KR20090003134A - Illegal login protection system and method based on pc registratrion - Google Patents
Illegal login protection system and method based on pc registratrion Download PDFInfo
- Publication number
- KR20090003134A KR20090003134A KR1020080127033A KR20080127033A KR20090003134A KR 20090003134 A KR20090003134 A KR 20090003134A KR 1020080127033 A KR1020080127033 A KR 1020080127033A KR 20080127033 A KR20080127033 A KR 20080127033A KR 20090003134 A KR20090003134 A KR 20090003134A
- Authority
- KR
- South Korea
- Prior art keywords
- access
- connection
- computer
- user
- illegal
- Prior art date
Links
Images
Classifications
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/70—Game security or game management aspects
- A63F13/77—Game security or game management aspects involving data related to game devices or game servers, e.g. configuration data, software version or amount of memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
Abstract
Description
The present invention relates to a system for preventing illegal access of an online game. Specifically, when a connection is generated from a computer other than a computer registered in advance by an online game user, the connection is transmitted to a mobile phone callback URL text message, mail, and messenger. It is a system that provides real-time notification so that other users can immediately confirm that they are accessing the account with illegal intention.
The domestic game market is over 3 trillion won in 2006, of which online games account for 57% of the total, amounting to about 1.8 trillion won. In addition, online games are expected to maintain 20% annual growth, exceeding 2 trillion won in 2007.
The most attractive feature of online games is that they can be played while maintaining communication with a large number of users through the high-speed Internet, and online games of various genres such as the MMORPG genre and the FPS and the casual genre are popular.
However, compared to the market size of online games, security measures for protecting game user access account information (ID, password, etc.) are relatively insufficient. More than a certain amount of online games are provided with security by installing anti-hacking software together with the game client, but it is not enough to prevent the hacking technology that develops rapidly differently every day.
In fact, AhnLab's report shows a total of 1,049 malicious codes for the purpose of taking account of online game accounts in 2006, which is 4.4 times higher than 235 in 2005. In addition, in addition to such malicious code, when using an online game in a public place such as a PC room, game access information is exposed to people around as it is, so simple hacking prevention software cannot prevent the taking and stealing of online game account information.
For some online games, one-time password (OTP) function is applied to input one-time passwords that are generated separately from the existing ID and password. In addition, there is a problem that the economic and administrative burden of introducing the OTP server and interworking with the game server occurs, and serious problems may occur because the game itself cannot be accessed when the OTP server fails.
As described above, only one-time passwords applied by hacking prevention software or some game companies cannot completely solve illegal access due to theft of account information, and an additional security system is urgently required.
Accordingly, the technical problem of the present invention has been devised to solve the above-mentioned problems, and by allowing a user to register a computer to be allowed to access in advance, only when a connection occurs in an unregistered computer, callback URL text message and mail It also notifies you of the connection via messenger, and provides a method of automatically disconnecting if the user does not allow the connection within the specified time.
One aspect of the present invention for achieving the above object is a step of registering a computer basically allowing a user to access, extracting the Mac address which is unique information of the user computer, and illegally extract the Mac address extracted in the step Characterized in that it comprises the step of transmitting and storing to the connection prevention server.
According to another aspect of the present invention, there is provided a method of extracting a Mac address of a computer that has access to a game server, transmitting the extracted Mac address to the illegal access prevention server, and registering the Mac address transmitted in the step. Checking whether the computer is registered compared to the Mac address, and if it is confirmed that the computer is not registered in the step characterized in that it comprises the step of notifying the fact that the callback URL text message, mail, and messenger.
Another aspect of the invention is characterized in that it comprises the step of automatically forcibly terminating the connection if the user does not allow the connection within a predetermined time when the connection occurs in a computer that is not registered.
As described above, the present invention makes it possible to prevent secondary damage due to the online game account theft by notifying the user in real time whether illegal access through the online game account theft which cannot be detected by ordinary security software alone.
In addition, by selectively notifying the user that the connection is generated from an unregistered computer, minimizing unnecessary connection notifications and automatically forcibly terminating the connection when the connection allowance waiting time is exceeded, the game user can enjoy the game with peace of mind. And provide game providers with a solid security measure to prevent account theft.
