KR20160139885A - Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method - Google Patents
Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method Download PDFInfo
- Publication number
- KR20160139885A KR20160139885A KR1020150075748A KR20150075748A KR20160139885A KR 20160139885 A KR20160139885 A KR 20160139885A KR 1020150075748 A KR1020150075748 A KR 1020150075748A KR 20150075748 A KR20150075748 A KR 20150075748A KR 20160139885 A KR20160139885 A KR 20160139885A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- user
- smart device
- information
- certificate
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
A public authentication system using biometric information recognition is disclosed. User authentication through biometric information recognition of a user including a fingerprint and user policy information including usage time from a user are input to perform authorized authentication under conditions matching user policy information and division of a cryptographic key for authentication A biometric information template configuration corresponding to the biometric information and a password value of the biometric information template are extracted and stored, and the smart device Upon receipt of the authentication certificate issuance request, smart device authentication is performed, the hash value of the biometric information template is received, and after completion of the identity authentication including the password authentication and the biometric information authentication, Authorized certificate Authorized certification authority that transmits the encryption key to the smart device. It includes server.
Description
The present invention relates to a public authentication system and method for secure use of a public certificate, and more particularly, to a system and method for performing authentication authentication of biometric information and providing user control over usage time, usage site, usage history, .
Although the Internet has been rapidly spreading due to the characteristics of openness, broadcasting type, globality and accessibility, it has been widely used as a network aggregation of computer networks around the world, but its characteristics are that it can not be intercepted, intercepted, tampered, It has security vulnerability such as password decryption. Because of this vulnerability, damage cases such as damage by credit card number theft, personal information leakage, cyber securities account hacking are appearing.
Therefore, in the case of electronic transactions through the Internet, confidentiality is ensured through encrypted transmission and decryption of data, authentication of users through digital signatures, non-repudiation Non-Repudiation, Integrity, and Time of Electronic Transactions.
Digital signatures based on PKI (Public Key Infrastructure) have begun to be introduced in such a way as to meet the demand for safe and convenient Internet transaction. A PKI is an information protection standard that implements encryption and decryption of data using a public key and a private key. The PKI encrypts an electronic signature encrypted with a private key of a data creator, If it is given to the other party, the other party of the transaction can verify the identity of the person who created the data and whether the electronic document is changed by verifying the received digital signature using the public key of the data creator (sender). For this purpose, a certificate authority which is a trustworthy third party that has been granted a license by the state registers a public key for verifying the signer's digital signature value and its owner information through a public certificate as a seal certificate for cyber transaction And provides it to users who need verification. Therefore, a private key (secret key) must be securely maintained from all the hacking means for secure electronic commerce, and a method for securing the security of such private key to the maximum is required.
Generally, digital signatures can be performed through a user PC. However, it is necessary to install a separate program (ActiveX, Applet, etc.) in a user PC environment so that an Internet Explorer, chrome, safari, There is a problem that digital signatures can be performed through various web browsers. Most of the official certificates are kept on the hard disk, so if a malicious code program is installed through ActiveX (ActiveX), it is easy to hijack through the hacker. In the case of Android-based smartphones, there is a risk in financial transactions due to the storage of authorized certificates on the SD card, which is the target of smartphones and smartphone malicious programs.
In addition, when the web site login password and the authorized certificate private key password are used in the same manner, hacking and simple illegal copy of the authorized certificate private key are possible in various ways. Accordingly, it is difficult for the authorized local certificate of the duplicate to have the non-repudiation function, and the fingerprint is registered by checking the off-line of the specific web site, and the fingerprint is stored in the fingerprint security token. Scanned the user's fingerprint and compared it with the stored fingerprint information, and then inputting the private key password of the authorized certificate.
The present invention relates to a user authentication system and an authentication method using biometric information authentication and a key division method. More particularly, the present invention relates to a user authentication and financial transaction activity in an online electronic financial transaction, A personal authentication system for securing the electronic authentication and the electronic payment signature for the payment transaction is provided. Thus, by providing a method for authenticating a user in real time through biometric information of a user every time the user logs in, acquiring a secret key value, and encrypting and storing other key key values safely, And to provide a user authentication system and an authentication method that can further enhance functions and security levels.
