User authentication method, user authentication device and user authentication system

The described identity verification method and system address the challenge of balancing convenience and security by collecting and comparing user behavior and biometric data, allowing or denying access, and adding users to a blacklist, thereby enhancing security and efficiency.

WO2026134624A1PCT designated stage Publication Date: 2026-06-25GHOST PASS INC

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
GHOST PASS INC
Filing Date
2025-10-28
Publication Date
2026-06-25

AI Technical Summary

Technical Problem

Existing identity verification systems face a challenge in balancing user convenience with high security, particularly in scenarios where physical control is absent, such as Open Road or Hi-Pass, and there is a need for effective sanctions against malicious users.

Method used

A method and system that collects user behavior data and biometric data, compares it with registered data, and allows or denies access based on the comparison, with the option to add users to a blacklist, utilizing a processor and memory to execute these functions.

Benefits of technology

This approach enhances user convenience while maintaining high security, reducing verification time and enabling effective sanctions against malicious users.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure KR2025017297_25062026_PF_FP_ABST
    Figure KR2025017297_25062026_PF_FP_ABST
Patent Text Reader

Abstract

The present disclosure relates to a user authentication method, a user authentication device and a user authentication system. The user authentication method according to one embodiment of the present invention may comprise: generating, on the basis of detecting access of a user, behavior data corresponding to the user by collecting a behavior of a user; collecting authentication means biometric data on the basis of generating of the behavior data; comparing the authentication means biometric data with registered biometric data; and, on the basis of the comparison results, permitting access to a procedure restricted to the user or adding the user to a blacklist.
Need to check novelty before this filing date? Find Prior Art

Description

Identity verification methods, identity verification devices, and identity verification systems

[0001] The present invention relates to a method for identity verification, an identity verification device, and an identity verification system.

[0002] With the recent advancements in smart device technology, including smartphones, and network technology, it has become commonplace to see biometric information collected through everyday devices such as smart devices or kiosks, and used for identity verification to make purchases or gain access.

[0003] Meanwhile, since identity verification is fundamentally a procedure designed to prevent identity theft, security can be considered the most important factor in identity verification technology.

[0004] Accordingly, there is a continuous demand for the development of identity authentication technologies that can provide procedural convenience to users while maintaining high security.

[0005] The purpose of the present disclosure is to provide a method for identity verification, an identity verification device, and an identity verification system. The problems to be solved by the present disclosure are not limited to those mentioned above, and other problems and advantages of the present disclosure not mentioned can be understood from the following description and will be more clearly understood by the embodiments of the present disclosure. Furthermore, it will be understood that the problems and advantages to be solved by the present disclosure can be realized by the means and combinations thereof set forth in the claims.

[0006] A first aspect of the present disclosure may provide a method for identity authentication comprising: collecting behavior of a user based on detecting access of the user and generating behavior data corresponding to the user; collecting authentication means biometric data based on generating the behavior data; comparing the authentication means biometric data and registered biometric data; and, based on the result of the comparison, allowing access to a restricted procedure for the user or adding the user to a blacklist.

[0007] A second aspect of the present disclosure comprises: a memory in which at least one program is stored; and a processor that operates by executing the at least one program; wherein the processor collects the behavior of the user based on detecting access by the user and generates behavior data corresponding to the user, collects authentication means biometric data based on generating the behavior data, compares the authentication means biometric data and registered biometric data, and, based on the result of the comparison, allows access to a restricted procedure for the user or adds the user to a blacklist.

[0008] A third aspect of the present disclosure may provide a computer-readable recording medium having a program for executing a method according to a first aspect on a computer.

[0009] According to various embodiments of the present disclosure, a personal authentication system can be provided that increases user convenience while maintaining high security.

[0010] In particular, the time required for identity verification can be significantly reduced, and high satisfaction can be provided to users experiencing the identity verification system of the present disclosure.

[0011] In particular, in identity authentication systems that operate without means of physically controlling users, such as Open Road or Hi-Pass, sanctions against malicious users can be implemented while maintaining the operational form.

[0012] FIG. 1 is a schematic diagram of a personal authentication system according to one embodiment of the present disclosure.

[0013] FIG. 2 is a conceptual diagram illustrating an example of a user performing identity authentication in an identity authentication system according to one embodiment of the present disclosure.

[0014] FIG. 3 is a flowchart for explaining the identity authentication process according to the identity authentication request device authentication method of the present disclosure.

[0015] FIG. 4 is a flowchart for explaining the identity verification process according to the user terminal authentication method of the present disclosure.

[0016] FIG. 5 is a flowchart for explaining a personal authentication procedure according to one embodiment of the present disclosure.

[0017] FIG. 6 is a flowchart for explaining the process of performing identity authentication according to one embodiment of the present disclosure.

[0018] FIG. 7 is a flowchart for explaining a personal authentication procedure according to one embodiment of the present disclosure.

[0019] FIG. 8 is a flowchart illustrating the process of collecting biometric data for authentication means according to one embodiment of the present disclosure.

[0020] FIG. 9 is a flowchart for explaining the process of performing identity authentication according to one embodiment of the present disclosure.

[0021] FIG. 10 is a flowchart for specifically explaining the process of a user authentication request device detecting access by a user terminal according to one embodiment of the present disclosure.

[0022] FIG. 11 is a flowchart of a personal authentication method according to one embodiment of the present disclosure.

[0023] FIG. 12 is a block diagram of a device according to one embodiment of the present disclosure.

[0024] The present disclosure relates to a method for identity authentication, an authentication device, and an authentication system. An identity authentication method according to one embodiment of the present disclosure may, based on detecting user access, collect user behavior to generate behavior data corresponding to the user, based on generating behavior data, collect authentication means biometric data, compare the authentication means biometric data with registered biometric data, and based on the result of the comparison, allow access to a restricted procedure for the user or add the user to a blacklist.

[0025] The advantages and features of the present invention, and the methods for achieving them, will become clear by referring to the embodiments described in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments presented below, but can be implemented in various different forms and should be understood to include all modifications, equivalents, and substitutions that fall within the spirit and scope of the present invention. The embodiments presented below are provided to ensure that the disclosure of the present invention is complete and to fully inform those skilled in the art of the scope of the invention. In describing the present invention, detailed descriptions of related known technologies are omitted if it is determined that such detailed descriptions may obscure the essence of the present invention.

[0026] The terms used in this application are used merely to describe specific embodiments and are not intended to limit the invention. The singular expression includes the plural expression unless the context clearly indicates otherwise. In this application, terms such as "comprising" or "having" are intended to indicate the presence of the features, numbers, steps, actions, components, parts, or combinations thereof described in the specification, and should be understood as not precluding the existence or addition of one or more other features, numbers, steps, actions, components, parts, or combinations thereof.

[0027] Some embodiments of the present disclosure may be represented by functional block configurations and various processing steps. Some or all of these functional blocks may be implemented by various numbers of hardware and / or software configurations that execute specific functions. For example, the functional blocks of the present disclosure may be implemented by one or more microprocessors or by circuit configurations for a specific function. Additionally, for example, the functional blocks of the present disclosure may be implemented in various programming or scripting languages. The functional blocks may be implemented as algorithms executed on one or more processors. Furthermore, the present disclosure may employ prior art for electronic configuration, signal processing, and / or data processing, etc. Terms such as "mechanism," "element," "means," and "configuration" may be used broadly and are not limited to mechanical and physical configurations.

[0028] Furthermore, the connecting lines or connecting members between the components depicted in the drawings are merely illustrative of functional connections and / or physical or circuit connections. In the actual device, connections between components may be represented by various alternative or added functional connections, physical connections, or circuit connections.

[0029] In the present disclosure, "identity authentication system" may mean a system that may be provided for the security compliance of a specific procedure in which only authorized users are allowed to access. In the present disclosure, a user may use or access the identity authentication system through an identity authentication device. To enable the user to use or access the identity authentication system of the present disclosure, an identity authentication solution, such as an identity authentication application, may be provided to the user, and the provided identity authentication solution may be installed on the identity authentication device.

[0030] In the present disclosure, "biometric data" may mean data relating to a user's body or a product generated by the user using their own body, which can be used to identify the user. In the present disclosure, biometric data may be biometric data of any kind. For example, biometric data may be any one of any kind of biometric data, such as a user's fingerprint, pupil, iris, retina, face, voice, vein, DNA, signature, handwriting, blinking pattern, skeletal structure, ear shape, palm pattern, body temperature pattern, gait pattern, heart rate pattern, electrocardiogram pattern, shape and movement of lips, shape and movement of tongue, brainwave pattern, shape of finger joints, skin pattern and texture, kinetic signature, neural network pattern, muscle pattern, blood flow pattern, tear composition, breathing pattern, facial blood flow pattern, etc., or a combination of two or more of any kind of biometric data.

[0031] In the present disclosure, "authentication means biometric data" refers to biometric data that serves as a means of identity authentication and may mean biometric data collected for identity authentication. That is, it refers to biometric data that a user attempting identity authentication has allowed to be input or collected for identity authentication, and may be used to refer to data collected by a specific device. A user attempting identity authentication may input authentication means biometric data or allow the collection of authentication means biometric data to access restricted procedures through identity authentication. The type of authentication means biometric data may be pre-configured to be used by the user or the system to perform identity authentication.

[0032] In the present disclosure, "registered biometric data" may refer to biometric data that a user has registered or stored on a device owned by the user, i.e., an authentication device. Registered biometric data may be data that serves as a criterion for determining whether the authentication means biometric data matches the data of the user attempting authentication. The type of registered biometric data may be the same as the type of the authentication means biometric data. If the authentication means biometric data matches the registered biometric data, authentication will be successfully performed, and access to restricted procedures may be authorized.

[0033] In one embodiment, registered biometric data may be collected and stored in the authentication device through an authentication device, a part of the authentication device, or a device electrically or telecommunicationally connected to the authentication device. For example, a user may store registered biometric data in the authentication device by inputting and storing their biometric data using a data input device equipped in the authentication device, such as a camera or a fingerprint input device.

[0034] In another embodiment, registered biometric data may be collected through an identity authentication request device and stored in an identity authentication device. Specifically, registered biometric data may be collected through an identity authentication request device, transmitted to an identity authentication device (or an identity authentication device via a server), and stored in the identity authentication device. Registered biometric data stored through this procedure may also be used to perform an identity authentication procedure according to the system of the present disclosure. For example, for initial authentication for the use of the identity authentication system, the identity authentication device may collect data as the user's 'registered biometric data,' and subsequently, when the user attempts identity authentication for the use of the identity authentication system, the identity authentication device may collect data as the user's 'authentication means biometric data.' Even if the type of registered biometric data is the same (e.g., face), the specifications of the sensors collecting data may differ from device to device; therefore, according to the present embodiment, the accuracy of verifying the identity between the registered biometric data and the authentication means biometric data can be improved.

[0035] In one embodiment, a user verification procedure may be performed so that registered biometric data is stored in an identity verification device. The user verification procedure is a procedure that must be accompanied to use the identity verification system of the present disclosure and to access the identity verification system of the present disclosure, and can be understood as a type of service subscription procedure. In one embodiment, only the user who has performed the user verification procedure may store the registered biometric data on their terminal, or only the terminal of the user for whom the user verification procedure has been performed may store the registered biometric data.

[0036] In one embodiment, the user verification procedure may include an identity verification procedure.

[0037] In one embodiment, the identity verification procedure may include an identity verification procedure. The identity verification procedure may be a procedure for verifying whether an identity card possessed by a user is a forged identity card. The identity verification procedure may be performed by capturing an image of the identity card through a camera or sensor of a user terminal. For example, the image capture of the identity card and the identity verification procedure may be performed through an identity authentication solution, such as an identity authentication application.

[0038] In one embodiment, the identity verification procedure may include an identity comparison procedure. The identity comparison procedure may be a procedure for verifying whether an identity card held by a user is the user's identity card. The identity comparison procedure may be performed by capturing an image of the user's face through a camera or sensor of the user terminal. For example, the image capture of the user's face and the identity comparison procedure may be performed through an identity authentication solution, such as an identity authentication application.

[0039] In the following, the authentication method of the present disclosure is described.

[0040] The identity authentication system of the present disclosure may be based on various authentication methods depending on the entity determining whether biometric data matches.

[0041] First, the identity authentication system of the present disclosure may be based on a user terminal authentication method (or an identity authentication device authentication method). A user terminal authentication method may mean a method in which the identity of the authentication means biometric data and the registered biometric data is determined by the user terminal, i.e., the identity authentication device. The user terminal may determine whether the authentication means biometric data and the registered biometric data match by comparing the registered biometric data stored in the user terminal with the authentication means biometric data received from another device. Here, the other device may be any one of an identity authentication request device, a server, and a third device. The user terminal may transmit the result of the comparison to another device (which may be the same device as the aforementioned "other device"), and the device that receives the result may allow or deny access to a restricted procedure based on the result.

[0042] Next, the identity authentication system of the present disclosure may be based on an identity request device authentication method. An identity request device authentication method may mean a method in which the identity request device determines whether the identity means biometric data and the registered biometric data match. The identity request device may determine whether the identity means biometric data and the registered biometric data match by comparing the identity means biometric data collected through the identity request device, a part of the identity request device, or a device electrically or telecommunicationally connected to the identity request device with the registered biometric data received from another device. Here, the other device may be any one of a user terminal (i.e., identity authentication device), a server, and a third device. The identity request device may allow or deny access to a restricted procedure based on the result value of the comparison, or transmit the result value of the comparison to another device (which may be the same device as the aforementioned "other device"), and the device that receives the result value may allow or deny access to a restricted procedure based on the result value.

[0043] Next, the identity authentication system of the present disclosure may be based on a server authentication method. A server authentication method may mean a method in which the identity means biometric data and the registered biometric data are determined by a server. The server may determine whether the identity means biometric data and the registered biometric data are matched by comparing the identity means biometric data received from the identity authentication request device with the registered biometric data from the user terminal (i.e., identity authentication device). Based on the result of the comparison, the server may allow or deny access to a restricted procedure, or transmit the result of the comparison to another device, and the device that receives the result may allow or deny access to a restricted procedure based on the result.

[0044] Additionally, the identity authentication system of the present disclosure may be based on an identity authentication device authentication method. An identity authentication device authentication method may mean a method in which the identity authentication device determines whether the authentication means biometric data and the registered biometric data match. An identity authentication device may be a device provided individually to a user terminal (or identity authentication device) or an identity authentication request device, and may be a device provided individually to perform identity authentication without performing other functions. An identity authentication device may receive and store registered biometric data from a user terminal, and then determine whether the authentication means biometric data and the registered biometric data match by comparing the authentication means biometric data and the registered biometric data received thereafter. An identity authentication device may transmit the result of the comparison to another device, and the device that receives the result value may allow or deny access to a restricted procedure based on the result value. Here, the other device may be any one of a user terminal, an identity authentication request device, a server, and a third device.

[0045] FIG. 1 is a block diagram illustrating a personal authentication system according to one embodiment of the present disclosure.

[0046] The identity authentication system of the present disclosure may include an identity authentication device (10) and an identity authentication request device (20).

[0047] In the present disclosure, the identity authentication device (10) may refer to a device owned by a user performing identity authentication. The identity authentication device (10) may be understood as a user terminal, wherein the user terminal may include any type of device capable of storing registered biometric data or determining whether biometric data match through comparison between biometric data. For example, the identity authentication device (10) may be a device equipped with an input / output interface such as a smartphone, mobile phone, tablet PC, PC, PDA (personal digital assistant), laptop, media player, GPS (global positioning system) device, smart glasses, smart watch, camera, and other mobile or non-mobile electronic devices, but is not limited thereto.

[0048] In the present disclosure, the identity authentication request device (20) may refer to a device that requests identity authentication to be performed. The identity authentication request device (20) may detect a user accessing (physically or electronically) the identity authentication request device (20). The identity authentication request device (20) may collect biometric data as an authentication means for the user. The identity authentication request device (20) may transmit the biometric data as an authentication means to another device or determine whether the biometric data match through comparison between the biometric data. For example, the identity authentication request device (20) may be a smartphone, mobile phone, tablet PC, PC, PDA, laptop, media player, GPS device, smart glasses, smart watch, wearable device such as a hair band or ring equipped with communication and data processing functions, a device equipped with an input / output interface such as a camera, and other mobile or non-mobile electronic devices, but is not limited thereto.

[0049] In the present disclosure, an identity authentication system may be used to allow access to a procedure restricted only to a user who has successfully authenticated themselves, and the application of the identity authentication system, i.e., the procedure restricted by the identity authentication system, may be any procedure requiring security compliance.

[0050] For example, a procedure restricted by the identity authentication system is 'payment,' and mobile payment may be automatically approved for a user who has successfully authenticated themselves. For example, a procedure restricted by the identity authentication system is 'entry,' and entry may be permitted for a user who has successfully authenticated themselves, such as by opening an entry barrier gate. For example, if a procedure restricted by the identity authentication system is 'vehicle control,' vehicle control may be permitted, such as by allowing only a user who has successfully authenticated themselves to start the vehicle. For example, if a procedure restricted by the identity authentication system is 'purchase of items from a vending machine,' purchase of items may be permitted, such as by allowing only a user who has successfully authenticated themselves to select items from a vending machine. In addition to the examples described above, the identity authentication system of the present disclosure may be applied to any procedure requiring compliance with security.

[0051] In the present disclosure, the identity authentication request device (20) may be implemented to induce identity authentication for access to a restricted procedure through interaction with a user, such as an electronic kiosk. Accordingly, the identity authentication request device (20) may be implemented in various forms depending on the application of the identity authentication system, i.e., the place of use.

[0052] For example, if the procedure restricted by the identity authentication system is 'payment', the identity authentication request device (20) may be implemented in the form of a POS (point of sales) terminal. For example, if the procedure restricted by the identity authentication system is 'entry', the identity authentication request device (20) may be implemented in the form of an entry blocking gate or an electronic device equipped with an entry blocking gate. For example, if the procedure restricted by the identity authentication system is 'vehicle control', the identity authentication request device (20) may be implemented in the form of an on-board computer mounted on the vehicle. For example, if the procedure restricted by the identity authentication system is 'purchase of goods from a vending machine', the identity authentication request device (20) may be implemented in the form of a vending machine.

[0053] In the identity authentication system of the present disclosure, each of the identity authentication device (10) and the identity authentication request device (20) can transmit and receive data through a network (30). The network (30) can be implemented as a wired network such as a Local Area Network (LAN), a Wide Area Network (WAN), or a Value Added Network (VAN), or as a wireless network such as a mobile radio communication network, a Near Field Communication network, or a satellite communication network. Additionally, the network (30) is a data communication network in a comprehensive sense that enables each network constituent entity shown in FIG. 1 to communicate smoothly with one another, and includes any type of wired internet, wireless internet, and mobile wireless communication network.

[0054] Although not illustrated in FIG. 1, the identity authentication system may include a server. The server can control the entire identity authentication system, and the identity authentication system may further include a server for reasons such as ease of data storage, data distribution, design limitations, and ease of design. In one embodiment, the identity authentication device (10) or the identity authentication request device (20) may transmit and receive some or all of the data to and from each other through the server, rather than directly transmitting and receiving the data to and from each other.

[0055] FIG. 2 is a conceptual diagram illustrating an example of a user performing identity authentication in an identity authentication system according to one embodiment of the present disclosure.

[0056] For convenience, the example illustrated in FIG. 2 is described as an example where the procedure restricted by the identity authentication system is 'entry', but is not limited thereto.

[0057] Referring to FIG. 2, the user (1) may possess an identity verification device (10). The identity verification device (10) may store registered biometric data.

[0058] A user (1) can access the identity verification request device (20). For example, the user (1) may access the identity verification request device (20) to unlock the access blocking gate and pass through the access blocking gate.

[0059] The identity authentication request device (20) can detect access by the user (1). For example, the identity authentication request device (20) can detect access by the user (1) through a camera or sensor mounted on or connected to the identity authentication request device (20). For example, the identity authentication request device (20) can detect access by the user (1) by transmitting specific data or a signal (e.g., an authentication signal to be described later).

[0060] The identity authentication request device (20) that detects the access of the user (1) can collect the user's (1) authentication means biometric data. The user (1) can input their own biometric data through a camera, sensor, or other input / output interface mounted on or connected to the identity authentication request device (20).

[0061] If the identity authentication system is based on a user terminal authentication method, the identity authentication request device (20) can transmit the collected authentication means biometric data to the identity authentication device (10). The identity authentication device (10) that receives the authentication means biometric data can compare the received authentication means biometric data with the stored registered biometric data. The identity authentication device (10) can generate a result value for the comparison.

[0062] If the identity authentication system is based on an identity authentication request device authentication method, the identity authentication request device (20) can receive registered biometric data from the identity authentication device (10). The identity authentication request device (20) can transmit a signal requesting registered biometric data to the identity authentication device (10). Upon receiving the signal requesting registered biometric data, the identity authentication device (10) can transmit the registered biometric data to the identity authentication request device (20). Upon receiving the registered biometric data, the identity authentication request device (20) can compare the received registered biometric data with the collected authentication means biometric data. The identity authentication request device (20) can generate a result value for the comparison.

[0063] In the example of FIG. 2, access to or from the user (1) may be determined based on the generated result value. For example, if the generated result value corresponds to two biometric data matching, the access blocking gate may be released for the user (1). For example, if the generated result value corresponds to two biometric data not matching, the access blocking gate may be maintained for the user (1).

[0064] Meanwhile, the identity authentication system may require additional authentication procedures in addition to identity authentication through biometric data. For example, the identity authentication system may require the user to undergo additional authentication procedures when necessary for security reasons, such as when the security level of the area the user wishes to enter is higher than that of other areas, or when the amount the user wishes to pay is higher than a pre-set amount. In one embodiment, the additional authentication procedure may be required only when the registered biometric data matches the biometric data of the authentication means.

[0065] In one embodiment, the additional authentication procedure may include an identity verification procedure. The identity verification procedure may be a procedure for verifying whether an identity card held by a user is the user's identity card. The identity verification procedure may include capturing an image of the identity card through a camera or sensor of the identity authentication device (10) or identity authentication request device (20), capturing an image of the user's face, and comparing the image of the identity card with the image of the face.

[0066] Meanwhile, a method for specifying the identity authentication device (10) in the identity authentication system may be problematic. That is, a problem may arise as to how to specify the target for which the identity authentication request device (20) requests the transmission of collected authentication means biometric data or the transmission of registered biometric data.

[0067] In one embodiment, the identity authentication request device (20) can identify the identity authentication device (10) based on identification information input by the user (1). In this embodiment, the identity authentication request device (20) may include an interface through which the user (1) can input device identification data, and may receive the input of the user's (1) device identification data through the interface. The device identification data may be data used to identify the user's terminal, i.e., the identity authentication device. For example, the device identification data may include one or more of a phone number, a membership number, and a resident registration number.

[0068] In another embodiment, the identity authentication request device (20) can identify the identity authentication device (10) by detecting the nearest device. In this embodiment, the identity authentication request device (20) can detect the nearest device through any suitable method. For example, the identity authentication request device (20) may include a plurality of nodes or channels and may measure the distance based on signals transmitted and received between the plurality of nodes or channels and the identity authentication device. For example, the plurality of nodes or channels may be nodes or channels for transmitting and receiving beacon signals.

[0069] In another embodiment, the identity authentication request device (20) may identify the identity authentication device (10) based on a pre-arranged sound signal. In this embodiment, the pre-arranged sound signal may refer to a sound signal that the identity authentication device (10) can detect in the identity authentication system. The identity authentication device (10) may detect the sound signal and determine whether the detected sound signal is a pre-arranged sound signal transmitted by the identity authentication request device (20). If the identity authentication device (10) determines that the detected sound signal is a pre-arranged sound signal, it may transmit device identification data of the identity authentication device (10) to the identity authentication request device (20) or a server. The identity authentication request device (20) may identify the identity authentication device (10) based on the device identification data.

[0070] Meanwhile, in the identity authentication system according to the various embodiments described below, hands-free identity authentication can be performed, and a method is presented in which the identification of the identity authentication device (10) is automatically performed.

[0071] FIG. 3 is a flowchart for explaining the identity authentication process according to the identity authentication request device authentication method of the present disclosure.

[0072] The identity verification process illustrated in FIG. 3 illustrates only the procedures or components related to one embodiment, and it is obvious to a person skilled in the art that other general procedures or components may be included in addition to the procedures illustrated in FIG. 3.

[0073] As described above, the identity authentication system of the present disclosure may be based on an identity authentication request device authentication method. An identity authentication request device authentication method may mean a method in which the identity authentication request device determines whether the authentication means biometric data and the registered biometric data match.

[0074] Referring to FIG. 3, in step 301, the identity authentication request device (20) can collect authentication means biometric data.

[0075] For example, the identity authentication request device (20) can collect authentication means biometric data based on detecting user access.

[0076] Referring to FIG. 3, in step 302, the identity authentication device (10) can transmit registered biometric data to the identity authentication request device (20).

[0077] Although not illustrated in FIG. 3, the identity authentication device (10) can receive a signal requesting the transmission of registered biometric data and, based on receiving the signal requesting the transmission of registered biometric data, can transmit the registered biometric data.

[0078] In a specific embodiment, the identity authentication request device (20) may detect access by a user terminal. Detecting access by a user terminal and detecting access by a user may be distinct procedures. Based on detecting access by a user terminal, the identity authentication request device (20) may transmit an access detection signal. The access detection signal may be a signal that informs the identity authentication device (10) that the identity authentication request device (20) has detected access by a user terminal. The access detection signal may include a signal requesting the transmission of registered biometric data. Based on receiving the access detection signal, the identity authentication device (10) may transmit the registered biometric data. Upon receiving the access detection signal, the identity authentication device (10) may decide to perform a procedure for transmitting the registered biometric data.

[0079] Referring to FIG. 3, in step 303, the identity authentication request device (20) can determine whether the data matches.

[0080] The identity authentication request device (20) can compare the registered biometric data received from the identity authentication device (10) with the collected authentication means biometric data. The identity authentication request device (20) can calculate the match rate between the registered biometric data and the authentication means biometric data. The identity authentication request device (20) can determine that the data is matched based on the match rate being greater than or equal to a threshold value, and determine that the data is inconsistent based on the match rate being less than or equal to a threshold value.

[0081] The identity verification request device (20) may allow or deny access to a restricted procedure based on the result of comparing the registered biometric data and the authentication means biometric data.

[0082] Referring to FIG. 3, in step 304, the identity authentication device (10) can receive a result value for comparison.

[0083] The identity authentication request device (20) can transmit the result of the comparison between the registered biometric data and the authentication means biometric data to the identity authentication device (10).

[0084] Meanwhile, although not illustrated in FIG. 3, the identity authentication system may further include a server. Data transmission and reception between the identity authentication request device (20) and the identity authentication device (10) may be performed through the server.

[0085] For example, the identity authentication device (10) can transmit or upload registered biometric data to a server. The identity authentication request device (20) can receive or download registered biometric data from the server. For example, the identity authentication request device (20) can transmit or upload a result value for comparison to a server. The identity authentication device (10) can receive or download a result value for comparison from the server.

[0086] FIG. 4 is a flowchart for explaining the identity verification process according to the user terminal authentication method of the present disclosure.

[0087] The identity verification process illustrated in FIG. 4 illustrates only the procedures or components related to one embodiment, and it is obvious to a person skilled in the art that other general procedures or components may be included in addition to the procedures illustrated in FIG. 4.

[0088] As described above, the identity authentication system of the present disclosure may be based on a user terminal authentication method. A user terminal authentication method may mean a method in which the identity of the authentication means biometric data and the registered biometric data is determined by the user terminal, i.e., the identity authentication device.

[0089] Referring to FIG. 4, in step 401, the identity authentication request device (20) can collect authentication means biometric data.

[0090] For example, the identity authentication request device (20) can collect authentication means biometric data based on detecting user access.

[0091] Referring to FIG. 4, in step 402, the identity authentication request device (20) can transmit the collected authentication means biometric data to the identity authentication device (10).

[0092] The identity authentication request device (20) can identify the identity authentication device (10) based on any suitable means and transmit the authentication means biometric data to the identified identity authentication device (10).

[0093] Referring to FIG. 4, in step 403, the identity authentication device (10) can determine whether the data matches.

[0094] The identity authentication device (10) can compare the authentication means biometric data received from the identity authentication request device (20) with the registered biometric data. The identity authentication device (10) can calculate the match rate between the registered biometric data and the authentication means biometric data. The identity authentication device (10) can determine that the data is matched based on the match rate being greater than or equal to a threshold value, and determine that the data is inconsistent based on the match rate being less than or equal to a threshold value.

[0095] Referring to FIG. 4, in step 404, the identity authentication request device (20) can receive a result value for comparison.

[0096] The identity authentication device (10) can transmit the result of the comparison between the registered biometric data and the authentication means biometric data to the identity authentication request device (20).

[0097] The identity authentication request device (20) may allow or deny access to a restricted procedure based on the result of comparing the registered biometric data and the authentication means biometric data, that is, based on the received result value.

[0098] Meanwhile, although not illustrated in FIG. 4, the identity authentication system may further include a server. Data transmission and reception between the identity authentication request device (20) and the identity authentication device (10) may be performed through the server.

[0099] For example, the identity authentication request device (20) can transmit or upload biometric authentication data to a server. The server can transmit biometric authentication data to the identity authentication device (10). For example, the identity authentication device (10) can transmit or upload a result value for comparison to a server. The identity authentication request device (20) can receive or download a result value for comparison from the server.

[0100] In the following, an identity authentication method, an identity authentication device, and an identity authentication system capable of detecting malicious users are described.

[0101] FIG. 5 is a flowchart for explaining a personal authentication procedure according to one embodiment of the present disclosure.

[0102] The identity authentication procedure illustrated in FIG. 5 may be based on an identity authentication request device authentication method and can be understood as being performed by the identity authentication request device, specifically, by the processor of the identity authentication request device.

[0103] In one embodiment, at step 501, the identity authentication request device can detect user access.

[0104] In one embodiment, the identity authentication request device may detect user access through a device that is included in the identity authentication request device or is electrically or telecommunicationally connected to the identity authentication request device.

[0105] In one embodiment, at step 502, the identity authentication request device can collect the user's actions.

[0106] In one embodiment, the identity authentication request device may collect user behavior based on detecting user access. User behavior refers to behavior that is unconsciously manifested and may include any type of behavior that can be used to identify the user. For example, user behavior may include the user's posture, gestures, head movements, arm movements, gait, etc. For example, user behavior may be a combination of two or more of the user's posture, gestures, head movements, arm movements, and gait.

[0107] In one embodiment, the identity authentication request device may include a device capable of collecting user behavior, or may be electrically or telecommunicationally connected to a device capable of collecting user behavior. For example, a device capable of collecting user behavior may include a camera, a motion sensor, a radar sensor, etc.

[0108] In one embodiment, at step 503, the identity authentication request device can generate and store behavior data.

[0109] In one embodiment, the identity authentication request device may include a behavior analysis model capable of analyzing collected user behavior. In one embodiment, the behavior analysis model may be an artificial intelligence learning and inference model. The behavior analysis model may be trained to analyze collected user behavior, extract features, and generate or output behavior data. In one embodiment, the behavior analysis model may include a model for estimating poses, a model for detecting or tracking objects, a model for analyzing time-series data, a multimodal model, etc. The identity authentication request device may generate behavior data through the behavior analysis model.

[0110] In one embodiment, the identity authentication request device may store generated behavioral data. Storing behavioral data may include matching or assigning identification data capable of identifying a user to the generated behavioral data.

[0111] In one embodiment, at step 504, the identity authentication request device can collect authentication means biometric data.

[0112] In one embodiment, the identity authentication request device may collect authentication means biometric data based on generating and storing behavioral data. Meanwhile, in another embodiment, the order of execution of step 504 may differ from that shown in FIG. 5. For example, the identity authentication request device may collect authentication means biometric data based on detecting user access.

[0113] In one embodiment, at step 505, the identity authentication request device can perform identity authentication processing based on the authentication means biometric data and the registered biometric data.

[0114] In one embodiment, the identity authentication request device compares the authentication means biometric data and the registered biometric data, and based on the result of the comparison, may allow or deny access to the restricted procedure.

[0115] Below, with reference to FIG. 6, the procedure of step 505 will be explained in detail.

[0116] FIG. 6 is a flowchart for explaining the process of performing identity authentication according to one embodiment of the present disclosure.

[0117] Referring to Fig. 6, the procedure of the aforementioned step 505 is illustrated in more detail.

[0118] As described above, the identity authentication request device can perform identity authentication processing based on the authentication means biometric data and the registered biometric data.

[0119] In one embodiment, performing identity authentication processing may include determining whether registered biometric data has been received.

[0120] Referring to FIG. 6, in step 601, the identity authentication request device can determine whether registered biometric data has been received.

[0121] Referring to FIG. 6, in step 602, the identity authentication request device can determine whether the authentication means biometric data and the registered biometric data match.

[0122] In one embodiment, the identity authentication request device may determine whether the authentication means biometric data and the registered biometric data match based on determining that the registered biometric data has been received. The identity authentication request device may determine that the authentication means biometric data and the registered biometric data match based on the fact that the matching rate between the authentication means biometric data and the registered biometric data is greater than or equal to a threshold value.

[0123] Referring to FIG. 6, in step 603, the identity authentication request device may allow access to a restricted procedure.

[0124] In one embodiment, the identity authentication request device may allow access to a restricted procedure for a user based on determining that the authentication means biometric data and the registration biometric data match.

[0125] In one embodiment, the identity authentication request device may delete stored behavioral data based on allowing the user access to a restricted procedure.

[0126] Meanwhile, referring to FIG. 6, in step 604, the identity authentication request device can add the user to a blacklist.

[0127] In one embodiment, the identity authentication request device may add a user to a blacklist based on determining that registered biometric data has not been received.

[0128] As described above, registered biometric data may be transmitted by an identity authentication device. The fact that registered biometric data has not been received may mean that the identity authentication device has not transmitted the registered biometric data. The fact that the identity authentication device has not transmitted the registered biometric data may mean that the identity authentication device has not received a signal requesting the transmission of registered biometric data, or that the identity authentication device is a device incapable of receiving and processing a signal requesting the transmission of registered biometric data. In other words, the fact that registered biometric data has not been received may be understood as meaning that there is no identity authentication device equipped with the function to access the identity authentication system. Furthermore, the fact that one does not possess an identity authentication device equipped with the function to access the identity authentication system may be understood as meaning that the user accessing the identity authentication request device does not possess the appropriate qualifications.

[0129] In another embodiment, the identity authentication request device may add a user to a blacklist based on determining that the authentication means biometric data and the registered biometric data do not match.

[0130] The fact that registered biometric data has been received but does not match the authentication method biometric data corresponding to the user may mean that the registered biometric data was received from a terminal of a user other than the user who provided the authentication method biometric data. This situation can also be understood as a situation where the user accessing the identity authentication request device does not possess the appropriate qualifications.

[0131] In one embodiment, the identity authentication request device may add a user to a blacklist based on stored behavioral data. As described above, the identity authentication request device may collect user behavior and generate and store behavioral data (steps 502 and 503 of FIG. 5). Adding a user to a blacklist may mean storing the generated behavioral data as information.

[0132] In one embodiment, the identity authentication request device can perform processing on a user on a blacklist based on the detection of behavior data corresponding to behavior data added to a blacklist.

[0133] In one embodiment, the identity authentication request device may generate behavioral data (e.g., step 503 of FIG. 5) and then determine whether information corresponding to the generated behavioral data exists on a blacklist. In one embodiment, the identity authentication request device may determine that a malicious user exists based on the determination that information corresponding to the generated behavioral data exists on the blacklist, and may switch the state of the device to an emergency state. That is, the identity authentication request device may determine that the user corresponding to the generated behavioral data is a malicious user. For example, the identity authentication request device may transmit a signal regarding the occurrence of an emergency situation to a server. For example, the identity authentication request device may provide an alarm or message regarding the occurrence of an emergency situation to the administrator of the identity authentication request device or the identity authentication system. Unpaid amounts or fines may be charged to the malicious user.

[0134] In one embodiment, the identity authentication request device adding a user to a blacklist (e.g., 604 in FIG. 6) may include determining whether the user corresponding to the generated behavioral data already exists in the blacklist. In one embodiment, the identity authentication request device may switch the state of the device to an emergency state based on the determination that the user corresponding to the generated behavioral data already exists in the blacklist. For example, the identity authentication request device may transmit a signal regarding the occurrence of an emergency situation to a server. For example, the identity authentication request device may provide an alarm or message regarding the occurrence of an emergency situation to an administrator of the identity authentication request device or the identity authentication system.

[0135] FIG. 7 is a flowchart for explaining a personal authentication procedure according to one embodiment of the present disclosure.

[0136] The identity authentication procedure illustrated in FIG. 7 may be based on a user terminal authentication method and can be understood as being performed by an identity authentication request device, specifically by a processor of the identity authentication request device.

[0137] In one embodiment, at step 701, the identity authentication request device can detect user access.

[0138] In one embodiment, at step 702, the identity authentication request device can collect the user's actions.

[0139] In one embodiment, at step 703, the identity authentication request device can generate and store behavioral data.

[0140] Steps 701 to 703 can correspond to steps 501 to 503 described above with reference to FIG. 5, respectively, so details will be omitted.

[0141] In one embodiment, at step 704, the identity authentication request device can collect authentication means biometric data.

[0142] Below, with reference to FIG. 8, the procedure of step 704 will be explained in detail.

[0143] FIG. 8 is a flowchart illustrating the process of collecting biometric data for authentication means according to one embodiment of the present disclosure.

[0144] Referring to FIG. 8, the procedure of step 704 described above is illustrated in more detail.

[0145] As described above, the identity authentication request device can collect biometric data of the authentication means.

[0146] In one embodiment, collecting authentication means biometric data may include attempting to collect authentication means biometric data. For example, a user may attempt to access a restricted procedure without providing authentication means biometric data. In this case, the identity authentication request device may not be able to collect authentication means biometric data.

[0147] Referring to FIG. 8, in step 801, the identity authentication request device may attempt to collect biometric data of the authentication means.

[0148] In one embodiment, collecting authentication means biometric data may include determining whether the collection of authentication means biometric data was successful.

[0149] Referring to FIG. 8, in step 802, the identity authentication request device can determine whether the collection of authentication means biometric data was successful.

[0150] In one embodiment, the identity authentication request device may transmit the authentication means biometric data (step 705) as described below, based on the success of collecting the authentication means biometric data.

[0151] In one embodiment, collecting authentication means biometric data may include adding a user to a blacklist based on the failure to collect authentication means biometric data.

[0152] Referring to FIG. 8, in step 803, the identity authentication request device may add the user to a blacklist based on the failure to collect biometric data of the authentication means.

[0153] This makes it possible to impose sanctions on malicious users who intentionally refuse to provide biometric authentication data.

[0154] With reference to FIG. 6 regarding the blacklist of the present disclosure, the above-described embodiment may likewise be applied to step 803.

[0155] Meanwhile, the process illustrated in Fig. 8 can also be applied to step 504 of Fig. 5.

[0156] Returning to FIG. 7, in one embodiment, at step 705, the identity authentication request device can transmit authentication means biometric data.

[0157] In this embodiment, the fact that the identity authentication request device transmits biometric data of the authentication means may be because this embodiment is based on a user terminal authentication method.

[0158] Subsequently, as described above with reference to FIG. 4, the identity authentication device receives authentication means biometric data transmitted by the identity authentication request device and can compare the received authentication means biometric data with the registered biometric data. The identity authentication device can determine whether the authentication means biometric data and the registered biometric data match. The identity authentication device can transmit a result value for the comparison. The identity authentication request device can receive the result value for the comparison.

[0159] In one embodiment, at step 706, the identity authentication request device may perform identity authentication processing based on the result value.

[0160] In one embodiment, the identity authentication request device may allow or deny access to a restricted procedure based on a result value.

[0161] Below, with reference to FIG. 9, the procedure of step 706 will be explained in detail.

[0162] FIG. 9 is a flowchart for explaining the process of performing identity authentication according to one embodiment of the present disclosure.

[0163] Referring to FIG. 9, the procedure of step 706 described above is illustrated in more detail.

[0164] As described above, the identity authentication request device can perform identity authentication processing based on the result value.

[0165] In one embodiment, performing identity authentication processing may include determining whether the authentication means biometric data and the registered biometric data match. The identity authentication request device may determine whether the authentication means biometric data and the registered biometric data match based on a received result value.

[0166] Referring to FIG. 9, in step 901, the identity authentication request device can determine whether the authentication means biometric data and the registered biometric data match.

[0167] Referring to FIG. 9, in step 902, the identity authentication request device may allow access to a restricted procedure.

[0168] In one embodiment, the identity authentication request device may allow access to a restricted procedure based on determining that the authentication means biometric data and the registration biometric data match.

[0169] In one embodiment, the identity authentication request device may delete stored behavioral data based on allowing the user access to a restricted procedure.

[0170] Meanwhile, referring to FIG. 9, in step 903, the identity authentication request device can add the user to a blacklist.

[0171] In one embodiment, the identity authentication request device may add a user to a blacklist based on determining that the authentication means biometric data and the registered biometric data do not match.

[0172] In one embodiment, determining that the authentication means biometric data and the registered biometric data do not match may include failing to receive a result value. For example, if the authentication request device does not receive a result value even after a threshold time has elapsed following the transmission of the authentication means biometric data, it may determine that the authentication means biometric data and the registered biometric data do not match.

[0173] Specifically, the case where the identity authentication request device receives a result value but the result value does not match the authentication means biometric data and the registered biometric data may be a case where the user who provided the authentication means biometric data does not match the legitimate user of the identity authentication device equipped with a function for accessing the identity authentication system. On the other hand, the case where the identity authentication request device does not receive a result value may be a case where a user who does not possess a user terminal accesses a restricted procedure. According to the embodiment of adding a user to a blacklist according to the present disclosure, sanctions may be imposed in both cases.

[0174] With reference to FIG. 6 regarding the blacklist of the present disclosure, the above-described embodiment may likewise be applied to step 903.

[0175] FIG. 10 is a flowchart for specifically explaining the process of a user authentication request device detecting access by a user terminal according to one embodiment of the present disclosure.

[0176] As mentioned above, detecting access by a user terminal and detecting access by a user can be distinct procedures.

[0177] In one embodiment, at step 1001, the identity authentication request device (20) can detect user access.

[0178] In one embodiment, the identity authentication request device (20) can detect access of a user terminal based on detecting access of a user.

[0179] Step 1001 may correspond to Step 501 of FIG. 5 or Step 701 of FIG. 7. Accordingly, the procedure following Step 1001 illustrated in FIG. 10 may be performed after Step 501 of FIG. 5 or Step 701 of FIG. 7.

[0180] In one embodiment, at step 1002, the identity authentication request device (20) can transmit an authentication signal and monitor the server.

[0181] In one embodiment, the identity authentication request device (20) can transmit an authentication signal and monitor the server based on detecting the user's access.

[0182] In one embodiment, the authentication signal may be a signal configured to enable the authentication device (10) to perform a corresponding operation upon receiving it. Here, the corresponding operation may be transmitting a state update request signal, as described below.

[0183] In one embodiment, the identity authentication request device (20) monitors the server (40) to detect changes in specific data of the server (40). As described below, the identity authentication request device (20) can detect that the status of the identity authentication device (10) is updated by monitoring the server (40), and thereby detect that the identity authentication device (10) or the user's terminal has accessed it.

[0184] In one embodiment, at step 1003, the identity authentication device (10) can receive an authentication signal.

[0185] In one embodiment, the identity authentication device (10) can receive an authentication signal transmitted by the identity authentication request device (20). The identity authentication device (10) may include an interface capable of receiving an authentication signal transmitted by the identity authentication request device (20).

[0186] In one embodiment, at step 1004, the identity authentication device (10) can transmit a status update request signal to the server (40).

[0187] In one embodiment, the identity authentication device (10) may transmit a state update request signal based on receiving an authentication signal. The state update request signal may be a signal for requesting the server (40) to update the state of the identity authentication device (10) by notifying that the authentication signal has been received. The identity authentication device (10) may include an interface capable of transmitting the state update request signal.

[0188] In one embodiment, at step 1005, the server (40) can update the status of the identity authentication device (10).

[0189] In one embodiment, the server (40) can update the state corresponding to the authentication device (10) based on receiving a state update request signal from the authentication device (10).

[0190] In one embodiment, at step 1006, the identity authentication request device (20) can detect an update of the state.

[0191] As described above, the identity authentication request device (20) can monitor the server (40) and detect a change in specific data in the server (40), wherein the change in specific data may be related to the state of the identity authentication device (10) that is updated by the server (40).

[0192] In one embodiment, after step 1006, if the identity authentication system is based on a user terminal authentication method, the identity authentication request device (20) can collect authentication means biometric data.

[0193] In one embodiment, after step 1006, if the identity authentication system is based on the identity authentication request device authentication method, the identity authentication request device (20) can transmit an access detection signal to the identity authentication device (10).

[0194] Specifically, in one embodiment, the identity authentication request device (20) may transmit an access detection signal based on detecting access by a user terminal. The access detection signal may be a signal that informs the identity authentication device (10) that the identity authentication request device (20) has detected access by a user terminal.

[0195] In one embodiment, the identity authentication request device (20) may transmit registered biometric data to a server (40) based on receiving an access detection signal. Upon receiving the access detection signal, the identity authentication request device (20) may determine that it must perform a procedure to transmit the registered biometric data.

[0196] In one embodiment, the identity authentication request device (20) can monitor the server (40) and detect that the identity authentication device (10) transmits registered biometric data, that is, that the server (40) receives the registered biometric data. In one embodiment, the identity authentication request device (20) can download the registered biometric data. The registered biometric data downloaded by the identity authentication request device (20) may be the registered biometric data transmitted by the identity authentication device (10) to the server (40).

[0197] Individual embodiments of the identity authentication system of the present disclosure are described below.

[0198] In one embodiment, the identity authentication request device may determine at least some of the number of accessed users, the number of times authentication means biometric data is collected, the number of times registered biometric data is received, the number of times authentication means biometric data and registered biometric data are compared, and the number of times result values ​​are transmitted or received. Based on at least some of the number of accessed users, the number of times authentication means biometric data is collected, the number of times authentication means biometric data and registered biometric data are compared, and the number of times result values ​​are transmitted or received, the identity authentication request device may determine that a malicious user exists and switch the state of the device to an emergency state. In one embodiment, the identity authentication request device may include a model for detecting and tracking people to determine the number of accessed users.

[0199] For example, if the identity authentication system is based on an authentication method of an identity authentication request device, in one embodiment, the identity authentication request device may determine that a malicious user exists if the number of accessed users does not match the number of times biometric data of the authentication means is collected. In another embodiment, the identity authentication request device may determine that a malicious user exists if the number of accessed users does not match the number of times registered biometric data is received.

[0200] For example, if the identity authentication system is based on a user terminal authentication method, in one embodiment, the identity authentication request device may determine that a malicious user exists if the number of accessed users does not match the number of times biometric data of the authentication means is collected. In another embodiment, the identity authentication request device may determine that a malicious user exists if the number of accessed users does not match the number of times result values ​​are received.

[0201] In one embodiment, the identity authentication request device can detect a user who has not provided authentication means biometric data. Based on a model for detecting and tracking accessing users, the identity authentication request device can detect and track users and determine whether the detected and tracked user takes the action of providing authentication means biometric data. Based on the detection of a user who has not provided authentication means biometric data, the identity authentication request device can determine that a malicious user exists. According to the present embodiment, a malicious user attempting to access a restricted procedure by piggybacking on another user's identity authentication, for example, by closely following another user, can be detected.

[0202] In one embodiment, a personal authentication request device may include means for collecting multiple authentication means biometric data, and each of the means for collecting multiple authentication means biometric data may collect the authentication means biometric data individually. Among the authentication means biometric data collected by the means for collecting multiple authentication means biometric data, identical authentication means biometric data may be deleted, except for one authentication means biometric data. According to the present embodiment, the omission of authentication means biometric data collection due to functional errors can be prevented.

[0203] FIG. 11 is a flowchart of a personal authentication method according to one embodiment of the present disclosure.

[0204] The operations illustrated in FIG. 11 can be performed by an identity authentication request device or a processor of an identity authentication request device.

[0205] Referring to FIG. 11, in step 1110, the processor can collect user behavior based on detecting user access and generate behavior data corresponding to the user.

[0206] In one embodiment, the user's action may be any one of the user's posture, gesture, head movement, arm movement, and gait, or a combination of two or more of the user's posture, gesture, head movement, arm movement, and gait.

[0207] In one embodiment, the processor may further perform the step of detecting access of a user terminal based on detecting access of a user.

[0208] Referring to FIG. 11, in step 1120, the processor can collect authentication means biometric data based on generating behavioral data.

[0209] Referring to FIG. 11, in step 1130, the processor can compare the authentication means biometric data and the registration biometric data.

[0210] In one embodiment, the processor may further perform the step of receiving registered biometric data.

[0211] Referring to FIG. 11, in step 1140, the processor may, based on the result of the comparison, allow the user access to the restricted procedure or add the user to a blacklist.

[0212] In one embodiment, access to a restricted procedure is granted to a user based on determining that the authentication means biometric data and the registration biometric data match, and the user may be added to a blacklist based on determining that the authentication means biometric data and the registration biometric data do not match.

[0213] In one embodiment, step 1140 may be based on behavioral data.

[0214] In one embodiment, the processor may further perform the step of determining whether information corresponding to behavioral data exists on a blacklist and the step of determining a user as a malicious user based on the determination that information corresponding to behavioral data exists on the blacklist.

[0215] FIG. 12 is a block diagram of a device according to one embodiment of the present disclosure.

[0216] The device (1200) illustrated in FIG. 12 may be at least one of the aforementioned identity authentication device (10), identity authentication request device (20), and server (40).

[0217] Referring to FIG. 12, the device (1200) may include a communication unit (1210), a processor (1220), and a DB (1230). Only the components related to the embodiment are shown in the device (1200) of FIG. 9. Therefore, a person skilled in the art will understand that other general-purpose components may be included in addition to the components shown in FIG. 9.

[0218] The communication unit (1210) may include one or more components that enable wired / wireless communication with an external server or external device. For example, the communication unit (1210) may include at least one of a short-range communication unit (not shown), a mobile communication unit (not shown), and a broadcast receiving unit (not shown).

[0219] The DB (1230) is hardware that stores various data processed within the device (1200) and can store programs for processing and controlling the processor (1220). The DB (1230) can store payment information, user information, etc.

[0220] DB (1230) may include RAM (random access memory), such as DRAM (dynamic random access memory) and SRAM (static random access memory), ROM (read-only memory), EEPROM (electrically erasable programmable read-only memory), CD-ROM, Blu-ray or other optical disc storage, HDD (hard disk drive), SSD (solid state drive), or flash memory.

[0221] The processor (1220) controls the overall operation of the device (1200). For example, the processor (1220) can control the input unit (not shown), display (not shown), communication unit (1210), DB (1230), etc., by executing programs stored in the DB (1230). The processor (1220) can control the operation of the device (1200) by executing programs stored in the DB (1230).

[0222] The processor (1220) can control at least some of the operations of the device (1200) described above in FIGS. 1 to 11.

[0223] The processor (1220) may be implemented using at least one of ASICs (application specific integrated circuits), DSPs (digital signal processors), DSPDs (digital signal processing devices), PLDs (programmable logic devices), FPGAs (field programmable gate arrays), controllers, microcontrollers, microprocessors, and other electrical units for performing functions.

[0224] In one embodiment, the device (1200) may be a mobile electronic device. For example, the device (1200) may be implemented as a smartphone, tablet PC, PC, smart TV, PDA (personal digital assistant), laptop, media player, navigation, a device equipped with a camera, and other mobile electronic devices. Additionally, the device (1200) may be implemented as a wearable device such as a watch, glasses, a hair band, and a ring equipped with communication functions and data processing functions.

[0225] An embodiment according to the present invention may be implemented in the form of a computer program that can be executed through various components on a computer, and such a computer program may be recorded on a computer-readable medium. In this case, the medium may include a magnetic medium such as a hard disk, a floppy disk, and a magnetic tape, an optical recording medium such as a CD-ROM and a DVD, a magneto-optical medium such as a floptical disk, and a hardware device specifically configured to store and execute program instructions, such as a ROM, RAM, or flash memory.

[0226] Meanwhile, the above-mentioned computer program may be one specifically designed and configured for the present invention, or one known and available to those skilled in the art of computer software. Examples of computer programs may include machine code, such as that generated by a compiler, as well as high-level language code that can be executed by a computer using an interpreter, etc.

[0227] According to one embodiment, the method according to various embodiments of the present disclosure may be provided by being included in a computer program product. The computer program product may be traded between a seller and a buyer as a product. The computer program product may be distributed in the form of a device-readable storage medium (e.g., compact disc read-only memory (CD-ROM)), or distributed online (e.g., download or upload) through an application store (e.g., Play Store™) or directly between two user devices. In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily created in a device-readable storage medium, such as the memory of a manufacturer's server, an application store's server, or a relay server.

[0228] Unless explicitly stated otherwise regarding the steps constituting the method according to the present invention, said steps may be performed in a suitable order. The present invention is not necessarily limited by the order in which said steps are described. The use of all examples or exemplary terms (e.g., etc.) in the present invention is merely for the purpose of describing the present invention in detail, and the scope of the present invention is not limited by said examples or exemplary terms unless limited by the claims. Furthermore, those skilled in the art will understand that various modifications, combinations, and changes may be made according to design conditions and factors within the scope of the claims or equivalents to which they are added.

[0229] Accordingly, the scope of the present invention should not be limited to the embodiments described above, and all scopes equivalent to or equivalently modified from the claims set forth below, as well as the claims set forth below, shall be considered to fall within the scope of the concept of the present invention.

Claims

1. A method of identity authentication performed by an identity authentication request device, A step of collecting the user's behavior based on detecting the user's access and generating behavior data corresponding to the user; A step of collecting authentication means biometric data based on generating the above behavioral data; A step of comparing the above-mentioned authentication means biometric data and registered biometric data; and Based on the result of the above comparison, a step of allowing the user access to a restricted procedure or adding the user to a blacklist; including, method.

2. In Paragraph 1, The step of adding the above user to the blacklist is, Based on the above behavioral data, method.

3. In Paragraph 1, A step of determining whether information corresponding to the behavior data exists on the blacklist; and A step of determining the user as a malicious user based on determining that information corresponding to the behavioral data exists on the blacklist; including, method.

4. In Paragraph 1, Based on determining that the above authentication means biometric data and the above registration biometric data match, access to a restricted procedure is granted to the user, and Based on the determination that the above authentication means biometric data and the above registration biometric data do not match, the user is added to the above blacklist. method.

5. In Paragraph 1, A step of receiving the above-mentioned registered biometric data; including, method.

6. In Paragraph 1, The behavior of the above user is, Any one of the user’s posture, gestures, head movements, arm movements, and gait, or a combination of two or more of the user’s posture, gestures, head movements, arm movements, and gait. method.

7. In Paragraph 1, A step of detecting access of a user terminal based on detecting access of the above-mentioned user; including, method.

8. As a device for requesting identity verification, Memory in which at least one program is stored; and A processor that operates by executing at least one of the above programs; comprising, The above processor is, Based on detecting user access, the behavior of the said user is collected to generate behavior data corresponding to the said user, and Based on generating the above behavioral data, authentication means biometric data is collected, and Compare the above authentication means biometric data and registered biometric data, and Based on the results of the above comparison, allowing the user access to restricted procedures or adding the user to a blacklist, device.

9. A computer-readable recording medium storing a program for executing the method according to paragraph 1 on a computer.