[go: up one dir, main page]

WO2017018861A1 - Dispositif financier utilisant des informations biométriques et son procédé de fonctionnement - Google Patents

Dispositif financier utilisant des informations biométriques et son procédé de fonctionnement Download PDF

Info

Publication number
WO2017018861A1
WO2017018861A1 PCT/KR2016/008399 KR2016008399W WO2017018861A1 WO 2017018861 A1 WO2017018861 A1 WO 2017018861A1 KR 2016008399 W KR2016008399 W KR 2016008399W WO 2017018861 A1 WO2017018861 A1 WO 2017018861A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
biometric information
user
information
key value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2016/008399
Other languages
English (en)
Korean (ko)
Inventor
김현옥
최은주
감홍주
문선영
민재슬
박승수
윤준석
이유나
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LG CNS Co Ltd
Original Assignee
LG CNS Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020150108208A external-priority patent/KR20170014574A/ko
Priority claimed from KR1020150114334A external-priority patent/KR101710794B1/ko
Application filed by LG CNS Co Ltd filed Critical LG CNS Co Ltd
Publication of WO2017018861A1 publication Critical patent/WO2017018861A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a financial device, a financial transaction system, and an operation method thereof using biometric information.
  • the biometrics recognition method is a method of authenticating a user using biometric information unique to an individual, and performs user authentication using biometric information such as a fingerprint or an iris.
  • biometric information is stored in a server of a financial institution. Thereafter, when the user inputs the biometric information for the financial transaction using the financial device, the input biometric information is transmitted to the server of the financial institution.
  • the server of the financial institution compares the transmitted biometric information of the customer with the biometric information previously stored in the database to determine whether to authenticate, and transmits the result of the determination to the financial device.
  • One object of the present invention is to provide a financial device, a financial transaction system, and a method of operating the same, which can minimize the damage of hacking and / or leakage of the user's biometric information and reduce the user's rejection.
  • the financial device receives the primary user authentication result, the encrypted user authentication information and the first key value from the user's terminal, and transmits the encrypted user authentication information to the server, and transmits 2 from the server.
  • a communication unit receiving the second user authentication result and the second key value; And if the second user authentication is successful, proceed with the financial transaction requested by the user, perform the third user authentication by comparing the received first key value and the second key value, and perform the third user authentication. If the authentication result is the authentication success, it may include a processing unit for processing the final approval of the requested financial transaction.
  • the terminal divides the biometric information input from the user into a plurality of unit areas having an identification number and extracts a unit area having the same identification number as the password input from the user among the plurality of unit areas.
  • Biometric information management unit for generating authentication information;
  • a processor configured to perform first user authentication by comparing biometric information received from a user with previously stored biometric information;
  • a communication unit configured to receive a first key value from a server, transmit a result of the first user authentication and authentication information encrypted using the first key value, and transmit authentication information or the first key value to a financial device. Can be.
  • the server divides the user's biometric information into a plurality of unit areas having an identification number, and extracts a unit area having the same identification number as a password among the plurality of unit areas to generate authentication information.
  • Biological information management unit A communication unit which transmits a first key value to a terminal, receives authentication information including biometric information of the user from the terminal and is encrypted with the first key value, and transmits a result of the second user authentication to a financial device; And a processor configured to decode the received authentication information and perform second user authentication by comparing the user's biometric information included in the authentication information with the stored user's biometric information.
  • Method of operation of a financial transaction system comprises the steps of the terminal receiving biometric information and password for financial transactions from the user; Performing, by the terminal, first authentication using the biometric information; Generating, by the terminal, authentication information by encrypting the password, the biometric information, and the unique information of the user; Transmitting, by the terminal, the authentication information to a financial device when the first authentication is successful; Transmitting, by the financial device, the authentication information to a server; Decrypting, by the server, the authentication information and performing second authentication using the password, the biometric information, and the unique information of the user; And forwarding, by the server, the authentication result of the second authentication to the financial device.
  • a financial device, a financial transaction system, and a method of operating the same may be applied to a financial transaction through a user authentication process of first authentication by a terminal, second authentication by a server, and third authentication by a financial device. Reliability can be secured.
  • a financial device, a financial transaction system, and an operation method thereof according to an embodiment of the present invention can minimize the user's discomfort by obtaining biometric information using a user's own terminal.
  • biometric information which is a user's personal information
  • biometric information may be protected from hacking / leakage.
  • the user's refusal to transmit or store all of his personal information to the trading institution can be minimized.
  • FIG. 1 is a block diagram showing a financial transaction system according to an embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating a terminal according to an embodiment of the present invention.
  • 3 is a view for explaining the operation of the terminal according to an embodiment of the present invention.
  • FIG. 3 is a block diagram illustrating a financial device according to an embodiment of the present invention.
  • FIG. 4 is a block diagram illustrating a server 300 according to an embodiment of the present invention.
  • FIG. 5 shows a method of operating a financial transaction system according to a first embodiment of the present invention.
  • FIG. 6 shows a method of operating a financial transaction system according to a second embodiment of the present invention.
  • FIG. 7 is a block diagram illustrating the biometric information recognizing apparatus or the biometric information management apparatus 150 or 350 according to an embodiment of the present invention.
