KR101648157B1 - A method and device to restore selected passwords - Google Patents

Abstract

The present invention stores a usage DB, a predetermined registered password calculation function, and a parameter reverse calculation function in a predetermined password search device having a computing device and a storage device. The parameter inverse calculation function may be such that the user selects a specific use place by using the input unit of the password search apparatus of the present invention and inputs a memorized password which is memorized only by himself / herself so that the user can calculate the password currently being used The parameter to be guaranteed is calculated. If only the calculated parameters are matched to the user IDs and stored in the user DB, the user can input the 'memorization password memorized by the user' when necessary, without storing various passwords of each user in use, If it is selected, the password of the usage destination is output. The password of the use destination is stored only in the use destination system, so that the password search apparatus is not exposed even if it is stolen or hacked. Also, even if the system of use is hacked, the password for the use other than the place of use can be secure.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a password retrieval apparatus,

The present invention is an improvement invention to Korean Patent No. 10-0378630.

In the invention disclosed in Korean Patent No. 10-0378630, specific information corresponding to a password (a search device constant), a user's unique password (a memorization password) and a specific symbol (parameter) are input to a specified function (registered password calculation function) (Registered password) matched to a specific symbol and displays the result on a display device (output unit).

For example, in the registered password registration screen (FIG. 7) of the password verification apparatus in which the memorized password + parameter x memorized password + retrieval device constant is stored as the registered password calculation function and 5 is input as the retrieval device constant, Stores the shopping mall as the usage ID of the third usage destination, inputs 35 as the parameter matched with the usage ID, and inputs 12 as the memorization password, 12 + 35x12 + 5 = 437 is calculated as the registration password.

The registered password 437 is not calculated without the memorizing password 12, and the memorizing password 12 is memorized only by the user and is not stored anywhere in the world. Therefore, even if the hacker learns and hacks the inventive apparatus, On the other hand, when the user submits the memorization password 12, 437 is always output. Therefore, it does not need to memorize while using a different password for each use place, and it is convenient, and the risk of being hacked is reduced because it is not stored. Even if the use place system in which the registered password 437 is stored is hacked, the exposed password is limited to the password registered in the use place, and if different passwords are registered in the different places of use as registered passwords, Are safe.

However, in the above invention, a method for enabling a user to use a previously used password as a registered password is not specifically described, so that a password previously used by the user is stored in the password There is room for the inconvenience that it is necessary to register and change it. In the above example, if the user has already registered 377 as a password in the shopping mall for the user, the user remains inconvenient (inconvenience 1) to change the password of the shopping mall to 437.

Another object of the present invention is to provide a security device (OTP generator, etc.) which expects to have a user besides an existing user identification password that a user expects to memorize Quot;) < / RTI > in a recent trend that requires to submit more device identification passwords.

Another problem that the invention of Korean Patent No. 10-0378630 fails to provide a concrete solution is the inconvenience when the inventive device is lost. If you store various passwords in a portable storage device and then lose the device, you will not be able to memorize or store the registered password for each user. .

The invention of the present application eliminates the inconvenience of changing a registered password registered in the past while utilizing the advantage of the patent 10-0378630 which allows a plurality of registered passwords to be memorized without memorizing or storing only a single memorized password (Problem 1)

The invention of the present application is a method for managing a device identification password and a registered password separately by outputting a device identification password by manually operating a security device owned by the user and outputting a registration password from a password search device possessed by the user, (Problem 2) In order to solve this problem,

The present invention aims at eliminating the inconvenience when the inventive device of Korean Patent No. 10-0378630 is lost. (Problem 3)

The present invention stores a usage DB, a predetermined registered password calculation function, and a parameter reverse calculation function in a predetermined password search device having a computing device and a storage device. The parameter inverse calculation function is a function that, when a user selects a specific use destination by using the input unit of the password search apparatus of the present invention and inputs a memorized password memorized only by the user, the user assures that the password currently used in the use destination is calculated And calculates a parameter. If only the calculated parameters are matched to the usage IDs and stored in the usage DB, the user can input the memorization password memorized by the user when necessary and select the required usage destination without storing various passwords of each usage destination currently used by the user The password of the use destination is output. The password of the use destination is stored only in the use destination system, so that the password search apparatus is not exposed even if it is stolen or hacked. Also, even if the system of use is hacked, the password for the use other than the place of use can be secure.

Further, the present invention stores a device-user simultaneous identification password calculation function that matches each of the use-destination system and the user's password search apparatus. When the user selects a specific use destination from the password search device and inputs a unique password memorized therein, a password (user identification password) registered in the use destination is calculated in the registered password calculation function, and the device identification password and the calculated user identification The password is substituted into the device user concurrent identification password calculation function to generate a device user concurrent identification password. It is possible to calculate a device user simultaneous identification password that matches the function and a device user simultaneous identification password that matches the user identification password and the device identification password stored in the use system. The validity can be judged by comparing the device user concurrent identification password calculated by the using system with the device user concurrent identification password submitted to the user. Thus, in recent trends that require to submit more device identification passwords generated by security devices such as OTPs besides user identification passwords, the inconvenience of separately calculating and inputting the two kinds of passwords is eliminated.
In order to achieve the above object, the present invention includes a control unit for inputting an input unit, a memorized password and a registered password into a parameter inverse calculation function to calculate a specific parameter, and to store the parameter in a predetermined use DB, And provides a password search apparatus including the password search apparatus.
Here, the control unit calculates a specific parameter by substituting the memorized password and the registered password into the parameter inverse calculation function, controls the parameter to be stored in a predetermined use-place DB by matching with a specific use-place ID, and stores the use- And if a memorized password is inputted or inputted in a predetermined manner, a parameter matched to the selected or inputted use ID is read from the user DB, and the parameter and the inputted memorized password are substituted into the registered password calculating function to obtain a registered password .
The apparatus further includes an output unit for outputting at least one of a registered password output screen for outputting the registered password calculated by the registered password calculating function and a used ID list output screen for outputting the used ID list stored in the used DB .
The output unit may include at least one of a memorization password input field for receiving a memorization password, a use ID input field for receiving a use ID, and a registered password input field for receiving a registration password.
The output unit may include at least one of a memorization password input field for receiving a memorization password, a use ID selection box for listing a use ID list and selecting a specific use ID from among them, and a use ID input column for inputting a use ID can do.
The apparatus further includes a memorizing password temporary storage unit for temporarily storing the inputted memorizing password, a registered password temporary storing unit for temporarily storing the input registered or calculated registered password, a registered password calculating function for storing the registered password calculating function, A storage unit, a parameter inverse calculation function storage unit for storing the parameter inverse calculation function, and a usage DB for storing a usage ID and a parameter matched to each usage ID.
The apparatus further includes a registration password calculator for calculating a registration password matching the user ID with the memorized password and the parameter matched with the user ID to the registered password calculating function, A parameter calculation unit for calculating a parameter matched to the use ID by substituting the registered password; Or more.
According to another aspect of the present invention, there is provided a password retrieval method comprising: inputting a usage ID, a registered password matched to the usage ID, and a user's memorizing password in a predetermined method; Calculating a parameter by substituting the input registered password and the memorized password into a parameter inverted calculation function stored in the password search device; And a step in which the calculated parameter is matched with the inputted use ID and stored in the use destination DB of the password search apparatus.
According to another aspect of the present invention, there is provided a method of generating a user database, Selecting or inputting a specific use-place ID by a predetermined method; Inputting a user's memorization password in a predetermined manner; And a step of calculating a registered password by substituting a parameter stored in the use-destination DB matching the selected or inputted use-place ID and the input memorized password into a predetermined registered password calculating function .
Here, the method may further include outputting the calculated registered password by an output unit of the password searching apparatus.
The method further includes storing the device identification password in a predetermined manner in the password search device; A device identification password stored in the password search device and a registered password calculated by the password search device are substituted into a device user simultaneous identification password calculation function of the password search device to calculate a device user simultaneous identification password; As shown in FIG.
According to another aspect of the present invention, there is provided a password search apparatus including: a device identification password storage unit storing a device identification password in a predetermined manner; Inputting or calculating a user identification password in a predetermined manner to the password search apparatus; And a device identification password stored in the password search device and a user identification password input or calculated in a predetermined manner are substituted into a device user simultaneous identification password calculation function of the password search device to calculate a device user simultaneous identification password Provides a password retrieval method.
Here, the method may further include the step of outputting the calculated device user concurrent identification password to the output unit of the password search apparatus in a predetermined manner.
The method may further include opening a predetermined session between the password search apparatus and the destination system; And the calculated device user concurrent identification password is transmitted to the using system in a predetermined manner via the session.
According to another aspect of the present invention, there is provided a method of managing a user database, the method comprising: storing a predetermined user ID in a user DB of a user system; Storing a predetermined user identification password in a user DB of the use-destination system; Storing a predetermined device identification password in a user DB of the use-destination system; Receiving a user ID in a predetermined manner from a user whose user ID is registered in the user DB; Receiving a device user simultaneous identification password from a user whose user ID is registered in a user DB in a predetermined manner; And a password retrieval method.
In this case, in the user DB, a user identification password and a device identification password matching the user ID input from the user registered with the user ID in the user DB are read and substituted into the device user simultaneous identification password calculation function, And a password is calculated.
In addition, the method may further include collating the device user concurrent identification password calculated by substituting the device user concurrent identification password calculation function with the device user concurrent identification password input from the user.
In order to attain the above object, the present invention provides a password search apparatus including a device user simultaneous identification password calculation function and a device user simultaneous identification password, by calculating a user identification password and a device identification password.
According to another aspect of the present invention, there is provided a user system including a device user simultaneous identification password calculation function for calculating a device user simultaneous identification password by substituting a user identification password and a device identification password into a device user simultaneous identification password calculation function.
According to another aspect of the present invention, there is provided a password search apparatus including a predetermined device user simultaneous identification password calculation function storage unit and a predetermined device identification password storage unit.
Here, the apparatus includes a predetermined parameter inverse calculation function storage unit, a predetermined registered password calculation function storage unit, and a predetermined usage DB; Or more.
According to another aspect of the present invention, there is provided an apparatus and method for providing a user ID, a device identification password matching each user ID, and a user identification password matching each user ID, And a predetermined user DB to be used as the user DB.
In order to achieve the above object, the present invention provides a password searching apparatus including a device user simultaneous identification password storage unit capable of reading data by inputting both a user identification password and a device identification password.
According to another aspect of the present invention, there is provided a password retrieval method comprising: inputting both a user identification password and a device identification password to decrypt a password.
In order to accomplish the above object, the present invention provides a password search apparatus including a password search unit that receives a registration password in a predetermined manner, and controls the disposable registration password calculation function to calculate a disposable registration password, to provide.
In the foregoing, the registered password calculating function may be a disposable registered password calculating function.
Also, the device user concurrent identification password calculation function may be a one time use user concurrent identification password calculation function.
Also, the device user simultaneous identification password calculation function storage unit may be a disposable device user simultaneous identification password calculation function storage unit.
The control unit may be configured to temporarily store at least one of the memorized password and the registered password described in the above item and if the predetermined event (e.g., a predetermined time elapsed, a registered password calculation, a power off, It is possible to control so that the temporarily stored data is deleted.
The method may further include deleting one or more of the memorization password and the registered password described in the above item when a predetermined event (e.g., a predetermined time elapsed, a registered password calculation, a power off, etc.) occurs .
According to another aspect of the present invention, there is provided a password retrieval apparatus, comprising: a password retrieval function for retrieving a registered password computation function identical to a registered password computation function stored in the password retrieval apparatus, A user DB for storing the same user IDs as those used in the user DB stored in the password searching device and parameters matched and stored in the user ID DB stored in the password searching device, And a device identification password backup unit that can derive device identification passwords identical to the device identification passwords stored in the password search apparatus, Apparatus capable of deriving the identification password calculation function It provides a password search backup unit comprises at least one of; user identification password simultaneous calculation function backup unit.
According to another aspect of the present invention, there is provided a password search apparatus for calculating a password to be used for a predetermined usage destination when a user inputs a memorization password, the apparatus comprising: A registered password calculation function storage unit for storing a registered password calculation function for calculating a registered password used for a predetermined use destination; A parameter inverse calculation function storage for storing a first parameter inverse calculation function for calculating a first parameter included in the registered password calculation function using information including the registered password and the memorized password; A use place DB in which a first parameter of the registered password calculating function calculated by the first parameter inverse calculation function is stored; And a controller for controlling the first parameter to be calculated by the first parameter inverse calculation function when the registered password and the memorized password are inputted.
According to another aspect of the present invention, there is provided a password search method for calculating a password used for a predetermined use destination when a user inputs a memorization password, the method comprising: Storing a registered password calculating function for calculating a registered password used for a predetermined use destination; A first parameter calculation function for calculating a first parameter included in the registered password calculation function by using information including the registered password and the memorized password when the registered password and the memorized password are inputted, Causing a first parameter to be calculated; And storing the first parameter of the registered password calculation function calculated by the first parameter inverse calculation function.
Here, when the memorization password is input, the control unit determines that the first parameter of the registered password calculation function stored in the usage password database and the registered password calculation function stored in the registered password calculation function storage unit, It is preferable that the registered password used for a predetermined use destination is calculated.
In addition, the registered password calculation function differs depending on the use place, and can be stored for each use place.
Also, in this case, the first parameter included in the registered password calculation function differs according to the use place, and may be matched according to the use place and stored in the use place DB have.
The password searching apparatus further includes a device identification password storage unit for storing a device identification password designated for each of the password search apparatuses. The registered password calculation function includes a device identification password designated for each password search apparatus as a component .
In addition, the device identification password may be specified differently according to the use place, and only one device identification password may be designated for each password search device.
The password searching apparatus may further include a memorizing password temporary storage unit for temporarily storing a memorizing password input by the user; And a registered password temporary storage unit for temporarily storing the registered password, wherein when the parameter is calculated using the memorized password and the registered password, the control unit causes the memorized password and the registered password to be deleted Can be controlled.
When the predetermined event occurs, the controller accesses a backup device for backing up the information stored in the password search device, and controls the connected backup device to transmit at least a part of the information stored in the password search device .
The apparatus further includes a device user simultaneous identification password calculation function storage for storing a device user simultaneous identification password calculation function for calculating a device user simultaneous identification password generated in the password search device, The user simultaneous identification password calculation function may include, as a component, the calculated registered password and a predetermined second parameter stored in the usage DB.
The parameter inverse calculation function storage unit may further include a second parameter reverse calculation for calculating the second parameter included in the device user concurrent identification password calculation function using the device user concurrent identification password and the information including the registered password And the use DB stores a second parameter of the device user concurrent identification password calculation function calculated by the second parameter reverse calculation function, and the control unit controls the second parameter station It is possible to control the second parameter to be calculated by the calculation function.
Also, the device user simultaneous identification password is a device user simultaneous identification password used at one time, and the device user simultaneous identification password calculation function is a function of determining whether a variable determined by time or the number of times the device user simultaneous identification password is submitted to the use place And may include variables that are determined accordingly.
In addition, a network address that can be connected to the use destination system is stored in the use destination DB, the control unit is connected to the use destination system, and when a registered password is calculated in a state connected to the use destination system, So that the registered password can be transmitted to the system of the use destination.
In addition, a network address that can be connected to the use destination system is stored in the use destination DB, the control unit is connected to the use destination system, and the apparatus user simultaneous identification password calculation function When the device user simultaneous identification password calculation function is calculated by the device user simultaneous identification password calculation unit, the device user simultaneous identification password is transmitted to the system of the use destination.

According to the present invention, there is no need to change the password currently used by the user, and even when a new password is registered, a registration password suitable for the requirements specified by the user (e.g., 6 to 10 alphanumeric characters) And it is possible to enjoy the advantages of the Korean Patent No. 10-0378630 as it is. In other words, the password can be played back whenever necessary without storing or memorizing it, so that multiple passwords can be safely and conveniently used. In addition, even when the present apparatus is lost, the inconvenience can be minimized by using the backup apparatus, and the manual operation can be minimized even in the use place requiring a separate apparatus identification password like OTP.

1 is a block diagram of a password retrieval apparatus according to an embodiment of the present invention.
2 is an embodiment of the DB of the present invention.
3 is a block diagram of a password retrieval backup apparatus according to an embodiment of the present invention.
4 is a configuration diagram of one embodiment of a usage system of the present invention.
5 is one embodiment of a user DB of the present invention.
Fig. 6 shows an embodiment of the use ID selection screen of the present invention.
7 is an embodiment of the registered password registration screen of the present invention.
FIG. 8 shows an embodiment of the registered password search screen of the present invention.
9 is another embodiment of the registered password search screen of the present invention.
10 is an embodiment of the password search apparatus DB of the present invention.

<Definition of Terms>
* Search device constants: Constants included in the registration password calculation function for registering passwords. In the present invention, the search device constants are not limited to numerals, and characters and various other data are all possible if they can be computed. The retrieval device constant may be input to the password retrieval device at the time when the password retrieval device is produced or may be input to the password retrieval device by a predetermined method after the password retrieval device is produced, It can also be created by quoting certain stored data. If it is not set separately, +0 becomes the search device constant. In the present invention, a retrieval device constant is defined as a part of the registered password calculation function unless otherwise cited.

delete

* Shared Variable: An independent variable commonly included in the function stored in the password search device and the function stored in the user system matching the function, such as Time Value and Event Count. Since the variable is a non-constant variable, if the shared variable is included as an independent variable in common to both functions, the value calculated by substituting the specific independent variable with the mutually matched quantity function becomes a variable that changes from time to time. At the same time, the calculated values can be matched because they are mutually matched functions (for example, the same function).

* Registration Password: A password that users register with a specific use (eg a specific online shopping mall, a specific bank internet banking, etc.). It is usually stored in a secure manner in the destination system. Although the same registered password can be registered to a plurality of use destinations, it is safe to register them differently. It is possible to use various combinations of numbers, letters, letters, and numbers, as long as it is computable and allowed by each user. From the viewpoint of the user, the registered password becomes a user identification password.

* Registered Password Calculation Function: A function that calculates a registered password that matches the Usage ID when a memorized password and a parameter matched to a specific use ID are substituted. Yes, registration password = memorization password + parameter x12 + 5

* Matching function: A concept containing the same function. However, if it is possible to judge whether or not the same independent variable is input to both functions, the matched function in the present invention becomes a matching function in the present invention.

* Unspecified Device Identification Password: A type of device identification password. The device identification password stored in the device identification password store before the password search device is distributed to a particular user. A specific use destination is not specified and is stored in the password search device.

* Unspecified device user simultaneous identification password calculation function: A kind of device user simultaneous identification password calculation function. A device user simultaneous identification password calculation function stored in the device user simultaneous identification password calculation function storage before the password search device is distributed to a specific user. A specific use destination is not specified and is stored in the password search device.

* Unspecified Disposable Device User Simultaneous Identification Password Calculation Function: A type of discrete device user concurrent identification password calculation function. The disposable device user simultaneous identification password calculation function stored in the device user simultaneous identification password calculation function storage before the password search device is distributed to a specific user. A specific use destination is not specified and is stored in the password search device.

* User identification password: The password that the user uses as the registration password is the user identification password when viewed from the user. Since only the user is considered to be aware of the registration password, the user is considered to have submitted it when the user identification password is submitted. It may be considered a submission by the user, but in fact it may be a submission by a perceived user who has misunderstood the user identification password.

* User ID: An ID for identifying a specific user. Example: ID registered by a user himself / herself to a specific use, membership number assigned to a specific user, resident number, business number, corporation number, passport number, member number, name,

* User DB: DB in which at least one of a user ID and a user identification password matching the user ID and a device identification password and a device user simultaneity identification password are stored.

* Usage ID: An ID for distinguishing a specific use destination. Examples: Korea Shopping Mall, Bank of Korea, Mansefortal, etc.

Usage DB: A DB that stores a use ID and parameters matching the use ID. A connection address for logging into the destination system, and the like may be additionally stored in matching with the usage ID.

* Memorization Password: The password that the user must memorize. There are many embodiments in which a combination of letters and numbers is used, but the present invention is not limited thereto. Although the memorization password can be used as the same as the registered password of the specific use place, it is safe that the memorization password is different from the registered password. As long as it is a computable value, various embodiments such as a combination of numbers, letters, letters and numbers are possible. In the present invention, even if only one memorizing password is memorized, various registered passwords can be safely used without memorizing.

* One-time registration password: The value calculated by substituting the registration password into the one-time registration password calculation function.

* One-time registration password calculation function: A registered password calculation function that configures one or more shared variables as independent variables. Function to substitute the registration password and the shared variable to calculate the one-time registration password so that the using system can verify the validity. Yes, one-time registration password = registration password + shared variable

* Disposable user identification password: The value calculated by substituting the user identification password into the one-time user identification password calculation function.

* One-time user identification password calculation function: A function that calculates a one-time user identification password so that the user system can verify the validity by substituting the user identification password and the shared variable. Yes, one-time user identification password = user identification password + shared variable

* Disposable Device User Simultaneous Identification Password: A type of device user concurrent identification password. A device user concurrent identification password that is calculated by the disposable device user concurrent identification password calculation function.

* Disposable device simultaneous identification password calculation function: A device user simultaneous identification password calculation function that configures one or more shared variables as independent variables.

* Disposable Device Identification Password: A type of device identification password. A device identification password that is computed by substituting a device identification password (eg, a code unique to a particular device) into a function that configures one or more shared variables as independent variables. When a valid disposable device identification password is submitted, the user assumes that the person who actually holds the device that matches the disposable device identification password has submitted the disposable device identification password. If the password is not the disposable device identification password, If passwords are submitted the same way each time, the device identification password that was submitted in the past is hacked and copied by a third party, and then submitted afterwards, even if the person who does not currently own the device has submitted it, A problem of misidentification occurs. This problem is solved because the effective disposable device identification password for a particular password retrieval device varies from time to time.

Disposable Device Identification Password Calculator: A device for generating a disposable device identification password using a disposable device identification password calculation function.

* Disposable device identification password calculation function: A function that calculates the disposable device identification password by substituting the device identification password and the shared variable.

* Device User Simultaneous Identification Password: A password that can only be submitted if both the device identification password and the user identification password are known. Therefore, when a device user simultaneous identification password is submitted, it is considered that the person who has recognized the user identification password has submitted the device with the device granted to the user. Therefore, when a device user concurrent identification password is submitted, it is more likely that the device is authenticated by a legitimate user than when only a device identification password is submitted or only a user identification password is submitted. Security is enhanced by that.

* Submitting a device identification password and a user identification password together is one embodiment of a device user concurrent identification password. A value calculated by substituting a device identification password and a user identification password into a specific function is another embodiment (e.g., device user identification password = registration password x 2 + data x 3 + 4 uniquely stored in the device). The password stored in the readable storage unit only when the registration password and the device identification password are input is another embodiment of the device user simultaneous identification password. An encrypted password that is decrypted only when both the registration password and the device identification password are input is another embodiment of the device user concurrent identification password.

Device user simultaneous identification password calculation function: A function for calculating a predetermined device user simultaneous identification password by substituting a device identification password and a user identification password.

* Device user simultaneous identification password storage unit: A storage unit capable of data reading by inputting both the user identification password and the device identification password

* Device identification password: A password that is considered to have been submitted by a person who currently owns a particular device when submitted. It is designed to make it difficult for a third party, even a legitimate holder of the device, to submit a device identification password in a non-possession situation. For example, if a code unique to the medium is stored in a memory or a USIM of the cellular phone in a manner difficult for the public to read, and the function value calculated by substituting the code or the code at a specific point in time is submitted to the user, The place of use shall be deemed to have been submitted by the person who actually owns the cell phone or USIM. However, the actual holder of the device may be an unjust holder such as the acquaintance.

* Device identification password calculation unit: A device identification password is generated by using a predetermined function, or is read from a predetermined storage device

* Access address: Web server login screen address, WAP server address, ARS center representative phone number, etc., which can be connected to the communication unit of the password search apparatus through the Internet or wire / wireless telephone network. The user can access the connection address using the password search apparatus of the present invention.

* Time Value: Variable that uses data calculated from the time information shared by the password search device and the user system or time information. Yes, when the password retrieval device possessed by the user transmits the one-time password to the user system, the number of two digits x 2 + 2 min. In the above example, if it is sent at 10:15, Time Value = 10 x 2 + 15 = 35

* Parameters: Operable values that match specific Usage IDs. When the registered password calculation function is substituted with the memorization password, the registered password is calculated. In the present invention, any operable value includes all parameter embodiments such as numbers, letters, combinations of letters and numbers.

* Parameter reverse calculation function: A function that inverts a parameter matched to the registered password when a memorized password and a specific registered password are substituted. (For example, parameter = (registered password - memorization password -5) / 12)

* Password search device ID: When a password search device is created. ID given by the manufacturer or distributor of the password search device for distinguishing between each password search device. It is often composed of a combination of an ID of a manufacturer or distributor and a serial number generated by each manufacturer and assigned to each device.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

&Lt; Example 1 >

An embodiment of the present invention as a solution to the above-mentioned 'solution 1' further constitutes a parameter back calculation function storage unit in the control unit described in the structure and operation of the invention of the application of the patent 10-0378630.

In one embodiment, if the registered password calculation function in the password search apparatus having the retrieval apparatus constant of '5'is' memorized password + parameter x memorized password + retrieval apparatus constant ', an embodiment of the parameter reverse calculation function may be' Password - search device constant) / memorization password '. In the above example, if the user uses the password 377 for the 'shopping mall' and wants to use the password 377 as the password of the 'shopping mall' without changing the password, the user inputs the registered password registration screen 7), and inputs '377' in the registered password input field matched with the usage ID input field and '12' in the memorized password input field by inputting 'for shopping mall' in the usage ID field of the screen . Then, the registration password (e.g., 377) and the memorization password (e.g., 12) are substituted into the parameter inverse calculation function (e.g., (registered password-memorized password-retrieval device constant) / memorized password) -5) / 12 = 30 'is calculated and stored as a parameter matched with the usage ID "shopping mall for the shopping mall" in the use DB (FIG. 2). When the storage is completed, the registered password and the memorization password input through the password registration screen are automatically deleted.

When the user has to submit a registration password to the 'shopping mall', the user operates the input unit to display a registered password search screen (FIG. 8), selects 'for shopping mall' as the user ID in the screen, 12 '. Then, in the usage DB (FIG. 2), the parameter '30' matched to 'the shopping mall' which is the usage ID, the memorized password '12' and the retrieval device constant '5' , Memorized password + parameter x memorized password + retrieval device constant), and '12 + 30x12 + 5 = 377 'is output as the registered password. The user does not need to memorize 377 because he can output 377 at any time. Also, since '12', which is one of the necessary elements for deriving 377, is a memorized password that is not stored anywhere in the world, '377' can not be calculated even if the hacker acquires the password search apparatus of the present invention.

&Lt; Example 2-1 >

As a solution to the above-mentioned 'solution 2', one embodiment of the present invention is a method using a disposable registration password calculation function.

The user calculates the registration password in the password search device in a predetermined manner or the user inputs the registration password in the password search device in a predetermined manner. The registered password is substituted into the disposable registered password calculating function to calculate the disposable registered password. Wherein the one-time registration password calculation function is matched with a one-time registration password calculation function (i.e., a one-time user identification password calculation function) applied to the user in the user system, Are shared as independent variables. For example, the one-time registration password calculation function of the password search apparatus and the one-time user identification password calculation function of the used system are the same, and the time value can be shared as an independent variable. In this case, when the registration password is substituted into the one-time registration password calculation function of the password search apparatus and the calculated one-time registration password is submitted to the use system, the user system stores the registered password of the user stored in the use system as the one- It can be judged that the calculated value is valid if it is the same value by collating the calculated value with the calculated value. Since the one-time registration password changes according to the change of the time value every time it is used, even if the one-time registration password is exposed during the communication process, it is safe to submit the exposed one-time registration password. In addition, even if the password search apparatus is hacked and the disposable registration password calculation function is exposed, the registration password which is one of the independent variables for calculating the disposable registration password is not exposed, so that the hacker can not calculate the disposable registration password and is safe.

&Lt; Example 2-2 >

Another embodiment of the present invention as a solution to the above-mentioned 'Solution 2' is a method of using the disposable device user simultaneous identification password calculation function.

The password search apparatus calculates a registration password in a predetermined manner, or the user inputs a registration password to the password search apparatus in a predetermined manner. The registered password and the device identification password calculation unit of the password search device read out from the device identification password storage unit or calculate the device identification password calculated using the device identification password calculation function to the disposable device user simultaneous identification password calculation Function to calculate the disposable device user simultaneous identification password. Wherein the disposable device user concurrent identification password calculation function is matched with a disposable device user concurrent identification password calculation function applied to the user in the user system, and one or more shared variables are matched to the one- Are shared as independent variables.

For example, the disposable device user simultaneous identification password calculation function of both devices is the same, and both the cumulative number of times of submitting the disposable device user simultaneous identification password from the password search device to the specific use place system can be shared as independent variables. In this case, the disposable device user simultaneous identification password calculated by substituting the registration password and the device identification password in the disposable device user simultaneous identification password calculation function of the password search device is submitted to the usage system. In this case, the user system calculates the disposable device user simultaneous identification password by substituting the 'user's registered password and device identification password' stored in the user's system into the disposable device user simultaneous identification password calculation function stored therein. The calculated disposable device user simultaneous identification password and the submitted disposable device user simultaneous identification password are collated to determine that they are valid if they are the same value.

Although the disposable device user simultaneous identification password calculating function stored in the user system stores the same example as the disposable device user simultaneous identification password calculating function stored in the user's password searching device, the validity of the input calculated value The present invention is not necessarily limited to the case where both are the same function. For example, a value obtained by dividing the value of the disposable device user simultaneous identification password calculation function stored in the user's password retrieval apparatus by the value of the disposable device user simultaneous identification password holding function held by the use system when the same device identification password is assigned to the same user identification password , It may be determined that a valid disposable device user simultaneous identification password is input when the 'public key matched to the user's password search device ID' is displayed.

Further, a plurality of use destinations may use the same non-determined disposable device user simultaneous identification password calculation function. In particular, the above embodiment may be convenient when a password search apparatus distributed by a specific business operator is used in a plurality of uses. Even if the same device user simultaneous identification password calculation function is used for a plurality of usage destinations, different registration passwords (i.e., user identification passwords) are calculated if the parameters are different for each use destination, so that device user simultaneous identification passwords for each use destination are calculated differently , Even if the disposable device user simultaneous identification password and the common one-time-device user simultaneous identification password calculation function are leaked at the same time, the disposable device user simultaneous identification password of another user can be secure.

As described above, since the disposable device user simultaneous identification password is calculated differently according to the number of events, the disposable device user simultaneous identification password is calculated differently. Therefore, even if the disposable device user simultaneous identification password is exposed in the communication process, It is safe to submit a previously exposed disposable device user simultaneous identification password to determine that it is not valid. In addition, even if the password search device is hacked and the disposable device user simultaneous identification password calculation function is exposed, the registered password which is one of the independent variables is not exposed, so that the disposable device user simultaneous identification password can not be calculated.

&Lt; Example 2-3 >

As a solution to the problem 2, another embodiment of the present invention is a method using a function for calculating a fixed device user concurrent identification password.

The user system stores the 'device user simultaneous identification password calculation function (e.g., user identification password + device identification password + 3)' and stores the device identification password and the user identification password in a secure manner And holds a predetermined 'user DB'.

A specific user submits his / her ID and a registered password (e.g., 377) to the user system for subscribing to the user, stores the ID of the user in the user DB of the user system, (E.g., 377) submitted by the user.

(For example, user identification password + device identification password + 3) 'matched to the usage-apparatus simultaneous identification password calculation function of the user and' A password search apparatus including a device identification password storage unit in which a device identification password (e.g., 2) assigned by the use place system is stored is downloaded from the use system and stored.

The usage system stores 'the device identification password (e.g., 2)' stored in the password search device of the user, matching the user ID in its user DB.

The user submits his or her user ID registered in the use place to the use place in a predetermined manner to access the use place system.

The user inputs his / her registered password (e.g., 377) submitted to the user in his / her password search device input unit.

The password searching apparatus searches the device password (for example, 377) for storing the device ID password (for example, 2) read from the device ID storing unit of the device and the device registration password (For example, 377 + 2 + 3 = 382), and outputs the calculated result value to the output device of the mobile phone.

The output device user simultaneous identification password is submitted in a predetermined manner to the user (e.g., a shopping mall).

And the use destination system of the use destination receives the 'user ID' and the 'device user simultaneous identification password' submitted by the user.

The usage source system reads the stored user identification password (e.g., 377) and the device identification password (e.g., 2) that match the user ID stored in the user DB stored in the user DB and stores the stored device user simultaneous identification password (E.g., 377 + 2 + 3 = 382) by assigning a user ID to the function (e.g., user identification password + device identification password + 3). The use system compares the calculated simultaneous user device identification password with the device user simultaneous identification password (e.g., 382) submitted by the user to determine the validity.

At this time. The device identification password may be stored in advance before the specific user ID is input, may be stored while the user ID is input, or may be stored thereafter, as long as it matches the user ID in the user DB.

<Example 2-4>

Another embodiment of the present invention as a solving means for the solution task 2 is characterized in that the password retrieval apparatus calculates the number of times the password is calculated by the password retrieval function, The device identification password stored in the device identification password storage unit or the device identification password 'calculated using the device identification password calculation function together with the device user simultaneous identification password storage unit thereof to open the storage unit, The simultaneous identification password is read out. If the read device user simultaneous identification password is input to the user system in a predetermined manner together with the ID of the user, the user system stores the user ID password matched with the user ID read out from its own storage unit, The device identification password calculation unit reads from the user DB or transmits the device identification password calculated using the device identification password calculation function to the device user simultaneous identification password storage unit so that the device user simultaneous identification password And may determine whether the user has effectively submitted both the user identification password and the device identification password by comparing the read device user concurrent identification password with the value submitted as the device user concurrent identification password from the user.

<Example 2-5>

Another embodiment of the present invention is a method using a cryptographic function and a decryption function that use a registered password and a device identification password as independent variables.

The password retrieval apparatus calculates the device identification password calculated by the registered password calculation function or the registered password input by the user and the device identification password calculation unit of itself using the device identification password calculation function or by using the device identification password calculation function Quot; password &quot; as an independent variable to the encryption function that encrypts the device-user simultaneous identification password, thereby encrypting the device-user simultaneous identification password.

When the user desires to search for a device user simultaneous identification password, the user operates the password search device to calculate 'the registered password calculated by the registered password calculation function of the password search device, or the device registered password calculated by the user' And the device identification password calculated by using the device identification password calculation function together with the function for decrypting the device user concurrent identification password together as independent variables, The password is calculated.

&Lt; Example 3 >

As a solution to the above Solution 3, an embodiment of the present invention is characterized in that in addition to the device described in the structure and operation of the invention of the application of the patent 10-0378630, a backup device ). The separated media may include a user's security token, a USB, a computer, a mobile phone, a server of a backup service company, and the like, but the present invention is not limited thereto if backup storage is possible.

One embodiment of the backup device resides in hardware physically separated from the hardware in which the password search apparatus main body is built, and a registered password calculating function identical to the registered password calculating function stored in the main body is stored. A registered password calculation function backup unit; And a use-destination DB backup unit, which is synchronized with the use-destination DB of the main body in a predetermined manner.

However, if it is possible to derive a registered password calculation function identical to the registered password calculation function stored in the password search apparatus main body, the registered password calculation function stored in the main body and the registered password calculation function stored in the backup device do not necessarily have to be the same. In addition, if it is possible to derive 'the same usage IDs as those in the usage DB stored in the password search apparatus main body' and 'the parameters stored in the usage DB database matching the usage IDs' to each other, It is not necessary that the usage source DB of the negative is necessarily the same. In one embodiment, a manufacturer ID and a registered password calculating function type ID of the registered password calculating function stored in the main body may be stored in the registered password calculating function backup unit. In this case, if necessary, the user can download the same function by submitting the type ID to the manufacturer. In another embodiment, the user ID and the parameter are respectively encrypted in the user DB stored in the main body using an encryption function and stored in the backup DB of the user DB, and a symmetric key used in the encryption function, 2 &lt; / RTI &gt; In this case, if necessary, the user downloads the encrypted usage ID and parameters from the usage DB backup unit to the newly issued password search apparatus, and the downloaded data is substituted into the decryption function stored in the password search apparatus. At this time, when the password searching apparatus requests the second memorizing password memorized by the user and inputs the second memorizing password, the password retrieving apparatus decrypts the encrypted data, It can be saved as a parameter. The present invention is not limited to the storage of the same function and data, but includes all registered password calculation function backup units capable of deriving a registered password calculation function that is the same as the registered password calculation function of the main body, And all the usage DB backup units that can derive the 'usage IDs' identical to those in the DB and 'match the parameters stored in matching with the usage IDs'.

In one embodiment of the method of synchronizing the main body and the backup device, when the main body of the present invention periodically or a predetermined event (e.g., an event in which the usage ID DB is updated, an event in which the user selects an update menu, There is a method of transmitting data of a DB in a predetermined manner. In another embodiment, there is a method in which an input unit is configured in the backup storage device, and a user updates the use DB backup unit using the input unit.

In another embodiment of the backup device, in addition to the apparatus of the above embodiment, a device identification password backup unit capable of deriving the same device identification passwords as 'device identification passwords stored in the password search apparatus' And a device user simultaneous identification password calculation function backup unit capable of deriving a device user simultaneous identification password calculation function identical to the device user simultaneous identification password calculation function stored in the device.

<Example 4>

One embodiment of the present invention is a method using a parameter inverse calculation function, a registered password calculating function, and a device user simultaneous identification path calculating function as means for simultaneously resolving the tasks 1, 2, and 3.

A system of a password search apparatus manufacturer configures a password search apparatus DB (FIG. 10) for matching IDs of password search apparatuses manufactured by the manufacturer with apparatus identification passwords stored in the password search apparatuses.

(Registered password - memorized password-5) / memorized password) and a registered password calculation function (for example, a registered password calculation function) (Eg Time Value + User Identification Password + Device Identification Password + 6, Time Value = 1), 'Usage DB' and 'Unspecified Disposable Device User Simultaneous Identification Password Function' A device user simultaneous identification password calculation function storage unit storing the number of two digits of the input time and a number of two digits of the input time) and a device identification password storage unit storing the non-device identification password (e.g., 2) The password search device is stored. The storage method may be a method of downloading to a mobile phone held by a user, but the present invention is not limited to this, and various methods such as a method of storing the medium in advance in a specific medium and distributing the medium are possible. do. The present invention also includes an embodiment in which an unspecified device user simultaneous identification password calculation function is not stored in the device user simultaneous identification password calculation function storage unit, and an unspecified device identification password is not stored in the device identification password storage unit Includes examples.

(Eg, Time Value + user identification password + device identification password + 5, where Time Value = 2 digits of the input time) Which is capable of safely storing the device identification password and the user identification password by matching the user ID and each user ID, and stores the device identification password and the user identification password in the device user simultaneous identification password calculation function storage unit (Figure 5).

(For example, user identification password + device identification password + 3) is stored in the device user simultaneous identification password calculation function storage unit, and 'user ID and each user And a predetermined user DB that securely stores the device identification password and the user identification password 'matched to the ID.

(For example, Time Value + user identification password + device identification password + 6, where Time Value = input time) of the usage object (e.g., longevity) system is the disposable device user simultaneous identification password calculation function distributed by the password search device manufacturer The number of 2 digits of the hour and the number of 2 digits of the minute of the input time) is stored in the device user simultaneous identification password calculation function storage unit, and the 'device identification password and user identification password matched to the user ID and each user ID' Of the user DB.

When the user submits a user ID and a registered password (Example 378) to be used by himself / herself in a predetermined manner to the use place A in order to join the use place A (for example, a bank of the Republic of Korea) Stores the user ID of the user and stores the registered password (e.g., 378) submitted by the user as a user identification password matched with the user ID. In the method in which the user submits the user ID and the registered password to a specific use place, the user enters the membership application place where the data is written, or when the member recruitment person in charge of the use place searches for the member, A method of submitting a subscription application, or a method of accessing the server of the use destination and inputting the data. The expression for submitting specific data in the present invention includes the above-exemplified methods and includes all the predetermined methods of submitting data

A predetermined device identification password (e.g., 4) is generated by matching with the user ID in the user DB of the A-use-place system. The device identification password may be generated before the user ID is input to the user DB, and may be matched with the user ID while the specific user ID is input to the user DB. Also, by communicating with the password retrieval apparatus possessed by the user, the non-specific apparatus identification password stored in the apparatus identification password storage unit of the password retrieval apparatus is uploaded to the use system, and the user DB of the user system And may be matched and stored. Also, when the user submits his or her password search device ID when submitting the user ID and the registered password, the user system uses the submitted password search device ID to determine whether or not the &quot;Quot; unspecified device identification password assigned to the password search device &quot; stored in the password search device DB (FIG. 10) of the mobile communication terminal and matched with the password search device ID, and transmits the inquired non- And may be stored as a device identification password matching the user ID. The present invention includes all of the above-exemplified methods, in which the 'device identification password is matched to the user ID, stored in the user DB of the usage system, matched with the usage ID and stored in the device identification password storage of the password search device Methods.

A user uses the disposable device user simultaneous identification password calculation function (e.g., Time Value + user identification password + device) that matches the disposable device user simultaneous identification password calculation function of the A user to the predetermined password search device possessed by the user ID password + 5, Time Value = 2 digits of input time x 2 + 2 digits of input time) 'and' the predetermined device identification password (for example, 4) '.

The disposable device user simultaneous identification password calculation function downloaded from the A usage system is stored in the device user simultaneous identification password calculation function storage unit of the user's password searching apparatus by matching with the A usage ID (e.g., Bank of Korea). The matching method is a method of receiving a usage ID when the function is stored. However, the present invention is not limited to this, and includes all the methods of matching the function and the usage ID.

The device identification password storage unit of the user's password retrieval apparatus stores the device identification password (e.g., 4) downloaded from the A usage system in a predetermined manner so that it is difficult for the third party as well as the user to browse.

The registered password registration screen (FIG. 7) which allows the user's password search apparatus to input a 'use ID' and a 'registered password and a memorized password matching the use ID' in its output unit by the user's operation Output.

The user inputs the ID of the A use destination (e.g., Bank of Korea) in the use ID field of the registered password registration screen by using the input unit of the password search apparatus, and the registered password input field matched with the use ID field, Input the submitted password (for example, 378), and input a memorization password (for example, 12) recognized only by the user in the memorization password input field.

The password searching apparatus assigns the input registration password (e.g., 378) and the memorization password (e.g., 12) to the parameter usage calculation function (e.g., (registered password-memorizing password-5) / memorizing password) (E.g., (378-12-5) / 12 = 30.083), the calculated parameter (e.g., 30.083) is stored in the parameter field of the use destination DB of the password search apparatus, The inputted usage ID (for example, Bank of Korea) is stored in the usage ID field matched with the input parameter (for example, 30.083), and the registered password and the memorization password temporarily stored by the user's input are stored in a predetermined (For example, one minute after the input).

The user submits a user ID and a registered password (Example 377) to be used in the B-use-place system to subscribe to the B-use place (for example, a shopping mall).

The B place of use system stores the user ID submitted by the user in its user DB and stores the registered password (e.g., 377) submitted by the user as a user identification password matching the user ID.

(E.g., user identification password + device identification password + 3) matching with the device user simultaneous identification password calculation function of the B-use place system to the password search device of the user of the B- (E.g., 2) 'of the user ID and stores the device identification password (e.g., 2) in its user DB in matching with the user ID.

A device user simultaneous identification password calculation function (e.g., device user ID) downloaded from the B use source system by matching the ID of the B use destination (e.g., a shopping mall) to the device user simultaneous identification password calculation function storage unit of the user's password searching apparatus Simultaneous identification password = user identification password + device identification password + 3) 'is stored.

(For example, a shopping mall) in the device password storage unit of the user password searching device, and stores the device IDs downloaded from the B usage source system in a predetermined manner so as to make it difficult for third parties as well as users to browse A password (for example, 2) is stored.

In the state in which the password registration screen (FIG. 7) is output to the output section of the password searching apparatus by the user's operation, the user uses the input section of the password searching apparatus to input the use ID field of the password registration screen (For example, a shopping mall) of the B-use destination, inputs a registered password (for example, 377) submitted to the B-use destination in the registered password input field matched with the usage-item ID input field, Enter a password (for example, 12).

(For example, (registered password-memorizing password-5) / memorizing password), the password searching apparatus assigns the inputted registration password (for example, 377) and the memorizing password (for example, 12) (E.g., (377-12-5) / 12 = 30) and stores the calculated parameter (e.g., 30) in the parameter column of the new record of the usage DB (FIG. 2) (E.g., a shopping mall) is stored in the usage ID field matched with the user ID (e.g., 30) and deletes the registered password and the memorization password temporarily stored by the user's input.

The user accesses the C usage destination system to subscribe to the C usage destination (e.g., manseportal). The C subscription system opens a membership subscription application screen and the user inputs a user ID, a registered password (Example 379), and a password search device ID of the password search apparatus held by the user, .

The C use destination system stores the input user ID in its user DB and stores the input registered password (e.g., 379) as a user identification password matching with the user ID.

The C use destination system substitutes the inputted password search apparatus ID into a predetermined operation unit to determine whether the password search apparatus ID is an ID of a target to which the disposable device user simultaneous identification password calculating function stored therein is applicable .

If it is determined that the function can be applied, the usage system derives the manufacturer ID from the password search device ID, and transmits the input password search device ID to the manufacturer system matching the manufacturer ID in a predetermined manner do. And receives a device identification password matching the ID from the manufacturer system as a reply.

And the C use destination system stores the received device identification password in the user DB as the device identification password matched with the user ID.

The C use destination system (WAP server or Web server or the like) downloads its connection address to the password search device, and the connection address of the C use destination system is stored in the use destination DB of the password search device by matching with the C usage ID.

(Fig. 7) is output to the password search apparatus output unit of the user by the operation of the user, the user inputs the password in the use ID input column of the password registration screen using the input unit of the password search apparatus Input a registered password (for example, 379) entered in the C use destination system in the registered password matching field matched with the usage ID field, inputs the ID of the C use destination (e.g., longevity portal) Enter a memorization password (for example, 12).

At this time, the usage ID and the registered password can be automatically input in a predetermined manner. That is, the user ID and the registered password may be automatically stored in the user DB of the password search apparatus while the predetermined session is opened using the WAV connection or the web access method between the password search apparatus and the destination system have. The present invention also includes the above-described embodiments.

The password search apparatus substitutes the input registration password (e.g., 379) and the memorization password (e.g., 12) into the parameter reverse calculation function (e.g., (registered password-memorizing password-5) / memorizing password) (E.g., (377-12-5) /12=30.167) and stores the calculated parameter (e.g., 30.167) in the parameter column of the new record of the usage DB (FIG. 2) For example, 30.167), and deletes the registered password and the memorization password which have been temporarily stored by the user's input.

An event occurs in which the usage DB is updated a predetermined number of times (e.g., three times) without backup, and the password search apparatus outputs a backup request message to its output unit. In response to the backup request message, the user connects the password search apparatus to his own medium (e.g., his / her PC) in which the backup device is stored. When the user selects the 'backup' menu using the input unit of the password search apparatus, the password search apparatus stores the registered password calculation function storage unit, the user DB, the device identification password storage unit and the device user simultaneous identification password calculation function And copies the storage unit to the connected medium. A stored user ID DB, a device ID password storage unit, and a device user simultaneous identification password calculation function storage unit of the connected backup device, a registered password calculation function storage unit, a used DB and a device identification password storage unit And the device user simultaneous identification password calculation function storage unit.

The above embodiment is one embodiment in which backup is performed only when there is manual operation by the user to select a backup menu. However, it is also possible to automatically transmit data to be backed up to a predetermined backup device connection address when a predetermined event occurs without such manual operation, and the present invention includes all the methods for carrying out the backup process.

The user inputs his / her user ID in a predetermined manner to the A-use place system to access the A-use place (local bank) system.

The user activates his or her own password search device and outputs a registered password search screen (FIG. 8) which can select a specific use ID and input a memorized password to the output unit of the password search apparatus.

The user selects an A usage ID (e.g., Bank of Korea) from the registered password search screen and inputs a memorization password (e.g., 12).

The password retrieval apparatus reads the parameter (for example, 30.083) matched to the use place A in the use DB and stores the parameter and the input memorized password (for example, 12) in the registered password calculation function (e.g., memorized password + ) To calculate a registered password (e.g., 12 + 30.083x12 + 5 = 378).

(For example, 4) read from the device identification password storage unit of the user A, the calculated registered password (e.g., 378), and the time information read from the timer (e.g., , 10:15) is defined as' A disposable device user simultaneous identification password matching function (eg, one-time device user simultaneous identification password = Time Value + user identification password + device identification password + 5, Time Value = (2 × 2 + 2 + 2 × 2) "to calculate the single-use device user concurrent identification password to be submitted to the A user (eg, 10 × 2 +15 +378 +4 +5 = 422).

The password searching apparatus outputs the calculated disposable device user simultaneous identification password (e.g., 422) to its output unit, and the user outputs the disposable device user simultaneous identification password in a predetermined manner to the user A Input to the system. At this time, the password searching apparatus may directly transmit the calculated disposable device user simultaneous identification password to the usage destination system. In this case, the process of outputting the calculated disposable device user simultaneous identification password to its output unit may be omitted. The present invention includes all methods by which a user submits a disposable device user concurrent identification password to a using system.

(For example, 10:15) read from the timer of the user A, the 'user ID' and the 'simultaneous identification password of the disposable device user (e.g., 422)' matched to the user ID, (E.g., 378) and the device identification password (e.g., 4) stored in the user DB of the user and the user ID stored in the user DB of the user, and stores the stored disposable device user simultaneous identification password (For example, Time Value + user identification password + device identification password + 5, Time Value = 2 digits of input time x 2 + 2-digit minutes of input time) The password is calculated (e.g., 10x2 + 15 + 378 + 4 + 5 = 422). The usage system compares the calculated device user concurrent identification password with the device user concurrent identification password (e.g., 422) submitted by the user to determine the validity. At this time, the usage system may allow some time lag between the time information read out from the timer of the user and the time information assigned to the simultaneous identification password calculation function of the disposable device user of the password search apparatus of the user. For example, it is possible to substitute the time data of two minutes before and after, and judge that it is valid if one of the results matches the input value. The present invention includes a method by which a particular user system allows a certain parallax as described above.

The user activates his / her password search device to access the B-use place (for shopping mall) system.

The password search apparatus outputs a registered password search screen (FIG. 8).

The user selects a B usage ID (e.g., a shopping mall) on the registered password search screen and inputs a memorization password (e.g., 12).

The password retrieval apparatus reads a parameter (e.g., 30) matched to the B use destination in the use DB and stores the parameter and the input memorized password (e.g., 12) in a registration password calculating function (e.g., memorizing password + ) To calculate a registered password (e.g., 12 + 30x12 + 5 = 377).

(For example, 2) and the calculated registered password (for example, 377) read from the device identification password storage unit of the user B are referred to as' device user (For example, 377 +2 +3 = 382) to be submitted to the B place of use by assigning it to the simultaneous identification password calculation function (e.g., user identification password + device identification password + 3) And outputs the device user simultaneous identification password.

The user submits 'his / her user ID registered in the use place' and 'the device user simultaneous identification password' to the use place.

The B place of use system receives the user ID and the device user concurrent identification password (e.g., 382).

The B-use place system reads the 'user identification password (eg, 377)' and the 'device identification password (eg, 2)' stored in the DB of the user matching the user ID and stored therein, (E.g., 377 +2 +3 = 382) is calculated by assigning the user ID to the function (e.g., user identification password + device identification password + 3) Verified against the password (e.g., 382).

The user activates his or her own password retrieval device to access the C use destination (shopping mall) system.

The password search apparatus outputs a registered password search screen (FIG. 8).

The user selects the C usage ID (e.g., manse portal) on the registered password search screen and inputs a memorization password (e.g., 12).

The password searching apparatus tries to connect from the use DB to the connection address matched with the selected C using ID, and a predetermined session is opened between the C using system and the password searching apparatus.

The password searching apparatus reads a parameter (for example, 30.167) matched to the C use destination in the use DB and stores the parameter and the inputted memorizing password (e.g., 12) in a registration password calculating function (e.g., memorizing password + ) To calculate a registered password (e.g., 12 + 30.167x12 + 5 = 379).

(For example, 2), 'the calculated registered password (e.g., 379)', and the time data read from the timer (for example, (Time Value + User Identification Password + Device Identification Password + 6, Time Value = 2 digits when inputting the time value) (X2 + 15 + 37 + 2 + 6 = 422) by assigning the number of 2-digit minutes to the number of minutes x 2 + input).

The user inputs his or her own user ID registered in the use place by using the input unit of the password search apparatus.

The password search device transmits the input user ID and the calculated disposable device user concurrent identification password (e.g., 422) to the destination system through the open session.

The C destination system receives the user ID and the device user concurrent identification password (e.g., 422).

The C use destination system reads out a 'user identification password (e.g., 379)' and a 'device identification password (e.g., 2)' stored in the DB of the user matching the user ID and stored in the DB, Minute), and calculates its own disposable device user simultaneous identification password calculation function (eg, Time Value + user identification password + device identification password + 6, where Time Value = 2 digits of input time x 2+ minutes of input time (For example, 10x2 + 15 + 379 + 2 +6 = 422), and the device user simultaneous identification password (e.g., 422 And judges the validity of the inputted disposable device user simultaneous identification password.

Claims (32)

A password searching apparatus for calculating a password used for a predetermined use destination when a user inputs a memorizing password,
A registered password calculation function storage unit that stores a registered password calculation function that includes a predetermined first parameter and a memorization password as components and calculates a registered password used for a predetermined use destination;
A parameter inverse calculation function storage for storing a first parameter inverse calculation function for calculating a first parameter included in the registered password calculation function using information including the registered password and the memorized password;
A use place DB in which a first parameter of the registered password calculating function calculated by the first parameter inverse calculation function is stored; And
And a controller for controlling the first parameter to be calculated by the first parameter inverse calculation function when the registered password and the memorized password are inputted. The method according to claim 1, wherein, when the memorization password is input, the control unit calculates the first parameter of the registered password calculation function stored in the usage password database and the registered password calculation function stored in the registered password calculation function storage unit, And a registered password used for a predetermined use destination is calculated using the inputted memorization password. The apparatus of claim 1, wherein the registered password calculation function is different for each use place, and is stored for each use place. The apparatus of claim 1, wherein the registered password calculation function is different for each password search apparatus. 5. The apparatus of claim 4, wherein the first parameter included in the registered password calculation function is different for each usage destination, and is matched for each usage destination and stored in the usage destination DB. The apparatus of claim 1, wherein the password searching apparatus
And a device identification password storage unit for storing a device identification password designated for each of the password search apparatuses,
Wherein the registered password calculation function further comprises a device identification password designated for each password search device as a component. The apparatus of claim 1, wherein the password searching apparatus
A memorizing password temporary storage unit for temporarily storing a memorizing password inputted from a user; And
And a registered password temporary storage unit for temporarily storing the registered password,
Wherein the control unit controls the memorizing password and the registered password to be deleted when the parameter is calculated using the memorizing password and the registered password. 2. The password search apparatus according to claim 1, wherein, when a predetermined event occurs, the control unit accesses a backup apparatus for backing up information stored in the password search apparatus, so that at least a part of the information stored in the password search apparatus So that the password is transmitted. 3. The apparatus of claim 2, wherein the password searching apparatus
A device user simultaneous identification password calculation function storage for storing a device user simultaneous identification password calculation function for calculating a device user simultaneous identification password generated by the password search device,
Wherein the device user simultaneous identification password calculation function includes the calculated registered password and a predetermined second parameter stored in the usage destination DB as a component. The apparatus as claimed in claim 9, wherein the parameter back calculation function storage unit
A second parameter arithmetic function for calculating the second parameter included in the device user concurrent identification password calculation function using the device user concurrent identification password and the information including the registration password,
The usage DB stores a second parameter of the device user concurrent identification password calculation function calculated by the second parameter reverse calculation function,
Wherein the control unit controls the second parameter to be calculated by the second parameter inverse calculation function using the registered password. 10. The method of claim 9, wherein the device user concurrent identification password is a device user concurrent identification password used one time,
Wherein the device user simultaneous identification password calculation function shares a variable included in a function used for calculating the device user concurrent identification password in the system of the use destination. 3. The system according to claim 2, wherein the use-destination DB stores a network address that can be connected to the use-
The control unit is connected to the system of the use destination,
Wherein the control unit controls the calculated password to be transmitted to the system of the use destination when the registered password is calculated in a state of being connected to the use destination system. A password retrieving method by a password retrieving apparatus for calculating a password used for a predetermined use destination when a user inputs a memorizing password,
The password searching apparatus comprises:
Storing a registered password calculation function that includes a predetermined first parameter and a memorized password as elements and calculates a registered password used for a predetermined use destination;
When the registered password and the memorized password are inputted from the user through the registered password registration screen, the first parameter for calculating the first parameter included in the registered password calculating function using the registered password and the information including the memorized password Calculating the first parameter using a parameter inverse calculation function; And
And storing the first parameter of the registered password calculation function calculated by the first parameter inverse calculation function and deleting the registered password. 14. The method of claim 13,
When the memorizing password is input, the first parameter of the registered password calculating function stored in the registered password calculating function and the used-place DB stored in the registered password calculating function storing unit and the inputted memorizing password, And a step of calculating a password to be used in the password retrieval step. 14. The method of claim 13,
Temporarily storing a memorization password inputted from a user;
Temporarily storing the registered password;
And if the first parameter is calculated using the memorization password and the registered password, the memorizing password and the registered password are deleted. 14. The method of claim 13,
And controlling the backup method to connect to the backup method for backing up the information stored in the password retrieval method so that at least a part of the information stored in the password retrieval method is transmitted when the predetermined event occurs And a password retrieval method. 15. The method of claim 14,
Further comprising the step of calculating the device user concurrent identification password using a device concurrent user identification password calculation function for calculating a device user concurrent identification password generated in the password searching device,
Wherein the apparatus user simultaneous identification password calculation function includes as a component a predetermined second parameter stored in the calculated registered password and the usage DB. 18. The method of claim 17,
A second parameter inverse calculation function for calculating the second parameter included in the device user concurrent identification password calculation function using the device user simultaneous identification password and the information including the registered password, And calculating a second parameter based on the second parameter. 18. The method of claim 17, wherein the device user concurrent identification password is a device user concurrent identification password used one time,
Wherein the device user concurrent identification password calculation function shares a variable included in a function used to calculate the device user concurrent identification password in the system of use of the user. 14. The method of claim 13,
Decrypting and calculating a device user simultaneous identification password generated in the encrypted password searching device,
Wherein the device user simultaneous identification password is encrypted and stored by an encryption function including the registration password, and the registered password is requested to decrypt the encrypted device user simultaneous identification password. 15. The method of claim 14,
Accessing the system of the user using the network address that can be connected to the system of the use destination; And
And controlling the calculated registered password to be transmitted to the use destination system when the registered password is calculated in a state connected to the use destination system. 18. The method of claim 17,
Accessing the system of the user using the network address that can be connected to the system of the use destination; And
When the device user concurrent identification password is calculated by the device user concurrent identification password calculation function while being connected to the system of the use destination, controlling the device user concurrent identification password to be transmitted to the system of the use destination And a password retrieval method. delete delete delete delete delete delete delete delete delete delete

Images