KR100960517B1 - user authentication method of having used graphic OTP and user authentication system using the same - Google Patents

Abstract

The present invention is a graphic OTP authentication system using a numeric keypad for the input of a password to randomly arrange the numbers on the keypad and to input the distance between the numbers in the order of the password. Therefore, the present invention relates to a graphic OTP authentication method that uses the same number as the existing password but induces a different input every time, and an authentication system using the same.

Graphic OTP authentication method of the present invention comprises the first step of receiving an ID of the user through the input unit of the authentication system; A second step of searching for an ID of the user stored in a storage unit and searching for a password corresponding to the ID; A third step of arranging an arbitrary number on a keypad displayed on the screen of the authentication system using a keypad arrangement algorithm and arranging different key identification marks on each key arbitrarily; A fourth step of locating the password and calculating a password movement path on the arranged keypad; A fifth step in which the key identification display is moved in the same direction as the direction key each time the direction key is input and calculates coordinates to which the direction key is input; A sixth step of comparing the input movement path with the calculated movement path when an input button is input; And a seventh step of allowing user authentication when the input movement route and the arrival coordinates of the calculated movement route coincide with each other.

GOTP, OTP, Disposable, Graphic, Picture, Icon, Password, Keypad, Safe, Door lock, ATM

Description

User authentication method of having used graphic OTP and user authentication system using the same}

The present invention relates to a graphic OTP authentication method, and more particularly to a graphic OTP authentication method for generating a one-time password using the same number as the existing password, and to induce different input every time authentication, and authentication system using the same will be.

Graphic One time password (GOTP) is one of graphic OTP (One Oime Password), which is the distance between images arranged on the screen using a graphic interface. You can enter the password as a distance input value that changes with the array of images that changes each time.

Through the graphical interface, the user can obtain a significant improvement in the ease of memory and the validity of the memory and secure the security. However, in actual use, the input value and password are separated and managed by simply inputting by using the arrow keys without being aware of OTP, and are safe from shoulder surfing, and can prevent phishing and pharming. have.

It is often uncomfortable to be behind someone when using a password key or cash machine attached to the entrance. The reason is that I am concerned about my password being exposed. The person standing behind will also feel uncomfortable. GOTP is a technology that eliminates this inconvenience, that is, technology developed with the goal of allowing users to securely enter their passwords even if they are watching from behind.

In general, the GOTP transmits one or more graphic images to the user terminal, and the user inputs coordinate values through the keyboard to virtually move a predetermined matching image by checking the transmitted images.

That is, the user selects one or more images corresponding to his key instead of the password and stores them in the server. Subsequently, in the case of performing GOTP for user authentication, the server arranges the images by transmitting an image set in which an additional image different from the image stored by the corresponding user is arranged at a predetermined position to the user's terminal. The user checks the image set displayed on the terminal and inputs a coordinate shift value for matching the image selected by the user with the image using the keyboard.

The matched value is transmitted to a program in the terminal or to a server to check whether the coordinate shift value is correct. If the input coordinate shift value is correct, the user is allowed to access.

The authentication process using GOTP receives the movement route from the user's private key image to the hole image among the image groups displayed on the user's terminal with direction keys, compares it with the movement route calculated by the server or terminal, and matches This is how to allow access.

However, the method of shifting the coordinates using graphic images or icons is unfamiliar to users who used existing numeric passwords, and the elderly have difficulty in learning how to use them. .

In addition, the method of assigning a password to an image may cause users to confuse similar images, and not to provide the same image in all authentication systems. Therefore, as more systems use the GOTP authentication system, it becomes more difficult to remember the password image. There is a problem.

In addition, the method of using a network server has a problem that the terminal must always be connected to the network, so the cost of network connection and maintenance increases, and it cannot be applied to door locks and safes that do not require a network connection.

The present invention has been made in order to solve the problems of the prior art as described above is to go through the user's GOTP authentication using the input unit consisting of a numeric keypad, not a way of arranging the picture, a user who feels rejection in the GOTP method using the picture It is an object of the present invention to provide a graphic OTP authentication method and an authentication system using the same can be easily used.

The object of the present invention is a first step of receiving an ID of the user through the input unit of the authentication system; A second step of searching for an ID of the user stored in a storage unit and searching for a password corresponding to the ID; A third step of arranging an arbitrary number on a keypad displayed on the screen of the authentication system using a keypad arrangement algorithm and arranging different key identification marks on each key arbitrarily; A fourth step of locating the password and calculating a password movement path on the arranged keypad; A fifth step in which the key identification display is moved in the same direction as the direction key each time the direction key is input and calculates coordinates to which the direction key is input; A sixth step of comparing the input movement path with the calculated movement path when an input button is input; And a seventh step of permitting user authentication when the input movement route and the arrival coordinates of the calculated movement route coincide with each other.

In addition, another object of the present invention is an input unit for receiving an ID from the user to transmit to the control unit; A display unit configured to display a keypad for graphic OTP authentication according to a signal of a controller receiving a keypad array signal from a server, and to receive a movement path from a user and transmit the received movement path to a controller; A communication unit connected to the control unit for transmitting and receiving data on the graphic OTP authentication with the server; And a control unit for determining the position of the password from the arranged keypad, calculating the movement route, and confirming whether or not the coincides with the movement route input by the user to permit the user's access.

Therefore, the graphic OTP authentication method and the authentication system using the same of the present invention can implement a one-time password while maintaining the existing password by using the numeric keypad without arranging on a plurality of image screens. In addition, users who feel rejected to the existing GOTP method can easily use it and reduce the user's confusion caused by the use of similar images.

The terms or words used in this specification and claims are not to be construed as being limited to their ordinary or dictionary meanings, and the inventors may appropriately define the concept of terms in order to best describe their invention. It should be interpreted as meaning and concept corresponding to the technical idea of the present invention based on the principle that the present invention.

Therefore, the embodiments described in the specification and the drawings shown in the drawings are only the most preferred embodiment of the present invention and do not represent all of the technical idea of the present invention, various modifications that can be replaced at the time of the present application It should be understood that there may be equivalents and variations.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of a door lock system according to an embodiment of the present invention. Referring to FIG. 1, the graphic OTP authentication system according to the present invention includes an input unit 110 for receiving an ID from a user, a display unit 120 for providing a guide screen to a user, and a machine for opening and closing a door lock. The unit 130, the power supply unit 140 for supplying power to each unit of the system, the program unit 150 for generating a keypad array signal, including the algorithm for arranging the keypad, the data for each user ID and password The storage unit 160 for storing the control unit 100 is connected to the respective parts to control the entire system.

The input unit 110 is a device for inputting a user's ID through a method such as RFID, smart card, ID number, Bluetooth, electronic bracelet, biometric (fingerprint, iris). The user inputs a unique ID through the input unit 110, and the input unit 110 transmits the received ID to the controller. If the user's ID is valid, the user is allowed to go through the GOTP authentication process or skip the GOTP authentication depending on the access rights.

The display unit 120 is a touch screen for arranging a keypad for GOTP authentication on a screen and provides a user with a guide message such as how to use the same. The keypad of the screen uses a variable method that randomly changes the arrangement of numbers each time authentication is performed, rather than the existing fixed numbers arranged in order from 0 to 9.

In addition, the user can use the arrow keys to enter the movement path, the input button to complete the movement path input, the input method change button to change the input method to the existing password direct input method, and a request for how to use the GOTP authentication method. And a cancel button for canceling the GOTP authentication process itself. The user inputs the password by using the arrow keys to enter the movement path from the key where the first number of the password is located to the key where the second number of the password is located instead of directly inputting the password displayed on the keypad.

The keypad displayed on the screen of the display unit 120 may be used as a means for the user to easily imprint not only numbers but also letters, figures, or images, and the configuration of the keypad is not limited to 10 keys but may be changed and used in various ways. .

The mechanical unit 130 is connected to the control unit 100 to perform the function of opening and closing the locking device under the control of the control unit.

The power supply unit 140 is connected to the control unit 100 to supply power through the control unit 100. In the case of door locks or safes that are difficult to supply from the outside, the battery can be used as a power source to operate independently without being connected to the outside. In the case of a standalone ATM, however, the bank's servers are turned off late at night, leaving the network disconnected and becoming a standalone device.

The program unit 150 transmits a keypad array signal to the controller 100 at the request of the controller 100. The array signal is used to designate a number from 0 to 9 on the keypad arranged on the display unit 120 and is generated using an algorithm inside the program unit 150. The storage unit 160 stores a user ID and password, guide data for providing the display unit 120, and the like. The controller 100 provides a list to search for an ID and a password, and transmits the corresponding ID and password to the controller.

The controller 100 is connected to the input unit 110, the display unit 120, the mechanical unit 130, the power supply unit 140, the program unit 150, and the storage unit 160 to control each unit. The controller recognizes that an authentication request has occurred when an ID is input to the input unit 120. When the authentication request occurs, the password of the corresponding ID stored in the storage unit 160 is searched, and the array unit receives the array signal from the program unit 150 and arranges the numbers on the keypad on the screen of the display unit 120.

After grasping the coordinates of the number corresponding to the password among the numbers arranged on the keypad, the movement path from the first number to the second number of the password is calculated. Similarly, the third to fourth digits are calculated and compared with the arrival coordinates of the user's input route.

When the movement route calculated by the controller 100 and the arrival coordinates of the movement route input by the user through the input unit 110 coincide with each other, the power of the power supply unit 140 is applied to the mechanical unit 130 and the mechanical unit 130 is applied. Signal to cause the lock to open.

2 is a block diagram of a GOTP input keypad according to an embodiment of the present invention and a conventional input method keypad. Referring to Figure 2, the array 210 of the keypad for GOTP input is arranged in the same manner as the keypad 220 of the conventional input method for directly entering a password. However, the number displayed on each key is not arranged in order from 0 to 9 as before, and is randomly changed by the array function whenever authentication is performed. In addition, the identification mark of the key indicating the number is expressed differently so that the user can identify the position of the number by looking at the specific mark, color, and contrast.

Expressing an identification mark, such as a cursor only on a certain number of keys, makes it easier to find the number when someone observes it. Therefore, display identification marks around all numeric keys, but use different identification marks so that only the user recognizes a particular color. In addition, when the movement path is input by using the direction keys, the numbers on the keypad do not move, and all the key identification marks move. Even if someone steals your password entry process, it's hard to guess your password.

However, a user who is not familiar with the GOTP input keypad 210 according to the GOTP authentication system prefers the existing input method keypad 220 for directly inputting a password. Therefore, when the input method change button 230 is pressed, the number of the keypad is converted to the keypad 220 of the existing input method arranged in order from 0 to 9, and the user can directly authenticate by pressing a password.

3 is a flowchart illustrating a GOTP input method according to an embodiment of the present invention. Referring to FIG. 3, the GOTP authentication system of the present invention uses an arrow key (→) without directly pressing a numeric button for password input. For example, if the password is 1234, the user presses the arrow key twice as many times as the identification mark 310 of 1, which is the first number of the password, to reach the second number (320). Each time the arrow keys are pressed, the number assigned to each key does not change, and only the identification mark moves one space in the direction of the arrow. When the key identification mark of the first number 1 reaches the key of the second number 2 (320), the input button is finished by pressing the input button (330).

After the input, the numbers arranged on the keypad are rearranged (340). In the same manner as described above, the user presses the arrow key (→) once so that the key identification mark of the third number 3 is on the key of the fourth number 4 (350) and presses the input button to complete the second movement path input (360). .

The user recognizes his / her password in the same way as pressing the cursor, but inside the GOTP authentication system, the movement path entered by the user is recognized as the password. That is, according to the arrangement and password according to the embodiment of FIG. 2, the GOTP authentication system recognizes the input of the arrow keys twice (→→) and once (→) as the password.

If someone has stolen the route input, the exact number will not be known to others, and if you infer by random assignment method, there will be 10 routes between the two numbers.

In the present invention, the use of two movement paths is arbitrarily determined so as to minimize the inconvenience of the user and the possibility of leakage of the password. Therefore, depending on the authentication system, it is possible to lower the probability that others can infer the password by entering all the movement paths from the first to the fourth number. In addition, according to an embodiment, only the right arrow key (→) is used, but one of the up, down, left, and right keys can be selected, and two keys of up, down, left, right, up, down, left, right and four keys can be used.