According to an aspect of the present invention, there is provided an authentication system using biometric information recognition, comprising: user authentication through biometric information recognition of a user including a fingerprint and inputting user policy information including a usage time from the user; A smart device that is provided with an application for performing authorized authentication under conditions matching user policy information and dividing an encryption key for authentication of the user, user policy information input by the user, Extracts and stores the encryption value of the biometric information template corresponding to the information and the encrypted value of the biometric information template, and upon receipt of the authorization certificate issuance request from the smart device, performs smart device authentication, receives the hash value of the biometric information template , After completion of the personal authentication including the password authentication and the biometric information authentication, Group and a certification authority server for transmitting the requested certificate encryption key under the condition matching the user policy information to the smart device.
In a preferred embodiment, an application installed in a smart device divides a cryptographic key for authenticating the user, and a part of the divided cryptographic keys is entrusted to an accredited certification authority server, and the accredited certification authority server acquires information received from the smart device Transmits the part of the divided cryptographic key to the smart device when the authentication of the device including the at least one of PIN (Personnel Identification Number) authentication and biometric information authentication is completed.
In a preferred embodiment of the present invention, the application installed in the smart device is a fingerprint, an iris, a voice, a face, a cornea, a hand, etc. of a user through a fingerprint sensor, a iris recognition sensor, a speech recognition sensor, A biometrics template recording unit configured to form a template using the obtained biometrics data and to securely record and manage the template, and a biometrics template registration unit configured to acquire biometrics information, A certificate management unit for managing the authorized authentication use setting information and the certificate issued from the certification authority including the authorized certification authority, and replacing the certificate password with the biometric information conformity according to the user policy information set by the user Certificate Password Replacement and Authorized Certificate Usage from User A user policy information processing unit for receiving policy information and performing encryption key division according to the user policy, and a biometric authentication processing unit for processing a process necessary for biometric information authentication.
In a preferred embodiment, the authorized certification authority server includes a storage module for storing user's personal information, biometric information, user policy information, authorized authentication information, a communication module for communicating with the smart device, And an authentication module for controlling the transmission of the public authentication cryptographic key according to the coincidence of the cryptographic keys.
In a preferred embodiment, the authentication module includes a device authentication unit for authenticating a smart device held by a user, a user policy information determination unit for determining whether the entered user policy information matches the public certificate usage environment information, And an approval control unit for issuing an authorized certificate of the user or transmitting an encryption key necessary for using the issued public key certificate to the smart device after the authentication of the user including authentication and biometric information authentication is completed.
In the authentication method using the key division method according to another aspect of the present invention, the public authentication method using the key division method includes the steps of receiving input of the public authentication use environment policy information from the user in the smart device, A step of authenticating a PIN (Personnel Identification Number) or biometric information for authenticating the user in the smart device, a step of requesting a part of the divided cryptographic keys from the smart device to the server, Storing a part of the divided cryptographic keys after completing the device authentication upon receipt of the trust request from the smart device at the server, and when the server receives a request for transmission of a part of the divided cryptographic keys from the smart device, After completing the device authentication and authentication, some of the divided encryption keys are transferred to the smart device Phase and a smart device that comprises the step of receiving a portion of the divided encryption key from the server to perform the certification.
In a preferred embodiment, transmitting the part of the divided cryptographic keys to the smart device includes receiving device information from the smart device to perform device authentication, receiving the PIN number information from the smart device, Performing biometric authentication by receiving biometric information from the smart device, and controlling encryption key transmission based on the user policy information input by the smart device user.
In a preferred embodiment, the authorized authentication use environment policy information includes the authorized certificate use time information, the storage device of the authorized certificate, and the authorized certificate use website information.
In a preferred embodiment, the step of receiving the usage environment policy information further includes receiving the authentication process setting information from the smart device user.
In a preferred embodiment, the authentication process includes at least one of a PIN number authentication process and a biometric information authentication process, and the PIN number authentication process is replaced with a biometric information authentication process.