The main terms used in the present invention are defined.
The MAC address is a unique identification number given to a network card of a computer and is defined as a term that generically identifies unique information of a user's computer.
Callback URL Text messages are defined as messages containing URL addresses that can be accessed through the wireless Internet when the user presses the call button on the mobile phone, unlike a normal short message.
Hereinafter, with reference to the accompanying drawings will be described in detail the operation principle of the present invention.
1 is an overall configuration diagram of a PC authentication-based illegal access prevention system and a method thereof, wherein a
Here, the
Looking at the PC authentication-based illegal access prevention system having such a configuration and the initial registration process of registering the PC to allow the user in the method in detail as follows.
2 is a flowchart illustrating a process of registering a
As a first step (①), by driving the
As a second step ②, the MAC addresses CM1 (1) to CM1 (n) extracted in the step are transmitted to the illegal
As a third step (③), the PC registration module 121 of the illegal
First, the PC registration information RM (1) to RM (m) registered previously is obtained using the UID, GID, and GUID as keys.
Next, check {CM1 (1), CM1 (2), ..., CM1 (n)} ⊆ {RM (1) ~ RM (m)}. At this time, if the result value of the formula is false, it means that it is a new Mac address, and thus, CM1 (1) to CM1 (n) are stored in the
As a fourth step (4), the PC registration result is transmitted to the
When registering
FIG. 3 shows whether the
As the first step (1), a connection is made from the connecting
In the second step (②), when the connection to the
As a
As the fourth step (④), the PC
First, the PC registration information URM (1) to URM (m) registered previously is obtained using GID and GUID as keys.
Next, check {LM (1), LM (2), ..., LM (n)} ⊆ {URM (1) to URM (m)}.
In the fifth step (5), if the result value of the above formula is false, the connection is generated from an unregistered computer, and the callback URL is notified of the connection message by text message, mail, and messenger. At this time, the information transmitted is game name GName, game ID GID, game connection ID GUID, connection occurrence time LTime, and URL address RURL for confirmation of access permission.
As a sixth step (⑥), the PC authentication result of the fourth step is transmitted to the
As the seventh step (⑦), if the PC authentication result value RRES received in the step is false, the
FIG. 4 illustrates that the
As a first step, the
As a second step, if the access permission of the step is true, the
As a third step, if the access permission is false, it is checked whether the connection allow time WTime has elapsed. If the WTime has not elapsed, go back to step 1, and if so, proceed to the next step.
As a fourth step, when WTime has elapsed, the
1 is an overall configuration diagram of a system and method for preventing illegal access based on PC authentication according to the present invention.
2 is a flowchart illustrating a process of registering a user computer to which an user is allowed to access in an illegal access prevention server in the present invention.
3 is a flowchart illustrating a process of confirming whether a connection computer is a registered computer in the present invention and notifying the fact that the connection computer is not registered.
4 is a flowchart illustrating a process of automatically forcibly terminating a connection when a user's access is not allowed within the access permission waiting time in the present invention.
