KR20070009490A - System and method for authenticating a user based on the internet protocol address - Google Patents

Abstract

A system and a method for authenticating a user based on an internet protocol address are provided to obtain scalability of the service and system between providers by securing a user authentication and a security channel on an IP address authentication. A method for authenticating user based on an internet protocol address includes the steps of: applying a user authentication service; requesting user authentication information input; transmitting user information and an authentication register key; requesting a user information real name identification; identifying the user authentication successfully; generating a random encryption pattern table; transmitting the encryption pattern table to the user; requesting an authentication after the user authentication request key is generated; and generating and registering an user identification key.

Description

System and method for authenticating a user based on the internet protocol address}

1 is a flow diagram illustrating a general network authentication procedure in accordance with the prior art.

2 is a flowchart illustrating a network authentication procedure using a general web access program.

3 illustrates a conceptual model of IP authentication according to the present invention.

4 is a diagram illustrating a concept of real name verification service based on IP authentication according to an embodiment of the present invention.

5 is a diagram illustrating a concept of integrated authentication service through IP authentication according to an embodiment of the present invention.

6 is a view showing a service using the Internet according to an embodiment of the present invention.

7 is a diagram illustrating a security password identification file according to an embodiment of the present invention.

8 is a diagram illustrating a process of generating user authentication information according to an embodiment of the present invention.

9 illustrates a concept of IP address based authentication according to an embodiment of the present invention.

10 is a diagram illustrating a method for generating and verifying an authentication request key according to an embodiment of the present invention.

11 is a diagram illustrating data transmission by an IP authentication system according to an embodiment of the present invention.

12 is a diagram showing a structure of a layer of data transmitted in a general authentication system.

13 is a diagram illustrating a layer of data transmitted in an IP authentication system according to an embodiment of the present invention.

14 is a view showing a response concept against a hacker intrusion in the IP authentication system according to an embodiment of the present invention.

15 is a diagram illustrating authentication permission access management in an IP authentication system according to an embodiment of the present invention;

16 is a block diagram of an IP authentication and additional service system in a wired and wireless Internet environment according to an embodiment of the present invention.

17 is a block diagram of SSO using IP address based user authentication according to an embodiment of the present invention.

18 is a block diagram for IP authentication and additional service in a communication service provider network according to an embodiment of the present invention.

19 is a block diagram showing a detailed configuration of an IP authentication system of a terminal according to an embodiment of the present invention.

20 is a functional configuration diagram of a user terminal according to an embodiment of the present invention.

21 is a block diagram illustrating a data packet for authentication according to an embodiment of the present invention.

22 and 23 are flowcharts illustrating an IP authentication and service procedure according to an embodiment of the present invention.

24 is a flowchart illustrating a procedure of installing a terminal authentication agent and registering user authentication information according to an embodiment of the present invention.

25 is a flowchart illustrating a procedure of registering user information for user authentication according to an embodiment of the present invention.

26 is a flowchart illustrating a procedure for receiving user IP authentication using another system or terminal according to an embodiment of the present invention.

27 to 29 are flowcharts illustrating a procedure of processing various additional services and payment, payment, etc. in an IP authentication server according to an embodiment of the present invention.

30 is a diagram illustrating a configuration of a user terminal authentication agent according to an embodiment of the present invention.

<Explanation of symbols for the main parts of the drawings>

400: user terminal 410: IP authentication server

420: service provider server 430: random key server

440: social security number database 900: IP packet

910: data field 920: header field

921: Option field 922: Sending address field

923: Recipient address field 1001: user authentication information

1002: terminal information 1010: encryption

1020: authentication request key 1030: random encryption code

1040: generated user identification code 1050: decryption

1060: user identification code 1100, 1400, 1500: user terminal

1110, 1410, 1510: Service Provider Server

Certification Body: 1120, 1130, 1420, 1520

1200, 1300: user terminal 1210, 1310, 1530: certification authority

1220, 1320: Internet server 1330: user identification code

1540: user information database 1601: mobile authentication terminal

1602: wired / wireless authentication terminal 1603: mobile service core network

1604: ISP Service Backbone Network 1605: IP Agent

1606: public authentication server 1607: IP authentication server

1608: Authentication Agent 1609: Internet Service Server

1610: IP authentication based service server 1701: service plug-in

1702: user terminal 1703, 1705: service

1704: external router 1707: IP authentication service server

1708: IP Authentication Agent 1709: IP Authentication Server

1801: Internet service server 1901: user login unit

1902: user authentication unit 1903: user environment control unit

1904: Service Plug-in Container 1905: System Interface

1906: input and output management unit 1907: service plug-in

1908: Terminal Authentication Agent Database

1909: Device driver for terminal authentication

1911: connection management unit 1912: protocol relay and conversion unit

1913: packet processing unit 1914: service management unit

1915: user authentication management unit 1916: authentication gateway

1921: Connection Gateway 1922: Intelligent Service Engine

1923: service management unit 1924: service plug-in management unit

1925: service billing unit 1926: database

1931: access control unit 1932: user profile management unit

1933: security authentication management unit 1934: user terminal authentication module distribution unit

1935: authentication interface 1936: IP authentication processing unit

1937: User Authentication Management Unit 1938: Database

2001: Terminal User Interface 2002: Service Plug-in

2003: service plugin

2004: IP Authentication-based Service Plug-in Container

2005: Interface for kernel mode system calls

2006: Security Reference Monitor 2007: Settings Manager

2008: Terminal IP Authentication Device Driver

2009: I / O Manager 2010: Other Management

2111: operating system kernel 2110: authentication header

2111: number of optional fields 2112: user authentication method

2113: user authentication information 2114: security password pattern

2121: terminal type 2122: terminal GUID

2123: user location 2124: network properties

2125, 2126: optional field 3001: user logon

3002: security rights manager 3003: environment rights manager

3004: surveillance database 3005: I / O manager

3006: Object Manager 3007: Driver Manager

3008: TCP / IP transport driver

3009: Terminal Authentication Agent Logical Driver

3010: Terminal Authentication Agent Driver

3011: IP authentication user database

3012: NDIS Driver

The present invention relates to a user authentication method in a network, and more particularly, to an IP address-based user authentication system and method for authenticating a user based on an IP address.

In today's information society, computers and the Internet have emerged as essential tools for new communication, and as a result, computers and internet users are not only self-protecting from the various harms and dysfunctions of informatization that are contrary to the convenience of informatization. It is required to adapt quickly and continuously to change due to rapid change of environment.

On the other hand, in recent years, security incidents due to misuse of personal information on the Internet are increasing. Most Internet service systems require social security numbers as a means of identifying personal information, and personal information infringement and security incidents are frequently caused by unjust users due to leakage of personal information.

In addition, since the user authentication system currently being implemented on the Internet is not authentication of a user but authentication using personal information including a social security number, it is possible to use other's social security number to perform other's poses, and damages are continuously generated. have.

1 is a flowchart illustrating a general network authentication procedure according to the prior art. For example, a simple procedure such as medium access control (MAC) address authentication is shown. Referring to FIG. 1, when a user terminal requests a network connection while starting up (S101), a service access network (ie, a subscriber access network) responds to the request (S102).

The user terminal transmits access information of the subscriber (S103) while making an authentication request to the service access network. The transmitted subscriber access information sends an authentication result to the service access network through authentication of the AAA server (S104) (S105).

The service access network receives the authentication result and sends an authentication result response (S106) to the user terminal. At this time, the user terminal makes a network connection request (S107) to the service access network, the service access network receiving the connection request allows the connection and responds to the request result (S108), the network connection setting (S109) is made. .

Meanwhile, in FIG. 1, subscriber authentication information such as a MAC address of a subscriber station is stored in the authentication server and the subscriber is requested to manage the authentication. Therefore, in the case of such authentication, when changing or replacing the terminal NIU (Network Interface Unit) is required to change the continuous authentication information, it is impossible to manage or authenticate the log record.

2 is a flowchart illustrating a network authentication procedure using a general web access program. 2 shows a procedure for performing authentication with a subscriber ID and password currently applied to ISPs.

Referring to FIG. 2, the terminal performs a network search (S201) through a wired / wireless access network, and the terminal performs a response (S202) to the search to the terminal. Then, the terminal requests authentication for subscriber authentication to the authentication server through the wired / wireless access network (S203, S204). The authentication server receiving the authentication request requests information for authentication to the corresponding terminal (S205), and the subscriber responds to the authentication information (S206) by inputting a predetermined subscriber authentication ID and password.

Meanwhile, the authentication request, the authentication information request, and the authentication request information received from the terminal for processing the authentication result is inquired to the AAA server (S207) to go through a verification procedure for the authentication information. At this time, after checking the billing information and the additional service request information of the subscriber as a result of the authentication (S208, S209), when the network connection request (S211) of the terminal, the connection service response (S212, according to the connection request) S213 and S214 enable secondary subscriber convenience services such as supplementary services.

Currently, various authentication methods are provided according to service terminals and service providers, and thus, integration of processing and procedures for authentication information has emerged. In addition, it is more secure and independent of the existing system to secure the interoperability and authentication of intelligent robot system, home server for home network, and interoperability with other service providers in the ubiquitous, IPv6 and Mobile IP environments. The need for subscriber authentication is emerging.

Accordingly, an object of the present invention is to provide an IP address-based user authentication system and method for authenticating a user by IP address information having a unique value on a network.

It is also an object of the present invention to provide an IP address-based user authentication system and method for authenticating a user by IP address information having a unique value on a network, and providing various additional services through the authentication.

In the Internet environment, all terminals connected to the network have an IP (Internet Protocol) address. When accessing the Internet using the terminal, authentication of the user and the terminal was required to control access to the terminal or the user's network resources.

For this authentication, a method of authenticating terminal information including an ID and password or a MAC address of a terminal was used. However, in this case, different access methods require different authentication procedures, so the management and procedures of authentication information are complicated, and physical information of the terminal, such as authentication information, ID and password, can be forged. .

Therefore, in the present invention, authentication is performed using an IP address having a unique value on the network. At this time, in the present invention, when a terminal requiring authentication accesses the network, the terminal stores the IP address of the corresponding terminal in a separate authentication server and stores the user's personal information, and stores all the authentications for the terminal on the network. To the IP address.

Hereinafter, the present invention will be described in detail with reference to the following examples, and the present invention will be described in detail with reference to the accompanying drawings. However, the embodiments according to the present invention may be modified in various other forms, and the scope of the present invention should not be construed as being limited to the embodiments described below. Embodiments of the present invention are provided to more fully describe the present invention to those skilled in the art.

First, the concept of IP authentication according to the present invention will be described with reference to FIGS. 3 to 15, and an example in which IP authentication according to the present invention is applied to an actual system will be described in detail with reference to FIGS. 16 to 30.

3 is a diagram illustrating a conceptual model of IP authentication according to the present invention. Referring to FIG. 3, an IP authentication model according to the present invention may be conceptually compared with a ticket reservation and a rail ticket reservation. First, the passenger purchases a plane ticket from the airline, assigns a seat, completes a security check for identification and then boards the plane. At this time, after boarding the plane, passengers will receive in-flight service according to their requirements or seats.

That is, as shown here, the user is assigned an IP address from an ISP, a line provider, to check who is assigned an IP address and whether the user is correct. There is no concern about your identity, and even if you lose your plane ticket, you will not be able to get certified unless you are assigned an IP.

4 is a diagram illustrating a concept of real name verification service based on IP authentication according to an embodiment of the present invention. Referring to FIG. 4, a user registration process (identification of identity) for IP authentication is performed as follows.

That is, the first step is to apply for the user identification service. Then, as a second step, the authentication agent transmission and user authentication information input are requested, and as the third step, personal information and authentication registration key are transmitted. As a fourth step, a request is made to confirm the real name of the user's personal information, and a fifth step is successful in verifying the user's identity. In a sixth step, a random password pattern table is generated for user authentication, and the random password pattern table is transmitted and stored.

In the seventh step, the encryption pattern table is transmitted to the user, and in the eighth step, a user authentication request key is generated using the encryption pattern table, and then authentication is requested. Finally, in step 10, a user identification key is generated and registered.

5 is a diagram illustrating a concept of integrated authentication service through IP authentication according to an embodiment of the present invention. Referring to FIG. 5, when a user joins an IP authentication service server, an IP address of the user is transmitted to the IP authentication service server through a link formed between each other.

In this case, the user selects an authentication method to authenticate, and the IP authentication service server verifies user authentication according to various authentication methods selected by the user, and then provides a web service.

6 is a diagram illustrating a service using method using the Internet according to an embodiment of the present invention. Referring to FIG. 6, reference numeral 601 is a user information input screen required for generating a user identification and security identification password file and registering an authentication key of the user.

Reference numeral 602 is a process of verifying and verifying user-entered information to generate a security identification password file and registering an authentication key for the user to access the password file.

Referring to reference numeral 603, when the registration is completed, a completion mark is displayed, and the user can generate a new security identification file at any time using the registrant authentication key.

7 is a diagram illustrating a security password identification file according to an embodiment of the present invention.

Referring to FIG. 7, the user login information is extracted, and the user authentication request key is generated by calculating with the specific code value of the security password identification file. The generated user authentication request key is transmitted to an IP authentication server, and the IP authentication server decrypts the received user authentication request key to obtain promised user virtual information.

8 is a diagram illustrating a process of generating user authentication information according to an embodiment of the present invention. Referring to FIG. 8, after the user confirms his / her identity, the authentication server sets an authentication key, and the user generates a security password identification file that is newly generated each time the user requests an authentication using the authentication key. The secure password identification file is created on a temporary basis at each request and then sent encrypted to the user. The encrypted identification file is used to generate a key for the authentication request using the value of the decrypted table.

9 is a diagram illustrating the concept of IP address based authentication according to an embodiment of the present invention. Referring to FIG. 9, since the IP address has a unique value on the network, the user can be identified and verified by using only the IP information by mapping it with user personal information.

The header of the IP packet transmitted by the user includes a sender address and a receiver address. At this time, if the sender address and the recipient address are duplicated, network connection is not made. If only the user information is used as the authentication means, there is no verification means for theft or abuse.

In addition, since no user information is included in the IP information or the session information, there is no fear that the user information is leaked. Therefore, even when a plurality of users are using one IP, verification is possible.

10 illustrates a method for generating and verifying an authentication request key according to an embodiment of the present invention. Referring to FIG. 10, the user terminal encrypts user authentication information and terminal information by a random encryption code received from the server and transmits the encrypted user authentication information to the server. The server receives and decrypts the authentication request key to generate a user identification code, and performs authentication by comparing with a previously stored user identification code of the user terminal.

11 is a diagram illustrating data transmission by an IP authentication system according to an embodiment of the present invention. Referring to FIG. 11, in the related art, a user identification code is directly transmitted from a user to a certification authority or a service provider, thereby exposing a risk of hacking.

However, according to the IP authentication according to the present invention, since only a random encryption code, an IP address, and an authentication request key are transmitted, there is an advantage in security.

12 is a diagram showing the structure of a layer of data to be transmitted in a general authentication system. 13 is a diagram illustrating a layer of data transmitted in an IP authentication system according to an embodiment of the present invention. 12 and 13, in the conventional authentication method, authentication information has a limitation in responsiveness and interoperability by checking and processing whether authentication information is authenticated at the application layer. However, the IP authentication means according to the present invention can be processed by redirecting at a router or a switch.

This speeds up authentication at the Internet service site and enables preprocessing for authentication at the router or switch level. In addition, the cost of establishing an authentication system for the Internet service is reduced and it is easy to integrate into the standardization of the authentication system. In addition, the site access occurs after authentication in terms of Internet service, and thus customized service is possible.

14 is a diagram illustrating a response concept for a hacker intrusion in the IP authentication system according to an embodiment of the present invention.

Illegal access on segment 1:

Situation: Access to portal site disguised as IP of normal user terminal

Action: Check the access request with the requested IP and block access if not requested

Illegal access on segment 2:

Situation: Authentication attempt using normal user terminal, authentication information, etc.

Processing: User's authentication information is processed by random encryption code, so authentication code cannot be generated unless it is the same random code.

Illegal access on segment 3:

Situation: Attempt to access service using user identification code

Processing: The service provider processes only the identification code requested and sent from the specified authorized IP.

15 is a diagram illustrating authentication permission access management in an IP authentication system according to an embodiment of the present invention. Referring to FIG. 15, a history view refers to a record of a site that a user accesses.

The authentication server can identify illegal users through the user authentication history, and the user and the authentication server can block and control spam information by controlling the access IP. (Can be blocked at the network layer)

In addition, it is possible to block the worm / virus through the user's access site management.

An object of the present invention for solving the above problems of the prior art has an open component structure to create and manage user authentication information and to enable a variety of additional services. The IP authentication agent checks the user's packets by interworking with an Internet service backbone network or an Internet service server, and communicates with the user terminal authentication agent to perform pre-processing functions required for authentication. Authenticate The authentication result for each user is linked with the user DB and the service policy DB so that various services can be installed in various plug-in types on the user terminal based on IP authentication or integrated with the IP authentication infrastructure system. It is.

As described above, the present invention provides a user terminal security authentication module for performing a user's security authentication in a terminal, and a user's IP with a user's terminal. An authentication server for registering and managing authentication, and an IP authentication agent for performing various preprocessing procedures for authentication between a user terminal and an IP authentication server are required.

The user terminal security authentication module monitors the logon authentication of the user terminal and sends the user terminal information (GUID-Globally Unique ID) and the user information (SID-Security IDs) information to the IP authentication server when the user is successful in the terminal. . In this case, the terminal security authentication module and the IP authentication server is transmitted using a security encryption pattern.

In this case, the IP authentication server authenticates the user terminal and the user by mapping the unique information table and the user information table of the terminal. When the user uses another terminal, the authentication function of the terminal is supported by using the user's portable terminal. The service according to the user terminal and the user profile is possible.

The IP authentication agent performs the necessary preprocessing procedure between the terminal and the user and the authentication server, and performs the necessary protocol conversion and relay.

Through the above procedure, the IP authentication-based service server provides the service set by the user or subscriber to the corresponding IP address without the need for additional authentication process, so that more convenient and secure service is possible and flexibility in scalability or portability is provided. Secured.

In the IP address based user authentication, every terminal connected to the network in the Internet environment has an IP address. When accessing the Internet using a terminal or controlling access to a terminal or a user's network resources, authentication of the user or terminal was required. For authentication, the user inputs an ID password from the user or authenticates the terminal information including the MAC address of the terminal. However, in this case, different access methods have to go through different authentication procedures, so the complexity of the management and procedures of authentication information, authentication information, that is, ID and password, the physical information of the terminal can be forgery any amount. In the present invention, in order to interoperate and integrate various services through a more convenient and secure user and terminal authentication method in the Internet environment, a user terminal security authentication module for performing a user's security authentication in a terminal, and user and terminal IP authentication It is required as an IP authentication agent that performs various preprocessing procedures for authentication between an authentication server that registers and manages, and a user terminal and an IP authentication server.