4 is a configuration diagram of a keypad for GOTP input using five keys according to an embodiment of the present invention. Referring to FIG. 4, GOTP authentication may be performed using a keypad 410 composed of five keys. Randomly arrange two numbers on one key, and use one-way passwords for the first to second passwords and one for the third to fourth numbers. For example, if the password is 1234, the movement paths of 1 → 2 and 3 → 4 become one-time passwords.

Pressing the direction key 420 of the keypad only moves the identification mark of the key. Since the five keys are arranged in a line, both the left and right keys can be used to increase the number of movement path inputs. If the 5th consecutive key is pressed in one direction to return to the initial position, it is regarded as pressing the input button in place to prevent an error due to excessive input.

Using five keys assigns two numbers to one key, making it difficult to infer even if someone observes the password input. If you calculate the probability of finding a password, the number of cases that occur when you move one space is 4, so the probability of inference is 1/4 in random assignment, but the probability of inferring is 1/20 because the first number is unknown. Becomes Inducing two inputs makes 1/400.

However, since only the movement route is input without directly entering the password, duplicate movement routes occur. The probability of entering the same path without knowing the password is 1/5, and if the user enters two movement paths, the same input may occur with a probability of 1/25. But each time you enter the path, the arrangement of the keypad changes so the probability of 1/25 no longer changes.

5 is a flowchart illustrating an authentication process according to the present invention. Referring to FIG. 5, a user of a door lock, a safe, or the like inputs his or her unique ID to the GOTP authentication system using RFID, smart card, ID number, Bluetooth, electronic bracelet, biometric (fingerprint, iris) and the like.

The GOTP authentication system searches the list of IDs stored in the storage to check whether the same ID exists (S510). If the ID is not found, the authentication process ends, and if the ID is found, the security level of the ID is checked (S520).

According to the input ID level, a user of a predetermined level or more releases the lock device (S540) to permit the user's access, and the user having a low ID level undergoes GOTP authentication (S530). If the GOTP authentication passes, release the lock to allow access (S540), and if the GOTP authentication does not pass, the authentication process is terminated to block access.

6 is a flowchart illustrating a GOTP authentication process according to the present invention. Referring to FIG. 6, the GOTP authentication system recognizes that an authentication request has occurred when an ID is input through an input unit. When an authentication request occurs, the control unit of the GOTP authentication system transmits a password corresponding to the user ID stored in the storage unit to the program unit. The program unit arranges an arbitrary number on the keyboard using an internal algorithm (S610).

The controller checks the coordinates of the password based on the number of keyboards arranged on the screen, calculates the movement route between the numbers, and the user inputs the movement route according to the GOTP authentication method (S620). The controller compares the received movement route with the arrival coordinates of the calculated movement route (S630). As a result of the comparison, if the two moving paths match, the authentication passes (S640). If the two paths match, the mobile station returns to the initial state and restarts GOTP authentication (S650). However, if a certain number of inconsistencies, the end of the GOTP authentication process (S650).

In addition, the graphic OTP authentication system of the present invention may be provided with a communication device to change the design to communicate with the server. When the network is connected to the server, the server may store and manage the user's ID and password, and transmit the array signal generated by the array algorithm to the terminal. If the ID and password are managed by the server, the information can be secured from physical attacks directly on the authentication system and applied to ATMs. In addition, the keypad can be used in addition to arranging numbers as well as replacing any convenient format such as letters, figures, or images.

Although the present invention has been shown and described with reference to the preferred embodiments as described above, it is not limited to the above embodiments and those skilled in the art without departing from the spirit of the present invention. Various changes and modifications will be possible.

Since the interface of the graphic OTP authentication system of the present invention uses a numeric keypad, it can be applied to any device using a numeric input password.

1 is a block diagram of a door lock system according to an embodiment of the present invention,

2 is a configuration diagram of a keypad for GOTP input according to an embodiment of the present invention and a keypad converted to a conventional input method;

3 is a flowchart illustrating a GOTP input method according to an embodiment of the present invention;

4 is a block diagram of a keypad for GOTP input using five keys according to an embodiment of the present invention,

5 is a flowchart showing an authentication process according to the present invention;

6 is a flowchart illustrating a GOTP authentication process according to the present invention.

            <Explanation of symbols for the main parts of the drawings>

     210: keypad for GOTP input 220: keypad of conventional input method

     410: 5-key keypad

Claims (10)

In the graphic OTP authentication method, A first step of receiving an ID of a user through an input unit of the authentication system; A second step of searching for an ID of the user stored in a storage unit and searching for a password corresponding to the ID; A third step of arranging an arbitrary number on a keypad displayed on the screen of the authentication system using a keypad arrangement algorithm and arranging different key identification marks on each key arbitrarily; A fourth step of locating the password and calculating a password movement path on the arranged keypad; A fifth step in which the key identification display is moved in the same direction as the direction key each time the direction key is input and calculates coordinates to which the direction key is input; A sixth step of comparing the input movement path with the calculated movement path when an input button is input; And Step 7 for allowing user authentication when the entered movement route and the calculated arrival route of the movement route match Graphic OTP authentication method comprising a. The method of claim 1, wherein the arrangement of the keypad, Graphic OTP authentication method that specifies a number from 0 to 9 for each one key and arranges 10 different key identification marks for each key. The method of claim 1, wherein the arrangement of the keypad, Graphic OTP authentication method that specifies two numbers per random key from 0 to 9 and arranges five different key identification marks for each key. The method according to any one of claims 1 to 3, wherein the key identification mark, Graphical Authenticator authentication method that allows each key to be identified using a different color, pattern, or contrast. The method of claim 1, wherein the input of the ID Graphic Authenticator authentication method that receives the user's ID using any one of RFID, smart card, ID number, Bluetooth, electronic bracelet and biometric (fingerprint, iris). The keypad of claim 1, wherein the keypad is Graphic OTP authentication method that can display numbers, letters, figures or images on the keypad. In the standalone graphic OTP authentication system, An input unit for receiving an ID from a user and transmitting the ID to a control unit; A display unit for displaying a graphic OTP authentication keypad according to a signal of a controller including a keypad array signal of a program unit, and receiving a movement path from a user and transmitting the received movement path to a controller; A program unit including an algorithm for arranging a keypad for graphic OTP authentication and generating a keypad array signal and transmitting the generated keypad signal;  A storage unit that stores data about each user's ID and password, and allows a control unit to retrieve the ID and password; And It includes a control unit for determining the location of the password from the arranged keypad to calculate the movement route, and confirms whether or not the coincidence with the movement route entered by the user to permit the user's access . The display unit Arbitrary numbers are arranged on the keypad displayed on the screen of the authentication system according to the keypad input signal of the graphic OTP authentication, and different key identification marks are arbitrarily arranged on each key, and the direction keys of the screen are input by a touch screen method. Graphical OTP authentication system in which all key identification marks move in the same direction as the direction key . In the network type graphic OTP authentication system, An input unit for receiving an ID from a user and transmitting the ID to a control unit; A display unit configured to display a keypad for graphic OTP authentication according to a signal of a controller receiving a keypad array signal from a server, and to receive a movement path from a user and transmit the received movement path to a controller; A communication unit connected to the control unit for transmitting and receiving data on the graphic OTP authentication with the server; And It includes a control unit for determining the location of the password from the arranged keypad to calculate the movement route, and confirms whether or not the coincidence with the movement route entered by the user to permit the user's access . The display unit Arbitrary numbers are arranged on the keypad displayed on the screen of the authentication system according to the keypad input signal of the graphic OTP authentication, and different key identification marks are arbitrarily arranged on each key, and the direction keys of the screen are input by a touch screen method. Graphical OTP authentication system in which all key identification marks move in the same direction as the direction key . delete The method of claim 8, wherein the server, A communication unit connected to the communication unit of the control unit by wire or wirelessly to transmit and receive data; A program unit including an algorithm for arranging a keypad for graphic OTP authentication and generating a keypad array signal and transmitting the generated keypad signal to a controller through a communication unit; And  A storage unit which stores data about each user's ID and password, retrieves the ID and password requested by the controller, and transmits a search result to the controller through the communication unit; Graphical Authenticator authentication system is configured to include.

Images