<Description of the symbols for the main parts of the drawings>
10: user computer 12: illegal access prevention server
14: access computer 16: game server
18: user mobile phone 20: user mail
22: user messenger
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080127033A KR20090003134A (en) | 2008-12-15 | 2008-12-15 | Illegal login protection system and method based on pc registratrion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080127033A KR20090003134A (en) | 2008-12-15 | 2008-12-15 | Illegal login protection system and method based on pc registratrion |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20090003134A true KR20090003134A (en) | 2009-01-09 |
Family
ID=40485983
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020080127033A KR20090003134A (en) | 2008-12-15 | 2008-12-15 | Illegal login protection system and method based on pc registratrion |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20090003134A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011074878A2 (en) * | 2009-12-16 | 2011-06-23 | 주식회사 씽크풀 | Service security system and method for same |
KR20120002771A (en) * | 2010-07-01 | 2012-01-09 | 주식회사 엔씨소프트 | Apparatus and method of blocking illegal access to online game using smart phone |
KR101231626B1 (en) * | 2011-09-30 | 2013-02-08 | 고려대학교 산학협력단 | Account embezzlement protection method using log information of on-line game |
KR101237161B1 (en) * | 2010-08-30 | 2013-02-25 | 주식회사 엔씨소프트 | Method of detecting unknown bot of online game |
WO2013100406A1 (en) * | 2011-12-28 | 2013-07-04 | (주)네오위즈게임즈 | Method and server for providing secondary password service in online game |
KR101428665B1 (en) * | 2012-04-27 | 2014-08-11 | (주)에이티솔루션즈 | Security system and method for using aes-otp |
WO2014157745A1 (en) * | 2013-03-27 | 2014-10-02 | (주)노르마 | Method for detecting illicit mobile device by means of both wired and wireless scanning |
-
2008
- 2008-12-15 KR KR1020080127033A patent/KR20090003134A/en not_active Application Discontinuation
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011074878A2 (en) * | 2009-12-16 | 2011-06-23 | 주식회사 씽크풀 | Service security system and method for same |
WO2011074878A3 (en) * | 2009-12-16 | 2011-11-17 | 주식회사 씽크풀 | Service security system and method for same |
KR20120002771A (en) * | 2010-07-01 | 2012-01-09 | 주식회사 엔씨소프트 | Apparatus and method of blocking illegal access to online game using smart phone |
KR101237161B1 (en) * | 2010-08-30 | 2013-02-25 | 주식회사 엔씨소프트 | Method of detecting unknown bot of online game |
KR101231626B1 (en) * | 2011-09-30 | 2013-02-08 | 고려대학교 산학협력단 | Account embezzlement protection method using log information of on-line game |
WO2013100406A1 (en) * | 2011-12-28 | 2013-07-04 | (주)네오위즈게임즈 | Method and server for providing secondary password service in online game |
KR101428665B1 (en) * | 2012-04-27 | 2014-08-11 | (주)에이티솔루션즈 | Security system and method for using aes-otp |
WO2014157745A1 (en) * | 2013-03-27 | 2014-10-02 | (주)노르마 | Method for detecting illicit mobile device by means of both wired and wireless scanning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR20090003134A (en) | Illegal login protection system and method based on pc registratrion | |
CN1846188B (en) | Information hiding through time synchronization | |
TWI449394B (en) | User authentication, verification and code generation system maintenance subsystem | |
US8869238B2 (en) | Authentication using a turing test to block automated attacks | |
US20100175136A1 (en) | System and method for security of sensitive information through a network connection | |
CA2774178A1 (en) | Method of identity authentication and fraudulent phone call verification that utilizes an identification code of a communication device and a dynamic password | |
CN101216867A (en) | A logging-on process cipher protection method by means of background synchronization | |
US11403633B2 (en) | Method for sending digital information | |
JP2004240637A (en) | Password authentication system | |
CN104361281B (en) | A kind of solution of Android platform phishing attack | |
JP2008181310A (en) | Authentication server and authentication program | |
US20160142398A1 (en) | Method of network identity authentication by using an identification code of a communication device and a network operating password | |
CN111245838A (en) | Method for protecting key information by anti-crawler | |
CN109460653A (en) | Verification method, verifying equipment, storage medium and the device of rule-based engine | |
CN101207483A (en) | Bidirectional double factor authentication method | |
CN101854357B (en) | Method and system for monitoring network authentication | |
KR20080098117A (en) | Online game account protection system | |
CN101465733A (en) | Identity authentication method based on telephone | |
CN109743338A (en) | A kind of verification method logged in automatically, system, server and readable storage medium storing program for executing | |
JP2011192129A (en) | Log-in authentication system using portable telephone terminal | |
JP2007310435A (en) | Information management system | |
TW201112720A (en) | Method of communication device recognition code and dynamic code for network identification and telephone fraud certification | |
JP4889418B2 (en) | Confidential information delivery method | |
CN101163008B (en) | Anti-hacking and anti-number stolen system of online game | |
TWI609287B (en) | Using communication device identification code and network operation password as methods for network authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |