Search

EP-4462736-B1 - SMART CARD DEVICE, DEVICE FOR GENERATING VIRTUAL CODE FOR AUTHENTICATION, METHOD OF GENERATING VIRTUAL CODE FOR AUTHENTICATION USING THE SAME, AND SERVER FOR VERIFYING VIRTUAL CODE FOR AUTHENTICATION

EP4462736B1EP 4462736 B1EP4462736 B1EP 4462736B1EP-4462736-B1

Inventors

  • YOO, CHANG HUN

Dates

Publication Date
20260513
Application Date
20220302

Claims (9)

  1. A method performed by a device for generating a virtual code for authentication, comprising: transmitting (S110), time data to a card upon tagging of the card in which an IC chip has been embedded; receiving (S120), from the card, a virtual code for primary authentication generated based on the time data; generating (S130), a virtual code for secondary authentication by using the virtual code for primary authentication; transmitting (S140), at least one of the virtual codes for primary authentication and the virtual code for secondary authentication to a server; and requesting (S150), the server to perform verification on theat least one; wherein the virtual code for primary authentication comprises a plurality of codes, a first code of the plurality of codes is generated based on the time data and a first OTP, wherein the first OTP is generated by the card, by using, as seed data, a secret value stored in the card and the time data and a second code of the plurality of codes is generated by subtracting, from the first code, first user identification, UID, which is identification information of the card, characterized in that : generating a third code by subtracting, from the first code, a second UID, that is, identification information of the device for generating a virtual code for authentication and generating the virtual code for secondary authentication, wherein the virtual code for secondary authentication is generated by combining the first code, the second code, and the third code.
  2. The method of claim 1, wherein generating the virtual code for secondary authentication comprises: the device for generating a virtual code for authentication, generating a second OTP based on the virtual code for primary authentication, and generating the virtual code for secondary authentication based on the second OTP and second UID which is identification information of the device for generating a virtual code for authentication.
  3. The method of claim 2, wherein: the virtual code for secondary authentication is verified by the server, by comparing the second OTP included in the virtual code for secondary authentication and a second OTP for verification, and the second OTP for verification is generated by the server based on seed data identical with seed data used when the second OTP is generated.
  4. The method of claim 1, wherein the virtual code for primary authentication is used for user authentication upon offline access control and online login.
  5. The method of claim 1, wherein the virtual code for secondary authentication is used for user authentication upon financial settlement.
  6. The method of claim 1, wherein the time data has a form combined with an application protocol data unit, APDU, command.
  7. A program stored in a computer-readable recording medium in order to execute any one method of claims 1 to 6 in combination with a computer.
  8. A smart card device (10) comprising: an NFC module configured to receive time data from a device for generating a virtual code for authentication through card tagging; and an IC module configured to generate a virtual code for primary authentication based on the received time data, wherein the virtual code for primary authentication is autonomously transmitted and used for user authentication or is used to generate a virtual code for secondary authentication, the virtual code for secondary authentication is generated by the device for generating a virtual code for authentication by using the virtual code for primary authentication, and the virtual code for secondary authentication is transmitted from the device for generating a virtual code for authentication to a server so that the server performs verification on the virtual code for secondary authentication; wherein the virtual code for primary authentication comprises a plurality of codes, a first code of the plurality of codes is generated based on the time data and a first OTP, wherein the first OTP is generated by the card, by using, as seed data, a secret value stored in the card and the time data and a second code of the plurality of codes is generated by subtracting, from the first code, first user identification, UID, which is identification information of the card, characterized in that : generating a third code by subtracting, from the first code, second UID, that is, identification information of the device for generating a virtual code for authentication and generating the virtual code for secondary authentication, wherein the virtual code for secondary authentication is generated by combining the first code, the second code, and the third code
  9. A device (20) for generating a virtual code for authentication, comprising: a communication unit configured to transmit time data to a card upon tagging of the card in which an IC chip has been embedded and receive, from the card, a virtual code for primary authentication generated based on the time data; a code generation unit configured to generate a virtual code for secondary authentication by using the virtual code for primary authentication; and a verification request unit configured to request the server to perform verification on the virtual code for secondary authentication by transmitting the virtual code for secondary authentication to the server through the communication unit; wherein the virtual code for primary authentication comprises a plurality of codes, a first code of the plurality of codes is generated based on the time data and a first OTP, wherein the first OTP is generated by the card, by using, as seed data, a secret value stored in the card and the time data and a second code of the plurality of codes is generated by subtracting, from the first code, first user identification, UID, which is identification information of the card, characterized in that : generating a third code by subtracting, from the first code, second UID, that is, identification information of the device for generating a virtual code for authentication and generating the virtual code for secondary authentication, wherein the virtual code for secondary authentication is generated by combining the first code, the second code, and the third code.