Through authentication of the user through the key partitioning method and user environment policy of the present invention, the user is assured of the security of electronic authentication and electronic payment for the authentication, financial transaction, settlement, and electronic payment transactions in online electronic financial transactions and the like .
Also, by providing a method of authenticating a user in real time using biometric information of a user every time the user logs in, acquiring a secret key value, and securely encrypting and storing and operating the other key values, Prevention and security.
1 is a block diagram illustrating a configuration of a public authentication system using biometric information recognition according to an embodiment of the present invention.
2 is a diagram illustrating a functional configuration of an application installed in a smart device according to an embodiment of the present invention.
3 is a diagram illustrating a configuration of a public key certificate authority server according to an embodiment of the present invention.
4 is a diagram illustrating a signal flow for certificate issuance in the public authentication system according to the embodiment of the present invention.
5 is a diagram illustrating a procedure of using a public authentication system using a key division method and biometric information according to an embodiment.
6A to 6E are views showing a public authentication service interface according to an embodiment.
7 is a diagram illustrating a configuration of a computer device in which a public authentication method using biometric information recognition and a key division method according to an embodiment of the present invention can be performed.
BACKGROUND OF THE
BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and the manner of achieving them, will be apparent from and elucidated with reference to the embodiments described hereinafter in conjunction with the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. And is intended to enable a person skilled in the art to readily understand the scope of the invention, and the invention is defined by the claims. It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. It is noted that " comprises, " or "comprising," as used herein, means the presence or absence of one or more other components, steps, operations, and / Do not exclude the addition.
The term " module ", as used herein, should be interpreted to include software, hardware, or a combination thereof, depending on the context in which the term is used. For example, the software may be machine language, firmware, embedded code, and application software. In another example, the hardware can be a circuit, a processor, a computer, an integrated circuit, a circuit core, a sensor, a micro-electro-mechanical system (MEMS), a passive device, or a combination thereof.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings.
1 is a block diagram illustrating a configuration of a public authentication system using biometric information recognition according to an embodiment of the present invention.
Referring to FIG. 1, an authentication system using biometric information recognition and a key division method may include a
The
The
The authorized
Upon receiving the certificate issuance request from the smart device, the public
After the authentication of the user according to the embodiment is completed, the authorized
The
The
2 is a diagram illustrating a functional configuration of an application installed in a smart device according to an embodiment of the present invention.
More specifically, FIG. 2 shows an
2, the
The control unit 101 is a generic term for controlling the operation of the
According to the embodiment of the present invention, the control unit 101 loads at least one program code included in the
The memory unit 113 is a general term of the nonvolatile memory provided in the
According to the embodiment of the present invention, the memory unit 113 provided inside the
The
The
The biometric data acquisition unit 135 acquires the biometric data of the user's fingerprint, face, iris voice, face, cornea, hand, and the like through the fingerprint sensor, the iris recognition sensor, the voice recognition sensor, Shape, and the like, and encodes the biometric information into biometric data.
The biometric template recording unit 140 forms a template using the obtained biometric data, and records and manages the configured template securely. The biometric template deformation value confirmation unit 145 confirms the biometric template deformation value having hash of the recorded biometric template.
The certificate password replacing unit 150 can replace the certificate password of the public certificate with the verified biometric template deformation value according to the user policy information set by the user and apply it to the certificate file.
The biometric authentication processing unit 155 extracts the biometric template recorded in the storage area, constructs the biometric template for authentication corresponding to the biometric data of the user, and then compares the extracted biometric template with the configured biometric template for authentication, To authenticate the validity of the user's biometric data.
In particular, the user policy information processing unit 160 receives the authorized certificate use policy information from the user, and performs the encryption key division according to the user policy. Specifically, the user policy information processing unit 160 restricts the use time and the usage web site for limiting the use of the authorized certificate, divides the cipher key necessary for the user authentication according to the user request, When requesting the
When the deformation value of the biometric template is obtained, the certificate password processor 165 processes the obtained biometric template deformation value to be used as the certificate password of the public certificate managed by the
When the biometric template deformation value is used as the certificate password, the digital signature processing unit 170 processes the digital signature process through the obtained private key.
