• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to an authentication processing method using a wireless communication device including a wireless authentication (electronic signature) function, and includes an integrated chip (IC) in which an algorithm capable of processing a wireless certificate and generating a key is embedded. From the client carrying a wireless communication device (a mobile communication terminal, a PDA having a wireless communication function, a smartphone, an IMT-2000, etc.) equipped with a card or an application program, The public key generated through a wireless communication device and the personal information of the client are transmitted to a certification authority (CA), and a certificate is obtained from a certification authority (CA) to wirelessly communicate with the client. Product information, payment information, and wireless communication of the client, which are stored in a device and are connected to the Internet shopping mall by the wireless communication device and purchased. Transmits a certificate combined with a secret key generated by using the device to the Internet shopping mall, and the Internet shopping mall receiving the information requests the certification authority to obtain a public key of the client. By confirming the client's authentication, electronic commerce using the client's wireless communication device (mobile communication terminal, all wireless communication devices including PDA, smart phone, IMT-2000, etc. with built-in wireless communication function) is possible. The present invention relates to a method of making it easier to use a wireless communication device to perform legal acts, such as contracts, for which a signature of a is required. In addition, an IC (Integrate Chip) card or an application program in which unique IP address information is input (assigned) from an Internet Protocol (IP) address granting authority without involvement of a certification authority (CA) The present invention relates to a method for enabling the electronic commerce, the contract, and the like through authentication through the IP address.
    公开号:KR20040041147A
    申请号:KR1020040030780
    申请日:2004-04-30
    公开日:2004-05-14
    发明作者:김재형;홍종철;윤종민
    申请人:주식회사 비즈모델라인;
    IPC主号:
    专利说明:

    Method for the process of certification using mobile communication devices with the function of wireless certification (digital signature)}
    [22] The present invention provides a wireless communication device (mobile communication terminal, wireless communication function) equipped with an integrated chip (IC) card or application program (IC) in which an algorithm capable of processing a wireless certificate and generating a key is embedded. The public key generated through the wireless communication device and the personal information of the client from the client carrying the built-in PDA, smart phone, IMT-2000, etc.). Transmit the certificate to a certification authority (CA), obtain a certificate from a certification authority (CA), store the certificate in a wireless communication device of the client, access the corresponding Internet shopping mall with the wireless communication device, and Transferring a certificate combined with a secret key generated using the client's wireless communication device to the internet shopping mall The Internet shopping mall receiving the information requests the certification authority to obtain the public key of the client and confirms the authentication of the client, thereby embedding the client's wireless communication device (mobile communication terminal and wireless communication function). To make it easier to use the wireless communication device for legal activities such as contracts that can be used for electronic commerce using the PDA, smart phone, IMT-2000, etc. It is about how to.
    [23] In addition, an IC (Integrate Chip) card or an application program in which unique IP address information is input (assigned) from an Internet Protocol (IP) address granting authority without involvement of a certification authority (CA) The present invention relates to a method for enabling the electronic commerce, the contract, and the like through authentication through the IP address.
    [24] The accelerated development of the Internet has changed many things throughout life. Many changes and new attempts continued, and Internet users wanted to use the Internet more easily, free from the space limitations of the wired Internet, which was connected to the Internet using existing telephone lines or leased lines. Regardless of space constraints, active wireless Internet has been developed to meet the needs of these Internet users.
    [25] However, unlike general PCs, wireless terminals (communication devices) for accessing the wireless Internet do not have complicated calculation tasks or sufficient storage space, and wireless data communication shows lower data rates than wired data communication. This follows. In order to cope with these limitations of wireless data communication, new wireless Internet access technology is being developed.Wireless Application Protocol developed by Ericsson, Motorola, etc. ) And Microsoft's Mobile Explorer (ME).
    [26] 1 is a simple block diagram of a wireless Internet using a WAP (Wireless Application Protocol).
    [27] Wireless Application Protocol (WAP) is a wireless Internet standard protocol developed by the WAP Forum, which consists of wireless carriers to provide wireless data services to wireless communication devices. The WAP Forum was formed in 1997 under the leadership of Ericsson, Nokia, Motorola, Phone.com, and more than 300 companies worldwide.
    [28] Wireless Application Protocol (WAP) uses an Internet standard protocol that supports Wireless Markup Language (WML) to solve the speed issues that arise when applying HyperText Markup Language (HTML) to the wireless. Wireless MarkupLanguage (WML) is a small markup language similar to HTML, suitable for portable devices. Built on XML (eXtensible Markup Language), it is designed to be used in one hand without a keyboard on small displays.
    [29] Wireless Application Protocol (WAP) provides a WAP Proxy type gateway between a wireless communication device and a web server to provide a function of displaying and retrieving Internet information to a wireless communication device at high speed. Gateway) supports the wireless Internet environment by acting as a translation between the WAP protocol and the TCP / IP protocol.
    [30] The Wireless Application Protocol (WAP) architecture includes the Wireless Application Environment (WAE), the Wireless Session Protocol (WSP), the Wireless Transaction Protocol (WTP), the Wireless Transport Layer Security (WTLS), and the transport. WDP (Wireless Datagram Protocol), bearers (Bearers) and the like.
    [31] WAE (Wireless Application Environment) is a development environment that can support wireless Internet service and mobile phone service. It is designed to operate on any wireless internet platform and provides general purpose application development environment based on mobile phone technology. .
    [32] Wireless Session Protocol (WSP) handles connection-oriented and connectionless session services and encodes headers and functions to optimize content delivery over the radio.
    [33] WTP (Wireless Transaction Protocol) is a simple transaction protocol that is suitable to be implemented in a mobile environment. It is executed for datagram services. It is divided into Classes 1-3 and provides differentiated services. Services provide reliability and reduce link overhead.
    [34] Wireless Transport Layer Security (WTLS) is a security protocol based on the industry-standard Transport Layer Security (TLS) known as Secured Socket Layer (SSL). Integrity, Privacy, Authentication, and Denial of Service of Service protection) function.
    [35] Wireless Datagram Protocol (WDP) provides addressing for end-to-end transmission and has multiplexing capabilities such as the Internet's User Datagram Protocol (UDP).
    [36] Bearers have designed WAP to include various transport services, and specify what kind of action WAP will perform according to each transport service.
    [37] 2 is a simple block diagram of the wireless Internet using MME (Microsoft Mobile Explorer).
    [38] Mobile Explorer (ME) is Microsoft's Small Device browser, and was developed to support a variety of data devices, unlike the Wireless Application Protocol (WAP), which focuses on mobile phones. ME is a HyperText Markup Language (HTML) browser that supports mobile phones developed to implement wireless Internet using existing Internet standards.
    [39] However, as the contents on the Internet are diversified and paid, the wireless Internet service using the above methods is gradually increasing, and the wireless communication devices (mobile communication terminals, PDAs with a wireless communication function, smart phones, etc.) are connected to the wireless Internet by the above methods. In the current situation in which billing or payment using a wireless communication device including a phone, an IMT-2000, etc. is becoming more common, a large amount of security or personal authentication procedures are required for a large amount of payment or contract act using the wireless communication device. Convenience and popularity have become necessary.
    [40] An object of the present invention to solve the above problems is to wirelessly equipped with an IC (Integrate Chip) card or an application program with an algorithm capable of processing a wireless certificate and generating a key. Public key generated through the wireless communication device from the client carrying the communication device (mobile communication terminal, all wireless communication devices including PDA, smartphone, IMT-2000, etc. with built-in wireless communication function) And transmit personal information of the client to a certification authority (CA), obtain a certificate from a certification authority (CA), store the certificate in a wireless communication device of the client, and store the Internet shopping mall as the wireless communication device. Combination of product information, payment information, and secret key generated using wireless communication device of client Transfer Certificate (Certificate) to the Internet shopping and Internet shopping mall receiving the information requested on the certificate authority obtains a public key (Public Key) of the client, and to provide a way to verify the authenticity of the client,
    [41] In addition, an IC (Integrate Chip) card or an application program in which unique IP address information is input (assigned) from an Internet Protocol (IP) address granting authority without involvement of a certification authority (CA) The present invention provides a method for enabling the electronic commerce, the contract, and the like through authentication through the IP address by storing in a wireless communication device.
    [1] 1 is a simple block diagram of a wireless Internet using a WAP (Wireless Application Protocol).
    [2] 2 is a simple configuration diagram of the wireless Internet using MME (Microsoft Mobile Explorer)
    [3] 3 is a main configuration of the present invention in which a client carrying a wireless communication device including a wireless authentication (electronic signature) function, a certification authority for issuing a wireless digital signature certificate, and an Internet shopping mall are connected.
    [4] 4 is a simple configuration diagram in which a client carrying a wireless communication device including a wireless certificate (electronic signature) function, a certification authority (CA), an insurance company, and the like, which issue a wireless digital signature certificate are connected.
    [5] Fig. 5 is a simple block diagram showing a process in which a client issues a certificate from a CA to its wireless communication device.
    [6] 6 is a simple block diagram illustrating a process of a client purchasing a product from an internet shopping mall by using his or her wireless communication device.
    [7] 7 is a simple flowchart illustrating a process in which a client issues a certificate from a certification authority (CA) using his wireless communication device and accesses an internet shopping mall and purchases a product through the certificate.
    [8] 8 is a simplified schematic diagram of a wireless digital signature certificate profile that may be used in the present invention.
    [9] 9 is a simplified diagram of a wireless digital signature certificate revocation and revocation list profile that can be used in the present invention.
    [10] FIG. 10 is an exemplary view in which a client carrying a wireless communication device having an IC assigned with a unique IP address (including information) is connected to an authorized IP granting agency that has issued the IP address, an Internet shopping mall, and the like.
    [11] 11 is a general conceptual diagram of a hash function typically used in an electronic signature.
    [12] 12 is a simple conceptual diagram of combining a private key of a sending client with a document encrypted through a hash function and transmitting the same to a receiving client.
    [13] Fig. 13 is a simple conceptual diagram in which a receiving client receives an encrypted document in which a private key is combined from a transmitting client.
    [14] Fig. 14 is a simple internal block diagram of a wireless communication device equipped with an IC card or application program incorporating an algorithm capable of processing a wireless certificate and generating a key.
    [15] 15 is a simple exemplary diagram in which a certificate is stored in a wireless communication device of a client.
    [16] Fig. 16 is a simple example of selecting a shopping mall after a client accesses the wireless Internet using a wireless communication device.
    [17] 17 is a simple exemplary diagram in which a client connected to an internet shopping mall transmits order information about a selected product by using a wireless communication device.
    [18] 18 is a simple exemplary diagram in which a unique IP address is stored in a wireless communication device of a client.
    [19] <Description of main parts of drawing>
    [20] 300: Certification Authority 305: Internet Shopping Mall
    [21] 310: client
    [42] The present invention relates to an authentication processing method using a wireless communication device including a wireless authentication (electronic signature) function, and includes an integrated chip (IC) in which an algorithm capable of processing a wireless certificate and generating a key is embedded. From the client carrying a wireless communication device (a mobile communication terminal, a PDA having a wireless communication function, a smartphone, an IMT-2000, etc.) equipped with a card or an application program, The public key generated through the wireless communication device and the personal information of the client are transmitted to a certification authority (CA) 300, and a certificate is obtained from the certification authority (CA) 300. Store information in the client's wireless communication device, access the Internet shopping mall with the wireless communication device, and purchase product information, payment information, and wireless information of the client. Send a certificate combined with a secret key generated using a communication device to the Internet shopping mall, and the Internet shopping mall receiving the information is requested to the certification authority and the public key of the client. By acquiring the certificate and confirming the client's authentication, electronic commerce using the client's wireless communication device (mobile communication terminal, all wireless communication devices including PDA, smart phone, IMT-2000, etc. with wireless communication function) is possible. The present invention relates to a method of making a legal act, such as a contract, for which a signature of a person is essential, easier using a wireless communication device.
    [43] In addition, an IC (Integrate Chip) card or an application program in which unique IP address information is input (assigned) from an Internet Protocol (IP) address granting authority without involvement of a certification authority (CA) The present invention relates to a method for enabling the electronic commerce, the contract, and the like through authentication through the IP address.
    [44] The main network components for achieving the above method of the present invention are a certificate authority (CA) or an Internet Protocol (IP) address granting authority capable of issuing and managing certificates to clients, and supply of goods on the Internet. It can be divided into possible websites (Internet shopping malls, etc.) and clients that can acquire goods through the method, and the method is performed by appropriate data exchange between the components on the wireless Internet.
    [45] In addition, the present invention is that when the website is a website (insurance company, bank, etc.) that may require a legal agreement that requires digital signature (Digital Signature), the client is a certificate from a CA (Certificate) It is stated that it is possible to make a contract that requires Digital Signature and is available on the wireless Internet while storing it in its wireless communication device.
    [46] The certification authority (CA) is a public key necessary for verifying the identity of a client who has subscribed to the certification authority (CA) within a wireless digital signature certification management system established under the digital signature law and generating a digital signature. Means a person or legal entity that issues a certificate associated with a cryptographic key used for the purpose of a trusted third party or digital signature that proves that the combination of the and the private key is of the client, and is a certificate from the CA. Means electronic information that confirms and proves that the digital signature verification key matches the client's own digital signature generation key.
    [47] In addition, the Internet Protocol (IP) Address Granting Organization is a company that develops a policy regarding an Internet address such as a domain name and an IP address, and may be a national authorized agency responsible for registering a domain name and an IP address.
    [48] The Internet shopping mall refers to a website on the wired / wireless Internet that can generate a transaction on the Internet, and the shopping mall refers to a certificate of the client included in corresponding order information when an order of the client exists. It is possible to link with the certification authority (CA) to verify. It also says that it is possible not only to internet shopping malls but also to places where offline offline contact (for handwritten signatures), such as insurance companies and banks, was required.
    [49] The client obtains a certificate from a CA and stores the certificate in its own wireless communication device, and accesses the wireless Internet using a wireless communication device including the certificate to make a payment or a contract. It means the subject of electronic commerce.
    [50] The authentication processing method using a wireless communication device including a wireless authentication (electronic signature) function according to the present invention can be largely divided into two types depending on the type of certificate and the certificate issuer.
    [51] The first method includes a client owned wireless communication device and a certification authority (CA) for issuing a certificate related to a wireless encryption key to the wireless communication device, and a web requesting authentication of the client through the client's wireless communication device. And an encryption key generation step of generating a public key and a secret key through the client-owned wireless communication device and the generated public key. The encryption key transmission step of attaching the personal information data of the client to the certification authority (CA) and the client personal information data transmitted from the certification authority (CA) through the client-owned wireless communication device. And issuing and reminding a certificate by referring to a public key. Certificate issuing step of transmitting to client owned wireless communication device, certificate generation step of obtaining certificate with embedded wireless encryption key from CA and storing in client owned wireless communication device and web of client Upon requesting authentication of the client after accessing the server, a certificate transmitting step of transmitting the certificate embedded in the client-owned wireless communication device to the web server, and transmitting the certificate from the web server to the authentication authority for the client. And a certificate requesting step of requesting whether or not to authenticate, and a certificate verifying step of transmitting authentication verification result data for the client to the web server after verifying a certificate from the certification authority. For By checking whether the authentication via the client owning the wireless communication device, performs an authentication process for the client.
    [52] In addition, the method is characterized in that when transmitting the certificate to the web server through the client-owned wireless communication device, the product information data, product payment information data, or data in the form of a document requiring authentication is attached to the certificate and transmitted. And, through the certification authority, secure processing of the product information data, the product settlement information data, or the data in the form of a document requiring authentication through the certification authority. .
    [53] In the second method, a client-owned wireless communication device and an IP address assigning authority for allocating and managing a unique IP (Internet Protocol) address to the wireless communication device and a web requesting authentication of the client through the wireless communication device of the client. And a first step of storing a unique IP (Internet Protocol) address of the wireless communication device in the client-owned wireless communication device from the IP address granting authority and after the client accesses the web server. A second step of transmitting the unique IP (Internet Protocol) address embedded in the client-owned wireless communication device to the web server when the authentication request is made for the client, and the unique IP (Internet Protocol) address from the web server; Send to IP address authority to request authentication of the client The third step and the fourth step of transmitting the authentication confirmation and the authentication confirmation result data to the web server with reference to the unique IP (Internet Protocol) address received from the web server from the IP address provider; And a method for confirming whether the client is authenticated through the unique IP address of the client-owned wireless communication device through each of the steps, and the uniqueness of the wireless communication device from the IP address granting authority. Certificate generation step of acquiring an IP address certificate embedded with a wireless encryption key based on an IP (Internet Protocol) address and storing it in the client-owned wireless communication device, and after the client accesses the web server, When requesting authentication, own the client to the web server A certificate transmission step of transmitting the certificate embedded in a wireless communication device, an authentication request step of transmitting the certificate from the web server to the IP address granting authority, and requesting authentication of the client; and a certificate from the IP addressing authority And a certificate verification step of transmitting the authentication verification result data of the client to the web server after verification, and the unique IP of the client-owned wireless communication device whether or not the client is authenticated through the respective steps. There is a way to check through the address.
    [54] In addition, the IP (Internet Protocol) address is characterized in that it comprises an IP address system (IPv4; Internet Protocol version 4) and IPv6 (Internet Protocol version 6), to the web server through the client-owned wireless communication device When transmitting the unique IP address or IP address certificate of the wireless communication device, the product information data or product payment information data, or data in the form of a document requiring authentication is transmitted to the unique IP address or IP address certificate attached; And secure processing of the product information data, product payment information data, or data in a document format requiring authentication by attaching to the unique IP address or IP address certificate through authentication of the IP address granting authority. Characterized in that the authentication process through the granting authority.
    [55] Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. First, in adding reference numerals to the elements of each drawing, it should be noted that the same elements are denoted by the same reference numerals as much as possible even if they are shown in different drawings. In addition, in the following description, in order to explain the embodiments of the present invention, specific details such as specific elements are illustrated, which are provided to help a more general understanding of the present invention, and the present invention may be practiced without these specific details. It will be apparent to those skilled in the art. In describing the present invention, when it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.
    [56] FIG. 3 is a view illustrating a connection between a client 310 carrying a wireless communication device including a wireless authentication (electronic signature) function, a certification authority 300 for issuing a wireless digital signature certificate, and an internet shopping mall 305. Main configuration diagram.
    [57] The wireless communication devices (all wireless communication devices including mobile communication terminals, PDAs with built-in wireless communication functions, smart phones, IMT-2000, etc.) described below are used for processing a wireless certificate and generating keys. This possible algorithm is said to be equipped with an integrated chip (IC) card or an application program.
    [58] The wireless communication device described in this figure describes the present invention using a WAP (Wireless Application Protocol), a wireless communication device using a wireless access technology such as MME (Microsoft Mobile Explorer) and i-Mode (NTTDocomo) Compact Netfront. It is to be noted that all parts related to the certificate addressed in the present invention are also based on a wireless public key infrastructure (PKI).
    [59] In addition, the WAP GateWay shown in this figure can be included in the mobile communication provider, and any Internet shopping mall 305 may be included by itself.
    [60] The certification authority (CA) 300 is the certification authority 300 that issued the client's certificate. When the client accesses the Internet shopping mall 305 through the wireless Internet to use goods or other paid contents, the certificate authority uses the issued certificate. When the Internet shopping mall 305 checks the certificate serves to authenticate the client 310.
    [61] The client 310 receives a certificate from the certification authority (CA) 300 and stores it in its wireless communication device, accesses the wireless Internet using the wireless communication device, and then purchases a product through an arbitrary shopping mall. Or when you want to use the paid content can be sent to the Internet shopping mall 305 with the certificate stored in their own with information.
    [62] When the client 310 accesses the client 310 and transmits the purchase information and the certificate, the Internet shopping mall 305 receives the purchase information and the certificate and sends the client (CA) 300 to the certificate authority (CA) 300 that issued the certificate. 310 may require authentication. If the use of the certificate is confirmed in the e-commerce, the Internet shopping mall 305 and the like can accurately grasp the purchase information and personal information of the client 310.
    [63] 4 shows a client 310 carrying a wireless communication device including a wireless authentication (digital signature) function, a certificate authority (CA) 300 and an insurance company 400 for issuing a wireless digital signature certificate. It is a simple diagram connected.
    [64] The insurance company 400 described through this figure reveals that it is possible to cover all other websites in which a legal contract is required, which is required to be signed by the client 310 without being limited to the insurance company 400.
    [65] In the case of insurance, the signature of the subscriber acts as an essential contract element in accordance with the insurance industry standard terms and conditions. On the Internet, it is unclear how to sign the subscriber (client 310). Necessary contracts were virtually impossible. However, in the above case, the present invention simply concludes the contract by storing the electronic signature (recognized by the CA 300) of the client 310 in the wireless communication device of the client 310 and transmitting it wirelessly at the time of the contract. can do.
    [66] 5 is a simple block diagram illustrating a process in which a client 310 issues a certificate from a CA 300 to its wireless communication device.
    [67] Wireless communication device with integrated chip (IC) card or application program with embedded algorithm that can process wireless certificate and generate key (mobile terminal, built-in wireless communication function) The client 310 carrying all wireless communication devices including PDA, smart phone, IMT-2000, etc. generates a public key and a secret key through the wireless communication device (1). (2) The certification authority (CA) 300 receives the personal information and the public key transmitted by the client 310 by transmitting the personal information and the generated public key. Store and issue a certificate to the client 310 (3).
    [68] 6 is a simple block diagram illustrating a process in which a client 310 purchases a product from an internet shopping mall 305 using its wireless communication device.
    [69] Through FIG. 5, a client 310 that receives a certificate from a CA 300 and stores it in his or her wireless communication device accesses the wireless Internet to purchase a product at an Internet shopping mall 305. When the payment information for the product and the certificate of the person (Certificate) is transmitted to the shopping mall (1), the shopping mall transmits the certificate of the client 310 to the certification authority (2). The certificate authority (CA) 300 transmits a Certificate Revocation List (CRL) to the shopping mall (3), and the shopping mall sends the corresponding product to the client 310 with reference to the received contents. (4).
    [70] 7 shows that the client 310 receives and stores a certificate from a CA 300 using his wireless communication device, and accesses the Internet shopping mall 305 through the certificate to purchase a product. A simple flow chart showing the process.
    [71] The client 310 is a wireless communication device equipped with an integrated chip (IC) card or an application program with an algorithm capable of processing a wireless certificate and generating a key. In step 700, a public key and a secret key are generated using all wireless communication devices including a PDA, a smart phone, an IMT-2000, and the like, having a wireless communication function.
    [72] The client 310 transmits its personal information and the generated public key to the CA 300 in order to obtain a certificate from the CA 300. 705, the CA 300 issues and transmits a certificate of the client 310 (710). The certification authority (CA) 300 determines whether the transmission is completed and retransmits if the transmission is not properly performed.
    [73] The client 310 that is issued (transmitted) a certificate stores the certificate in its wireless communication device (720). The client 310 accesses the Internet shopping mall 305 or the like with its wireless communication device to determine product purchase (725). The payment information for the product is sent to the shopping mall and the certificate of the user stored in the wireless communication device. Transmit (730).
    [74] The Internet shopping mall 305 transmits the received certificate of the client 310 to the CA 300 (735) and the revocation and revocation list from the CA 300 ( Receive a CRL). The Internet shopping mall 305 checks the status of the certificate through the received information and if it is valid (745), provides the corresponding product to the client 310 (750). If the status of the certificate is not valid (755), the client 310 transmits a non-authentication message (760).
    [75] In the above description, providing the goods to the client 310 may be a web server on the Internet in which other transactions may be established, not limited to the Internet shopping mall 305, and may also be a bank or an insurance company 400. . The certificate refers to electronic information (data) for verifying and verifying that the digital signature public key matches the digital signature generation key owned by the client 310.
    [76] 8 is a simplified schematic diagram of a Wireless Digital Signature Certificate Profile that may be used in the present invention.
    [77] This figure and Figure 9 described below are for the wireless digital signature certificate and the certificate validity suspension and revocation list based on WPKI (Wireless Public Key Infrastructure) that can be used in the present invention, the present invention is shown in Figure 8 and Figure By applying 9, it is intended to enhance the understanding of the present invention.
    [78] Wireless Digital Signature Certificate (WDSC) formats include Version, Serial Number, CA Signature Algorithm, Issuer Name, Validity Period, It consists of an owner name, a subject public key information, an issuer unique identifier, a subject unique identifier, and certificate extensions.
    [79] Version indicates the version of the certificate to be encoded, and the certificate must have a value of version 3, which is represented by an integer 2. The application must be able to process version 3 certificates.
    [80] The serial number is a positive integer value assigned to a certificate issued by a certification authority. The serial number is the only value assigned to the certification authority by the certificate authority.
    [81] The CA Signature Algorithm is identification information about an algorithm used by a certification authority when generating a certificate.
    [82] The issuer name expresses the name of the certification authority 300 that issued the certificate as a DN (Distinguished Name), and all applications should be able to generate and process the DN.
    [83] The validity period represents a period in which the status of the certificate is guaranteed by the certification authority 300 and is expressed using time information of the start time (notBefore) and the end time (notAfter). Time information is expressed in Greenwich Mean Time (GMT), which uses Universal Time Coordinated (UTC) format until 2049 and Generalized Time format from 2050.
    [84] The subject name expresses the name of the certificate holder in the form of DN (Distinguished Name) and must have a value.
    [85] Subject Public Key Information indicates the algorithm and public key information for the owner's public key.
    [86] Issuer Unique Identifier (Issuer Unique Identifier) provides a method for identifying when a different issuer is used for one Distinguished Name (DN).
    [87] Subject Unique Identifier (Subject Unique Identifier) provides a method for identifying when a different issuer is used for one Distinguished Name (DN).
    [88] Certificate extensions contain authentication policies or other related matters.
    [89] Figure 9 is a simplified diagram of a Wireless Digital Signature Certificate Revocation List Profile usable with the present invention.
    [90] Wireless digital signature certificate revocation and revocation list formats include Version, Signature Algorithm, Issuer, This Update, Next Update, Revocation and Revoked Certificates. ), Certificate Revoked List (CRL) extensions, and CRL Extensions.
    [91] Revocation and Revoked Certificates lists the revocation and revocation certificates as the serial number and revocation date of the certificate. Additional information may be provided through the CRL extension.
    [92] 10 shows a client 310 carrying a wireless communication device with an integrated chip (Integrated Chip) assigned with a unique Internet Protocol (IP) address and an authorized IP granting organization that issued the IP address ( 1000) and an internet shopping mall 305 are connected to each other.
    [93] The IP address granting authority 1000 is a company that develops a policy regarding an Internet address such as a domain name and an IP address, and may be a national authorized agency responsible for registering a domain name and an IP address.
    [94] The client 310 may authenticate the user by using the IP address in an internet shopping mall 305 or the like when accessing the wireless Internet through a unique IP address of the wireless communication device, and the internet shopping mall 305 may be a client 310. Request a unique IP address of the wireless communication device, which may be included in the order information, of the wireless communication device, to confirm the authentication of the client 310 and provide a corresponding product.
    [95] The IP address indicates that Internet Protocol version 6 (IPv6) is also available, including the currently used IP address system (IPv4; Internet Protocol version 4).
    [96] 11 is a general conceptual diagram of a hash function typically used in a digital signature.
    [97] The digital signature uses an algorithm that uses the characteristic that the encryption key and the decryption key of the public key cryptographic algorithm are different, and the client 310 who uses the digital signature uses his / her private key. The client 310 that signs the document to be transmitted and receives the document may verify the client 310 that transmits the document using the public key of the client 310 that has signed the electronic signature.
    [98] Hash function is a function that reduces long length data to fixed length data. The hash function (HF) mentioned in the cipher outputs a hash value for a specific input value X as Y = H (X). In this case, the value of Y cannot be obtained through the value of Y satisfying H (X).
    [99] In this drawing, the client (sender) 1100 that transmits the document 1110 obtains a hash value (encrypted document) 1115 using a hash function (HF) for the document, and obtains the hash value 1115. And the original document 1110 together with the receiving client 1105, the receiving client 1105 takes the hash value 1115 of the original document 1110 using the hash function HF. The value is compared with the hash value 1115 sent by the sending client 1100 to recognize that the document sent by the sending client 1100 is certain.
    [100] 12 is a simple conceptual diagram in which a secret key of a transmitting client 1100 is combined with a document encrypted through a hash function and transmitted to a receiving client 1105.
    [101] After encrypting the document to be transmitted through the hash function (HF) through the process of FIG. 11, the security and personal authentication effects can be enhanced by inserting the private key (secret key) of the transmitting client into the encrypted document 1115. . The transmitting client 1100 transmits the encrypted document 1200 in which its private key is inserted, together with the document 1110 to be transmitted, to the receiving client 1105.
    [102] FIG. 13 is a simple conceptual diagram in which the receiving client 1105 receives an encrypted document 1200 having a private key combined from the transmitting client 1100.
    [103] The receiving client 1105 obtains the public key of the transmitting client 1100 from the certification authority 300 or the like to decrypt an encrypted document combined with the secret key of the transmitting client 1100. The encrypted document 1200 into which the secret key is inserted is decrypted through the obtained public key of the transmitting client 1100. The encrypted document with the secret key released can be authenticated by the transmitting client 1100 through comparison as shown in FIG.
    [104] FIG. 14 is a simple internal block diagram of a wireless communication device equipped with an integrated chip (IC) card or application program in which an algorithm capable of processing a wireless certificate and generating a key is embedded.
    [105] The certificate IC shown in this figure indicates that an algorithm capable of processing a wireless certificate and generating an encryption key can be replaced by another application program that can be embedded therein.
    [106] The wireless communication device described in the present invention includes an IC including a corresponding function to be suitable for a wireless public key infrastructure (WPKI) for basic terminal configuration such as an RF processor, an IF processor, and a baseband processor. Cards and applications can be mounted. The IC card or application program may be capable of downloading and storing a wireless certificate, and may be embedded with various algorithms to help generate an encryption key.
    [107] 15 is a simple exemplary diagram in which a certificate is stored in the wireless communication device of the client 310.
    [108] The wireless communication device (all wireless communication devices including a mobile communication terminal, a PDA, a smart phone, an IMT-2000, etc. with a built-in wireless communication function) is an algorithm capable of processing a wireless certificate and generating a key. The built-in integrated chip (IC) card or application program (Application Program) is mounted, the client 310 can download and store a certificate (Certificate) responsible for the authentication of their own from the certification authority (CA) (300) have. The certificate stored in the wireless communication device may be used for the purchase of goods or other insurance of the client 310.
    [109] Fig. 16 is a simple exemplary diagram in which the client 310 selects a shopping mall after accessing the wireless Internet using a wireless communication device.
    [110] FIG. 3 is a diagram in which the client 310 receives a wireless Internet service using his or her wireless communication device. The number of wireless Internet services is gradually increasing, and according to the present invention, the client ( 310 may engage in other payment or contracts through a certificate stored in the wireless communication device.
    [111] 17 is a simple exemplary diagram in which a client 310 accessing an internet shopping mall 305 transmits order information about a selected product by using a wireless communication device.
    [112] The order information may include a certificate of the client 310 as necessary. The certificate refers to electronic data that confirms and verifies that the electronic signature public key matches the electronic signature generation key owned by the client 310.
    [113] 18 is a simple exemplary diagram in which a unique IP (Internet Protocol) address is stored in the wireless communication device of the client 310.
    [114] The IP (Internet Protocol) address may be obtained from an authorized IP granting institution 1000, and may be purchased in the form of an integrated chip (IC) card in the wireless communication device when the wireless communication device is purchased. Through a separate application program reveals that it can be downloaded through a predetermined procedure from the IP provider 1000.
    [115] According to the present invention, a wireless communication device (mobile communication terminal) equipped with an integrated chip (IC) card or an application program in which a client can process a wireless certificate and generate a key is embedded. All wireless communication devices (including PDAs, smart phones, IMT-2000, etc.) with a built-in wireless communication function are stored in the wireless communication device, thereby storing a certificate responsible for authentication of the user. Contracts that require authentication and digital signatures can be more reliable and simpler.
    [116] In addition, by storing a unique IP (Internet Protocol) address corresponding to the wireless communication device, it is possible to authenticate the client without a separate certification authority (CA) (300) during the e-commerce activity through wireless Internet access or wireless The advantage of providing a more reliable and simple method for authentication using a communication device.
    权利要求:
    Claims (4)
    [1" claim-type="Currently amended] A unique IP of the wireless communication device comprising a client-owned wireless communication device, an IP address granting authority providing an IP address certificate to the wireless communication device, and a web server requesting authentication of the client. In the wireless authentication processing method using an Internet Protocol) address,
    Providing a predetermined IP address certificate including a wireless encryption key in a unique Internet Protocol (IP) address of the wireless communication device from the IP addressing authority server to the wireless communication device;
    Storing the IP address certificate in a predetermined memory in the wireless communication device;
    Transmitting the IP address certificate previously stored in the memory from the wireless communication device to the web server when the web server requests an authentication of the client from the web server after the client accesses the web server;
    Requesting, by the web server, whether to authenticate the client by transmitting the IP address certificate provided from the wireless communication device to the IP address granting authority; And
    And performing an authentication process for the client with reference to the IP address certificate received from the web server from the IP address granting authority, and transmitting the authentication result data to the web server. An authentication processing method using a wireless communication device including a wireless authentication (electronic signature) function.
    [2" claim-type="Currently amended] According to claim 1, wherein the IP (Internet Protocol) address,
    An authentication processing method using a wireless communication device having a wireless authentication (electronic signature) function, characterized in that it comprises an IP address system (IPv4; Internet Protocol version 4) and IPv6 (Internet Protocol version 6).
    [3" claim-type="Currently amended] The method of claim 1, wherein, when the web server requests an authentication for the client after the client accesses the web server, transmitting the IP address certificate previously stored in the memory from the wireless communication device to the web server,
    When the IP address certificate of the wireless communication device is transmitted to the web server, authentication data attaching at least one product information data, product payment information data, or data in a document format requiring authentication to the IP address certificate of the wireless communication device. An authentication processing method using a wireless communication device including a wireless authentication (electronic signature) function, characterized in that further comprising the attachment step.
    [4" claim-type="Currently amended] According to claim 1, The wireless communication device,
    Including a wireless authentication (electronic signature) function, characterized in that the integrated chip (IC) card or application program (Application Program) is embedded with an algorithm for processing the IP address certificate and key generation Authentication processing method using a wireless communication device.
    类似技术:
    公开号 | 公开日 | 专利标题
    US20190005470A1|2019-01-03|Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
    US20170171750A1|2017-06-15|Security system for handheld wireless devices using time-variable encryption keys
    US10333721B2|2019-06-25|Secure information transmitting system and method for personal identity authentication
    RU2638741C2|2017-12-15|Method and user authentication system through mobile device with usage of certificates
    AU2010214812B2|2013-05-09|Data exchanges related to financial transactions over a public network
    TW550909B|2003-09-01|Secure wireless electronic-commerce system with digital product certificates and digital license certificates
    CN100534043C|2009-08-26|A method, system and computer program product for secure ticketing in a communications device
    US7114175B2|2006-09-26|System and method for managing network service access and enrollment
    US8145899B2|2012-03-27|Creation of user digital certificate for portable consumer payment device
    US6789193B1|2004-09-07|Method and system for authenticating a network user
    EP1782324B1|2009-10-07|A personal token and a method for controlled authentication
    US7376840B2|2008-05-20|Streamlined service subscription in distributed architectures
    EP1095492B1|2004-04-07|Secure session connection set up based on the Wireless Application Protocol
    CN101978675B|2013-11-13|System and method for securely issuing subscription credentials to communication devices
    US7016666B2|2006-03-21|Method for verifying in a mobile device the authenticity of electronic certificates issued by a certification authority and corresponding identification module
    ES2644739T3|2017-11-30|Request for digital certificates
    KR101158956B1|2012-06-21|Method for distributing certificates in a communication system
    KR100695566B1|2007-03-15|System and method of secure authentication and billing for goods and services using a celluler telecommunication and an authorization infrastructure
    US8996854B2|2015-03-31|Method for secure downloading of applications
    US8340296B2|2012-12-25|Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains
    CN101120569B|2011-07-27|Remote access system and method for user to remotely access terminal equipment from subscriber terminal
    EP1280317B1|2006-09-13|Multi-domain authorisation and authentication
    EP1449324B1|2005-10-26|Use of a public key key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners
    US7882346B2|2011-02-01|Method and apparatus for providing authentication, authorization and accounting to roaming nodes
    CN101164086B|2010-07-07|Methods, system and mobile device capable of enabling credit card personalization using a wireless network
    同族专利:
    公开号 | 公开日
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2004-04-30|Application filed by 주식회사 비즈모델라인
    2004-04-30|Priority to KR1020040030780A
    2004-05-14|Publication of KR20040041147A
    优先权:
    申请号 | 申请日 | 专利标题
    KR1020040030780A|KR20040041147A|2004-04-30|2004-04-30|Method for the process of certification using mobile communication devices with the function of wireless certification|
    [返回顶部]