  • FIG. 8 shows a fingerprint image according to an embodiment of the present invention.
  • FIG 9 shows an iris image according to an embodiment of the present invention.
  • FIG. 10 illustrates a process in which the fingerprint image is processed by the second processor 720 as an example of the biometric information image.
  • FIG. 11 is a flowchart illustrating an authentication method using biometric information according to an embodiment of the present invention.
  • FIG. 12 illustrates an embodiment using an iris image.
  • FIG. 13 illustrates an embodiment using a fingerprint image.
  • FIG. 14 is a block diagram showing a financial transaction system according to another embodiment of the present invention.
  • FIG. 1 is a block diagram showing a financial transaction system according to an embodiment of the present invention.
  • a financial transaction system 1000 may include a terminal 100, a financial device 200, and a server 300.
  • a user performs user authentication through the terminal 100 and processes a financial transaction through the financial device 200 without a medium (credit card, etc.). This may be explained in more detail below.
  • the terminal 100 may perform user authentication for the use of the financial device 200 to process the financial transaction of the user.
  • the terminal 100 may include a program or an application for the user authentication.
  • the program or application for user authentication may be driven according to a user's operation or may be driven through short-range wireless communication with the financial device 200.
  • the terminal 100 may receive biometric information and / or a password from the user for the user authentication.
  • the terminal 100 may perform the user authentication using the biometric information of the user.
  • the terminal 100 may perform the user authentication by comparing the biometric information of the user with previously stored biometric information.
  • the biometric information may include an iris image, a fingerprint image, and / or a vein image.
  • the biometric information may include feature points of the iris image, the fingerprint image, and / or the vein image. The feature point of the image is included as long as it can identify the divided unit areas of the image without scanning and storing the entire image. A method of using biometric information will be described later.
  • user authentication of the terminal 100 may be understood as primary authentication.
  • the first authentication of the terminal 100 may be performed using user personal information such as a password and an authorized certificate in addition to the biometric information.
  • the terminal 100 may receive the first key value from the server 300 when the first authentication is successful.
  • the terminal 100 may receive the first key value directly from the server 300.
  • the terminal 100 may generate authentication information by encrypting a password, biometric information, and user's unique information input from the user using the first key value.
  • the terminal 100 may generate authentication information by encrypting a password, a partial region matching a password among biometric information image regions, and unique information of a user using the first key value.
  • the unique information of the user may include a user ID (UID) received from the server 300 when the user opens an account for a financial transaction, and may be pre-stored in the terminal 100.
  • the terminal 100 may transmit the authentication information to the financial device 200 along with the authentication result of the first authentication or sequentially.
  • the terminal 100 may transmit the first key value to the financial device 200.
  • the terminal 100 may be connected to the financial device 200 and the server 300 (can be connected). That is, when the first authentication is successful, the user may request processing of the financial transaction through the terminal 100 or directly by operating the financial device 200.
  • the first authentication may be understood that the user performs the user authentication through the terminal 100 before processing the financial transaction using the financial device 200.
  • Various embodiments of the terminal 100 include a cellular telephone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, and a digital camera having a wireless communication function.
  • Handheld unit incorporating combinations of such functions as well as photographing devices, gaming devices with wireless communication capabilities, music storage and playback appliances with wireless communication capabilities, internet appliances with wireless internet access and browsing Or may include terminals, but is not limited thereto.
  • the financial device 200 may transmit the encrypted authentication information received from the terminal 100 to the server 300. That is, the financial device 200 may directly transfer the encrypted authentication information received from the terminal 100 to the server 300 without being decrypted.
  • the server 300 may perform user authentication using a password, biometric information, and user's unique information obtained by decrypting the encrypted authentication information transmitted from the financial device 200.
  • the server 300 may decrypt the received encrypted authentication information by using the second key value.
  • the second key value may have the same value as the first key value.
  • user authentication at server 300 may be understood as secondary authentication.
  • the server 300 may transmit the authentication result for the second authentication to the financial device 200.
  • the server 300 may transmit the second key value to the financial device 200 simultaneously or sequentially with the authentication result.
  • the financial device 200 may receive the second key value from the server 300 immediately before the final approval of the user's requested transaction.
  • the financial device 200 may receive the first key value from the terminal 100 and the second key value from the server 300, respectively.
  • the financial device 200 may perform user authentication by comparing the first key value received from the terminal 100 and the second key value received from the server 300 after the second user authentication.
  • the financial device 200 may compare the first key value received from the terminal 100 and the second key value received from the server 300 to determine whether the financial transaction requested by the user is finally approved based on the same. . This is to authenticate the occupation of the terminal 100 and / or the financial device 200 by the same user.
  • user authentication of the financial device 200 may be understood as tertiary authentication.
  • the financial transaction system 1000 is the first authentication by the terminal 100, the second authentication by the server 300, the third authentication by the financial device 200 By including the user authentication process of the financial transaction can be secured, and by obtaining the biometric information using the user's own terminal can minimize the user's rejection.
  • FIG. 2 is a block diagram illustrating a terminal according to an embodiment of the present invention.
  • 3 is a view for explaining the operation of the terminal according to an embodiment of the present invention.