The user terminal security authentication agent monitors the logon authentication of the user terminal and sends the user terminal information (GUID-Globally Unique ID) and the user information (SID-Security IDs) information to the IP authentication server when the user is successfully sent to the terminal. At this time, the terminal is transmitted between the security authentication agent and the IP authentication server using a secure encryption pattern.

The IP authentication server authenticates the terminal and the user by mapping the unique information table and the user information table of the terminal. When the user uses another terminal, the authentication function of the terminal is supported using the user's mobile terminal, The service according to the terminal and the user profile is possible.

The IP authentication agent performs necessary preprocessing procedures between the terminal, the user, and the authentication server, and performs the necessary protocol conversion and relay.

Through the above procedure, the IP authentication-based service server provides the service set by the user or the subscriber to the corresponding IP address without the need for additional authentication process, so that more convenient and secure service is possible and flexibility in scalability or portability is provided. Secured.

In the internetwork environment through the IP address, a secure connection on the network is established through the authentication of subscribers, users, and terminals with respect to the IP address, and the user is identified by checking the corresponding IP address when accessing the IP address of the terminal with various services. The present invention relates to a system and method for providing various services and functions.

Hereinafter, an example in which IP authentication according to the present invention is applied to an actual system will be described in detail with reference to FIGS. 16 to 30.

16 is a block diagram of an IP authentication and additional service system in a wired and wireless Internet environment according to an embodiment of the present invention.

Referring to FIG. 16, the wired access terminal authentication agent 51 connects to the Internet network via the Internet service provider backbone network 52-1. In a wireless or mobile communication network, a wireless-mobile communication terminal authentication agent 50 is used to access an internet network through a CN (Core Network) 52-2 of a mobile communication service provider. At this time, there may be an authentication agent 53-1 for IP authentication in the service provider backbone network, and the authentication agent shown in 53-1 indicates this. The authentication agent 53-1 examines the packets in the backbone network or the core network to determine whether the authentication terminal components are installed in the terminals 50 and 51, and if not installed, induces component installation and authenticates the user terminal. The terminal 50 and 51 receive the authentication information, and the authentication information stored in the terminal and the authentication result of the user are transmitted in the data format of FIG. 17. The authentication agent 53-1 receives the authentication information received from the terminal. Is transmitted to the authentication server and the authentication server 54 receives the authentication information and performs the authentication procedure. At this time, the user can be authenticated by an external authorized authentication server or an internal private authentication server 56 for authentication. When the user authentication is completed, the authentication server queries the additional service server 55 about the service requested from the user network as the additional service server. The authentication agent shown in 53-2 is shown when the authentication agent is not installed in the subscriber network backbone or core network. The function and role are the same as in 53-1, but the user's packet is analyzed at the previous stage of each Internet service server. Service redirection at the application level and the ability to handle service login for single sign-on functionality. The Internet service server 57 includes an HTTP-based web service server, an e-commerce, a mobile service server for mobile and mobile phones, and a client server-based application server.

17 is a block diagram of SSO using IP address based user authentication according to an embodiment of the present invention. Referring to FIG. 17, an IP address-based terminal and user authentication are performed in a communication service provider network including an ISP service provider, which is an access network service provider. From the terminal 10 installed with the terminal component for authentication and secured access, the user service is authenticated to the authentication server 12 through preprocessing for authentication of the authentication agent 11 for authentication in the service provider network, and the result is queried and judged by the additional service server 13 In order to provide services required for accessing various users' networks between the service plug-in 16 of the user terminal 16, the user terminal 10 and the backbone or core network router 14, or between the backbone network and the external Internet network router 17 It is to provide the service to the user who uses the terminal of the corresponding IP address by providing the IP information of the service server. When the connection request F-1 is received from the user terminal 10, the IP authentication agent examines the packet and receives the IP authentication. Whether you are a terminal and require user authentication. It is determined whether the request. The IP authentication agent requests the user terminal for information necessary for authentication through F-2. At this time, the feature and effect of the present invention on the user terminal uses the Logon function used by the user terminal for IP authentication and user authentication in the IP authentication agent. This will be described later in detail. The user terminal receiving the authentication request from the IP authentication agent transmits the terminal information and the user's information to the IP authentication agent in the step F-3, and the information transmitted includes the terminal authentication information and the user authentication information. In the case of MS Windows, the authentication information of the terminal may use a globally unique identifier (GUID) value as it is or may be hashed to a specific bit. Security IDs (SIDs) required for user recognition and authentication are also passed to the IP authentication agent as it is or as a specific bit. In addition, when the user uses the terminal as a guest account that cannot authenticate the user, the IP authentication agent calls the authentication component installed in the user terminal to log in again as a user to process for authentication of the user. At this time, if the user is not authenticated, the connection on the network is restricted through the IP authentication server. In this case, these various cases are processed by the policy defined in the IP authentication service and the policy rule specified by the user. When the IP authentication agent requests authentication information to the user terminal through F-2, it transmits an encryption pattern key for encryption required for F-3 response, and the user terminal uses the received encryption pattern key to request authentication information. You can also pass This can be variably configured and operated according to network trust between the terminal and the IP authentication agent. The IP authentication agent will summarize the format of the data transmitted from the user terminal at this time in FIG. The authentication request data received by the IP authentication agent from the user terminal is F-4 to verify the reliability of the data and to request authentication to the IP authentication server. The IP authentication server 12 analyzes and determines the user terminal information and the user information. If the transmitted information is correct, the IP authentication server 12 registers the user terminal and the user authentication information in the IP authentication server and starts the service. At this time, the IP authentication server queries the user's service by F-5 to the IP authentication service server and instructs the service to be started. At the IP authentication server, the server retrieves the service status of the user, prepares to start the service, and notifies the IP authentication server of the result. The IP authentication server notifies the terminal of the result of the service query to the IP authentication agent, and the F-7 IP authentication agent calls the service plug-in of the authentication processing component of the user terminal F-8 to start the service. The IP authentication service server calls services 15-2 such as additional services (15-1) necessary for the user terminal and the backbone / core network or various services (eg, blocking harmful sites through network filtering) in connection with an external internet network. Will be performed.

18 is a block diagram for IP authentication and additional service in a communication service provider network according to an embodiment of the present invention. Referring to FIG. 18, an IP address user authentication is performed by analyzing a user's access network request in an Internet service network or on an Internet network. When the service request F-1 is received from the user terminal 10 to the target site, the IP authentication agent queries the user terminal for authentication information about the connection request. When the user terminal transmits the user terminal information, the user information GUID and the SID, the IP authentication agent transmits the information to the IP authentication server. F-4. After performing the user authentication procedure, the IP authentication server checks whether there is information on the service usage of the Internet service server 14 of the user, and inquires whether the user subscribes to the additional service to the Internet service server F-5 to receive the result. F-6. The IP authentication server notifies the IP authentication agent of the user's authentication result. F-7. The IP authentication agent notifies the user of the authentication result and informs the Internet service server of the user information. The IP authentication agent provides the user information to the Internet service server F-9 and requests a user session assignment to use the service. When a user session is allocated, IP authentication-based service server 13 connects to Internet service server 14 to provide user-based supplementary services and various other services provided to the user. F-11 to enable various additional services on behalf of the user's Internet connection request. The service request of the user terminal is connected to the Internet service server and processed through F-12.

19 is a block diagram showing a detailed configuration of an IP authentication system of a terminal according to an embodiment of the present invention. 19 is a functional block diagram and association diagram of elements for IP authentication with a terminal used in the present invention. When the user terminal 10 receives the Internet or service connection request, the connection management unit 21 of the IP authentication agent 20 determines the connection request. Determine whether the user terminal is a wired connection or a wireless connection and check the operating system of the user terminal. Through this process, preprocessing is performed to determine specific procedures and methods for IP authentication. This includes whether the user terminal authentication agent is installed and an installation version. When the IP authentication agent calls for the authentication information by calling the user terminal authentication agent 10, the requested user terminal calls the user authentication unit 12 to confirm the currently logged on user. If you are logged in as a guest, the user authentication forces you to log off the user logon and request the user login 11. When the user enters the user IP and password, the user authentication unit processes the system 15 via the system interface 15. As an example of the present invention, in the Windows operating system of Microsoft Corporation, when the user login 11 is called by the user authentication unit, the user login calls WINLOGON. To perform the user authentication procedure. WINLOGON calls LSA with LPC (Local Procedure Call) and LSA (Local Security Authority) calls Security reference mornitor (SRM) to authenticate users and control user access to the system. By checking the result of the user logon and confirming the current login user, the user environment control unit 13 accesses the Windows registry, which is a hierarchical database for managing user information and environment information, and extracts user environment information and system information. In Microsoft's Windows system, the GUID (Globally Unique ID) and SID (Secure IDs) values are stored in the registry in hexadecimal. The terminal authentication driver performs kernel mode operation required to operate user authentication and services including application service container 14 and plug-in 18 in user mode for kernel mode system call and access for operating and operating in kernel mode of the operating system. Will support. After user authentication through user login 11, the GUID, user SID, and group SID of the user system are extracted from the registry. The extracted authentication value processes the binary data in various ways to call the input / output management unit and deliver it to the IP authentication agent connection management unit. Here, the extracted binary data can be delivered by summarizing it to a specific bit length using hash and sending the encrypted binary data. At this time, in the hashing and encryption method, the IP authentication agent delivers a random security seed, and the input / output management unit processes the user authentication data using the security seed and transmits it to the IP authentication agent. The transmitted authentication request data is collected and processed by the connection manager 21. The access manager supports two modes: authentication at the IP packet level and authentication at the application level. That is, the packet processing unit 23 collects the connection request packet, inspects the packet header, processes the packet, extracts authentication data from the packet, and verifies the data in the user authentication manager 25. After the user authentication, the packet transmitted by the user from the terminal is in charge of the protocol relay conversion unit 22 for protocol conversion processing to support various application services and various protocols. The user authentication management unit 25 verifies the user information transmitted from the user terminal, verifies using the security key, and manages the function of transmitting the verified authentication request information by calling the IP authentication server and the authenticated user IP. You will be in charge of the IP address and session of the authenticated user. The service manager 24 receives the authentication result from the IP authentication server and manages the service of the user terminal by calling the additional service plug-in of the terminal or calling a service. It is a service provided through the integration of various services and functions with certification. To this end, IP Authentication Agent 20 maintains a reliable secure connection channel with the IP authentication server, through which authentication data can be transmitted and received, and a formal connection interface is required. For this purpose, the authentication gateway is responsible for connection and communication with the IP authentication server. Will be done. The IP authentication server 30 receives the authentication data delivered by the IP authentication agent preprocessing and performs authentication for the user and the network terminal, thereby providing various additional services and user integration services. The access controller 31 is responsible for secure channel establishment and standard interface between the IP authentication agent and the IP authentication service server. The IP authentication processor 32 checks the terminal information and the user authentication information to perform authentication. The IP authentication verifies the terminal used by the user, the location of the terminal, and various information necessary for the activation of an additional service authorized or subscribed to the user. It is also responsible for registering and synchronizing and monitoring IP authentication information between different authentication servers. The user authentication manager 33 is responsible for responding to and processing authentication information requests for the authenticated user in the IP authentication server. For example, in case of SSO (Single Sign-On), when a specific web service server connects to a specific IP and requests authentication, it is responsible for determining and processing whether the authentication request is appropriate or whether to permit authentication for the user. do. In addition, it is in charge of managing and handling the charges for users. At this time, it is in charge of billing or billing for external internet service or service provided by internet network service provider. In the user profile manager 34, there are various settings and rules for allowing the user to subscribe to or allow the service and authentication of personal information. Examples include user judgment information on whether or not to provide authentication information to a specific site subscribed to by the user, and various rules and policies inherited from the user's administrator. Here, for example, the manager is a family, and the father becomes a service subscriber, and the family who is allowed to use the service by the father becomes a user. Fathers can restrict access to certain sites to their families, especially minor children, which means that it is possible to inherit / restrict the user's rights with his father's subscriber rights. The acceptance and rejection of the user interface is handled by interfacing with the user authentication manager using rules managed by the user profile manager. The security certificate management unit 35 is a security encryption processing and management unit used to process user authentication using a CA server and to transmit and receive user authentication information through a trusted channel with an IP authentication agent. If the user accesses the network without installing the user terminal module, the IP authentication agent 20 determines whether it is installed and if it is not installed, the IP authentication agent is requested to distribute the authentication agent to the user terminal for IP authentication. The authentication module distribution unit 36 analyzes the environment of the user's terminal, that is, checks the wired Internet access, the wireless Internet access, the mobile communication Internet access, and the terminal information, that is, the operating system and the version, and distributes them to the user terminal. The IP authentication service server 40 is responsible for providing a service by interworking various services to a user who has received an IP address-based user authentication. When the IP authentication server 30 retrieves the user profile and extracts the user service and requests the result to the corresponding IP address, the IP authentication service server receives the service profile information on the IP delivered through the access control unit 31 of the IP authentication server. Will be launched. For this purpose, the information required for the service is stored and managed in the service database 46. The service manager 42 checks the service information requested from the IP authentication server and provides the information necessary for the service and the function necessary for providing the service. At this time, by receiving the IP information and subs profile information, the function necessary for the service is set, processed and provided. The service billing processing unit 43 calculates the billing generated by the user's service and provides it to the IP authentication server. The intelligent service engine 44 is a platform for providing services to users. The service plug-in manager is a container and management role for a service plug-in remotely installed and operated on a user terminal or a service server.

20 is a functional configuration diagram of a user terminal according to an embodiment of the present invention. Referring to FIG. 20, a block diagram is modeled on Microsoft's Windows operating system used as a reference model of the user terminal of the present invention. The function module of the terminal may be limited or added by the supportable standard and function of the terminal or according to the user's authority. The user terminal is composed of a management module for various functions based on the operating system kernel 11. The local security audit module 16 performs the user authentication procedure based on the encrypted user ID and password to perform the user authentication procedure upon user logon, and calls the security reference monitor 12 to check and manage the access rights of the authenticated user. do. The security reference monitor calls I / O manager 14 and configuration manager 13 to allow access and authority of the terminal according to the user's authority. I / O manager 14 manages access and authority to various devices and file systems. The configuration manager searches the user registry (based on MS Windows) and takes care of the settings necessary for the user environment. In addition, the globally unique identifier (GUID) and security IDs (SID), which are terminal information of the system, are stored and managed in the registry.

21 is a configuration diagram of a data packet for authentication according to an embodiment of the present invention.

Referring to FIG. 21, the authentication information data format of the user terminal has been described. The authentication information generated by the terminal authentication agent consists of an authentication header and authentication sub information. The authentication header allows variable options to ensure the scalability of various and flexible information in the authentication sub information. The authentication header can be marked and managed in the authentication header and can be specified in the number of option fields. In the user authentication method, a method of using the authentication result of the terminal authentication system, a user authentication method using an accredited certificate, and a user authentication method using a user's mobile phone are indicated. The user's authentication information is a unique identifier for distinguishing a user. This field contains. The security password pattern field designates a seed (encryption SEED value) for security encryption in order to establish a security channel specified in IP terminal authentication module 10 (Fig. 4), and between the user authentication terminal and IP terminal authentication module 10 (Fig. 4). It uses multiple secure password patterns as promised. What is important here is that authentication is to process the user-centered authentication for authentication at various terminals and places around the user, and the terminal is processed as data for secondary authentication. In the authentication sub-information, the type of terminal refers to the information of the terminal used by the user, that is, the desktop personal computer, PDA, mobile phone, etc. The terminal GUID is the unique information of the terminal, and the user location is the location where the user accesses the terminal. For management. In this case, if the same user is connected to the Internet, it is possible to access the Internet using a personal computer and a mobile phone, but if the same user is connected from different areas at the same time through different ISP (Internet Service Provider) networks, illegal user name theft This field is used to enable additional functions and location-based services to consider whether to allow access by notifying a registered user's mobile phone or the like. The network property is a field for managing and processing different values for various network properties of the user terminal. The option field is a preliminary field to be used in a scalable manner through the protocol between the IP authentication server and the user authentication agent for future scalability and flexibility.

22 and 23 are flowcharts illustrating an IP authentication and service procedure according to an embodiment of the present invention.

22 is a processing flowchart of the present invention. When the user terminal is started (S200) and a network connection is requested through the concentrator of the Internet service provider network (S201), packet filtering is performed through the IP authentication agent 20 (FIG. 4) in the Internet service provider network and the terminal authentication agent is installed. It is determined whether or not (S202). In the case of the terminal in which the IP terminal authentication module 10 (Fig. 4) is installed, a specific tag bit is set using the option field of the IP header, so that the value of the terminal can be checked whether the terminal authentication agent is installed. In the case of IPv4, if the value is tagged in the reserve field of the option field, and in the case of IPv6, if the IP terminal authentication module 10 (FIG. 4) is installed in the routing header, it passes through a specific router of the nearest service network and checks the tag value first. Then, it is determined whether the IP terminal authentication module 10 (Fig. 4) is installed. If the IP terminal authentication module 10 (FIG. 4) is installed, it checks the hash code of the terminal authentication agent to check whether it is updated and performs an update if necessary. After the update, the IP authentication server 30 (FIG. 4) calls the IP terminal authentication module 10 (FIG. 4) to request user authentication information. If the IP terminal authentication module 10 (Fig. 4) receives a connection request from a terminal that is not installed, call A (S350) to install the IP terminal authentication module 10 (Fig. 4) on the user terminal and register user authentication information. To go through the process. The IP terminal authentication module 10 (FIG. 4), which has received a request for transmitting authentication information for the user authentication of the IP authentication server 30 (FIG. 4) through the IP authentication agent 20 (FIG. 4), displays the information of the terminal and the ID of the currently logged in user. It will acknowledgment of authority. The terminal information can be used by combining the GUID (Globally Unigue ID) of the system stored in the registry with the information of various unique terminals in the case of Microsoft Windows, or by collecting the hardware information of the terminal and extracting the value by a specific bit. Can also be. The GUID used by Microsoft's Windows here is typically a 128-bit number. In addition, the user information according to the user terminal login and the data structure for security and access control in the terminal is composed of a Revision Number, Flags, Owner SID (Security IDs), Group SID and ACL (Access Control List). The IP terminal authentication module 10 (FIG. 4) calls the user authentication unit in the IP terminal authentication module 10 of FIG. 4 to confirm the terminal information and the user account authority information in the terminal. The user authentication unit calls LSA (LOCAL SECURITY AUDITOR). The LSA calls SRM (SECURITY REFERENCE MORNITOR) to verify user rights and logins. After checking the user login authority and logging in with a guest account or when an unauthorized user logs in, B (S400) is called to perform a procedure for user authentication and perform appropriate processing. When the user login is normally performed and the result authentication data is normally generated S206, the I / O management unit of the IP terminal authentication agent 10 (Fig. 4) is called and transmitted to the IP authentication agent S207. From the user authentication information transmitted in the authentication data format of FIG. 8, the IP authentication agent extracts user information and requests authentication from the IP authentication server. The authentication request information is verified from the IP authentication agent to determine whether the packet is a normal authentication data. If the packet is a normal packet, the IP authentication server queries the authentication key for authentication. If the authentication server cannot find a value that matches the authentication data sent from the user terminal, S300 calls C (S500) to register the user and user terminal in S300. If a match is found, it calls D (S600). do. If an error occurs as a result of the processing of A (S350), B (S400), and C (S500), the call is terminated by calling S900.

