the public key certificate uses electronic data called public key certificate But it does not require a separate authentication device other than the authentication requesting system (e.g., a user's computer, mobile phone, etc.) because it is electronic data. A public certificate may be stored in the system requesting authentication. Of course, the authorized certificate may be stored in a separate device (e.g., a mobile storage device such as a USB storage device), but the separate device may be a general purpose data storage device, and a separate device It is not required.

On the other hand, the security card or the OTP generating device may be a specific person (including a specific individual or a corporation which is capable of legally independent action, etc., in the present invention, And is implemented as a device for authentication. Accordingly, in principle, a user requesting a predetermined service (for example, login, financial transaction, etc.) on-line must have the security card or the OTP generating device in order to prove that the user is the specific person.

However, when the information written on the security card is exposed or leaked due to the characteristics of the authentication method, the authentication function through the security card can no longer be expected.

On the other hand, authentication through OTP is a method in which the OTP authentication system and the OTP generation apparatus share the OTP generation key (secret key) and generate the same one-time password, that is, the OTP using the same OTP generation logic (program). Therefore, since the OTP generation device requires a computing device, a storage device, and a power source, the OTP generation device is relatively less portable than the security card. The token type OTP generation device is relatively low in portability and the card type OTP generation device has recently been implemented and can be carried in the user's wallet, so that the portability is somewhat higher. However, since the card-type OTP generation device also requires a power source to generate the OTP, the card-type OTP generation device is restricted in the period of use, and it is also necessary to take out the card-type OTP generation device from the purse and make an OTP generation request.

Accordingly, the user searches for or removes a separate security device (for example, a security card or an OTP generating device) for authentication other than the system for security information required in the system requesting the current authentication, manipulates or confirms the security device, It is necessary to perform an uncomfortable operation such as controlling the operation of the vehicle.

In addition, since the conventional OTP generation apparatus is relatively low in portability, power supply is required, the OTP generation apparatus must be newly issued when the power is depleted, and the risk of security when an unauthorized user is lost And a problem of remarkably increasing.

In particular, an authentication scheme using a security device (e.g., a security card or an OTP generation device) may be implemented by the security device itself having all security information (e.g., a security card number) or generating security information (OTP) If the device is lost or stolen, the device may be fatal.

Also, even if there is no risk such as loss or theft, there is a problem that the security device is taken out of the wallet to acquire the security information, the security information is acquired, and the security device is put back into the wallet. It was a starting point.

Therefore, the technical problem to be solved by the present invention is that the security information can not be obtained through any independent security device, but rather, it has both systems (or devices) defined to form a pair And to provide a system and a method for providing security information to a user.

In addition, in order to reduce the risk of leakage or exposure of security information that may occur when there are two systems handling security information, the digital system that has acquired at least some of the security information may not use the security information, And to provide a system and method capable of deleting acquired information when control for acquiring security information is not performed.

Also, a system and a method for providing the security information to a pair system can be acquired only through a digital system that pairs the security information with the pair system, when the pair system stores security information (e.g., security code, i.e., .

The present invention also provides a system and a method for providing security information through NFC tagging. In addition, by performing a plurality of tagging operations, it is possible to acquire security information, thereby unnecessarily acquiring security information when an unwanted tagging is performed, or acquiring security information through tagging while an unauthorized user can not recognize it And a method for providing the system.

In addition, the present invention provides a system and a method for providing the same that can reduce security problems, which is the biggest weak point of a mobile OTP (M-OTP) generation apparatus. The present invention also provides a system and a method for providing a system for enabling a security card to be stored in a mobile, such as M-OTP, and to solve security problems.

In addition, due to the restriction of the size of the security card to be carried and the fact that the security card number to be used for authentication is directly detected by a person and inputted into an authentication request system (for example, a computer or a mobile phone) The present invention is to provide a system and method for enhancing the security function by solving the restriction of the number of such security information.

Further, there are a plurality of security apparatuses used by a specific individual (for example, a security card or an OTP generating apparatus) because the security apparatuses used by the service system (e.g., financial institution, web site, etc.) And to provide a system and method for enabling a plurality of such security devices to be integrated into one.

Also, in the case of OTP generation, a key corresponding to one OTP generation device has been conventionally used for OTP generation. However, in the present invention, a system capable of enhancing security by generating OTP by further using a generation key corresponding to a digital system And to provide such a method.

In addition, when the security device is carried in the wallet, security information can be acquired through the digital system without taking out the security device from the wallet, so that the risk of loss of the security device is lowered and the user can easily obtain the security information And to provide a method for the same.

In addition, when the digital system and the pair system are separated by a predetermined distance or more, the digital system or the pair system can give an alarm signal to the user so that the user can easily recognize the loss or theft of the digital system or the pair system And a method thereof.

Also, in order to give an alarm signal to the user when the digital system and the pair system are separated by a predetermined distance or more, the digital system and the pair system maintain the pairing state at a normal time, thereby preventing the digital system or the pair system from being lost or stolen And a method and system for providing security information more efficiently by omitting or simplifying a pair forming procedure required for obtaining security information through pairing between the digital system and a pair system.

According to an aspect of the present invention, there is provided a secure digital system including a secure digital system for performing Near Field Communication (NFC) communication with a pair system for storing at least one of a display device, a security code, and OTP information, At least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system via the communication module if the communication module is tagged at least once with the pair system, Wherein the control module controls at least a part of the security code received or generated or the OTP to be displayed on the display device, or at least a part of the security code received or generated, OTP is displayed on the secure digital system Characterized in that the control unit controls the OTP to be automatically input to a predetermined input UI or to transmit at least a part of the received or generated security code or the OTP to a predetermined authentication system, Wherein the authentication system for authenticating stores user identification information or device identification information of the secure digital system and the secure digital system that has performed NFC communication with the pair system corresponds to the user identification information or device identification information stored in the authentication system The authentication can be successfully performed.

The pair system may store information that can specify a user of the pair system, and authentication may be successful only when the secure digital system corresponds to information that can specify the user.

Wherein the control module stores identification information of the pair system that is predefined to pair with the secure digital system, wherein at least a portion of the security code, at least a portion of the OTP information, Or to receive an OTP based on the OTP information from the pair system.

Wherein the control module receives from the pair system at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system if the first tagging of the plurality of tags is performed Performing a pair authentication procedure between the pair system and the secure digital system and transmitting at least a part of the security code, at least a part of the OTP information, or an OTP based on the OTP information when the second tagging of the plurality of tags is performed, can do.

Wherein the control module receives from the pair system at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system if the first tagging of the plurality of tags is performed A request security code requested from a predetermined authentication system among security codes to be received from the pair system, or transmits the OTP generation request signal to the pair system, and when the second tagging of the plurality of tags is performed, And the security code or the generated OTP is received from the pair system.

The control module may receive only the request security code requested from a predetermined authentication system among the security codes from the pair system.

The control module judges the request security code based on the request security code identification information received through the authentication system or the user input or analyzes the security code request screen displayed on the display device to judge the request security code can do.

When the secure digital system and the pair system are tagged, the control module can receive the first OTDP generation key included in the OTP information from the pair system, and generate the OTP using the received first OTDP generation key have.

Wherein the control module further receives OTP generation program information for generating the OTP from the pair system when the tagging is performed and generates the OTP using the received OTP generation program information and the first OTP generation key, The OTP generating program information stored in advance in the secure digital system and the received first OTP generation key may be used to generate the OTP before the tagging.

The control module generates the OTP using the first OTP generation key received from the pair system and the second OTP generation key shared by the secure digital system and the authentication system.

The secure digital system may further include a security module that performs a security procedure such that at least a portion of the security code received from the pair system or at least a portion of the OTP information is not stored in the secure digital system.

Wherein the security module determines the time at which at least a part of the security code or at least a part of the OTP information is received by the NFC communication module and, when a predetermined time elapses from the determined time, OTP information or at least a part of the received security code or at least a part of the OTP information if the request security code of the security code or the OTP is transmitted to an authentication system connected via a network with the secure digital system, Or deletes at least a part of the security code or at least a part of the OTP information when the requesting security code or the requesting means for requesting the OTP is deactivated in the secure digital system.

According to an aspect of the present invention, there is provided a pair system for pairing with a secure digital system, comprising: a storage device for storing at least one of security code and OTP information; a communication device for performing NFC (Near Field Communication) And at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information, if the communication device is tagged at least once with the secure digital system. Wherein information that can identify a user of the pair system is stored in the storage device, and authentication is performed only when the secure digital system corresponds to information that can identify the user. And can be successful.

The control device transmits an OTP generated based on at least a part of the security code stored in the pair system, at least a part of the OTP information, or the OTP information when the security digital system and the pair system are subjected to a plurality of tagging .

When the security digital system and the pair system are tagged, the control device transmits a first OTDP generation key included in the OTP information to the secure digital system, and transmits the first OTDP generation key to the secure digital system The OTP can be generated.

According to another aspect of the present invention, there is provided a method for providing a secure digital system, the method comprising: performing a tagging at least once with a pair system in which a secure digital system stores at least one of security code or OTP information; Receiving at least a portion of the security code from the pair system via tagging, at least a portion of the OTP information, or an OTP based on the OTP information, and the secure digital system having at least a portion of the security code received from the pair system A part of the OTP generated based on at least a part of the OTP information received from the pair system or the OTP information received from the pair system is automatically displayed in a predetermined input UI, Comprising the steps of: Wherein at least part of the security code or the authentication system for authenticating the OTP stores user identification information or device identification information of the secure digital system and the secure digital system which has performed NFC communication with the pair system is stored in the authentication system The authentication can be successfully performed in accordance with the user identification information or the device identification information.

According to an aspect of the present invention, there is provided a method for providing a secure digital system, the method comprising: determining whether a secure digital system is tagged at least once with a predetermined pair system so as to form a pair with the secure digital system; Extracting at least a portion of the security code stored in advance in the secure digital system or generating an OTP using the OTP information only when tagged, and displaying at least a part of the extracted security code or the generated OTP on the display device , Inputting the requested security code requested by a predetermined authentication system of at least a part of the extracted security code or the generated OTP in the input UI, or transmitting the requested security code or the generated OTP to the authentication system, At least a part of the security code or the authentication Wherein the user identification information or the device identification information of the secure digital system is stored in the system and the secure digital system performing the NFC communication with the pair system corresponds to the user identification information or the device identification information stored in the authentication system, And can be successful.

According to another aspect of the present invention, there is provided a method of providing a pair system with a secure digital system, the method comprising: a pair system storing at least one of security code or OTP information, Tagging, and the pair system sending an OTP based on at least a portion of the security code, at least a portion of the OTP information, or the OTP information to the secure digital system, Information that can identify a user of the pair system is stored, and authentication can be successfully performed only when the secure digital system corresponds to information that can specify the user.

According to the technical idea of the present invention, the user can not obtain the security information through any one independent security device, but only when the digital system has both the digital system and the pair system defined as a pair The security information can be acquired by the user, so that even when one of the systems is lost or stolen, the other person can not obtain the security information.

According to the technical idea of the present invention, when the digital system and the pair system are separated from each other by a predetermined distance or more, the digital system and / or the pair system outputs a predetermined alarm signal, thereby preventing the digital system or the pair system from being lost or stolen The security can be further increased.

In addition, according to the embodiment of the present invention, since the pair system stores or generates the security information, the digital system can have a structure that can simply use it for authentication and delete it immediately, The risk of leakage or disclosure of at least a portion of the security information through the digital system that may occur by storing or creating the digital information. Accordingly, there is an effect that the risk of leakage of security information that may occur as the number of systems (or devices) involved in acquisition of security information increases.

In addition, when a pair system or a digital system stores security information (for example, a security code, that is, a security card number), the user does not input the requested security information after confirming the security information with eyes, It is possible to reduce the number of security codes to be input, that is, the number of security codes to be input, that is, The time required for the authentication using the security information is not increased but rather reduced, so that the security is increased and the time required for the authentication is reduced. In addition, according to the embodiment, the security information can be inputted by the digital system rather than by the person, so that the convenience of the customer is further enhanced.

Also, even if the pair system stores or generates the security information, at least a part of the security information can be acquired through the digital system. Therefore, when the pair system is carried in the purse, the pair system is not removed from the purse, Not only enhances convenience, but also reduces the risk of loss or theft.

Further, there are a plurality of security apparatuses used by a specific individual (for example, a security card or an OTP generating apparatus) because the security apparatuses used by the service system (e.g., financial institution, web site, etc.) By combining such a plurality of security devices into one, the convenience of the user can be improved.

In addition, not only the key corresponding to the pair system but also the key corresponding to the digital system can be used for OTP generation, so that the security is maintained even if the OTP generation key of any one system that may occur is leaked .

According to the technical idea of the present invention, when the digital system and the pair system are separated from each other by a predetermined distance or more, the digital system and the pair system maintain the pairing state normally so as to give an alarm signal to the user, It is possible to prevent the loss or theft of the system and at the same time to omit or simplify the pair forming procedure necessary for obtaining the security information through the pairing between the digital system and the pair system (since the pairing is already performed between the specific systems) The security information can be obtained.

In addition, when the security digital system and the pair system perform communication through NFC tagging, security information can be obtained easily. In addition, by performing a plurality of tagging operations, it is possible to acquire security information, thereby unnecessarily acquiring security information when an unintended tagging is performed by the user, or when the unauthorized user can not recognize the user, There is an effect that the risk of acquiring can be reduced.

Also, only when a pair of security systems and a secure digital system equipped with a security card or a mobile OTP (M-OTP) generation device communicate with each other through wireless communication such as NFC tagging, a security card mounted in the secure digital system outputs Or the OTP is generated, thereby solving the security problem which is the weakest point of the mobile security card or the OTP generation device.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 is a diagram illustrating a schematic system configuration for implementing a secure digital system according to an embodiment of the present invention.
2 is a diagram showing a schematic configuration of a secure digital system according to an embodiment of the present invention.
3 is a diagram illustrating an example of a manner in which a secure digital system and a pair system form a pair according to an embodiment of the present invention.
4 is a diagram illustrating an example of a manner in which a secure digital system and a pair system form a pair according to another embodiment of the present invention.
FIG. 5A is a diagram illustrating a process in which a secure digital system obtains a request security code according to an embodiment of the present invention. Referring to FIG.
5B is a diagram for explaining a process in which a secure digital system obtains a request security code according to another embodiment of the present invention.
FIG. 5C is a diagram for explaining a process in which a secure digital system obtains a request security code according to another embodiment of the present invention. FIG.
FIG. 6 is a diagram illustrating a method for obtaining an OTP by a secure digital system according to an embodiment of the present invention.
FIG. 7 is a schematic flow chart illustrating a process of a security digital system performing security procedures according to an embodiment of the present invention.
8 is a diagram showing a schematic configuration of a pair system according to an embodiment of the present invention.
9 is a diagram for explaining a concept of a security digital system or a pair system outputting an alarm signal according to an embodiment of the present invention.
10 is a diagram illustrating an example of a case where the security digital system according to an embodiment of the present invention acquires security information by performing tagging with a pair system.
11 to 12 are views showing an example of a case where the secure digital system according to an embodiment of the present invention acquires security information by performing a plurality of tagging.

In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component.

Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

1 is a diagram illustrating a schematic system configuration for implementing a secure digital system according to an embodiment of the present invention.

Referring to FIG. 1, a secure digital system 100 and a pair system 200 may be provided to implement a secure digital system according to an embodiment of the present invention.

The secure digital system 100 may include any type of data processing device capable of communicating with the pair system 200 using a predetermined communication protocol and having a date processing capability capable of performing the functions defined herein Can be defined as meaning.

For example, although the digital system 100 is shown in the form of a mobile phone in FIG. 1, embodiments of the computer, laptop, tablet, IPTV, smart TV, set-top box, remote control, and home automation device may be various.

The secure digital system 100 may be a system connectable to a wired or wireless network. It is also possible to connect to a predetermined service system (not shown). The service system may then request security information for authentication to the secure digital system 100, either directly or via a given authentication system 300. The secure digital system 100 and the service system may be connected through a web client (for example, a browser, etc.) installed in the secure digital system 100, or when executing a predetermined application installed in the secure digital system 100, It can also be connected via an application. It should be appreciated by those skilled in the art that the secure digital system 100 and the service system may be connected in various other manners by those skilled in the art, And may be an authentication system 300 defined in the present invention.

Also, the security information may be illustratively a security code (i.e., security card numbers recorded on a security card) or an OTP (One Time Password), but not limited to, May be included in the information. Hereinafter, for convenience of explanation, the security information will mainly be described as security code or OTP.

Embodiments of the present invention will be summarized as follows.

1. Embodiment for storing security information or generating information

end. When the pair system 200 stores security information or generation information

The security information may be stored in the pair system 200 or may be predetermined information stored in the pair system 200, that is, information that can be generated by generation information. That is, the pair system 200 stores the security information itself or may store generation information that can generate the security information. In this case, the acquisition of the security information may be performed through the secure digital system 100 or through the pair system 200. [ In any case, the secure digital system 100 and the pair system 200 must be paired or at least once paired to provide the security information to the user through the secure digital system 100 or the pair system 200 Or may be provided to the authentication system 300. In this case, the fact that the pairing is performed at least once may mean, for example, the case where the secure digital system 100 and the pair system 200 perform NFC communication through tagging. When the secure digital system 100 and the pair system 200 perform NFC communication, pairing can be performed for a relatively short period of time in which tagging is performed.

When the pair system 200 stores the security information itself, the security information may be predefined information such as a security code used in the security card, and may not be changed. On the other hand, when the pair system 200 stores information capable of generating the security information, the security information may be generated when a predetermined event such as a real time or a user request is generated . An example of this may be authentication via OTP. At this time, the pair system 200 may store the security information, that is, information for generating an OTP (e.g., an OTP generation program (or logic), an OTP generation key, etc.) in the pair system 200. According to an embodiment, the information stored in the pair system 200 may be all of the information necessary to generate the OTP, or some of them. The information used for generating the OTP without being stored in the pair system 200 may be information (e.g., time information, etc.) that is stored in the secure digital system 100 or can be acquired in real time.

The user may then obtain the security information (e.g., security code or OTP, etc.) via the secure digital system 100. According to an embodiment, the security information may be obtained through the pair system 200. In any case, the user can obtain the security information only when the pairing system 200 and the secure digital system 100 perform a pairing in the paired state or at least once, as described later.

When the user obtains the security information, it means that the security information is provided to the user in a state that the user can recognize, or when the user does not recognize the security information, Or inputting the security information to a predetermined authentication system 300 requesting the security information.

The authentication system may refer to a system for requesting security information obtained according to the technical idea of the present invention. The authentication system includes not only an authentication server which directly performs authentication of security information acquired by the technical idea of the present invention but also at least one system connected with the authentication server and on the path through which the security information is transmitted to the authentication server Can be defined as meaning. For example, when a user performs an online settlement, a predetermined settlement system requests security information, and when a user inputs security information, the inputted security information can be transmitted to a predetermined authentication server through the settlement system. In this case The payment system and / or the authentication server may be an authentication system of the present invention.

Meanwhile, depending on the embodiment, the authentication system may be connected to the secure digital system 100 or a separate data processing apparatus 400 used by a user of the secure digital system 100 via a network.

A user accesses a predetermined service system via the secure digital system 100 and the service system can request security information to the secure digital system 100 for a specific service (e.g., login, financial transaction, etc.) . Then, the user can confirm the security information through the secure digital system 100 or through the pair system 200 according to the technical idea of the present invention. The security information thus confirmed can be directly input to the service system. Depending on the implementation, the security information may be obtained via the secure digital system 100, and the obtained security information may be automatically entered into the input UI to which security information is to be entered or transmitted to the service system. Then, the service system can directly authenticate the received security information or transmit the received security information to an authentication server capable of performing authentication, whereby the security information can be authenticated. In this case, it goes without saying that the service system may be the authentication system 300.

Meanwhile, according to another embodiment, the data processing apparatus 400 may be an independent system separate from the secure digital system 100. For example, the secure digital system 100 may be a mobile phone, and the data processing device 400 may be a separate computer used by a user of the mobile phone.

In this case, the user can access the service system through a separate data processing device 400. The service system may then request security information to the data processing device (400). Then, the user can acquire security information through the secure digital system 100 or the pair system 200 according to the technical idea of the present invention, and input the obtained security information to the data processing apparatus 400 It is possible. In any case, the user must occupy both the secure digital system 100 and the pair system 200 to obtain the security information.

1) If the security information is a security card

For example, the pair system 200 may store a security code. Then, the user can obtain the security code using the secure digital system 100 formed with the pair system 200. The secure digital system 100 may receive the entire security code from the pair system 200 or only partially. The secure digital system 100 can receive only the request security code requested by the predetermined authentication system 300 at this time.

At least a portion of the security code (or at least a portion of the OTP information or OTP as described below) may be transmitted from the secure digital system 100 to the pair system 200 in a pairing state (or an alarm pairing state as described below) The event may be received by the secure digital system 100 when an event of the event occurs. For example, when the user inputs a security code request (or a request security code request) to the secure digital system 100 or performs a predefined action in the pairing state (e.g., an alarm pairing state Such as an event that the secure digital system 100 and the pair system 200 are tagged at the secure digital system 100 and the secure digital system 100 may be determined to request security information. Whether or not the event occurs can be determined by the control module 110.

In some implementations, when the secure digital system 100 and the pair system 200 are tagged, the secure digital system 100 may receive at least a portion of the secure code. That is, at this time, the tagging state may be a pairing state while the tagging is performed, and the tagging itself may be an event requesting the security code.

The user may confirm all or a part of the security code through a display device provided in the secure digital system 100 and directly input the security code into a predetermined input UI displayed in the secure digital system 100. [ Depending on the implementation, there may be a separate data processing device 400 coupled to the authentication system 300.

In accordance with an implementation, the input UI may be loaded into the data processing device 400. That is, the user can access the service system (not shown) to use a predetermined service using the data processing apparatus 400, and the service system can request predetermined security information. The requesting of the security information may be performed by the service system in the data processing apparatus 400. Then, the user may use the data processing apparatus 400 to acquire the security information using the secure digital system 100 and the pair system 200. Depending on the implementation, the request for the security information may be performed by the authentication system 300. In addition, the service system and the authentication system 300 may be the same system or a system connected to each other.

According to another embodiment, the request security code among the security codes received may be automatically input to the input UI. Of course, this case may be the case where the secure digital system 100 loads the input UI. In this case, the inputted request security code may be displayed in a form that the user does not recognize (e.g., "** ", etc.). Then, the request security code is transmitted to the authentication system 300 by selecting a user's predetermined UI (e.g., an 'OK' button, etc.), and the authentication system 300 compares the received request security code with the previously stored information Authentication can be performed.

According to another embodiment, the secure digital system 100 may receive the request security code from the pair system 200 and then transmit the request security code automatically received to the authentication system 300. [

According to yet another embodiment, when the user enters identification information (e.g., number 12 in Figure 5c) that can identify the request security code, the secure digital system 100 may only request the security code to the pair system 200, Or the secure digital system 100 may receive all of the security code and display only the security code or automatically enter the security code in the input UI.

Meanwhile, the user may obtain the request security code through the pair system 200. [ In this case, the pair system 200 may include a display device. Also, even in this case, the pair system 200 and the secure digital system 100 must perform pairing (at least once) (i.e., tagging) To obtain the request security code. The pair system 200 may display all or a part of the security code on the display device provided in the pair system 200 only when there is a request from the user to acquire the security code. When the secure digital system 100 and the pair system 200 perform NFC communication, the tagging action itself may be a request to obtain the security code.

A user may obtain at least a portion of the security code via the secure digital system 100 or obtain at least a portion of the security code via the pair system 200, And at least a part of the security code must be obtained by performing pairing once.

2) When the security information is OTP

The pair system 200 may store OTP information. The OTP information may include at least an OTP generation key. Also, the OTP information may include OTP generation program information. In order to generate the OTP, at least the OTP generation program information and the OTP generation key may be required. Of course, time information or the like may be further used as a key according to the OTP generation algorithm. The OTP generation key may be shared by the pair system 200 and the authentication system 300.

In this case, the user can acquire the OTP through the secure digital system 100. The secure digital system 100 may obtain at least a portion of the OTP information from the pair system 200 and may generate the OTP using at least a portion of the obtained OTP information. Or the OTP generated by the pair system 200 may be received by the secure digital system 100. In any case, at least a portion of the OTP information or the receipt of the OTP is in the state where the pair system 200 and the secure digital system 100 are in a paired state or a pairing (e.g., tagging) . The secure digital system 100 may receive at least the OTP generation key from the pair system 200. The OTP generation program may be received from the pair system 200 or may be received from the authentication system 300. Then, the secure digital system 100 can generate the OTP using the received OTP generation key and the OTP generation program.

On the other hand, additional information may be further used as a generation key for the secure digital system 100 to generate the OTP. For example, as is well known, time information may be used as an additional key. In particular, according to an embodiment of the present invention, the secure digital system 100 may further use a secret key shared by itself and the authentication system 300 to generate the OTP. That is, in this case, the secure digital system 100 transmits the OTP generation key (hereinafter referred to as a first OTP generation key), which is a secret key received from the pair system 200, and the secure digital system 100, The second OTP generation key, which is a secret key shared by the first OTP generation unit 300, and the second secret key. In this case, even if one of the secret keys is leaked and the OTP generation program is known, the OTP can not be generated, so the security is doubled.

Of course, the authentication system 300 may know the first OTP generation key, the second OTP generation key, and the OTP generation program information in advance. Then, the generated OTP is displayed through a display device provided in the secure digital system 100, and the user can input directly into the OTP input UI displayed in the secure digital system 100.

According to another embodiment, the generated OTP may be automatically input to the OTP input UI. In this case, the inputted request security code may be displayed in a form that the user does not recognize (e.g., "** ". Then, the user may select a predetermined UI (e.g., The OTP is transmitted to the authentication system 300. The authentication system 300 can perform authentication by comparing the received OTP with the OTP generated by the OTP.

According to another embodiment, the secure digital system 100 may transmit the OTP generated in the authentication system 300 automatically after generating the OTP. It will be appreciated that embodiments in which the OTP is automatically entered or transmitted may be applied similarly to the embodiment of the security card described above.

Meanwhile, the generation of the OTP may be performed by the pair system 200. Of course, even in this case, the pair system 200 can be implemented so as to generate the OTP only when the pairing with the secure digital system 100 is maintained or when the pairing is performed at least once. To this end, the pair system 200 may have a power source. In addition, a predetermined UI for receiving an OTP generation request from the user may be provided.

The pair system 200 can generate the OTP using the first OTP generation key and the OTP generation program stored therein. In some implementations, the secure digital system 100 may receive a second OTP generation key and may further generate the OTP using the received second OTP generation key.

The OTP generated by the pair system 200 can be confirmed by the user. For this purpose, the pair system 200 may include a predetermined display device. The user can input the OTP into a predetermined OTP input UI loaded in the secure digital system 100 or the data processing apparatus 400. [

Alternatively, the OTP generated by the pair system 200 may be transmitted back to the secure digital system 100. The transmitted OTP may be automatically input to the OTP input UI or automatically sent to the authentication system 300 through the secure digital system 100. [

When the secure digital system 100 and the pair system 200 are implemented to perform NFC communication, if the user tags the secure digital system 100 and the pair system 200 once, May be obtained via the secure digital system 100 or through the pair system 200. [ Alternatively, the security information may be acquired to the user after tagging a plurality of times.

For example, when the secure digital system 100 performs tagging with the pair system 200, the secure digital system 100 transmits at least a part of the security code from the pair system 200 through the one-time tagging, OTP information At least a portion of, or an OTP. When receiving at least a portion of the OTP information from the pair system 200, the secure digital system 100 may generate an OTP based on the received information. When receiving the OTP from the pair system 200, the pair system 200 treats the tagging as an OTP generation request signal, generates an OTP, and transmits the generated OTP to the secure digital system 100 Lt; / RTI > Alternatively, through the tagging, the secure digital system 100 transmits request security code identification information capable of specifying a request security code among the security codes to the pair system 200, After extracting the request security code using the security code identification information, the request security code may be transmitted to the secure digital system 100. That is, during the one-time tagging, both the process of the pair system 200, such as the extraction of the request security code or the generation of the OTP information, and the transmission of the request security code or OTP after the process is performed .

According to an embodiment, the user may tag the secure digital system 100 and the pair system 200 a plurality of times to acquire security information finally required. For example, in the case of tagging once, transmission of request security code identification information from the secure digital system 100 to the pair system 200, transmission of an OTP generation request, etc. may be performed as described above. Then, the pair system 200 can extract the request security code or generate the OTP information. Thereafter, when the tagging is again performed, a request security code may be transmitted to the secure digital system 100 or an OTP generated may be transmitted to the secure digital system 100.

That is, in any case, the processes to be performed by the secure digital system 100 in order to acquire security information (for example, security code or OTP) can be performed a plurality of times, The process may be performed each time a plurality of times of tagging are performed.

For example, if the secure digital system 100 is implemented to receive all of the security code from the pair system 200, the process to be performed is such that the secure digital system 100 and the pair system 200 pair with each other And a process in which the security code is transmitted from the pair system 200 to the secure digital system 100 when authentication is successful can be two. In this case, the two processes may be all performed with one tagging, and each process may be performed each time tagging is performed. The pair authentication process may or may not be performed.

If the secure digital system 100 receives a portion of the security code (e.g., a request security code) from the pair system 200, the process that can be performed is a pair authentication process, a transmission of the request security code identification information , Extraction of the request security code, and transmission of the extracted request security code. These four processes may all be performed while one tagging is performed, and at least one process may be performed each time a plurality of tagging is performed. At this time, the extraction process of the request security code is not necessarily performed during the tagging, and may be performed by the pair system 200 after the tagging is performed. In addition, the pair authentication process may or may not be performed.

When the secure digital system 100 receives at least a portion of the OTP information from the pair system 200, the process that may be performed includes a pair authentication process, receiving at least a portion of the OTP information, Lt; / RTI > In such a case, all of the above three processes may be performed while one tagging is performed. Alternatively, only a part of the pair authentication process and the reception of at least part of the OTP information may be performed through one tagging, and the OTP generation may be performed by the secure digital system 100 after tagging. In addition, the pair authentication process may be performed selectively. Alternatively, the three processes may be performed separately while each of the plurality of tagging is performed, or after each of the tagging is performed.

When the secure digital system 100 receives OTP information from the pair system 200, the process that can be performed may be a pair authentication process, an OTP generation request transmission, an OTP generation, and a transmission of the generated OTP. Even in this case, all the processes may be performed through one tagging, or may be performed by dividing through a plurality of tagging. Each process may be performed during tagging depending on the characteristics of the process, or may be performed after tagging is performed.

Meanwhile, when the secure digital system 100 obtains security information through tagging as described above, the secure digital system 100 and / or the pair system 200 may perform a pair authentication procedure. That is, a process for obtaining security information as described above can be performed only when tagging with a system determined to be a pair in advance. To this end, the secure digital system 100 may previously store the identification information of the pair system 200. And, when the tagging is performed, the pair authentication procedure can be performed by obtaining and comparing the identification information of the pair system 200. According to an embodiment, identification information of the secure digital system 100 may be stored in the pair system 200. In this case, the pair authentication procedure can be performed in a similar manner. In any case, if the secure digital system 100 and / or the pair system 200 are recording the identification information of the paired system in advance, the pair authentication procedure can be performed.

I. When the secure digital system 100 stores security information or generation information

1) When security information is security code

In this case, the secure digital system 100 may be able to access the security code. However, at this time, the secure digital system 100 can access the security information in a state where the pairing with the pair system 200 is maintained or after at least one pairing (e.g., tagging) is performed.

The secure digital system 100 receives a request for a specific security card number, i.e., a request security code, from the security codes assigned to the user from the authentication system 300. [ A means for requesting such a request security code (e.g., a web page, a frame, or a predetermined UI, etc.) may be loaded into the secure digital system 100. Or the user may be requested for the security code through a data processing device 400 separate from the secure digital system 100. [

The secure digital system 100 can display only the stored security code or the requested security code on the display device provided in the secure digital system 100. [ Then, the user can confirm the request security code among the displayed security codes and input the same into the input UI.

Alternatively, the secure digital system 100 may automatically extract only the request security code and automatically input the request security code into the input UI. Alternatively, only the request security code may be extracted and transmitted to the authentication system 300 automatically.

The secure digital system 100 may include identification information (e.g., 6: ** 51, 14: 1, 6: 75 ** indicating the order number 6, 14), the identification information may be received from the authentication system 300, the information displayed on the secure digital system may be analyzed, and the identification information may be automatically You can also check.

At this time, the pair system 200 may be implemented with all kinds of systems capable of forming a pair with the secure digital system 100 only.

Only when the secure digital system 100 and the pair system 200 are in a paired state (e.g., an alarm pairing state) or after at least one tagging has been performed or at least one tagging is being performed, The request security code may be displayed on the secure digital system 100, automatically entered into a predetermined UI, or transmitted to a predetermined authentication system 300. [

2) When security information is OTP

The secure digital system 100 may previously store the generated information, i.e., OTP information. The OTP information may further include OTP generation program information. In this regard, when the secure digital system 100 is a smart phone, the prior art for generating an OTP is well known as the M (mobile) -OTP technology. The OTP information in the present invention may further include a second OTP generation key corresponding to the secure digital system 100. Information about the OTP generation program may be received from the authentication system 300 or some other system (e.g., a financial institution system, an administrative institution system, etc.).

Compared with the conventional technology, the present invention can not generate an OTP using only the OTP information stored in the secure digital system 100, but can also be used in a state where the pairing with the pair system 200 is maintained (E.g., the secure digital system 100 and the pair system 200 normally provide a pairing state to provide alarm information when the secure digital system 100 and the pair system 200 are in a non-paired state or away) Or at least once during or after at least one pairing (e.g., tagging) is being performed. With this technology configuration, it is possible to solve the security problem which is the biggest weak point of the conventional M-OTP technology configuration.

In addition, the secure digital system 100 may use time information and the like as a generation key in addition to the second OTP generation key to generate the OTP.

The secure digital system 100 may also create an OTP in conjunction with the pair system 200. For example, the secure digital system 100 may generate the OTP by further using a first OTP generation key, which is a secret key corresponding to the pair system 200, with a second OTP generation key. The secure digital system 100 may receive the first OTP generation key from the pair system 200 for this purpose.

Also, as described above, the secure digital system 100 may generate the OTP only when a plurality of tagging operations are performed instead of one tagging operation. In a case where tagging is performed a plurality of times, it is needless to say that the process performed when each tagging is performed may vary depending on the implementation. According to an example, when the specific tagging is performed during tagging for a plurality of times, none of the processes to be performed to acquire security information may be performed. In this case, the specific tagging may have only meaning of tagging to fill a predetermined number of times of tagging.

2. Example of pair system 200 and pair formation

end. In the pair system 200,

The pair system 200 may be a system or device capable of communicating with the digital system 100.

The pair system 200 may store security information or generation information for generating the security information as described above. For example, the pair system 200 may include security code and / or OTP information.

In this case, the pair system 200 may be implemented as an IC card (or smart card) capable of storing the security code and / or the OTP information. That is, the pair system 200 may be a system without its own power source. For example, the pair system 200 has a unique computing capability and storage capability, and a system in which a predetermined RF communication device for technical idea of the present invention is added to an IC card or a smart card, Lt; / RTI >

Or a storage device that stores the security code and / or OTP information, and may be a data processing system in which a power source is present. A smart phone, a tablet PC, or a card-type OTP card or a security card having a power source may be implemented in the pair system 200.

Meanwhile, the pair system 200 may be a device capable of selectively providing a security code to a user or generating an OTP. In this case, the pair system 200 generates at least a part or the OTP of the security code stored in the state where the pairing is maintained with the secure digital system 100 or only after the state is paired at least once, Lt; / RTI > Accordingly, the pair system 200 may not provide the security code to the user or generate the OTP unless the pairing is maintained or at least once paired or after.

According to another embodiment, the pair system 200 may simply be a system or apparatus for forming a pair with the secure digital system 100. [ In this case, the pair system 200 includes at least a communication device capable of performing communication with the secure digital system 100, and the identification information of the secure digital system 100 or the pair system 200 And a storage device for storing the data.

According to one embodiment, a predetermined communication device for implementing the technical idea of the present invention is connected to the secure digital system 100 and / or the pair system 200 through a predetermined interface (for example, a USB interface) It is possible. For example, when the secure digital system 100 is a desktop PC, a predetermined communication device for implementing the technical idea of the present invention may be connected to the desktop, and the communication device connected to the desktop may be connected to the technical idea of the present invention It is possible to perform the function of the pair module.

Meanwhile, according to an embodiment, the pair system 200 may be a system that forms a pair only with the secure digital system 100 according to the technical idea of the present invention. For example, the pair system 200 may be implemented as a system 220 implemented with only minimal functions to pair with the secure digital system 100, (E.g., an RF communication device (antenna, etc.)) or a communication device itself. Of course, the RF tag or the communication device (e.g., RF communication device) may be provided with a predetermined storage device (e.g., EEPROM, etc.) and / or an IC chip.

In this case, the user may be configured to attach or fit the pair system 200 to a target object, such as a predetermined object or device. To this end, the pair system 200 has a predetermined adhesive surface, or may have a housing to be fitted to the target object. The target object may be variously determined by a user's selection.

Alternatively, the pair system 200 may be a system in which a communication device for the pairing function (e.g., an RF communication device, etc.) is embedded in an object made for a separate function. For example, a wide variety of embodiments may be possible, such as a USB storage device, a security card, an OTP generator, a clock, a bracelet, a smart card, and the like. In any case, the pair system 200 can be implemented in a wide variety of forms only if it includes a communication device capable of performing pairing with the digital system 100.

According to one embodiment, the pair system 200 may be implemented by attaching a predetermined communication device for realizing the technical idea of the present invention to a conventional OTP generation device and performing functions defined in this specification, or The pair system 200 may be implemented by attaching a predetermined storage device, a communication device, and the like to implement the technical idea of the present invention to a conventional security card and performing functions defined in this specification.

I. Pair formation

Pair formation may refer to a series of processes or procedures in which the secure digital system 100 and the pair system 200 are configured to be a pair.

The pair system 200 may be a system determined by the manufacturer or the distribution entity of the pair system 200 or the secure digital system 100 in advance to be paired with a specific secure digital system 100, Or may be a system that is optionally implemented to pair with the digital system.

For example, the manufacturer of the secure digital system 100 may determine the pair system 200 that can pair with the digital system 100 in advance. According to an embodiment, a manufacturer or a distributor of the secure digital system 100 may provide a tag device capable of pairing with the digital system 100, and when a user attaches the tag device to a predetermined object, The object to which the tag device is attached may be implemented as the pair system. Alternatively, a user may select the pair system 200 to pair with the secure digital system 100. Alternatively, the pair system 200 may be issued to the user by an operator of the financial transaction system or by an operator of the authentication system 300.

According to one embodiment, the pair system 200 may be a financial transaction means that can be distributed by a predetermined financial institution. For example, the financial institution, which is the entity that operates the financial transaction system, can implement a credit card, a security card, or the like as the pair system 200 and issue it to the user.

A tag device or the like which can be attached to the pair system 200 or the pair system 200 is provided by various subjects such as companies that produce and distribute OTP, a security card, a smart card, It is possible.

In any case, pairing is performed by storing identification information that can identify the secure digital system 100 or the pair system 200 or the secure digital system 100 that the pair system 200 is paired with . This procedure can be defined as a pair formation procedure. When the pair formation procedure is performed, a pair authentication procedure may be performed before the pairing is formed to implement the technical idea of the present invention.

Accordingly, the pair forming procedure may include the step of the secure digital system 100 or the pair system 200 receiving the identification information of the pair system 200 or the digital system 100. That is, the secure digital system 100 and the pair system 200 can perform the pair formation procedure through direct communication (e.g., various RF communications or NFC communications). According to an embodiment, the pair formation procedure may be performed by a user through the application system 200 (or the digital system 100) or the pair system 200 via a predetermined application or software (e.g., OS) 100).

Of course, in the secure digital system 100 or the pair system 200, identification information of the pair system 200 or the secure digital system 100 forming a pair in advance is stored, and the information may not be changed have.

According to the technical idea of the present invention, a person who wishes to acquire security information must own or occupy both the security digital system 100 and the pair system 200 to acquire security information. Therefore, even if any one of the systems is lost or stolen, security information used for user authentication may not be leaked.

On the other hand, when the pair system 200 is implemented such that the user can attach or insert the target object such as a predetermined object, the target user can not know what the target object is, It may be difficult to specify what the pair system 200 is required to acquire. Therefore, there is also an effect of preventing loss or theft of the pair system 200 itself.

According to the technical idea of the present invention, in order to give an alarm signal to a user when the security system 100 and the pair system 200 are separated from each other by a predetermined distance or more, the security digital system and the pair system are normally in a pairing state When the secure digital system 100 and the pair system 200 attempt to acquire the security information through the pairing, the pair formation procedure is performed The secure digital system 100 and the pair system 200 can be prevented from being lost or stolen as well as being able to acquire security information more efficiently.

Meanwhile, unlike the alarm pairing state, the NFC communication method, that is, the pairing may be performed during tagging.

3. Communication (pairing) between the secure digital system 100 and the pair system 200,

Whether or not the paired state is established may be determined depending on whether the communication state between the secure digital system 100 and the pair system 200 satisfies a predetermined criterion. The communication state may depend on the distance between the digital system 100 and the pair system 200.

The secure digital system 100 and the pair system 200 may perform wireless communication (e.g., RF communication). Therefore, the communication environment between the secure digital system 100 and the pair system 200 may be more affected. In this specification, since the secure digital system 100 and the pair system 200 assume a normal living environment of a person, the communication state is a dominant condition in the distance between the secure digital system 100 and the pair system 200 It can be assumed that it is affected. Of course, if there is an object that may interfere with wireless communication between the pair system 200 or the secure digital system 100, pairing may not be possible even if the distance is close enough.

When the secure digital system 100 and the pair system 200 are paired, for example, the secure digital system 100 and the pair system 200 can communicate with each other. Alternatively, it may mean that a signal of a predetermined size or larger can be transmitted to the secure digital system 100 and / or the pair system 200 even if communication is performed. That is, in the general communication environment, the secure digital system 100 and the pair system 200 are present within a communication distance capable of communicating with each other, or within a predetermined distance shorter than the communication distance can do.

Meanwhile, communication between the secure digital system 100 and the pair system 200 can be performed in various manners. It is well known that, in accordance with this approach, the distance and / or environment in which pairing is possible may vary.

The communication between the secure digital system 100 and the pair system 200 may be various embodiments such as Bluetooth, NFC, infrared communication, and optical communication. A communication device for such communication may be provided in the secure digital system 100 and the pair system 200, respectively.

According to one embodiment, the secure digital system 100 and the pair system 200 may perform RF communication. For example, the digital system 100 and the pair system 200 can perform communication using a wireless standard protocol such as Bluetooth or Zigbee. Of course, when performing Bluetooth communication, the pair system 200 may have its own power source or be a system capable of receiving power from the outside. On the other hand, in the case of Zigbee communication, it may be advantageous that communication can be performed with low power as compared with Bluetooth. In addition, the secure digital system 100 and the pair system 200 may perform various short-range wireless communications (e.g., IrDA, UWB, etc.) according to an embodiment, and the secure digital system 100 And the pair system 200 may be provided with predetermined configurations for the environment required for the wireless communication.

According to one embodiment, the pair system 200 may be a system driven by an RF signal output from the secure digital system 100 without its own power source. That is, RFID communication or NFC communication can be performed. For example, the pair system 200 may be implemented as an RFID tag, or may be a predetermined device including the RFID tag. In this case, the secure digital system 100 may serve as a reader capable of performing communication with the RFID tag. The secure digital system 100 may then output a predetermined RF signal to retrieve the pair system 200 or receive certain information stored in the pair system 200. In addition, the communication distance between the digital system 100 and the pair system 200 may vary according to the output power of the secure digital system 100.

Generally, the pair system 200 can be implemented to be carried in a user's purse. Then, when the user is carrying the secure digital system 100, a communication protocol capable of performing contactless communication with the pair system 200 located in the purse can be selected to implement the technical idea of the present invention . It is preferable that a configuration applicable to such a communication protocol can be provided in the secure digital system 100 and the pair system 200.

According to one embodiment, the secure digital system 100 and / or the pair system 200 may perform communication using a plurality of different communication protocols. For example, the communication module 120 included in the secure digital system 100 may include a first communication module 121 and a second communication module 122. For example, the first communication module 121 may be a communication means for performing an alarm pairing function, and the second communication module 122 may be a communication means for obtaining security information. Of course, the first communication device 221 and the second communication device 222 corresponding to the first communication module 121 and the second communication module 122 may be provided in the pair system 200 .

The first communication module 121 may be a communication unit having a longer communication distance than the second communication module 122. The first communication module 121 and the first communication device 221 provided in the pair system 200 can output a predetermined alarm signal when the non-paired state is maintained while maintaining the pairing state, for example. Or the distance between the secure digital system 100 and the pair system 200 can be determined according to the communication state of the first communication module 121 and the first communication device 221, The alarm signal can be outputted when the distance between the first and second sensors 100 and 200 is more than a certain distance. Of course, the two systems 100 and 200 may be judged to be in a pairing state only if they are within the predetermined distance even within the communicable distance.

The first communication module 121 and the first communication device 221 periodically determine whether the first communication module 121 and the first communication device 221 are in the pairing state. If the first communication module 121 and the first communication device 221 determine that the first communication module 121 and the first communication device 221 are spaced apart from each other by a predetermined distance, As shown in FIG.

Even when the first communication module 120 and the first communication device 221 are provided as means for pairing of alarms, the first communication module 120 and the first communication device 221 Security information for implementing the technical idea of the present invention can be transmitted or received. In this case, since the first communication module 120 and the first communication device 221 periodically judge whether or not the first communication module 120 and the first communication device 221 are in the pairing state, the security digital system 100 or the pair system 200 is a pair The system can be searched for pairing and the security information can be immediately transmitted and received without performing a procedure for forming a pair through the system.

According to another embodiment, the first communication module 121 and the first communication device 221 are only involved in performing the alarm pairing function, while the second communication module 122 and the second communication device 222 are only involved in performing the alarm pairing function, May be used to send and receive security information. That is, the secure digital system 100 and the pair system 200 can perform communication through different communication protocols. In this case, it can be assumed that the communication through the different communication protocol is not collided. Alternatively, the secure digital system 100 and / or the pair system 200 may further include predetermined means for avoiding the collision even when a collision occurs. In the present specification, to emphasize the technical features of the present invention, it is assumed that the two systems 100 and 200 attempt to communicate at the same time, or a technical idea for avoiding the collision is not considered.

The first communication module 121 and the communication protocol performed by the first communication device 221 correspond to the second communication protocol, that is, the second communication module 122 and the second communication device 222 May be a protocol capable of performing communication with a relatively long distance as compared with the communication protocol performed by the mobile communication terminal. According to one embodiment, the first communication protocol may be a protocol for relatively long communication such as Bluetooth, ZigBee, etc., and the second communication protocol may be a communication protocol for NFC (including RFID communication) communication. Since the first communication protocol can be used to determine if a user has both the secure digital system 100 and the pair system 200 while the second communication protocol can be used to exchange information And security information according to the technical idea of the present invention need not be transmitted merely because the user has two systems 100 and 200.

Further, when the second communication protocol is NFC, there is no need to perform a separate pair formation procedure or a pair authentication procedure again for information exchange, and information exchange may be performed immediately through tagging.

Also, there is an effect that the pair system 200 in which the object performing the communication in the second communication protocol is communicating with the first communication protocol can be specified. That is, the pair system 200 capable of communicating through the second communication protocol can be limited to the pair system 200 in which the pairing is maintained through the first communication protocol. For example, the pair system 200 that performs communication through the first communication protocol records information that can identify the second communication module 122, and the second communication module 122 only communicates with the pair system 200 in which the information is recorded Can be performed.

In any case, the secure digital system 100 and the pair system 200 have one communication means, and the communication means may perform an alarm pairing function and / or an information exchange function. Alternatively, each of the secure digital system 100 and the pair system 200 includes a plurality of communication means, one of the communication means performs an alarm pairing function, and the other one performs an information exchange function .

According to the technical idea of the present invention, the user can obtain security information through the secure digital system 100 without removing the pair system 200 from the purse. Acquisition of such security information may be possible only in the state where the pairing state is maintained or only when at least one tagging is performed. In the state where the pairing state is maintained, the user can make a predetermined input or request, and security information can be obtained. Or tagging itself may be treated as an act of requesting the security information. The secure digital system 100 and the pair system 200 periodically communicate with each other to determine whether the pairing state is maintained or not, and only when the pairing is required, the secure digital system 100 and the pair system 200, (200) may be paired through a predetermined pair forming procedure and / or a pair authentication procedure.

Meanwhile, according to the technical idea of the present invention, when the secure digital system 100 or the pair system 200 is separated from the secure digital system 100 by a certain distance or more, or when the non- (Hereinafter, when the alarm output condition is satisfied), it is possible to output a predetermined alarm signal. Further, in the present invention, when the pairing state is maintained and the alarm output condition is satisfied, a predetermined alarm signal is output as an 'alarm pairing' function. The alarm signal may be a predetermined voice signal, a visual signal using a lamp or predetermined display information, or a tactile signal such as vibration.

Thereby, there is an effect that a legitimate user is flickered and the risk of losing or moving the security digital system 100 or the pair system 200 is left. Of course, there is also the effect of reducing the chance of being stolen by someone else.

Of course, when a legitimate user intentionally carries out either the secure digital system 100 or the pair system 200, the security digital system 100 100) or the pair system 200 may be implemented.

The 'alarm pairing' according to an embodiment of the present invention is based on the premise that the secure digital system 100 and the pair system 200 are paired in a normal case. That is, when the security digital system 100 and the pair system 200 are separated from each other by a predetermined distance, that is, when they are in a non-paired state, a predetermined alarm signal can be output. It is assumed that the pair system 200 is in a pairing state. In the state where the security digital system 100 and the pair system 200 are already paired, the pairing procedure for acquiring security information of the secure digital system 100 or the pair system 200 is omitted And security information can be obtained only by a simple method such as a signal receiving method through the specific button of the secure digital system 100 or the pair system 200. [

In addition, the security information acquisition in the 'alarm pairing' state requires no pairing procedure between the secure digital system 100 and the pair system 200, so that a very efficient effect It can be said that the effectiveness of the present invention is greatly improved. This difference in effectiveness is due to the fact that in contrast to maintaining the pairing status continuously (or periodically with a very short time interval) in the case of 'alarm pairing', the security digital system 100 and the secure digital system 100, It can be said that pairing is performed by the pair system 200 because it is performed once or on a single occasion.

Depending on the implementation, i.e., the manner in which the secure digital system 100 and the pair system 200 communicate, the user may select a predetermined number of pairs to pair the secure digital system 100 with the pair system 200, Performing the act of locating the secure digital system 100 within the distance to the pair system 200 or placing the pair system 200 within a predetermined distance of the secure digital system 100 It is possible. For example, the secure digital system 100 includes an NFC (Near Field Communication) chip, and the secure digital system 100 and the pair system 200 can perform NFC communication. In this case, the user may perform pairing by performing the operation of positioning the secure digital system 100 and the pair system 200 within a predetermined distance (e.g., 10 cm), i.e., performing tagging.

For example, a user may bring the secure digital system 100 closer to his wallet. That is, tagging can be performed. Then, the secure digital system 100 is paired with the pair system 200 in the wallet. At this time, predetermined information for implementing the technical idea of the present invention can be exchanged.

The user can then obtain security information (e.g., security code, request security code, or OTP) through the secure digital system 100. That is, security information can be confirmed through a display device provided in the secure digital system 100. Alternatively, the security information may be automatically input to the predetermined UI or transmitted to the authentication system 300 as described above. The security information may be acquired automatically when the user performs tagging or may be obtained after a predetermined input or request is made through the secure digital system 100 after tagging.

In addition, as described above, a plurality of tags must be performed before the user can finally obtain desired security information. Some of the processes necessary to acquire security information during or after each tagging may be performed sequentially.

Meanwhile, the secure digital system 100 may further include an alarm module 130. The pair system 200 may further include a predetermined alarm device (not shown). The alarm module 130 or the alarm device (not shown) may output a predetermined alarm signal. The alarm signal may be a signal for informing the user when the security digital system 100 and the pair system 200 are separated by a predetermined distance or more. The alarm signal may be a voice signal, but it may be implemented as various types of signals for allowing the user to recognize that the secure digital system 100 and the pair system 200 are separated by a predetermined distance or more, such as a vibration or a display signal.

When the alarm module 130 or the alarm device (not shown) outputs the alarm signal, for example, it may be determined that the security digital system 100 and the pair system 200 are in a non-paired state. In this case, the control module 110 periodically determines whether the secure digital system 100 and the pair system 200 are in a pairing state, and may output an alarm signal when determining that the pairing is not performed. Therefore, at this time, it may be desirable that a communication protocol capable of maintaining the pairing state within a certain distance between the secure digital system 100 and the pair system 200 is selected. The predetermined distance may be a distance such that the same person is judged to have the pair system 200 and the secure digital system 100, and may be a distance of several meters or more.

According to the communication method of performing the pairing between the secure digital system 100 and the pair system 200, it may be very inefficient or impractical to output an alarm signal in the case of the non-paired state. For example, if the secure digital system 100 and the pair system 200 perform pairing through NFC communication, the secure digital system 100 and the pair system 200 are not located within a distance of about 10 cm The non-pairing state can be obtained. In such a case, it may be unreasonable that the alarm module 130 or the alarm device is implemented to output an alarm signal in the non-paired state. Accordingly, in this case, the security module 130 and / or the pair system 200 may be separately connected to the secure digital system 100 and the pair of alarm devices 130, And distance determining means for determining the distance between the systems 200. [ The distance determining means may be any type of configuration capable of determining the distance between the secure digital system 100 and the pair system 200, but not limited thereto, as described above . If it is determined that the measured distance has exceeded a predetermined distance, an alarm signal can be output. As a result, the secure digital system 100 and / or the pair system 200 may communicate with the secure digital system 100 and / or the pair system 200 separately from the communication module 120 for NFC communication and / or the communication device 220 included in the pair system 200, And the distance determining means for measuring the distance between the digital system 100 and the pair system 200. [ The distance determination unit may be configured to perform RF communication separately from the communication module 120 or the communication device for pairing, for example. Alternatively, various arrangements for measuring distance by performing communication in a non- Digital system 100 and / or the pair system 200. [0031] FIG.

Alternatively, the secure digital system 100 and the pair system 200 may communicate using different communication protocols as described above. At this time, the functions performed using the first communication protocol and the functions performed using the second communication protocol may be defined in advance. For example, the first communication protocol performs an alarm pairing function as described above, and the second communication protocol can be used to transmit / receive security information. In addition, when the secure digital system 100 and the pair system 200 are required to perform communication for additional functions such as payment, network connection, etc., it is possible to define in advance which communication protocol to use. Of course, examples of such definition may vary according to implementations of the first communication protocol and the second communication protocol.

As a result, the security digital system 100 and / or the pair system 200 may output an alarm signal when it is in a non-paired state, and depending on the embodiment, It is possible to output an alarm signal. The communication module 120 or the communication device 220 of FIG. 8 may be used to determine the distance between the secure digital system 100 and the pair system 200, Or the communication device (220 in FIG. 8) may include a plurality of communication means as described above. Alternatively, depending on the embodiment, a configuration for determining the distance separately from the communication module 120 or the communication device (220 in FIG. 8) may be additionally provided in the secure digital system 100 and / or the pair system 200 .

Hereinafter, embodiments that can implement the technical idea of the present invention as described above will be described in more detail with reference to the drawings. It goes without saying that the embodiments described below are merely one embodiment of the technical idea described above.

Referring to FIG. 1, the secure digital system 100 may form a pair with the pair system 200. The pair system 200 may be implemented in various forms. For example, it may be implemented with a card 201 including an IC chip, or may be implemented with another digital system 202.

Meanwhile, the secure digital system 100 may perform communication with a predetermined authentication system 300 through a wired / wireless network. Or the authentication system 300 may communicate with a separate data processing device 400 used by a user of the secure digital system 100 via a wired or wireless network.

The authentication system 300 includes an authentication server for receiving security information (e.g., security code or OTP) from the secure digital system 100 or the data processing apparatus 400 and for authenticating the received security information and / An authentication server and at least one network system residing on the secure digital system 100 or on the data processing apparatus 400.

The authentication system 300 may be recording information on a security code assigned to a user. Alternatively, the authentication system 300 may share a first OTP generation key with the pair system 200. Meanwhile, according to an embodiment, the authentication system 300 may share a second OTP generation key with the secure digital system 100. [

The authentication system 300 may be an authentication system 300 that is provided for each individual service system (for example, a web server that provides a web site or a system of a financial institution), or may be a system Lt; / RTI >

Of course, the authentication system 300 can generate an OTP in the same manner as the secure digital system 100 or the pair system 200.

2 is a diagram showing a schematic configuration of a secure digital system according to an embodiment of the present invention.

Referring to FIG. 2, the secure digital system 100 includes a control module 110 and a communication module 120 according to an embodiment of the present invention. According to an embodiment, the secure digital system 100 may further include an alarm module 130, a security module 140, and / or a display module 150.

Herein, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware. Can be easily deduced to the average expert in the field of the present invention.

The control module 110 may be configured to communicate with other components included in the secure digital system 100 such as the communication module 120, the alarm module 130, the security module 140, and / 150) and / or resources. The communication module 120 may be referred to as an NFC communication module when the secure digital system 100 uses NFC communication

The communication module 120 may communicate with a pair system 200 that is paired with the secure digital system 100. The communication protocol used by the communication module 120 may be various as described above.

Then, the control module 110 may determine whether the communication module 120 and the pair system 200 are in a pairing state. Alternatively, it may determine whether the pairing has been performed at least once. The communication module 120 and the pair system 200 can communicate with each other even when the communication module 120 is separated from the communication module 120 by a predetermined distance or more. And may perform communication with the pair system 200. The communication module 120 periodically communicates with the control module 110 to determine whether the control module 110 is in a pairing state with the pair system 200.

Alternatively, the control module 110 may determine whether the communication module 120 has been paired at least once within a predetermined time. In this case, the communication module 120 may perform NFC communication with the pair system 200. At this time, if the communication module 120 and the pair system 200 are tagged, they may be in a paired state. The control module 110 can determine that the condition that the user can acquire the security information (hereinafter, referred to as 'security information acquisition condition') is satisfied even if the tagging is performed only once. Or it may determine that the security information acquisition condition is satisfied by performing tagging a plurality of times. When the security information acquisition condition is satisfied, predetermined processes for acquiring security information through the secure digital system 100 or the pair system 200 from then on may be performed. Alternatively, in the case of performing tagging a plurality of times, some of the processes may be performed before a predetermined number of tagging is performed as described above.

In any case, the control module 110 may determine that the security information acquisition condition is satisfied when the communication module 120 is currently in the paired state with the pair system 200, 120 and the pair system 200 have been paired at least once to determine that the security information acquisition condition is satisfied. As a result, the control module 110 can determine whether the security information acquisition condition is satisfied.

If it is determined that the security information acquisition condition is satisfied, the control module 110 can control the user to acquire security information through the secure digital system 100. [ Or only some of the processes for acquiring security information before the security information acquisition condition is satisfied may be performed. If the control module 110 determines that the security information acquisition condition is satisfied, the control module 110 may automatically perform the predetermined control to acquire the security information, May be performed.

The security information may be at least part of the security code assigned to the user, for example, or may be an OTP.

According to one embodiment, the pair system 200 may store the security code information. In addition, the pair system 200 may store generation information required to generate the OTP, that is, OTP information.

The control module 110 may then control the communication module 120 to receive at least a portion of the security code. And may allow the user to acquire at least a portion of the received security code. The fact that the user acquires at least a portion of the security code means that at least a portion of the security code is output to the display module 150 provided in the secure digital system 100 as described above, . Alternatively, in the case of automatically inputting at least a part of the security code into a predetermined input UI, or automatically transmitting at least a part of the security code to the authentication system 300, which requests the security code of the security code .

