Search

JP-7855743-B2 - Procedure approval device and method for a virtual authentication code infrastructure

JP7855743B2JP 7855743 B2JP7855743 B2JP 7855743B2JP-7855743-B2

Inventors

  • ユ チャンフン

Assignees

  • センストーン インコーポレイテッド

Dates

Publication Date
20260508
Application Date
20250116
Priority Date
20200224

Claims (6)

  1. A method performed by a server, The server receives a virtual authentication code and a request for user authentication, The server extracts user authentication information used for user authentication based on at least one detail code contained in the virtual authentication code. Includes, The aforementioned virtual authentication code is generated by a virtual authentication code generation function within the user terminal without a separate communication connection with the server, and is generated by changing each unit count that changes as a specific time interval elapses. The user authentication information is transmitted to the server or the device that requested the user authentication from the server, and is used to verify the user's authority to perform a specific procedure. The authority to carry out the aforementioned procedure includes the authority to carry out at least one of several types of procedures. Procedure approval method for the virtual authentication code infrastructure.
  2. The virtual authentication code is generated by combining a first code with a second code included in a plurality of detail codes according to a specific rule. The first code and the second code are correlated, The first code determines a search starting point related to the storage location where the user authentication information is stored on the server, The procedure approval method for a virtual authentication code infrastructure according to claim 1, characterized in that the second code determines a search path relating to the storage location from the search starting point.
  3. The validity period data for the virtual authentication code is set via the user terminal. Based on the aforementioned validity time data, a third code included in the plurality of detail codes is further generated. The procedure approval method for a virtual authentication code infrastructure according to claim 2, characterized in that the virtual authentication code is generated by combining the first code, the second code, and the third code in accordance with specific rules.
  4. The aforementioned virtual authentication code is Includes a virtual security code generated based on time data relating to when the virtual authentication code was generated, or time data relating to when the user authentication was requested. The procedure approval method for a virtual authentication code infrastructure according to claim 2, characterized in that the server further verifies the virtual authentication code based on the virtual security code.
  5. The procedure approval method for a virtual authentication code infrastructure according to claim 1, characterized in that the virtual authentication code is generated based on either the card data provided to the user terminal or the biometric data provided to the user terminal.
  6. Of the aforementioned multiple types, the virtual authentication code according to the first type includes the first virtual authentication code and the second virtual authentication code. The first virtual authentication code is generated by a first virtual authentication code generation function within the first user terminal, based on the first user information. The aforementioned second virtual authentication code is generated by a second virtual authentication code generation function within the second user terminal, based on the second user information. The stage in which the aforementioned request is received involves receiving the first virtual authentication code and the second virtual authentication code, thereby receiving the user authentication for the first type. The procedure approval method for a virtual authentication code infrastructure according to claim 2, characterized in that the authority to perform the aforementioned procedure can only be performed if the user identification codes corresponding to the respective authorities of the first virtual authentication code and the second virtual authentication code are identical to each other.

Description

This invention relates to a procedure approval device and method for a virtual authentication code infrastructure, and more particularly, to a method and device for generating a virtual authentication code for each user, generated in a way that does not duplicate at each point in time, authenticating the user based on this code, and approving the procedure requested by the user. OTP (One-Time Password) is a user authentication method that utilizes a randomly generated one-time password. This OTP authentication method is a system introduced to enhance security. By generating a one-time password each time a user logs in and performing user authentication, it overcomes the security vulnerabilities that arise from the repeated use of the same password. However, existing OTP authentication methods require users to log in by entering a password at the start of the process. After identifying the user, an OTP (One-Touch Pass) is generated using the OTP function assigned to that user, and OTP authentication is completed through this process. This method has the disadvantage of requiring users to log in each time OTP authentication is performed. Therefore, an invention is needed that can generate an OTP and perform user authentication without requiring the user to log in each time authentication is requested. On the other hand, since January 1, 2020, corporations have been able to open corporate accounts remotely through agents of their officers or employees. That is, financial institutions can approve account opening for a corporation if the corporate customer undergoes a remote, real-name verification procedure through an agent. However, this new policy has its drawbacks and security vulnerabilities. The corporation's representative must entrust their official seal and documents to their agent. Therefore, there are concerns about fraudulent use through identity theft, and if the agent forges the representative's signature or misuses their name, procedural verification remains difficult. Therefore, a system is required that generates identification information capable of identifying the representative and the agent authorized to manage the corporate bank account, and uses this identification information to identify each representative and agent and proceed with financial transactions. In particular, in the case of identification information, it is desirable to generate and provide a virtual code to prevent leakage to third parties. Furthermore, while many financial transactions are currently conducted via computers and mobile devices, the repetitive authentication procedures for each transaction cause users to feel fatigued when using the program or application. Therefore, a system is required that simplifies user authentication using only a single piece of identification information generated based on user information. Furthermore, the need for such a measure is not limited to the aforementioned financial transactions. In specific companies, institutions, etc., when performing procedures that require supervisor approval, it is also possible to request approval or authorization for such procedures through a virtual code that can authenticate the supervisor. However, to date, there is a lack of appropriate authentication methods, particularly those involving virtual codes, for various financial transactions and procedures, not just for opening corporate bank accounts as mentioned above. This is a diagram illustrating the configuration of a procedure approval system using a virtual authentication code, according to one embodiment of the present invention.This flowchart schematically illustrates a procedure approval method for a virtual authentication code infrastructure according to one embodiment of the present invention.This is a configuration diagram of a virtual authentication code generation means according to one embodiment of the present invention.This is an illustrative diagram showing how a virtual authentication code infrastructure performs financial transactions using one embodiment of the present invention.This is a configuration diagram of a virtual authentication code verification device according to one embodiment of the present invention.This figure illustrates a method for searching for the storage location of user authentication information using a K-sided polygon storage location search algorithm according to one embodiment of the present invention.This is an illustrative diagram of a user authentication method relating to a first type of procedure according to one embodiment of the present invention. The advantages, features, and methods for achieving them of the present invention will become clearer with reference to the embodiments described in detail below, along with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below and can be embodied in a variety of other forms. These embodiments are merely provided to complete the disclosure of the pr