In the application according to the embodiment, the encryption key for authentication of the user can be divided according to the user policy setting, and the security key of the authentication certificate can be strengthened by committing the encryption key to the server.
3 is a diagram illustrating a configuration of a public key certificate authority server according to an embodiment of the present invention.
Referring to FIG. 3, the authorized
The storage module 230 stores usage history information of the user, user policy information, device authentication information, and authorized authentication information.
The authentication module 210 controls the transmission of the public authentication cryptographic key according to the validity of the device authentication information received from the smart device. The authentication module 210 includes a device authentication unit 211, a user policy information determination unit 212, an
The device authentication unit 211 performs smart device authentication carried out by the user. For example, the device authentication unit 211 performs authentication by verifying the digital signature of the
The user policy information determination unit 212 determines whether the entered user policy information matches the public certificate usage environment information. In the embodiment, the user policy setting is for preventing abuse of the authorized certificate. If the user policy information (for example, the use time of the certificate, etc.) inputted by the user does not correspond to the time information when the certificate is used, Restriction, etc., to stop the authentication process.
The
If the smart device authentication is successfully completed, the approval control unit 214 issues the user's authorized certificate or transmits the encryption key necessary for using the issued public key certificate to the
In the authorized certification authority server according to the embodiment of the present invention, the cryptographic key entrusted from the smart device is stored according to the user policy information, and after the authentication of the user is completed, the cryptographic key is transmitted to the smart device to use the authorized certificate Thereby enhancing security. In addition, by using the user policy information for the authentication control of the user, abuse of the authorized certificate is prevented.
Hereinafter, the authentication method of the key division scheme according to the embodiment of the present invention will be described in turn through the signal flow diagram and the embodiment of the authorized authentication service display shown in Figs. 6A to 6E. In describing the function (function) of the key division authentication method according to the present invention, a description overlapping with the function of the authorized authentication system using biometric information will be omitted.
4 is a diagram illustrating a signal flow for certificate issuance in the public authentication system according to the embodiment of the present invention.
Referring to FIG. 4, in the public authentication system according to the embodiment, the public key certificate server may include an authentication authority server that provides a cloud service.
In order to issue a certificate, the
Then, in the
Upon receiving the issuance request signal from the authorized
The
When the user policy input is completed, the input policy information is transmitted to the authorized
The
The
The
5 is a diagram illustrating a procedure of using a public authentication system using a key division method and biometric information according to an embodiment.
In the case of using the fingerprint information according to the embodiment of the present invention, the biometric information is recognized through the touch of the user, and the recognized fingerprint information may replace the password. , The term "touch certificate" is used instead of the "public certificate".
Referring to FIG. 5, in step S1, a process of requesting a touch certificate from a service provider (SP) is performed in a client N-screen (Smart phone). As shown in FIG. 6C, the touch certificate refers to a certificate capable of performing public authentication by sensing a touch of a user and recognizing fingerprint information. As shown in the display example shown in FIG. 6B, the touch certificate according to the embodiment can display the issuing organization (e.g., Woori Bank, Kookmin Bank, etc.) inside the certificate, thereby enhancing the convenience of identifying the user's certificate. 6A shows an embodiment of a certificate display for enhancing certificate identification convenience, according to an embodiment. As shown in FIG. 6A, an effective authority, a personalization agent, a use purpose and a registration authority of a certificate are displayed to improve user convenience.
In step S2, the service providing server receiving the touch certificate request transmits a QR code or Push message for performing authentication to the client terminal.
In step S3, the QR code and the push message received from the smart device are read. Thereafter, in step S4, when the customer terminal inquires the user policy from the authorized certification authority, the authorized certification authority performs a process of transmitting the related user policy information and the certificate list to the smart device.
In step S6, a process of confirming user policy information (e.g., site, usage time and authentication method) transmitted from the smart device is performed. In step S7, a process of selecting a public key certificate desired by the user is performed in the smart device.
In step S8, user authentication (e.g. fingerprint or PIN authentication) of the selected authorized certificate is performed.
In step S9, the digital signature for the user authentication or the device authentication is generated. In step S10, the digital signature for the user authentication or the device authentication is transmitted to the accredited certification authority.
In step S11, the device digital signature is verified. In step S12, the device certificate is verified according to the device digital signature verification result.
In step S13, the authorized certification authority performs a process of requesting the withdrawal of the key (part 2) entrusted to the authentication service provision cloud or the related server (CS, Credential Server). At this time, the key (part 2) is a part of the divided security key.
In step S14, a process of fetching a part (part 2) of the divided security key is performed in the server (CS). In step S15, a part (part 2) of the fetched security key is transmitted to the smart device.
In step S16, a process (Key = Part1 + Part2) of combining a part (part 2) of the security key received from the smart device with a part (Part 1) of the security key previously stored and a secret key decryption process are performed.
In step S17, a public electronic signature is generated based on the key combination, and in step S18, the public electronic signature generated is transmitted to the accredited certification authority.
In step S19, a certificate use record is extracted according to an authorized digital signature. In step S20, a public certification authority transmits a certified electronic signature to the smart device.
In step S21, the official digital signature transmitted from the smart device is transmitted to the service providing server, and the service provided by the service providing server is provided to the user through the smart device.
According to the embodiment of the present invention, by using the biometric information, the user policy information, and the key division method in the authentication process of the user, electronic authentication for the user, electronic authentication for the payment transaction, And the like.
Meanwhile, the data flow-based large-scale data stream processing method according to an embodiment of the present invention can be implemented in a computer system or recorded on a recording medium. 6, the computer system includes at least one
The computer system may further include a
The
Meanwhile, the data flow-based large-scale data stream processing method according to the embodiment of the present invention described above can be implemented as a computer-readable code on a computer-readable recording medium. The computer-readable recording medium includes all kinds of recording media storing data that can be decoded by a computer system. For example, there may be a ROM (Read Only Memory), a RAM (Random Access Memory), a magnetic tape, a magnetic disk, a flash memory, an optical data storage device and the like. The computer-readable recording medium may also be distributed and executed in a computer system connected to a computer network and stored and executed as a code that can be read in a distributed manner.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Therefore, the scope of the present invention should not be limited by the illustrated embodiments, but should be determined by the scope of the appended claims and equivalents thereof.
Claims (11)
A user authentication unit configured to receive a user authentication information including a user's biometric information including a fingerprint and user time information including a usage time from the user to perform authorized authentication under a condition matching the user policy information, A smart device equipped with an application for dividing the application;
Storing user policy information input by the user, extracting a biometric information template configuration corresponding to the biometric information of the user and the biometric information, and a password value of the biometric information template,
Upon receipt of the authentication certificate issuing request from the smart device, performing the smart device authentication, receiving the hash value of the biometric information template, and after completion of the authentication including the password authentication and the biometric information authentication, A public certification authority (CA) server for transmitting the requested public key to the smart device under a matching condition;
The authentication system using biometric information recognition.
Divides the cryptographic key for authentication of the principal, and subcontracts a part of the divided cryptographic key to the authorized certification authority server,
Wherein the authorized certification authority server completes the device authentication through the information received from the smart device, and when the identity authentication including at least one of PIN (Personnel Identification Number) authentication and biometric information authentication is completed,
And transmits a part of the divided cryptographic key to the smart device.
The biometric information including at least one of the fingerprint, the face, the iris, the voice, the cornea, and the hand shape of the user is obtained through the fingerprint recognition sensor, the iris recognition sensor, the voice recognition sensor and the camera of the smart device, a biometric data obtaining unit for encoding the biometric data;
A biometric template recording unit configured to construct a template using the obtained biometric data and securely record and manage the configured template;
A certificate management unit for managing the public authentication use setting information input by the user and the certificate issued by the certification authority including the public certification authority;
A certificate password replacement unit for replacing the certificate password with the biometric information according to the user policy information set by the user; And
A user policy information processor for receiving authorized certificate use policy information from the user and performing an encryption key division according to the user policy; And
A biometric authentication processing unit for processing a process necessary for the biometric information authentication;
And a biometric information authentication system for authenticating the biometric information.