The control module 110 may receive the entire security code from the pair system 200 and may receive only the required security card number, that is, the request security code, from the pair system 200.

An example of this is shown in Fig.

FIG. 5A is a diagram for explaining a process in which a secure digital system obtains a request security code according to an embodiment of the present invention, and FIG. 5B is a flowchart illustrating a process of obtaining a request security code according to another embodiment of the present invention FIG. 5C is a diagram for explaining a process of obtaining a request security code according to another embodiment. FIG.

Referring to FIGS. 5A through 5C, the authentication system 300 may request a predetermined request security code for authenticating a user to the secure digital system 100 (S10). In this case, the user may request the service to a predetermined service system (not shown) using the secure digital system 100. Therefore, when a user accesses a predetermined service system (not shown) by using a separate data processing device (e.g., PC, notebook, etc.) 400 rather than the secure digital system 100 and wants to use the service, It will be appreciated that the authentication system 300 may request the request security code to the data processing apparatus 400. The user may then request the request security code to the pair system 200 via the secure digital system 100. Hereinafter, for convenience of explanation, a case of accessing the service system (not shown) using the secure digital system 100 will be described as an example.

The request security code may mean the security card number selected for the current authentication among the security codes 10 previously allocated to the user.

When the authentication system 300 requests the requesting security code to the secure digital system 100, the secure digital system 100 is provided with predetermined request means (e.g., page, frame, UI, Object, etc.) can be loaded.

When the requesting means is loaded, the control module 110 determines whether the current security information acquisition condition is satisfied. If the request is satisfied, the control module 110 may request the security code 10 from the pair system 200 (S20). Then, the communication module 120 can receive the security code 10 (S30). When the security code is received, the control module 110 may display the security code on the display device through the display module 150 (S40). According to an embodiment, only the information required to confirm the request security code or the request security code among the security codes may be displayed.

The user can then request the secure digital system 100 to enter the request security code into a given input UI (e.g., number 13 in Figure 5C) and to send the request security code to the authentication system 300 have.

Meanwhile, when the use of the security code is completed or the current user does not intend to use the security code, the security module 140 included in the secure digital system 100 deletes the security code A procedure may be performed (S50).

If it is determined that the use of the security code is completed or that the user does not intend to use the security code, for example, the requesting means (e.g., page) of the security code as shown in FIG. 5C may be deactivated. If the requesting means is deactivated, the requesting means is minimized on the secure digital system 100 and is not recognized by the user, or the requesting means is terminated or closed, or is present in a lower layer of another layer on the display layer And the like. In some cases, it may be defined in advance in the security module 140 whether the request means is inactivated.

Alternatively, the security module 140 may delete the security code automatically received when the security code received from the pair system 200 lapses a predetermined time.

As the security module 140 performs the security procedure, the information received from the pair system 200 is temporarily stored in the secure digital system 100 only when necessary, and can be deleted again. Accordingly, it is possible to prevent information received from the pair system 200 from being leaked or abused by malicious attack after being stored in the secure digital system 100.

This security procedure may be performed such that the secure digital system 100 receives the OTP from the pair system 200 or receives information capable of generating the OTP (e.g., the first OTP generation key and / or the OTP generation program information) The same can be applied to the case.

5A shows an example of receiving the entire security code from the pair system 200. However, only the information requested from the authentication system 300, that is, the request security code is transmitted to the pair system 200 As shown in Fig.

Referring to FIG. 5B, the authentication system 300 may request the security secure code 11 to the secure digital system 100 (S11). Then, the requesting means as shown in Fig. 5C can be loaded into the secure digital system 100. [ When the request security code 11 is requested (or the user requests the security code), the control module 110 can determine whether the security information acquisition condition is satisfied. If it is determined that the security code is satisfied, the control module 110 can request the request security code 11 to the pair system 200 (S21). Then, the secure digital system 100 can receive the request security code 11 from the pair system 200 (S31).

Then, the control module 110 may perform predetermined control so that the user can obtain the request security code as described above. For example, the request security code 11 may be displayed through the display module 150 (S41), automatically input to the input UI 13, or automatically sent to the authentication system 300 (S51) .

Then, the authentication system 300 can perform authentication by comparing the received information with previously stored information using the request security code 11.

Also, as described above, the security module 140 included in the secure digital system 100 may perform the security procedure (S61). That is, when a certain condition is met, the request security code 11 received from the pair system 200 can be deleted.

In order for the control module 110 to request only the request security code 11 from the pair system 200, the control module 110 must be able to determine what the request security code 11 is. To this end, the authentication system 300 may include security code identification information (e.g., No. 12 in FIG. 5C) that can identify the request security code 11, separately from the request S11 of the request security code 11 To the secure digital system 100.

Alternatively, when the authentication system 300 requests the request security code 11 to the separate data processing apparatus 400 as described above, the requesting means (for example, 5c, etc.) and the user may enter the security code identification information (e.g., 12) into the secure digital system 100. [ Then, the control module 110 can confirm what the request security code 11 is.

Alternatively, when the request means is loaded into the secure digital system 100, the control module 110 analyzes the request means (e.g., image analysis, text recognition, etc.) to determine what the security code identification information is , Thereby determining what the request security code 11 is.

Meanwhile, the control module 110 may undergo a pair forming procedure to specify what the pair system 200 forming a pair with the secure digital system 100 is. Then, only the specified pair system 200 can be paired through the pair formation procedure. According to an embodiment, the control module 110 performs a predetermined self-authentication procedure, and the self-authentication procedure may be paired to be successful. The pairing means that the communication state between the secure digital system 100 and the pair system 200 satisfies a predetermined criterion as described above.

The predetermined criterion may be the case where the communication module 120 and the pair system 200 are in a communicable state or the communication power between the communication module 120 and the pair system 200, The intensity may be a predetermined intensity or more. In general, communication may be possible when the secure digital system 100 and the pair system 200 are within a communication distance, and when it is within a predetermined distance within the communication distance, it is determined that pairing has been performed It is possible. Alternatively, the predetermined criterion may be a case where the communication module 120 and a predetermined communication device (e.g., RF communication device, etc.) included in the pair system 200 perform tagging. The tagging may refer to a case where the communication module 120 and the pair system 200 approach each other by a predetermined distance or less. Generally, when the pair system 200 and the communication module 120 communicate with each other via NFC, the secure digital system 100 or the pair system 200 is connected to the pair system 200 ) Or proximity to the secure digital system 100. When tagging is performed in this way, the control module 110 may determine that pairing has been performed.

In any case, the secure digital system 100 and / or the pair system 200 may perform the pair formation procedure in order for the secure digital system 100 and the pair system 200 to be paired. Of course, if a unique pair system 200 forming a pair with the secure digital system 100 is determined in advance, a separate pair formation procedure may not be performed. Or in the " alarm pairing " state, a separate additional pair forming procedure may not be performed. The process of pairing and obtaining the security information in the alarm-pairing state and its effect have been fully described above.

The pairing procedure may be performed by the user of the secure digital system 100 and / or the pair system 200 and may be performed by the secure digital system 100 and / or the providing entity of the pair system 200 For example, a manufacturer, a distributor, a financial institution, a security company, etc.).

When the pair formation procedure is performed by the user, the secure digital system 100 or the pair system 200 is a pair system, that is, the pair system 200 or the secure digital system 100, And transmitting and receiving information on the mobile terminal 100 through the communication. Alternatively, information on the pair system 200 may be input through a predetermined application installed in the secure digital system 100.

Such an example will be described with reference to Figs. 3 to 4. Fig.

FIG. 3 is a diagram illustrating an example of a manner in which a secure digital system and a pair system form a pair according to an embodiment of the present invention, and FIG. 4 illustrates an example of a secure digital system and a pair system in accordance with another embodiment of the present invention. As shown in Fig.

3 shows a case in which a secure digital system 100 and a pair system 200 perform a pair forming procedure through communication, and FIG. 4 shows a case where a predetermined application that can be installed in the secure digital system 100 And the pair formation procedure is performed.

Referring to FIG. 3, a predetermined pair system 200 may be provided. The pair system 200 may be, for example, an RF communication device capable of RF communication, or a device having a predetermined configuration added to the RF communication device. In addition, the RF tag may transmit its identification information to the secure digital system 100.

In any case, initially, the secure digital system 100 may not be paired with the pair system 200. That is, the secure digital system 100 and the pair system 200 can be independently used independently of each other. Of course, depending on the embodiment, the pairing system may be implemented so that the secure digital system 100 or the pair system 200 operates normally.

Thereafter, the secure digital system 100 and the pair system 200 can communicate with each other in order to perform a pair forming procedure. Also, in order to perform the pair forming procedure, a user may input a predetermined signal to the secure digital system 100 or the pair system 200 in advance to request execution of a pair forming procedure. When such a signal is input, the security digital system 100 or the pair system 200 can know in advance that the pair formation procedure is performed. The secure digital system 100 and the pair system 200 may then communicate with each other. The secure digital system 100 may then receive the identification information that identifies the pair system 200 from the pair system 200. According to an embodiment, the secure digital system 100 may transmit the identification information of the secure digital system 100 to the pair system 200. Alternatively, both of these processes may be performed. The identification information of the transmitted pair system 200 or the identification information of the secure digital system 100 may be recorded in the secure digital system 100 or the pair system 200, respectively.

When the identification information of another system to be a pair in one of the systems is recorded, the pair formation procedure can be completed. When the pair forming procedure is completed, the secure digital system 100 (or the pair system 200) communicates with the pair system 200 (or the digital system 100) corresponding to the identification information recorded in the secure digital system 100 If possible, within a certain distance, or in case of tagging.

Meanwhile, the communication for transmitting and receiving the identification information of each other for this pair forming procedure may be performed only when there are two systems within a distance (hereinafter referred to as a pairing distance) at which pairing can be performed. However, . For example, even if the two systems are within a pairing distance (i.e., a communicable distance or a predetermined shorter distance), the pair forming procedure may not be performed. For example, the pair forming procedure may be performed only when the secure digital system 100 and the pair system 200 are close to each other within a predetermined proximity distance (for example, 10 cm) such as NFC tagging.

According to an embodiment of the present invention, a digital system capable of forming a pair with the pair system 200 may be limited. For example, when the pair system 200 is a financial IC card of a specific user, a system capable of forming a pair with the pair system 200 may be possible only in the digital system of the specific user's name.

That is, a secure digital system 100 that can pair with the pair system 200 may be predefined. The procedure for self-checking whether the security module 100 included in the secure digital system 100 is a pair with the pair system 200 is defined as a self-certification procedure can do.

The control module 110 may use the information stored in the authentication system 300 or the pair system 200 to perform the self-certification procedure. That is, information that can identify the secure digital system 100 that can be paired with the pair system 200 may be stored in the authentication system 300 or the pair system 200.

For example, the control module 110 can recognize user identification information (e.g., name, telephone number, etc.) or device identification information (e.g., serial number of a specific hardware) stored in the secure digital system 100. Then, the control module 110 can determine whether the detected information corresponds to the information stored in the authentication system 300. [ For example, the authentication system 300 may store user identification information (e.g., telephone number) or device identification information and corresponding owner information. Then, the security module 100 can identify the owner of the secure digital system 100 using the user identification information. Based on the obtained result, the control module 110 determines whether the secure digital system 100 is in the pair system 200 can form a pair. If there is information that can identify a user in the pair system 200, the control module 110 may perform a self-certification procedure to determine whether the information and the owner information correspond to each other. If the secure digital system 100 has the owner information (e.g., name, alias, etc.) that can identify the owner of the secure digital system 100 stored therein, the control module 110 transmits the owner information, It is possible to perform the self-certification procedure by comparing the owner identification information stored in the pair system 200. [

If the self-authentication procedure thus performed is successful, the secure digital system 100 and the pair system 200 can finally form a pair.

Referring to FIG. 4, a pair forming procedure can be performed by directly inputting identification information of a system to be paired with the secure digital system 100 or the pair system 200.

According to an exemplary embodiment, the secure digital system 100 may be provided with a predetermined application 30 for implementing the technical idea of the present invention. The application may be downloadable from the secure digital system 100 or a predetermined web server operated by a provider or a user of the pair system 200.

The user can execute the application 30, and a UI as shown in FIG. 4 can be provided to the user. Then, the user can input identification information of the pair system 200 to be paired with the secure digital system 100 through the UI. The input identification information can be stored in a predetermined storage device, and the communication module 120 can confirm the stored identification information.

For example, there may be a case where the secure digital system 100 is a mobile phone, and the pair system 200 is a smart card that can be paired with the secure digital system 100. In this case, the secure digital system 100 may download the application 30 on a web site of a card company or a financial institution providing the smart card, or in a predetermined app store or the like. Then, after executing the application 30, the user of the secure digital system 100 can perform the pair formation procedure by inputting the identification information of the smart card.

Meanwhile, according to an embodiment, the pair system 200 may also be a system in which a predetermined application can be operated. In this case, the pair forming procedure may be performed by inputting the identification information of the secure digital system 100 through a predetermined application installed and executed in the pair system 200.

When the pair formation procedure is performed by the user, the user can select a pair system 200 paired with his / her secure digital system 100, and the pair system 200 capable of implementing the technical idea of the present invention , It is possible to change the pair system 200 forming a pair with the secure digital system 100, or a plurality of the pair system may be used.

Meanwhile, a system to be paired in advance may be determined by the providing entity of the secure digital system 100 or the pair system 200. In this case, the information about the pair system 200 may be stored in the secure digital system 100 in advance, or information about the secure digital system 100 may be stored in advance in the pair system 200, Or distributed. According to an embodiment, the providing entity may sell or distribute the pair system 200 (or the digital system 100) together with the security digital system 100 (or the pair system 200) can do. Particularly, this may be the case in the case of a manufacturer or a distributor who intends to manage a customer or a community with a clouding system, or to conduct a business related to authentication or settlement utilizing the technical idea of the present invention. In a case where the pairing for security information acquisition according to the technical idea of the present invention is performed in the alarm pairing state before the alarm pairing is performed and the security digital system 100 and the pair system of the pair system 200 are each paired, It is more likely to be determined in advance at the distribution or manufacturing stage.

Meanwhile, when the security information acquired by the user by the secure digital system 100 is OTP, the control module 110 may receive the OTP generated by the pair system 200, 200, the control module 110 may directly generate the OTP after receiving information necessary for OTP generation. Then, the generated OTP can be acquired by the user. In the case of enabling the OTP to be obtained, the OTP may be output to the predetermined display module 150 and displayed, or may be automatically input to a predetermined input UI capable of inputting the OTP, To the base station 300.

Such an example will be described with reference to Fig.

FIG. 6 is a diagram illustrating a method for obtaining an OTP by a secure digital system according to an embodiment of the present invention.

6, the control module 110 determines whether or not the security information acquisition condition is satisfied. In response to the OTP generation request input automatically or from the user (S12) It may request generation information necessary for OTP generation (S22).

The generation information may be at least a part of the OTP information 20 stored in the pair system 200. The OTP information 20 may include OTP generation program information 21 and / or a first OTP generation key 22.

According to an exemplary embodiment, the control module 110 may receive the first OTP generation key 22 from the pair system 200 (S32). Meanwhile, the OTP generation program information 21 may be stored in the secure digital system 100.

OTP generation program information 21 stored in the secure digital system 100 may be stored in advance in the secure digital system 100 before requesting the information S22, The OTP generation program information 21 may be received from the system 300 in advance.

Then, the control module 110 may generate the OTP using the OTP generation program information 21 and the first OTP generation key 22 received from the pair system 200 (S42). The generated OTP may be transmitted to the authentication system 300. The authentication system 300 separately generates an OTP by using the OTP generation program information 21 and the first OTP generation key 22 that are held by the authentication system 300 and transmits the generated OTP and the secure digital system 100) can be compared with each other to perform authentication.

The security module 140 may perform a security procedure to delete the generated OTP according to a predetermined condition (S52).

According to another embodiment, when the control module 110 requests generation information to the pair system 200 (S22), the pair system 200 further transmits the OTP generation program information 21 to the secure digital system 200 (S32-1).

Then, the control module 110 may generate the OTP using the OTP generation program information 21 and the first OTP generation key 22 received from the pair system 200 (S42).

Meanwhile, according to the technical idea of the present invention, the secure digital system 100 may further generate the OTP by using the second OTP generation key 23. The second OTP generation key 23 may be a secret key shared with the authentication system 300.

The control module 110 then receives the first OTP generation key 22 from the pair system 200 and uses the second OTP generation key 23 obtained from the secure digital system 100 To generate the OTP. In this case, the OTP generation program 21 can generate the OTP by further using the second OTP generation key 23 as an input variable. According to an embodiment, a new key may be generated using the first OTP generation key 22 and the second OTP generation key 23, and the OTP may be generated using the key as an input variable. Of course, at this time, the authentication system 300 can also generate the same key as the new key generated by the control module 110 using the first OTP generation key 22 and the second OTP generation key 23 .

The second OTP generation key 23 may be a secret key that is shared with the authentication system 300 in advance. According to one embodiment, the second OTP generation key 23 may be generated through a predetermined algorithm based on the unique identification information of the secure digital system 100, and the authentication system 300 or the secure digital System 100. In one embodiment,

In the case of generating the OTP using the second OTP generation key 23 as well, the secret key to know to generate the OTP is increased, so that the security can be remarkably increased. Also, even if one of the secret keys (for example, the first or second OTP generation key 22 or the second OTP generation key 23) is leaked, it is not possible to generate the same OTP as the authentication system 300 using only one secret key .

The OTP may be generated by the secure digital system 100 and acquired by the user in such a variety of ways.

According to another embodiment, the pair system 200 may generate an OTP using the OTP generation program information 21 and the first OTP generation key 22 stored therein. In this case, the control module 110 may receive the OTP generated by the pair system 200. Of course, in this case, it is needless to say that the OTP can be received only when the security information acquisition condition is satisfied.

On the other hand, when the secure digital system 100 receives the generation information (i.e., the OTP generation program information 21 and / or the first OTP generation key 22) from the pair system 200 to generate the OTP It is preferable that the generated information is not stored in the secure digital system 100 as much as possible.

For this, the security module 140 can perform the security procedure by deleting the generated information from the secure digital system 100 when a certain condition is satisfied.

The outline of this security procedure is shown in Fig.

FIG. 7 is a schematic flow chart illustrating a process of a security digital system performing security procedures according to an embodiment of the present invention.

Referring to FIG. 7, the secure digital system 100 may receive a request security code 11 or OTP, that is, security information, from the authentication system 300. Then, the secure digital system 100 may be loaded with a predetermined request means (e.g., a web page as shown in FIG. 5C, or a predetermined application, frame, UI, etc.) (S13).

The control module 110 may then generate at least a portion of the security information (e.g., security code) or generation information (e.g., the first OTP generation key) to generate the security information (e.g., OTP) from the pair system 200 (OTP generation program information 22 and / or OTP generation program information 21) (S23).

Once the received information is used by the secure digital system 100, it may be advantageous for security not to be stored in the secure digital system 100.

The security module 140 determines whether a predetermined time has elapsed since the received information was received (S33). If it is determined that the predetermined time has passed, the security module 140 may delete the received information (S53) .

According to another embodiment, the security module 140 may determine whether the request means is inactivated (S43). If it is determined that the request means is inactivated, the security module 140 may delete the received information (S53). As described above, when the request means is deactivated, that is, when the received information is deleted, or when the condition is defined by the security module 140 in advance.

In the above-described manner, the user can acquire the security information necessary for authentication through the secure digital system 100. Also, the secure digital system 100 and the pair system 200 can perform non-contact communication.

Accordingly, even when the pair system 200 is stored in the user's wallet, the user can easily obtain the security information through the secure digital system 100 he / she is using. Therefore, there is an effect that it is not necessary to take out the pair system 200 from the purse of the user.

Meanwhile, the secure digital system 100 according to the embodiment of the present invention may further include an alarm module 130.

The alarm module 130 may output an alarm signal when the secure digital system 100 and the pair system 200 are in a non-paired state (that is, when they are separated by a predetermined distance or more).

Such an example will be described with reference to FIG.

9 is a diagram for explaining a concept that a digital system or a pair system outputs an alarm signal according to an embodiment of the present invention.

Referring to FIG. 9, the control module 110 included in the secure digital system 100 may determine whether pairing with the pair system 200 is maintained (S14). That is, the control module 110 can confirm whether or not the alarm is paired. Of course, the alarm pairing function may be activated or deactivated at the request of the user.

When a predetermined event occurs in the alarm pairing state (for example, when a request is input from the user), the control module 110 transmits the generation information necessary for OTP generation from the pair system 200 in the above-described manner And generate an OTP (S24). According to an embodiment, the secure digital system 100 stores the OTP information 40, and the OTP information 40 may be used to generate the OTP. At this time, the OTP information 40 may include OTP generation program information and a second OTP generation key. As a result, the secure digital system 100 may be a device capable of independently generating an OTP regardless of the pair system 200. In this case, the secure digital system 100 can be configured to generate the OTP only when the security information acquisition condition is satisfied.

Meanwhile, when the security digital system 100 and the pair system 200 are in a non-paired state while the pairing state (i.e., the alarm pairing state) is maintained, or when the two systems 100 and 200 are separated from each other by a predetermined distance , The alarm output condition can be satisfied. Then, the control module 110 controls the alarm module 130 to output a predetermined alarm signal (S34). According to an embodiment, the pair system 200 may also output a predetermined alarm signal (S34-1).

The pair system 200 may also periodically determine whether a pairing state (i.e., an alarm-paired state) with the secure digital system 100 is maintained. For example, the paired system 200 periodically receives a predetermined signal from the secure digital system 100, and if the signal is no longer received, the pair system 200 may determine that the alarm output condition is satisfied and output an alarm signal.

Of course, in this case, the communication protocol between the pair system 200 and the secure digital system 100 may be a communication protocol capable of communicating when the same user has the secure digital system 100 and the pair system 200 Protocol.

As described above, the secure digital system 100 and / or the pair system 200 are configured such that the secure digital system 100 and the pair system 200 can communicate with each other at a certain distance The alarm signal may be output.

For example, as described above, the secure digital system 100 and the pair system 200 may be paired only within a first distance (e.g., 10 cm), and the alarm signal may be paged over the second distance (e.g., several meters) And may be output when the secure digital system 100 and the pair system 200 are disconnected.

According to one embodiment, the secure digital system 100 and / or the pair system 200 provides an alarm pairing function, and the security digital system 100 or the alarm pairing, as described above, (For example, 1 meter or 10 centimeters in the case of NFC), and the alarming distance is set to be longer than the reference distance of the alarm pairing Signal.

When the alarm pairing function is inactivated or the alarm pairing function is not provided, even if the security digital system 100 and the pair system 200 satisfy the alarm output condition, The secure digital system 100 and the pair system 200 may perform the same or similar operations.

8 is a diagram showing a schematic configuration of a pair system according to an embodiment of the present invention.

8, the pair system 200 includes a storage device 211 for storing at least one of security code and / or OTP information, and a communication module 120 provided in the secure digital system 100 (Not shown).

According to an embodiment, the pair system 200 may have data processing capability by itself, and in this case, a predetermined control device 212 may be further provided.

According to one embodiment, the pair system 200 may be embodied as a smart card including the storage device 211 and the control device 212. In this case, the pair system 200 may be a system in which the smart card is further provided with a communication device 220 for implementing the technical idea of the present invention in the conventional control device 212 and the storage device 211 .

Meanwhile, according to another embodiment, the security code and the OTP information may not be stored in the pair system 200. That is, the pair system 200 may simply perform a function of forming a pair with the secure digital system 100. In this case, at least one of the control device 212 and / or the storage device 211 may not be included in the pair system 200.

For example, the pair system 200 may include a communication device (e.g., RF communication device 220, etc.). In some implementations, the communication device (e.g., RF communication device 220, etc.) itself may be the pair system 200. According to one embodiment, the communication device (e.g., RF communication device 220, etc.) may include a predetermined RF antenna.

The communication device 220 may be implemented, for example, as an RFID tag. According to an embodiment, the pair system 200 itself may be the RFID tag. According to another embodiment, the communication device 220 may include an RF reader. In any case, the communication device 220 may be configured to communicate with the communication module 120 included in the secure digital system 100.

Meanwhile, the digital system 100 or the pair system 200 according to the embodiment of the present invention can generate security information even when no pairing is performed. That is, in a limited situation, the user may obtain the security information even if the pairing is not performed. For this purpose, it may be necessary to perform some additional authentication.

Therefore, when the user does not consciously or unconsciously occupy both the secure digital system 100 and the pair system 200 within the pairing distance, the security information is transmitted to the user 200 under a limited condition, that is, To acquire.

If the additional authentication is not paired, the additional authentication may include any type of authentication that allows the security information acquisition procedure to be performed only after the additional authentication is performed and succeeded. For example, at least one of authentication using a password, authentication using a secret pattern, authentication using biometric information (e.g., fingerprint, irregularity, etc.), authentication based on location information or unique identification information of hardware, and / And may be used as the additional authentication. Other methods of authentication may be more varied.

In addition, the digital system 100 and / or the pair system 200 according to an embodiment of the present invention may be configured such that the digital system 100 and the pair system 200, when not paired or at a predetermined distance, And may further include means for outputting a predetermined alarm signal so that the user can recognize the alarm signal.

Meanwhile, according to the technical idea of the present invention, the secure digital system 100 and / or the pair system 200 may store generation information for generating a plurality of pieces of security information or security information.

For example, the pair system 200 may store a plurality of security codes or a plurality of OTP information including the OTP information. This may mean that the pair system 200 can integrally perform the roles of a plurality of conventional security cards or a plurality of OTP generation devices. The plurality of security codes or the plurality of OTP information may be security codes used or distributed by different subjects, respectively. For example, the financial institution 1 and the financial institution 2 may use different security cards. Or different OTP generating devices may be used.

In this case, the pair system 200 may store security codes or OTP information corresponding to different security cards or different OTP generation devices.

Then, the control module 110 included in the secure digital system 100 transmits a security code selection signal for selecting a specific security code (for example, a security code used in the financial institution 1) among the plurality of security codes Or if the application corresponding to the security code (for example, the application distributed by the financial institution 1) is executed by the secure digital system, the security code among the plurality of security codes can be selected. The control module 110 may then perform control to receive at least a portion of the selected security code. Alternatively, an OTP information selection signal for selecting specific OTP information (for example, used by the financial institution 1) among the plurality of OTP information (for example, OTP information used in the financial institution 1 or 2) When an application corresponding to the OTP information (for example, an application distributed by the financial institution 1) is executed by the secure digital system, at least a part of the OTP information among the plurality of OTP information is received or based on the OTP information And to receive the generated OTP.

10 is a diagram illustrating an example of a case where the security digital system according to an embodiment of the present invention acquires security information by performing tagging with a pair system.

10, the secure digital system 100 performs tagging once (S15) to receive desired security information (for example, entire security code or request security code, OTP) from the pair system 200 (S25). Alternatively, at least a part of generation information for generating the security information, i.e., OTP information, may be received (S25).

Also, if the tagging is performed (S15), the pair authentication procedure is automatically performed, and if the pair authentication procedure is unsuccessful, the secure digital system 100 may not receive security information or generation information.

In the case of receiving the entire security code, the process of transmitting the entire security code to the secure digital system 100 may be performed by the pair system 200 while the tagging (S15) is performed. When the security code part is received, while the tagging (S15) is performed, the secure digital system 100 transmits the request security code identification information, and transmits the security code stored in the pair system 200 The extracted request security code is extracted by the secure digital system 100, and the process of receiving the extracted request security code may be performed. At least a portion of the OTP information may be received by the secure digital system 100 while the tagging S15 is performed if the secure digital system 100 receives at least a portion of the OTP information. Then, the OTP generation is performed by the secure digital system 100, which may be during the tagging (S15) or after the tagging (S15). When the secure digital system 100 receives the OTP, the OTP generation request signal is transmitted to the pair system 200 while the tagging is performed (S15), and the pair system 200 OTP, and the process of transmitting the generated OTP to the secure digital system 100 can be performed. The OTP generation request signal may be a tagging action itself or a signal transmitted from the secure digital system 100 to the pair system 200 separately.

On the other hand, when the secure digital system 100 and the pair system 200 communicate via tagging, that is, NFC communication, as described above, a plurality of tags must be tagged so that the user may obtain desired security information . Such an example will be described with reference to Figs. 11 to 12. Fig.

11 to 12 are views showing an example of a case where the secure digital system according to an embodiment of the present invention acquires security information by performing a plurality of tagging.

11 to 12 illustrate a case where security information is obtained through two tagging operations, but the scope of rights of the present invention is not limited thereto.

Referring to FIG. 11, the secure digital system 100 and the pair system 200 may perform a first tagging (S16). The pair authentication procedure (S26) may be performed during or after the first tagging is performed (S16). If the pair authentication procedure succeeds (or fails), then predetermined information indicating that the next tagging, i.e., a predefined process can be performed (or none) at the time of the second tagging, is sent to the secure digital system 100 and / Or may be recorded in the system 200.

Thereafter, if the second tagging is performed (S36), at least a part of the security code, at least a part of the OTP information, or OTP may be transmitted to the secure digital system 100 during the second tagging is performed (S46) . Further, after the second tagging is performed, a process of generating an OTP based on a predetermined process, such as at least a part of the received OTP information, may be performed by the secure digital system 100.

Referring to FIG. 12, the secure digital system 100 and the pair system 200 may perform a first tagging (S17). Then, the secure digital system 100 can transmit information or OTP generation request signal that can specify a request security code to the pair system 200 (S27). Also, during or after the first tagging is performed (S17), a pair authentication procedure may be performed by the secure digital system 100 and / or the pair system 200. [ According to an embodiment, the pair authentication procedure may be performed through separate tagging before the first tagging.

Then, the pair system 200 can extract the request security code or generate the OTP (S37). This process may be performed during or after the first tagging is performed (S17).

Thereafter, when the second tagging is performed (S47), the secure digital system 100 may receive the request security code or the OTP from the pair system 200 (S57).

According to an embodiment of the present invention, when the first tagging is performed (S17), a signal requesting at least a part of the OTP information is transmitted to the pair system 200, and when the second tagging is performed (S47) At least a portion of which may be transmitted to the secure digital system 100.

On the other hand, when a plurality of tagging is to be performed and security information as described above can be obtained, a process to be performed while or after each of the plurality of tagging is performed may be predefined, It is a matter of course that various processes may be defined depending on the implementation. According to an embodiment, when a specific tagging is performed, any process among the processes to be performed in order to obtain security information may not be actually performed. In addition, information may be recorded and / or maintained in the secure digital system 100 and / or the pair system 200 to count how many times tagging has been performed for a predetermined period of time, if necessary. Of course, the secure digital system 100 and / or the pair system 200 may be provided with a predetermined timer for judging whether or not it is performed within a predetermined time.

The secure digital system and method for providing a pair system according to an embodiment of the present invention can be implemented as computer readable codes on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

Claims (18)

In a user's secure digital system,
A display device;
A communication module for performing NFC (Near Field Communication) communication with a pair system for storing at least one of security code and OTP information;
Control to receive an OTP based on at least a portion of the security code, at least a portion of the OTP information, or the OTP information from the pair system via the communication module if the communication module is tagged at least once with the pair system And a control module,
The secure digital system and the pair system that performed the NFC communication perform a pair formation procedure, and the pair formation procedure is a procedure in which the secure digital system stores the identification information of the pair system or the pair system identifies the secure digital system The security code or the OTP is transmitted to the authentication system by the secure digital system so that the authentication using the security code or the OTP can be succeeded Features NFC secure digital system.
delete The apparatus of claim 1,
Storing identification information of the pair system predefined to form a pair with the secure digital system,
And to receive from the pair system an OTP based on at least a portion of the security code, at least a portion of the OTP information, or the OTP information only from the pair system corresponding to the identification information.
The apparatus of claim 1,
Receiving at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system to perform a plurality of tagging,
Performing a pair authentication procedure between the pair system and the secure digital system when the first tagging of the plurality of tags is performed,
And receives an OTP based on at least a portion of the security code, at least a portion of the OTP information, or the OTP information if a second one of the plurality of tagging is performed.
The apparatus of claim 1,
Receiving at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system to perform a plurality of tagging,
When the first tagging of the plurality of tags is performed, specifies a request security code requested from a predetermined authentication system among the security codes to be received from the pair system or transmits the OTP generation request signal to the pair system,
And receives the specified request security code or the generated OTP from the pair system when second tagging of the plurality of tags is performed.
delete delete The apparatus of claim 1,
When the secure digital system and the pair system are tagged, receiving a first OTDP generation key included in the OTP information from the pair system,
And generates the OTP using the received first OTPS generation key.
9. The apparatus of claim 8,
The OTP generation program information for generating the OTP is further received from the pair system and the OTP is generated using the received OTP generation program information and the first OTP generation key,
And generates the OTP using the OTP generation program information stored in advance in the secure digital system and the received first OTP generation key before the tagging.
10. The apparatus of claim 9,
Wherein the OTP is generated using the first OTP generation key received from the pair system and a second OTP generation key shared by the secure digital system and the authentication system.
delete delete 1. A pair system for pairing with a secure digital system of a user,
The pair system comprises:
A storage device for storing at least one of security code or OTP information;
A communication device for performing NFC (Near Field Communication) communication with the secure digital system; And
Transmitting at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information to the secure digital system via the communication device when the communication device is tagged at least once with the secure digital system And a control unit for controlling the control unit,
The secure digital system and the pair system that performed the NFC communication perform a pair formation procedure, and the pair formation procedure is a procedure in which the secure digital system stores the identification information of the pair system or the pair system identifies the secure digital system The security code or the OTP is transmitted to the authentication system by the secure digital system so that the authentication using the security code or the OTP can be succeeded Features a pair system.
14. The control apparatus according to claim 13,
Characterized in that the secure digital system and the pair system transmit an OTP which is generated based on at least a part of the security code stored in the pair system, at least a part of the OTP information, or the OTP information, Pair system.
14. The control apparatus according to claim 13,
When the secure digital system and the pair system are tagged, transmitting a first OTDP generation key included in the OTP information to the secure digital system,
And the OTP is generated by the secure digital system using the transmitted first OTP generation key.
A method for providing a secure digital system,
Performing a tagging at least once with a pair system in which a user's secure digital system stores at least one of security code or OTP information; And
Wherein the secure digital system comprises receiving at least one portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information from the pair system via the at least one tagging,
The secure digital system and the pair system that have performed the NFC communication perform a pair formation procedure, and the pair formation procedure is a procedure in which the secure digital system stores the identification information of the pair system or the pair system identifies the secure digital system The security code or the OTP is transmitted to the authentication system by the secure digital system so that authentication using the security code or the OTP can be successfully performed To provide an NFC secure digital system.
A method for providing a secure digital system,
A pairing procedure in which a user's secure digital system is paired with the secure digital system, the pairing procedure being a pairing procedure, the pairing procedure comprising: storing the identification information of the pair system, Determining whether the pair system is tagged at least once with the secure digital system through the pair system, wherein the pair system is a procedure for storing identification information of the secure digital system; And
Extracting at least a part of the security code stored in advance in the secure digital system or generating an OTP using the OTP information only when the determination is made at least once,
Wherein at least a part of the security code or the authentication system for authenticating the OTP stores user identification information or device identification information of the secure digital system and the secure digital system that has performed NFC communication with the pair system is connected to the authentication system And the authentication is successful in accordance with the stored user identification information or device identification information.
A method for providing a pair system with a pair with a secure digital system of a user,
Wherein the pair system is provided by storing at least one of security code or OTP information;
Performing the tagging at least once with the secure digital system; And
The pair system transmitting at least a portion of the security code, at least a portion of the OTP information, or an OTP based on the OTP information to the secure digital system,
The secure digital system and the pair system that have performed the NFC communication perform a pair formation procedure, and the pair formation procedure is a procedure in which the secure digital system stores the identification information of the pair system or the pair system identifies the secure digital system The security code or the OTP is transmitted to the authentication system by the secure digital system so that authentication using the security code or the OTP can be successfully performed The method comprising:

Images