In FIG. 23, when the authentication key of the user terminal is found by the IP authentication server in D (S600), the user authentication information is registered (S601). The authentication information is managed by mapping the assigned IP to the user information managed by the IP authentication server while the user terminal is connected to the Internet server. When the authentication of the user is finished with respect to the IP address, the user IP authentication service service server 40 (Fig. 4). The service profile of the user is retrieved from the database 46 of FIG. 4 (FIG. 4), and the setting for the user service (S602) is performed. When the service is searched for in the user service profile in the step, S603 is called, and if the user service profile does not exist, the service goes to the waiting state S607 for monitoring the user connection status. (S603) Determine whether the Internet service provider backbone network and the core network based service for mobile communication or the service provided in connection with a service server on a similar Internet network including HTTP (S605) to provide service profile data required for the service to the user terminal. Extract and transmit (S604) or notify the rule or policy profile to the service server (S606). After monitoring the connection state of the user terminal in step S607, if a new service request is received from the user or the outside, the step S700 is called and the user authentication status is calculated by calculating certain rules and idling time for maintaining the user connection session. Check (S610). If the condition is entered, the user authentication connection state is turned off (S612) and the user IP authentication processing process is terminated (S613). If the user's network connection is valid, the user continues to maintain the authentication connection session state (S611).

24 is a flowchart illustrating a procedure of installing a terminal authentication agent and registering user authentication information according to an embodiment of the present invention. Referring to FIG. 24, a flowchart illustrating a procedure of installing a terminal authentication agent and registering user authentication information to access a service by connecting to a network. If the terminal authentication module is not installed in the user terminal in A (S350) of FIG. 9, the IP authentication agent analyzes the environment of the user terminal target for the installation of the terminal authentication agent of the user terminal (S351). First, it is determined whether the user terminal is a network access terminal (S352) using a wired or wireless network or a network connection (S355) using a mobile telephone network. It is determined whether the network connection operating system of the user terminal is Microsoft's Windows (S353) or Linux or Unix-based operating system (S354). The environment of the user terminal is analyzed and the distribution agent executable in the user terminal is transmitted, and detailed compatibility of the user terminal environment is performed as a preprocessing operation, and the result is transmitted to the IP authentication server (S356). The IP authentication server transmits the distribution version to the user terminal, installs the user terminal authentication agent (S357), checks the result of installing the authentication agent of the user terminal (S358), and if the installation is successful, performs the user authentication information registration (S359). If the installation fails, the deployment agent writes an error log, analyzes the installation error step, checks whether it is a problem in the installation step (S360), requests a resend if a resend is required, and if the problem occurs in the installation step again. At the retry, the installation is attempted as many times as specified in the pre-deployment stage. At this time, various installation options are provided for the installation process (S361). If the problem is not solved at this stage, the installation is terminated and the contents of the error are displayed. Will be sent to the IP authentication agent.

25 is a flowchart illustrating a procedure of registering user information for user authentication according to an embodiment of the present invention. Referring to FIG. 25, it is a procedure diagram of registering user information for user authentication. In the present invention, the user's information is registered, and the registered user's information is generated in a one-to-one mapping relationship with the system authentication information of the terminal and SIDs (Security IDs) in the case of Microsoft Windows at the time of login, and the GUID (Globally Unique ID) of the terminal is obtained. In Linux or mobile phone, it is possible to extract the serial number of the terminal, etc. Also, the user information is searched by the combination of user SID. In the case of a mobile phone such as a mobile phone which is used only between a terminal and a user, the terminal information can be used as user identification information. The reason for virtualizing the user information in the above method is that the transmission of the ID and password through the public network creates a secure channel Even if the transmission is not secure, the terminal and the local authentication result are transmitted, and the IP authentication server analyzes the authentication request information composed of the pair of the terminal and the user information to search for and authenticate the user. The user authentication unit 12 (FIG. 4) is called (S381) to check the authority of the currently logged on account (S382). If the authority is not the administrator account, the user logs off and requests to log in with an administrator account (S384). It is confirmed whether to add the user account to the terminal (S383). It is checked whether the user uses the system's login authentication method as the basic user authentication (S385). In the present invention, the user authentication method using the system logon, the user authentication method using the public authentication key, and the remote login using standard Internet protocols such as HTTP. The authentication method of the method may be selected from a single or a plurality according to the user's situation. If the user selects the public authentication key method for user authentication, check whether the public certificate has been issued in step S387. If the user has not been issued the public certificate, the user public certificate is issued in step S388, and the issued public certificate is registered in the IP authentication server. (S389) The only user access code for accessing the certificate is issued. When the user selects the remote login authentication (S390) using the Internet protocol, the user accesses an IP authentication server, receives a user ID and password for authentication, and registers user information. In order to register a user, system information is extracted, a user relationship with a terminal is generated, and an authorization code is generated (S391). When step S391 is finished, user authentication and Internet connection are made, and user-specific rules and profiles are generated (S392). Profile and rule information for user's authentication and internet service can check or edit user profile and log information at any time. The user profile can be edited and edited by the user with the administrator's authority of the terminal, and the general user can edit the profile such as SSO (Single Sign-On) for the user's use of the Internet service. The rules of fire cannot be edited or modified. When the user authentication process is finished and the authentication of the system and the user is finished, the user profile is registered in the IP authentication server (S393). If the user authentication is successful, the user authentication with the user terminal is completed (S395). S394) Create an error log and terminate (S396).

26 is a flowchart illustrating a procedure for receiving user IP authentication using another system or terminal according to an embodiment of the present invention. Referring to FIG. 26, a flowchart illustrating a case where a user who fails to log in to a terminal normally or is registered in an IP authentication server receives user IP authentication using another system or terminal. If the user does not have the login account authority of the system or is incorrect or restricted in the Internet connection, in step S401, the network connection is initialized, the user authentication unit (Fig. 4) is called, the system logon is called and the user is logged in as a guest ((S402). S403, S404, and S405 are the procedures for remote login, public authentication, and user authentication, respectively.In step S403 and S404, if user authentication succeeds, return to main and fail. The user login is turned off and execution is terminated In the case of user authentication through the mobile phone in step S405, the user authentication unit receives a mobile phone number and generates an SMS authentication code for user authentication (S406) and transmits it to the mobile phone. In step S407, the user is authenticated. Is subject to user rules and profiles related to services and the application of rules or profiles of the system terminal may be excluded.

27 to 29 are flowcharts illustrating a procedure of processing various additional services, payment, and payment in the IP authentication server according to an embodiment of the present invention. Referring to FIG. 27, an IP authentication server is a diagram illustrating a step of extracting information for authentication and a procedure for authenticating from authentication information transmitted from a user terminal. Step S501 is a step of dividing and extracting user information and other necessary information from the authentication data transmitted from the user terminal. Through this, in S502, a method for authenticating a user in the IP authentication server is determined, and whether the system logon-based authentication method (S503), an authorized certificate-based user authentication method (S505), or an authentication method using a mobile phone is determined in the user terminal (S510). To judge. In step 504, it is determined whether the user is an authentication using a user terminal or a user requiring remote authentication as a user using a separate terminal (S504). In step S507, if the user has selected the remote logon authentication method, enter the ID and authentication code for user authentication and confirm the information. When the user transmits the authentication information using the user system login information, the authentication server inquires the user information and processes it (S506). In step S508, when authenticating a user using the public authentication method, the user inputs a user ID and an access code stored in the IP authentication server to access the public certificate and receive a certificate from the public certificate server. In step S510, S511, S512, S513, S514 receives the mobile phone number and after confirming the real name of the mobile phone subscriber to send the user authentication code in a short message, if the user authentication code and the authentication code issued by the IP authentication server is the same Choose the method of authenticating by searching the user by phone number. If an error occurs, step S515 is called to end. When the authentication is completed, the status of the current user and the connection IP address are updated on the IP authentication server, and the server returns to main.

28 and 29 are flowcharts illustrating a procedure of processing various additional services, payment, and payment in the IP authentication server according to an embodiment of the present invention. Referring to FIGS. 28 and 29, a process and a process of processing various additional services and payment settlement in an IP authentication server are shown. Steps S702, S704, S705, S706, and S707 retrieve the user service profile from the IP authentication agent, search for the user service profile, update the added information in the user profile database, and check whether the module update for the user additional service is necessary. If an update is needed, it will perform the update and start the service. In steps S708, S711, S712, S713, S714, and S715, when an authenticated user who accesses the Internet uses a paid service, content, or other service, and the user selects mobile phone payment in the Internet service, the Internet service server connects the user. It checks the IP address of the access terminal and makes a payment request for the user who uses the IP address as an IP authentication server. The IP authentication server searches for the current user's mobile phone of the IP and sends the payment request code to the mobile phone. Check the payment request code of the phone to enter the payment confirmation code in the terminal of the user currently connected to confirm the request to the mobile carrier to approve payment and, if approved, the service server and the user will be notified of the result. Steps S709, S716, S718, and S719 are steps and procedures for a method of payment payment integrated with Internet service provider billing of a user terminal. If you select the integrated service payment method of internet service provider billing for paid service or other payment, check the user payment payment information on the IP authentication server and check the integrated billing limit of the internet service provider to check whether the requested payment request is possible and for this Ask for confirmation. If the user payment request amount is within the integrated billing limit, if the payment is approved and out of range, an error message is output to the user (S723). Withdrawal and payment in a financial account using the accredited certification is processed through steps S710, S720, S721, and S722. To do this, first access a banking server such as a bank or credit card company, and query user account information. You will be asked to pay. After the request, the certificate of the authorized certificate server is obtained using the certificate stored in the IP certificate server to request approval of the payment of the financial company, and the user is notified of the result, and all steps are completed.

30 is a diagram illustrating a configuration of a user terminal authentication agent according to an embodiment of the present invention. 30 is a configuration diagram of a user terminal authentication agent. User Logon The S800 is responsible for logging on the user's system terminal, and most operating systems such as Microsoft, Linux, and Unix provide log on functions. When the user logs on, there is an object manager (S804) that checks the user's authority (S801), allows or restricts input / output, manages access (S803), and manages objects. In S802. According to user's authentication authority, it generates terminal information agent logical driver and rule information in user DB to grant various functions such as user's various services and internet access through driver's access permission and restriction. For example, the terminal authentication agent driver can be located between the TCP / IP transport driver (TCPIP.sys) and the NDIS driver (NDIS.sys) to enable various operations and processes in accessing and allowing the user's network. The service is provided by various users by referring to the rules and profiles of the terminal authentication logic driver and the IP authentication user DB.

On the other hand, in the embodiment of the present invention has been described with respect to specific embodiments, various modifications are possible without departing from the scope of the invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be defined not only by the appended claims, but also by the equivalents of the claims.

Security: Subscription information is not transmitted except when the subscriber and user authentication information is set for initial IP authentication. Authentication is performed using only the encrypted subscriber user identification information and terminal information, and the authentication function of the local system user terminal is used. Therefore, more secure authentication process can be performed.

Convenience: Only the authentication process between the IP authentication server and the service server is verified by checking only the IP authentication, so the user does not need complicated membership registration or logon procedure.

Integration: Operates on the basis of interworking and integration based on standard IPv4 and IPv6 networks, integration with any existing system is possible.

Scalability: By securing IP address authentication-based user authentication and security channels between Internet service providers, mobile phone providers, and financial settlements, it can be guaranteed scalability through standardization for service and system expansion between operators.

As described above, user authentication information is used for payment, payment, and internet banking through IP address-based user authentication independent of the type of terminal, so that a more secure and reliable system can be constructed and flexible over IPv4, IPv6, and Mobile IP. Coping is possible. Also, through IP authentication, fundamental countermeasure is possible through monitoring for illegal hacking and spam.

Claims (2)

An IP address-based user authentication system that authenticates users with IP address information that has a unique value on the network. An IP address-based user authentication method that authenticates a user by means of IP address information that has a unique value on the network.

Images