A storage module for storing usage history information of the user, user policy information, device authentication information, and authorized authentication information;
A communication module for communicating with the smart device;
An authentication module for controlling the transmission of the public authentication cryptographic key according to whether the electronic signature of the device certificate received from the smart device and the validity of the certificate match; Wherein the biometric information recognition system comprises:
A device authentication unit for authenticating the smart device owned by the user;
A user policy information determination unit for determining whether the input user policy information matches the public certificate usage environment information; And
An approval control unit for issuing the user's authorized certificate after the completion of the smart device authentication authentication or transmitting the encrypted key required for using the issued authorized certificate to the smart device;
And a biometric information authentication system for authenticating the biometric information.
Receiving the authorized authentication use environment policy information from the user in the smart device;
Completing the device authentication by communication between the smart device and the server;
Performing PIN (Personnel Identification Number) authentication or biometric information authentication for authenticating the user in the smart device;
Requesting a part of the divided encryption keys from the smart device to the server;
Storing a part of the divided cryptographic keys when the server receives the trust request from the smart device; And
When the server receives a transmission request for a part of the divided cryptographic keys from the smart device, transmitting a part of the divided cryptographic keys to the smart device after completing the device authentication; And
The smart device performing a public authentication by receiving a part of the divided encryption keys from the server; The authentication method using the key division method including the key division method.
The step
Performing device authentication by receiving device information from the smart device;
Receives the PIN number information from the smart device and performs first-name authentication
step;
Performing biometric authentication by receiving biometric information from the smart device;
Based on the user policy information input by the smart device user,
Controlling transmission; Using a key partition scheme
One accredited certification method.
A public key certificate use time information, a storage device of the public key certificate, and a website information for using the public key certificate.
Receiving authentication process setting information from the smart device user; The authentication method according to claim 1, further comprising:
A PIN number authentication process, and a biometric information authentication process,
Wherein the PIN number authentication process is replaced with a biometric information authentication process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150075748A KR101724401B1 (en) | 2015-05-29 | 2015-05-29 | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150075748A KR101724401B1 (en) | 2015-05-29 | 2015-05-29 | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160139885A true KR20160139885A (en) | 2016-12-07 |
KR101724401B1 KR101724401B1 (en) | 2017-04-07 |
Family
ID=57573268
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150075748A KR101724401B1 (en) | 2015-05-29 | 2015-05-29 | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101724401B1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
KR20190124552A (en) * | 2018-04-26 | 2019-11-05 | 한국조폐공사 | Method for storing and restroring block chain-based key and user terminal using the same |
KR20200038899A (en) * | 2018-03-29 | 2020-04-14 | (주)키스톤랩 | Ready Pending trading system based electronic wallet and method for trading the same |
KR102117931B1 (en) * | 2019-08-22 | 2020-06-02 | 정성원 | Method of conducting second user authentication using for block chain stored in multiple node in server |
KR20200118303A (en) | 2019-04-04 | 2020-10-15 | (주)누리텔레콤 | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes |
KR20220040976A (en) * | 2020-09-24 | 2022-03-31 | 박성기 | Identity verification system using user-based personal information replacement connect information and method thereof |
WO2022169273A1 (en) * | 2021-02-05 | 2022-08-11 | (주)이스톰 | Method for managing electronic certificate on basis of biometric information |
CN116680673A (en) * | 2023-06-20 | 2023-09-01 | 深圳市彤兴电子有限公司 | Identity verification method and device for display and computer equipment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102397651B1 (en) * | 2021-12-28 | 2022-05-16 | 주식회사 꾼미디어 | User customized advertising method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005517348A (en) * | 2002-02-05 | 2005-06-09 | シュアテイ インコーポレイテッド | A secure electronic messaging system that requires a key search to derive a decryption key |
JP2009043042A (en) * | 2007-08-09 | 2009-02-26 | Nec Corp | Authentication system and authentication method |
KR20140063014A (en) * | 2012-11-16 | 2014-05-27 | 사단법인 금융결제원 | Method for substituting password of certificate by using biometrics |
KR20140076275A (en) * | 2012-12-12 | 2014-06-20 | 한국전자통신연구원 | Authentication method for smart system in cloud computing environment |
-
2015
- 2015-05-29 KR KR1020150075748A patent/KR101724401B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005517348A (en) * | 2002-02-05 | 2005-06-09 | シュアテイ インコーポレイテッド | A secure electronic messaging system that requires a key search to derive a decryption key |
JP2009043042A (en) * | 2007-08-09 | 2009-02-26 | Nec Corp | Authentication system and authentication method |
KR20140063014A (en) * | 2012-11-16 | 2014-05-27 | 사단법인 금융결제원 | Method for substituting password of certificate by using biometrics |
KR20140076275A (en) * | 2012-12-12 | 2014-06-20 | 한국전자통신연구원 | Authentication method for smart system in cloud computing environment |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108667609A (en) * | 2017-04-01 | 2018-10-16 | 西安西电捷通无线网络通信股份有限公司 | A kind of digital certificate management method and equipment |
CN108667609B (en) * | 2017-04-01 | 2021-07-20 | 西安西电捷通无线网络通信股份有限公司 | Digital certificate management method and equipment |
US11363010B2 (en) | 2017-04-01 | 2022-06-14 | China Iwncomm Co., Ltd. | Method and device for managing digital certificate |
KR20200038899A (en) * | 2018-03-29 | 2020-04-14 | (주)키스톤랩 | Ready Pending trading system based electronic wallet and method for trading the same |
KR20190124552A (en) * | 2018-04-26 | 2019-11-05 | 한국조폐공사 | Method for storing and restroring block chain-based key and user terminal using the same |
KR20200118303A (en) | 2019-04-04 | 2020-10-15 | (주)누리텔레콤 | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes |
KR102117931B1 (en) * | 2019-08-22 | 2020-06-02 | 정성원 | Method of conducting second user authentication using for block chain stored in multiple node in server |
KR20220040976A (en) * | 2020-09-24 | 2022-03-31 | 박성기 | Identity verification system using user-based personal information replacement connect information and method thereof |
WO2022169273A1 (en) * | 2021-02-05 | 2022-08-11 | (주)이스톰 | Method for managing electronic certificate on basis of biometric information |
CN116680673A (en) * | 2023-06-20 | 2023-09-01 | 深圳市彤兴电子有限公司 | Identity verification method and device for display and computer equipment |
CN116680673B (en) * | 2023-06-20 | 2024-04-16 | 深圳市彤兴电子有限公司 | Identity verification method and device for display and computer equipment |
Also Published As
Publication number | Publication date |
---|---|
KR101724401B1 (en) | 2017-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220201477A1 (en) | Anonymous authentication and remote wireless token access | |
US11218480B2 (en) | Authenticator centralization and protection based on authenticator type and authentication policy | |
TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
KR101724401B1 (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
US11664997B2 (en) | Authentication in ubiquitous environment | |
CN105429760A (en) | Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment) | |
CN105516104A (en) | Identity verification method and system of dynamic password based on TEE (Trusted execution environment) | |
WO2007094165A1 (en) | Id system and program, and id method | |
CN104820814A (en) | Second-generation ID card anti-counterfeiting verification system | |
CN110807624A (en) | Digital currency hardware cold wallet system and transaction method thereof | |
KR20090019576A (en) | Certification method and system for a mobile phone | |
EP3443501B1 (en) | Account access | |
CN106156549B (en) | application program authorization processing method and device | |
KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
KR20200022194A (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
KR101611099B1 (en) | Method for issuing of authentication token for real name identification, method for certifying user using the authentication token and apparatus for performing the method | |
KR101936941B1 (en) | Electronic approval system, method, and program using biometric authentication | |
JP2006293473A (en) | Authentication system and authentication method, terminal device, and authentication device | |
KR101619282B1 (en) | Cloud system for manging combined password and control method thereof | |
KR101613664B1 (en) | Security system reinforcing identification function on the electronic business using certificate | |
KR102440879B1 (en) | System and method for complex authentication that combines RFID tags and simple passwords | |
KR101804845B1 (en) | OTP authentication methods and system | |
KR101592475B1 (en) | Illegal using preventing system for membership internet service | |
KR20200103615A (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
JP2019133555A (en) | Communication system, terminal device, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |