Recently, an integrated circuit (IC) chip having a financial function, for example, a smart card used as a credit card, is being used as a payment means in lieu of cash because of the great convenience provided by use of the IC chip.
Despite the convenience, there have been reports of accidents, for example, physical duplication of the card and hacking of card numbers, associated with the IC chip having a financial function. Thus, a reliable identification process may be required.
The identification process may be performed by verifying unique information of a user, for example, a personal identification number (PIN), at a time of payment. Although the PIN may be an only means to authenticate the user, the PIN has a risk of being ineffective due to a PIN leak caused by, for example, hacking into a server of a financial institution.
For example, Korean Patent Publication No. 10-2007-0084351, titled “Secure Sensor Chip,” discloses a method and device for providing a secure sensor chip with a controlled physical random function (CPUF) provided in a coded form for recording digital information regarding at least one physical parameter. However, although the secure sensor chip is applied to a credit card, a risk of the PIN leak due to a server of a financial institution being hacked may still exist.
In general, a financial institution, for example, a credit card company, issues a PIN to a user, the financial institution stores the PIN, and payment is authorized when the user correctly inputs the PIN issued by the financial institution. In this case, the financial institution may not be exempted from responsibility for unjustifiable use that may occur when the PIN is revealed by a security attack.
Thus, a conventional method of issuing and managing a PIN may pose the risk of the PIN leak caused by a security accident including a hacking attack on a financial institution.