KR-20260065400-A - The Mobile Identity Authentication System and Method Using Static Code and Bluetooth

Abstract

The present invention relates to a mobile identity authentication system, wherein the mobile identity authentication system using a static code is characterized in that the user terminal stores and displays a static code including a uniquely identifiable ID and an Identity Resolving Key (IRK) of a Bluetooth device, broadcasts a Bluetooth advertisement packet to a surrounding network using the IRK via a Bluetooth Resolvable Private Address (RPA), and the authentication device scans the static code to extract the uniquely identifiable ID and the IRK, confirms the presence of a user terminal broadcasting the Bluetooth RPA in the vicinity using the IRK, and authenticates the user based on the uniquely identifiable ID.

Inventors

• 김경수

Assignees

• 김경수

Dates

Publication Date

20260508

Application Date

20241101

Claims (10)

1. In a mobile identity authentication system using static codes, The user terminal is: Stores and displays a temporary code containing a uniquely identifiable ID, and Exchanges and stores the IRK (Identity Resolving Key) of the Bluetooth device through the Bluetooth pairing (bonding) process with the authentication device, and Receives, stores, and displays static code encrypted with a secret key including the above IRK and unique identification ID, and Broadcasting Bluetooth advertisement packets to surrounding networks using the above IRK via Bluetooth RPA (Resolvable Private Address), and The authentication device includes an initial register and an authentication unit, and The initial register is: Scan the above temporary code to extract a unique identification ID, and The above IRK is exchanged and stored through a Bluetooth pairing (bonding) process with the above user terminal, and Generates static code encrypted with a secret key including the above-mentioned unique identification ID and IRK, and provides it to the above-mentioned user terminal so that the static code can be utilized for identity authentication, and The certification department is: Scan the static code presented from the above user terminal and decrypt and extract the unique identification ID and IRK using a secret key, and Using the above IRK, the presence of a user terminal broadcasting Bluetooth RPA in the vicinity is confirmed, and A mobile identity authentication system characterized by authenticating a user based on the above-mentioned unique identification ID.
2. In claim 1, A mobile identity authentication system characterized by the above authentication device generating and decrypting the static code encrypted with a secret key without a separate server connection to extract a unique identification ID and an IRK.
3. In claim 1, A mobile identity authentication system characterized in that the user terminal and the authentication device exchange the IRK through a Bluetooth pairing (bonding) process during initial registration and store the IRK respectively, and the authentication device generates a static code encrypted with a secret key including the IRK and a unique identification ID and provides it to the user terminal.
4. In claim 1, A mobile identity authentication system characterized in that the above static code contains information encrypted with a secret key, including a unique identification ID and IRK of a user terminal, and an authentication device decrypts the code using the said secret key.
5. In claim 1, A mobile identity authentication system characterized by the above-mentioned user terminal enabling communication with an authentication device by continuously broadcasting Bluetooth advertisement packets even when the screen is off or another application is running.
6. In claim 1, A mobile identity authentication system characterized by the above authentication device storing and managing the access history of a user through the above unique identification ID.
7. In claim 1, A mobile identity authentication system characterized by the fact that, to prevent duplication or tampering of the above static code, data included in the code is encrypted with a secret key, and an authentication device decrypts the data to determine its authenticity.
8. In claim 1, A mobile identity authentication system characterized by preventing duplicate issuance by checking whether a static code for a unique identification ID of a user terminal has already been generated at the time of initial registration.
9. In claim 1, A mobile identity authentication system characterized by the above-described authentication device enhancing the security of the authentication procedure by verifying the BLE IRK key only within a short-range wireless communication range.
10. In claim 1, A mobile identity authentication system characterized by the fact that the above-mentioned user terminal can continuously use the above-mentioned static code even after the authentication process, so that additional code updates are not required.

Description

Mobile Identity Authentication System and Method Using Static Code and Bluetooth The Mobile Identity Authentication System and Method Using Static Code and Bluetooth The present invention relates to a mobile identity authentication system, and more specifically, to a mobile identity authentication system and method that prevents the duplication or falsification of a code by cross-verifying a user's smartphone Bluetooth unique identifier using a static code. Existing mobile identity authentication systems primarily utilize dynamic codes for user authentication. These dynamic codes change at regular intervals, requiring users to access a separate application to obtain a new code for identity verification. While this method aims to enhance security, it causes several inconveniences and issues from a user perspective. First, there is the inconvenience for users. To obtain a dynamic code, users must access a separate application each time and wait for a new code to be generated. This process requires communication with the authentication server, and delays may occur depending on network conditions. In particular, when network traffic is congested, loading times become long, causing significant inconvenience for users attempting mobile identity verification. Second, there is an increased burden on the server side. In the dynamic code method, the server must individually manage the validity period and active status of dynamic codes issued to all users. This increases system load and consumes significant server resources. Furthermore, efficiency may decrease when managing a large number of users. Third, there is a limitation in security. Even with the dynamic code method, there is a possibility that the code may be shared with others within its short activation period. This causes a problem where security is compromised during the authentication process, despite the short change cycle of the code itself. Therefore, it is difficult to ensure perfect security using dynamic code alone. To address these issues, the present invention proposes a mobile identity authentication method utilizing static code. Since static code does not change once issued, users do not need to repeatedly access the application to update the code. This significantly improves user convenience. However, because static code is susceptible to duplication or tampering, additional security measures are required. Accordingly, the present invention utilizes a cross-verification technique using the unique Bluetooth identifier of a user's smartphone. The smartphone's Bluetooth device broadcasts advertising packets to nearby networks in real time via Bluetooth RPA (Resolvable Private Address), even when the screen is off or other apps are running. By utilizing this, it is possible to verify whether a user's terminal actually displaying the code is nearby, rather than determining whether the static code has been duplicated. By introducing cross-verification with a Bluetooth unique identifier to the existing static code method, high security can be secured without a separate server connection. The authentication device scans the static code, decrypts the code using a secret key that encrypted the code to obtain user identification information and a Bluetooth IRK key, and then performs authentication by confirming the presence of a nearby terminal using the corresponding IRK key. Accordingly, the present invention provides a method for enhancing security through cross-verification of static code and a Bluetooth unique identifier to resolve the inconvenience and security issues arising from mobile identity authentication systems using dynamic code. This allows for increased user convenience and system efficiency while ensuring a high level of security. FIG. 1 is a configuration diagram of a system according to the present invention. The present invention relates to a mobile identity authentication system, and more specifically, to a mobile identity authentication system and method that prevents the duplication or falsification of a code by cross-verifying a user's smartphone Bluetooth unique identifier using a static code. The above system is characterized as a mobile identity authentication system using static codes. To explain in more detail, the static code is characterized by including at least one of a QR code, a barcode, and an image code. In one embodiment according to the present invention, the user terminal stores and displays a static code including a uniquely identifiable ID and an Identity Resolving Key (IRK) of a Bluetooth device, and broadcasts a Bluetooth advertisement packet to a surrounding network using the IRK via a Bluetooth Resolvable Private Address (RPA). In addition, in one embodiment according to the present invention, the authentication device scans the static code to extract a unique identification ID and an IRK, uses the IRK to confirm the presence of a user terminal broadcasting Bluetooth RPA in the vicinity, and authenticates t