Description

[Technical Field] The present disclosure relates to a smart card device, a device for generating a virtual code for authentication, a method of generating a virtual code for authentication using the same, and a server for verifying a virtual code for authentication. [Background Art] Code form data is used in many areas. An IPIN number, a social security number, etc. for user identification in addition to a card number and an account number used upon payment are code form virtual code generation devices for data authentication. However, many accidents in which such code data is leaked in a process of the code data being used occurs. The card number is visually leaked to others because an actual card number is written in a surface of a card as it is. Upon payment using a magnetic property, the card number is leaked as the card number is transferred to a POS device as it is. Many attempts to use a virtual code have been made in order to prevent an actual code from being leaked as it is, but data for identifying a user is required in order to search for the actual code corresponding to the virtual code. However, a one-time password (OTP) is accompanied by inconvenience because a separate OTP generation device is required. In particular, a user terminal has a weak point in security because seed data used to generate an OTP is leaked. Accordingly, there is a need for a scheme for generating an OTP code like generating a virtual security code necessary for user authentication based on card data of cards owned by many users, but simultaneously preventing seed data from being leaked without a need for a separate OTP generation device. A similar method for authentication using a nfc authentication card is known from JP2016103260A. Another similar method for user authentication using virtual authentication codes is known from WO2020032498A1. [Disclosure] [Technical Problem] An object to be solved by the present disclosure is to provide a smart card device, a device for generating a virtual code for authentication, a method of generating a virtual code for authentication using the same, and a server for verifying a virtual code for authentication. Objects to be solved by the present disclosure are not limited to the aforementioned objects, and the other objects not described above may be evidently understood from the following description by those skilled in the art. [Technical Solution] A method of generating a virtual code for authentication, which is performed by a device for generating a virtual code for authentication according to an aspect of the present disclosure for solving the aforementioned object, includes transmitting time data to a card upon tagging of the card in which an IC chip has been embedded, receiving, from the card, a virtual code for primary authentication generated based on the time data, generating a virtual code for secondary authentication by using the virtual code for primary authentication, transmitting at least one of the virtual code for primary authentication and the virtual code for secondary authentication to a server, and requesting the server to perform verification on the at least one. In the present disclosure, the virtual code for primary authentication includes a plurality of codes, a first code of the plurality of codes is generated based on the time data and a first OTP, and a second code of the plurality of codes is generated by excluding, from the first code, first user identification (UID), that is, identification information of the card. In the present disclosure, generating the virtual code for secondary authentication generating the virtual code for secondary authentication includes generating a third code by excluding, from the first code, second UID, that is, identification information of the device for generating a virtual code for authentication, and generating the virtual code for secondary authentication by combining the first code, the second code, and the third code.. In the present disclosure, verification may be performed on the card based on the first code and the second code, and verification may be performed on the device for generating a virtual code for authentication based on the first code and the third code. In the present disclosure, generating the virtual code for secondary authentication may include generating a second OTP based on the virtual code for primary authentication, and generating the virtual code for secondary authentication based on the second OTP and second UID, that is, identification information of the device for generating a virtual code for authentication. In the present disclosure, the virtual code for secondary authentication may be verified by comparing the second OTP included in the virtual code for secondary authentication and a second OTP for verification, and the second OTP for verification may be generated by the server based on seed data identical with seed data used when the second OTP is generated. In the present disclosur