  • the terminal 100 includes an input unit 110, a processing unit 120, a communication unit 130, a storage unit 140, and a biometric information management unit 150. can do.
  • the input unit 110 may receive biometric information and / or a password from a user.
  • the input unit 110 may include a camera for receiving biometric information of the user and / or a touch panel for receiving a password.
  • the password may be set in advance through a contract with a user and an operating entity (ie, a financial company) of the financial device 200.
  • the biometric information may include an iris image, a fingerprint image, and / or a vein image.
  • the biometric information may include feature points of an iris image, a fingerprint image, and / or a vein image.
  • the processor 120 may perform user authentication using the biometric information of the user.
  • the processor 120 may perform user authentication by comparing the biometric information of the user with the biometric information stored in the storage 140.
  • the processor 120 may determine success of user authentication when the biometric information of the user input through the input unit 110 and the biometric information of the user previously stored in the storage 140 match.
  • the processor 120 may determine that the user authentication fails when the biometric information of the user input through the input unit 110 and the biometric information of the user previously stored in the storage 140 do not match.
  • the processor 120 may generate authentication information by encrypting a password inputted from a user, biometric information, and unique information of the user.
  • the processor 120 may generate authentication information by encrypting the password, the biometric information, and the unique information of the user by using the first key value received from the server 300.
  • the unique information of the user may include a UID (User ID) received from the server 300 when the user opens an account for a financial transaction, and may be pre-stored in the storage 140.
  • UID User ID
  • the communicator 130 may receive a first key value from the server 300.
  • the communicator 130 may transmit a user authentication result (ie, a primary user authentication result) to the financial device 200.
  • the communication unit 130 may transmit the authentication information and / or the first key value to the financial device 200.
  • the communicator 130 may include various wireless communication interfaces such as WiFi, LTE, LTE-A, 3G, Bluetooth, and near field communication (NFC).
  • the storage 140 may store the biometric information of the user.
  • the storage 140 may store unique information of the user.
  • the storage 140 may include a USIM.
  • the biometric information management unit 150 may divide the input biometric information into a plurality of unit areas having an identification number. For example, the biometric information management unit 150 may divide the biometric information into n unit areas (n ⁇ 2, n is a natural number). The n value may be determined in consideration of the minimum area in which biometric information can be identified. The biometric information management unit 150 may assign an identification number to each of the n unit areas (or may assign an identification number in association with a feature point in the unit area). Biometric information having an identification number assigned to a unit area may be stored in the storage 140.
  • FIG. 3 is a block diagram illustrating a financial device according to an embodiment of the present invention.
  • the financial device 200 may include a communication unit 210 and a processing unit 220.
  • the communication unit 210 may receive an authentication result (ie, primary user authentication result) from the terminal 100.
  • the communication unit 210 may receive the authentication information from the terminal 100.
  • the communication unit 210 may transfer the user authentication information received from the terminal 100 to the server 300.
  • the communication unit 210 may receive an authentication result (that is, a secondary user authentication result) from the server 300.
  • the communication unit 210 may receive a first key value from the terminal 100.
  • the communication unit 210 may receive a second key value from the server 300.
  • the communication unit 210 may include various wireless communication interfaces such as WiFi, LTE, LTE-A, 3G, Bluetooth, near field communication (NFC).
  • the processor 220 may perform the user authentication by comparing the first key value with the second key value.
  • the user authentication is for authenticating the occupation of the terminal 100 and / or the occupation of the financial device 200 by the same user.
  • the processor 220 may determine whether to proceed with the financial transaction requested from the user according to the second user authentication result transmitted from the server 300. For example, the processor 220 may proceed with the financial transaction requested by the user when the authentication result transmitted from the server 300 is authentication success.
  • the processor 220 proceeds with the financial transaction requested by the user when the second user authentication result is the authentication success, and is transferred from the terminal 100 before approval for approval for completion of the final transaction of the financial transaction.
  • the processor 220 proceeds with the financial transaction requested by the user when the second user authentication result is the authentication success, and is transferred from the terminal 100 before approval for approval for completion of the final transaction of the financial transaction.
  • FIG. 4 is a block diagram illustrating a server 300 according to an embodiment of the present invention.
  • the server 300 includes a key value generation unit 310, a communication unit 320, a storage unit 330, a processing unit 340, and a biometric information management unit 350. can do.
  • the key value generator 310 may generate the first key value and the second key value.
  • the first key value and the second key value may have the same value.
  • the communication unit 320 may transmit the first key value to the terminal 100.
  • the communicator 320 may transmit the second key value to the financial device 200.
  • the communicator 320 may receive user authentication information from the financial device 200.
  • the communicator 320 may transmit a user authentication result (that is, a second user authentication result) to the financial device 200.
  • the communicator 320 may include various wireless communication interfaces such as WiFi, LTE, LTE-A, 3G, Bluetooth, and near field communication (NFC).
  • the storage unit 330 may store a password preset by the user, biometric information of the user, and a unique number of the user. For example, the storage unit 330 may match and store a password preset by the user, biometric information of the user, and a unique number of the user.
  • the processor 340 may perform user authentication using a password, biometric information, and unique information of a user obtained by decrypting user authentication information transmitted from the financial device 200.
  • the processor 340 may decrypt user authentication information by using the second key value.
  • the processor 340 stores the password, the biometric information, and the unique information of the user, which are obtained by decrypting the user authentication information transmitted from the financial device 200, and the user's biometric information. And user authentication can be performed by comparing with the unique number of the user.
  • the processor 340 is a password, biometric information and the user's unique information obtained by decrypting the authentication information transmitted from the financial device 200 is stored in the storage unit 330 preset by the user, the user's biometric information and the user If the unique numbers of the match the user authentication can be determined to be successful.
  • the processor 340 is a password, biometric information and the user's unique information obtained by decrypting the authentication information transmitted from the financial device 200 is stored in the storage unit 330 preset by the user, the user's biometric information and the user If the unique numbers do not match, it can be determined that the user authentication failed.
  • the biometric information management unit 350 may divide the biometric information image into a plurality of unit areas having an identification number. For example, the biometric information management unit 350 may divide the biometric information image into n unit areas (n ⁇ 2, n is a natural number). The n value may be determined in consideration of the minimum area where the biometric information image can be identified. The biometric information management unit 220 may assign an identification number to each of the n unit areas (or assign an identification number to a feature point in the n unit areas). The biometric information generated by the biometric information manager 350 is stored in the storage 330.
  • FIG. 5 shows a method of operating a financial transaction system according to a first embodiment of the present invention.
  • a terminal receives biometric information and a password from a user (S11), and the terminal first uses biometric information of the user.
  • step S14 the terminal transmits the authentication information to the financial device (S15), the financial device sends the authentication information to the server (S16), the server decrypts the user authentication information (S17), The server performs the second authentication using the password, biometric information and the user's unique information (S18), the server delivers the authentication result to the financial device (S19), and the financial device in accordance with the authentication result Trading jean It may include the step (S20) to determine whether or not.
  • step S11 to step S20 will be described in more detail.
  • the terminal 100 may receive biometric information and / or a password from a user for user authentication (S11).
  • the biometric information may include an iris image, a fingerprint image, and / or a vein image, or a feature point of the iris image, fingerprint image, and / or vein image
  • the password may be at least one of letters, numbers, and symbols. It can be composed of a combination of.
  • the input biometric information may be assigned by the biometric information management unit 150 to the terminal 100 by dividing the user's biometric information into a plurality of unit areas and assigning identification numbers to each of the plurality of unit areas.
  • the biometric information management unit 150 matches the password of the unit area (or a feature point for each unit area) having the same identification number as the password among the biometric information assigned the identification number to each of the plurality of unit areas.
  • the first authentication may be performed by comparing the password and the corresponding password with the stored biometric information (S12). If the first authentication is successful, the terminal 100 may receive the first key value from the server 300 (S13). Step S13 may be performed before step S12, or may be performed simultaneously with step S12.
  • the terminal 100 may generate authentication information by encrypting the biometric information of the unit area having the identification number matched with the password input from the user and the unique information of the user using the first key value (S14).
  • the terminal 100 may transmit the authentication information to the financial device 200 together with the authentication result of the first authentication or sequentially (S15).
  • the financial device 200 may transmit the authentication information transmitted from the terminal 100 to the server 300 (S16).
  • the server 300 may decrypt the authentication information transmitted from the financial device 200 using the second key value (S17).
  • the server 300 may perform the second authentication using the password, biometric information, and the unique information of the user obtained by decrypting the authentication information (S18).
  • the server 300 may transmit the authentication result for the second authentication to the financial device 200 (S19).
  • the financial device 200 may determine whether to proceed with the financial transaction requested by the user based on the authentication result transmitted from the server 300 (S20). For example, the financial device 200 may proceed with a financial transaction when the authentication result transmitted from the server 300 is authentication success.
  • FIG. 6 shows a method of operating a financial transaction system according to a second embodiment of the present invention.
  • a terminal receives biometric information and a password from a user (S31), and the terminal performs first authentication using biometric information.
  • S32 the terminal receiving the first key value from the server (S33), the terminal encrypts the password, biometric information and the user's unique number to generate the authentication information (S34), the terminal the authentication information Step (S35), the financial device delivers the authentication information to the server (S36), the server decrypts the authentication information (S37), the server uses a password, biometric information and the user's unique information Performing second authentication (S38), the server transferring the authentication result to the financial device (S39), the financial device determining whether to proceed with the financial transaction (S40), and the server finances the second key value.
  • step S31 to step S45 will be described in more detail.
  • the terminal 100 may receive biometric information and / or a password from a user for user authentication (S31).
  • the biometric information may include an iris image, a fingerprint image, and / or a vein image, or a feature point of the iris image, fingerprint image, and / or vein image
  • the password may be at least one of letters, numbers, and symbols. It can be composed of a combination of.
  • the terminal 100 divides the user's biometric information into a plurality of unit areas and assigns an identification number to each of the plurality of unit areas (or within the plurality of unit areas). Each feature point can be given an identification number).
  • the biometric information management unit 150 matches the password with the unit area having the same identification number as the password among the biometric information assigned the identification number to each of the plurality of unit areas.
  • the terminal 100 may perform first authentication by comparing biometric information of a unit area having an identification number matched with a password with previously stored biometric information (S32).
  • the terminal 100 may receive the first key value from the server 300 (S33). Step S33 may be performed before step S32 or may be performed simultaneously with step S32.
  • the terminal 100 may generate authentication information by encrypting the password, biometric information, and the user's unique information input from the user using the first key value (S34).
  • the terminal 100 may transmit the authentication information to the financial device 200 together with the authentication result of the first authentication or sequentially (S35).
  • the financial device 200 may transmit the authentication information transmitted from the terminal 100 to the server 300 (S36).
  • the server 300 may decrypt the authentication information transmitted from the financial device 200 using the second key value (S37).
  • the server 300 may perform the second authentication using the password, biometric information, and the unique information of the user, which are obtained by decrypting the authentication information (S38).
  • the server 300 may transmit the authentication result for the second authentication to the financial device 200 (S39).
  • the financial device 200 may determine whether to proceed with the financial transaction according to the authentication result for the second authentication (S40). For example, if the authentication result of the second authentication is authentication success, the financial device 200 may continue the financial transaction.
  • the server 300 may transmit the second key value to the financial device 200 (S41).
  • the step S41 may be performed simultaneously with the step S39 or may be performed before the step S39.
  • the terminal 100 may transmit the first key value to the financial device 200 (S42).
  • the terminal 100 may transmit the first key value to the financial device 200 through short range wireless communication.
  • the financial device 200 may perform the third authentication by comparing the first key value received from the terminal 100 and the second key value received from the server 300 (S43).
  • the financial device 200 may determine whether the financial transaction requested from the user is finally approved based on the authentication result of the third authentication (S44). For example, the financial device 200 may stop the progress of the financial transaction if the authentication result for the third authentication is an authentication failure. That is, if the authentication result of the third authentication is an authentication failure, the financial device 200 may stop the financial transaction and guide (or notify) the user, cancel all the financial transactions, and then return to the initial transaction screen. .
  • the financial device 200 may complete the financial transaction when the authentication result for the third authentication is authentication success (S45). For example, the financial device 200 may finally approve the financial transaction if the authentication result of the third authentication is a successful authentication.
  • biometric information management unit 150 and 350 matches and matches the biometric information with a password will be described in detail.
  • FIG. 7 is a block diagram illustrating the biometric information recognizing apparatus or the biometric information management apparatus 150 or 350 according to an embodiment of the present invention.
  • 8 shows a fingerprint image according to an embodiment of the present invention.
  • 9 shows an iris image according to an embodiment of the present invention.
  • 10 shows a process of processing a fingerprint image according to an embodiment of the present invention.
  • biometric information recognition device or biometric information management device 150 or 350 is illustrated.
  • the configuration of the biometric information recognizing apparatus and the biometric information management apparatus 150 or 350 according to an embodiment of the present invention may be substantially the same.
  • the biometric information recognizing apparatus and the biometric information managing apparatus 150 and 350 may be disposed in the terminal 100 and / or the server 300.
  • the biometric information management apparatus 150 and 350 will be described as an example.
  • the biometric information management apparatus 150 or 350 may include a first processor 710 and a second processor 720.
  • the first processing unit 710 and the second processing unit 720 are shown separately, which is divided according to a function to the last, and the first processing unit 710 and the second processing unit 720 are one module. It may be configured.
  • the first processor 710 may divide the biometric information image into a plurality of unit areas.
  • the bioinformation image may be, for example, an iris image or a fingerprint image.
  • the first processor 710 may assign an identification number to each of the plurality of unit areas.
  • the identification number may be composed of a combination of at least one of letters, numbers, and symbols.
  • FIG. 8 a process of processing a fingerprint image by the first processor 710 as an example of a biometric information image is illustrated.
  • the first processor 710 may divide the fingerprint image into n unit areas (n ⁇ 2, n is a natural number).
  • the n value may be determined in consideration of the minimum area where the fingerprint image can be identified. That is, the first processing unit 710 may divide the fingerprint image into a plurality of unit areas in a range where user authentication is possible using the divided unit areas.
  • the first processing unit 710 may assign an identification number (for example, 1 to 9) to each of the n unit areas (or may assign an identification number to a feature point in the n unit areas).
  • a process in which an iris image is processed by the first processor 710 is illustrated as an example of a biometric image.
  • the first processor 710 may divide the iris image into n unit areas (n ⁇ 2, n is a natural number).
  • the n value may be determined in consideration of the minimum area where the iris image can be identified. That is, the first processor 710 may divide the iris image into a plurality of unit areas in a range where user authentication is possible using the divided unit areas.
  • the first processor 710 may assign an identification number (for example, 0 to 9 and a to f) to each of the n unit areas.
  • FIG. 10 a process of processing a fingerprint image by the second processor 720 as an example of a biometric information image is illustrated. Although the fingerprint image is shown in FIG. 10, the same may be applied to the iris image.
  • the second processor 720 may store the unit area having the same identification number as the password among the plurality of unit areas by matching the password. For example, the second processor 720 may generate authentication information by matching a unit area having the same identification number as a password among a plurality of unit areas with the password, and store the generated authentication information in the storage unit 140. have. In addition, the second processor 720 may transmit and store the generated authentication information to the server 300.
  • the password may be a password input from the user, for example, a password for authenticating the user.
  • the password may be composed of at least one of letters, numbers, and symbols in the same manner as the identification number.
  • the second processing unit 720 does not generate the authentication number, but matches the unit area having the same identification number as the password among the plurality of unit areas with the password, and then the processing unit 120 does this.
  • the authentication information may be generated by encrypting using the first key value.
  • the second processing unit 720 may include a unit area having the same identification number (eg, 1549) as the password (for example, 1549) input from the user among the plurality of unit areas divided by the first processing unit 710. Authentication information may be generated by matching the password.
  • the second processor 720 may store the generated authentication information. The stored authentication information may be used for user authentication. However, as described above, the second processing unit 720 does not generate an authentication number, and after matching a unit area having the same identification number as the password among the plurality of unit areas with the password, the processing unit 120 generates a second number.
  • the authentication information may be generated by encrypting using 1 key value.
  • FIG. 11 is a flowchart illustrating an authentication method using biometric information according to an embodiment of the present invention.
  • the biometric information is divided into a plurality of unit areas having an identification number (S1100), and the same as the password among the plurality of unit areas. Generating authentication information by matching a unit area having an identification number with the password (S1110), and transmitting the authentication information to the server 300 (S1120).
  • the biometric information management apparatus 150 or 350 may divide the biometric information image into a plurality of unit areas (S1100).
  • the bioinformation image may be, for example, an iris image or a fingerprint image.
  • the biometric information management apparatus 150 or 350 may assign an identification number to each of the plurality of unit areas.
  • the identification number may be composed of a combination of at least one of letters, numbers, and symbols.
  • the biometric information management apparatus 150 or 350 may generate authentication information by matching a unit area having the same identification number as a password among the plurality of unit areas with the password (S1110).
  • the password may be a password input from the user, for example, a password for authenticating the user.
  • the password may be composed of at least one of letters, numbers, and symbols in the same manner as the identification number.
  • the second processing unit 720 does not generate an authentication number, and after matching a unit area having the same identification number as the password among the plurality of unit areas with the password, the processing unit 120 generates a second number.
  • the authentication information can also be generated by encrypting with 1 key value.
  • the authentication information generated by the biometric information management apparatus 150 or 350 or the processing unit 120 may be transmitted to the server (S1120).
  • the server 300 may transmit the authentication result to the financial device 200 by comparing the transmitted authentication information with previously stored reference information.
  • the reference line connecting both end points of the eyes included in the iris image may be rotated to be horizontal to divide the iris image into a plurality of unit areas having an identification number (or the identification number may be a plurality of units). May be stored in association with feature points within the area). This is to keep the position, size, etc. of the divided unit regions constant when the biometric information management units 150 and 350 divide the iris image into a plurality of unit regions. Therefore, the accuracy of user authentication using the iris image can be improved.
  • the input unit 110 may provide a guide line for fingerprint input to the user. This is to obtain an accurate fingerprint image from the user, and to minimize errors in user authentication using a fingerprint image input later.
  • the biometric information management unit 150 or 350 may divide the biometric information image into a plurality of unit areas having an identification number. For example, the biometric information management unit 150 or 350 may divide the biometric information image into n unit areas (n ⁇ 2, n is a natural number). The n value may be determined in consideration of the minimum area where the biometric information image can be identified.
  • the biological information managers 150 and 350 may assign an identification number to each of the n unit areas.
  • FIG. 14 is a block diagram showing a financial transaction system according to another embodiment of the present invention.
  • a financial transaction system 1400 may include a financial device 1410 and a server 1420.
  • the financial device 1410 may be substantially the same as the financial device 1410 described with reference to FIGS. 12 and 13.
  • the financial device 1410 may receive a password and biometric image from the user to proceed with the transaction requested by the user.
  • the financial device 1410 may divide the input biometric image into a plurality of unit areas having an identification number.
  • the financial device 1410 may generate authentication information by matching the unit area having the same identification number as the password among the plurality of unit areas with the password.
  • authentication information may be generated by receiving a key value from the server 1200 and encrypting it.
  • the financial device 1410 may request the user authentication by transmitting the generated authentication information to the server 1420.
  • the server 1420 may compare the authentication information transmitted from the financial device 1410 with previously stored reference information and transmit the authentication result to the financial device 1420.
  • the server 1420 may include a storage unit 330 that stores the authentication information and / or reference information.
  • the server 1420 may compare the password included in the authentication information with a previously stored password.
  • the server 1420 may compare the unit area having the same identification number as the password included in the authentication information and the previously stored unit area.
  • the server 1420 may transmit an authentication success message to the financial device 1410. For example, if the authentication information transmitted from the financial device 1410 does not match the reference information, the server 1420 may transmit an authentication failure message to the financial device 1410. For example, the server 1420 may output an authentication failure message when at least one of the unit area having the same identification number as the password and password included in the authentication information does not match the password and unit area included in the reference information. 1410.
  • the biometric information management apparatus 150 or 350 may store only a part of the biometric information having the same identification number as the password. Therefore, the biometric information, which is the user's personal information, can be protected from hacking / leakage. In addition, the user's refusal to transmit or store all of his personal information to the trading institution can be minimized.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

La présente invention porte, selon un mode de réalisation, sur un dispositif financier qui peut comprendre : une unité de communication destinée à recevoir, d'un terminal d'utilisateur, un résultat d'authentification d'utilisateur primaire, des informations d'authentification d'utilisateur cryptées et une première valeur clé, à transmettre à un serveur les informations d'authentification d'utilisateur cryptées, et à recevoir du serveur un résultat d'authentification d'utilisateur secondaire et une seconde valeur clé ; et une unité de traitement destinée à traiter une transaction financière demandée par l'utilisateur si le résultat d'authentification d'utilisateur secondaire est réussi, à exécuter une authentification d'utilisateur tertiaire par comparaison de la première valeur clé reçue et de la seconde valeur clé reçue, et à traiter une approbation finale pour la transaction financière demandée si le résultat d'authentification d'utilisateur tertiaire est réussi.
PCT/KR2016/008399 2015-07-30 2016-07-29 Dispositif financier utilisant des informations biométriques et son procédé de fonctionnement Ceased WO2017018861A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2015-0108208 2015-07-30
KR1020150108208A KR20170014574A (ko) 2015-07-30 2015-07-30 생체정보 인식장치, 생체정보 관리장치, 생체정보를 이용한 인증방법 및 인증 시스템
KR10-2015-0114334 2015-08-13
KR1020150114334A KR101710794B1 (ko) 2015-08-13 2015-08-13 금융기기, 금융거래 시스템 및 그것의 동작방법

Publications (1)

Publication Number Publication Date
WO2017018861A1 true WO2017018861A1 (fr) 2017-02-02

Family

ID=57884924

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/008399 Ceased WO2017018861A1 (fr) 2015-07-30 2016-07-29 Dispositif financier utilisant des informations biométriques et son procédé de fonctionnement

Country Status (1)

Country Link
WO (1) WO2017018861A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107633162A (zh) * 2017-10-19 2018-01-26 深圳怡化电脑股份有限公司 一种身份认证方法、装置、系统、设备及存储介质
CN109978535A (zh) * 2017-12-28 2019-07-05 李耀庭 一种电子钱包的私钥处理方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001117878A (ja) * 1999-10-22 2001-04-27 Nec Network Sensa Kk 個人識別認証方式
KR20010092132A (ko) * 2000-03-20 2001-10-24 김상균 바이오매트릭스 정보를 이용한 금융거래 시스템
KR20060056805A (ko) * 2004-11-22 2006-05-25 아이리텍 잉크 다중스케일 가변영역분할 홍채인식 방법 및 시스템
JP2006331355A (ja) * 2005-05-30 2006-12-07 Casio Electronics Co Ltd 認証装置
JP2015018413A (ja) * 2013-07-11 2015-01-29 セイコーエプソン株式会社 携帯端末、画像表示方法、及びプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001117878A (ja) * 1999-10-22 2001-04-27 Nec Network Sensa Kk 個人識別認証方式
KR20010092132A (ko) * 2000-03-20 2001-10-24 김상균 바이오매트릭스 정보를 이용한 금융거래 시스템
KR20060056805A (ko) * 2004-11-22 2006-05-25 아이리텍 잉크 다중스케일 가변영역분할 홍채인식 방법 및 시스템
JP2006331355A (ja) * 2005-05-30 2006-12-07 Casio Electronics Co Ltd 認証装置
JP2015018413A (ja) * 2013-07-11 2015-01-29 セイコーエプソン株式会社 携帯端末、画像表示方法、及びプログラム

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107633162A (zh) * 2017-10-19 2018-01-26 深圳怡化电脑股份有限公司 一种身份认证方法、装置、系统、设备及存储介质
CN107633162B (zh) * 2017-10-19 2020-09-15 深圳怡化电脑股份有限公司 一种身份认证方法、装置、系统、设备及存储介质
CN109978535A (zh) * 2017-12-28 2019-07-05 李耀庭 一种电子钱包的私钥处理方法

Similar Documents

Publication Publication Date Title
US10681025B2 (en) Systems and methods for securely managing biometric data
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2016056853A1 (fr) Système pour l'authentification pratique de personne à l'aide d'un terminal de communication mobile et d'une carte bancaire réelle et procédé associé
WO2016171295A1 (fr) Authentification dans un environnement omniprésent
EP2690840B1 (fr) Appareil et procédé d'interaction d'informations de sécurité basée sur l'internet
WO2017057899A1 (fr) Système d'authentification intégré pour authentification grâce à des nombres aléatoires à usage unique
US20180343247A1 (en) Method, user terminal and authentication service server for authentication
WO2018234882A1 (fr) Système et procédé de réalisation d'une transaction
WO2016200107A1 (fr) Système de paiement sans rejet d'utilisateur et procédé utilisant un terminal d'utilisateur
WO2017043717A1 (fr) Procédé d'authentification biométrique d'un utilisateur
WO2016085062A1 (fr) Procédé d'authentification par carte d'authentification nfc
WO2018043951A1 (fr) Dispositif et système pos pour effectuer une authentification de paiement à l'aide d'informations biométriques, et son procédé de commande
WO2017065576A1 (fr) Procédé et système d'authentification d'utilisateur faisant appel à un clavier variable
WO2015069028A1 (fr) Authentification multicanal, procédé de transfert financier et système utilisant un terminal de communication mobile
WO2014084606A1 (fr) Système de portefeuille numérique et procédé avec double authentification pour un service de portefeuille numérique
WO2017052277A1 (fr) Procédé et système d'authentification d'identité utilisant un pavé numérique variable
WO2022114290A1 (fr) Système d'authentification personnelle sans contact et procédé associé
WO2017018861A1 (fr) Dispositif financier utilisant des informations biométriques et son procédé de fonctionnement
WO2019031666A1 (fr) Carte à puce pour générer un numéro de carte virtuelle et procédé et programme de fourniture de numéro de carte virtuelle basés sur une carte à puce
WO2020184815A1 (fr) Procédé de paiement automatique mobile basé sur un mot de passe à usage unique et système l'utilisant
WO2020162738A1 (fr) Procédé, programme, serveur et dispositif vestimentaire pour fournir une transaction financière sur la base d'un dispositif vestimentaire
WO2022034981A1 (fr) Procédé et appareil de réservation de billets à base d'identification décentralisée à chaîne de blocs
US20200162459A1 (en) Method for authenticating smart glasses in a data network
WO2022050658A1 (fr) Terminal d'utilisateur et dispositif d'exécution d'authentification permettant d'effectuer une authentification de facteur 2 de pseudonyme, et son procédé de fonctionnement associé
WO2022186653A1 (fr) Dispositif à carte à puce, ainsi que dispositif et procédé de génération d'un code de sécurité virtuel par détermination d'une correspondance entre des données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16830894

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16830894

Country of ref document: EP

Kind code of ref document: A1