KR20170032985A - User authentication method and system performing the same - Google Patents
User authentication method and system performing the same Download PDFInfo
- Publication number
- KR20170032985A KR20170032985A KR1020150130726A KR20150130726A KR20170032985A KR 20170032985 A KR20170032985 A KR 20170032985A KR 1020150130726 A KR1020150130726 A KR 1020150130726A KR 20150130726 A KR20150130726 A KR 20150130726A KR 20170032985 A KR20170032985 A KR 20170032985A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- server
- user
- user terminal
- disposable
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The authentication server combines the one-time authentication number generated using the initial value initially generated by the user terminal in the authentication server and the generated outgoing phone number to exclude the outgoing phone number out of the numbers combined when the call is connected to the user, And provides the authentication server with the authentication server through the authentication request server so that the authentication server can authenticate the user according to whether the one-way authentication number inputted through the terminal is identical or not, and a system for executing the same .
The user authentication method includes receiving the user authentication request message from the authentication request server by the authentication server, connecting the call to the user terminal by using the telephone number included in the user authentication request message, Combining the disposable authentication number generated using the initially generated initial value with a pre-generated originating phone number and displaying the combination on the user terminal; Extracting a previously generated disposable authentication number from the displayed combined number, excluding the outgoing telephone number, and providing the disposable authentication number to the authentication request server when the call connection between the authentication server and the user terminal is terminated; The authentication request server providing the disposable authentication number to the authentication server, and authenticating the user based on whether the disposable authentication number matches the previously generated disposable authentication number.
Description
Embodiments of the present invention relate to a user authentication method and a system for implementing the same.
User authentication verifies that the user performing the action is a legitimate user. The conventional user authentication technology verifies whether the user is correct based on information only the user knows or information only the user has.
That is, in a conventional user authentication technology, if a server requests information such as a password, an OTP number, and a mobile phone authentication number, the authentication is performed by providing the input information to the PC or the smart phone in one direction.
However, such conventional user authentication techniques are vulnerable to fraud, which is a method of deceiving a user or extorting information during the authentication procedure, because authentication is performed based on information that the user knows or perceives.
In other words, an example of online phishing, which has recently come to the fore, will be described. A website www.wwbank.co.kr is opened similar to a site that the user always visits (e.g., www.wbank.co.kr) Screen and the like to induce the user's access, and the user can acquire the number required by the user only for authentication, or the number recognized by the user, such as the SMS authentication number, There is a problem in that it can be easily authenticated to the actual site (www.wbank.co.kr) using information as if it is a normal user.
The authentication server combines the one-time authentication number generated using the initial value initially generated by the user terminal in the authentication server and the generated outgoing phone number to exclude the outgoing phone number out of the numbers combined when the call is connected to the user, And provides the authentication server with the authentication server through the authentication request server so that the authentication server can authenticate the user according to whether the one-way authentication number inputted through the terminal is identical or not, and a system for executing the same .
Further, according to the present invention, when an authentication server connects to a user terminal, a predetermined message is output to the user terminal, and a response message is input to the telephone according to the user's request, thereby generating a charge in the communication company so as to increase the profit of the communication company And a system for executing the method.
In addition, the present invention excludes the originating telephone number from the combined number of the user terminal, automatically extracts the previously generated one-time authentication number, and then provides the encrypted data to the authentication request server by encrypting it, The user can not know the decryption password required for decryption even when the user is hacked, thereby preventing malicious use in advance, and a system for executing the method.
In addition, the present invention uses the originated telephone number except for the combined number-of-day use authentication number when encrypting or decrypting the one-time authentication number so that the authentication server and the user terminal additionally store an encryption key or a decryption key for encryption or decryption And it is an object of the present invention to provide a user authentication method and a system for executing the same.
In the present invention as described above, the one-time authentication number generated using the initial value created by the user terminal is automatically extracted from the user terminal through the separate secure phone call connection, the one-time authentication number excluding the telephone number, Server and transmits a disposable authentication number to another direction through a connected call. Thus, it is possible to simulate a normal user or to disguise a terminal to prevent a threat from being authenticated.
The problems to be solved by the present invention are not limited to the above-mentioned problem (s), and another problem (s) not mentioned can be clearly understood by those skilled in the art from the following description.
Among the embodiments, the user authentication method includes a step of the authentication server receiving the user authentication request message from the authentication requesting server, the authentication server making a call connection to the user terminal using the telephone number included in the user authentication request message Combining the disposable authentication number generated using the initial value initially generated by the user terminal with a previously generated outgoing telephone number and displaying the combination on the user terminal; Extracting a previously generated disposable authentication number from the displayed combined number, excluding the outgoing telephone number, and providing the disposable authentication number to the authentication request server when the call connection between the authentication server and the user terminal is terminated; The authentication request server providing the disposable authentication number to the authentication server, and authenticating the user based on whether the disposable authentication number matches the previously generated disposable authentication number.
Among the embodiments, the user authentication system including the authentication request server, the user terminal, and the authentication server receives the user authentication request message from the authentication request server, and transmits the user authentication request message to the user terminal using the phone number included in the user authentication request message A disconnection authentication number generated using the initial value generated first by the user terminal and a pre-generated outgoing phone number are combined and displayed on the user terminal, and the disposable authentication number received from the authentication request server is generated in advance An authentication server for authenticating the user according to whether the one-time authentication number coincides with the one-time authentication number, and extracting a previously generated one-time authentication number excluding the outgoing phone number out of the displayed combined numbers when the call connection between the authentication server and the user terminal is terminated A user terminal providing the authentication request to the authentication request server, And an authentication requesting server provided to the authentication server upon receiving the disposable authentication number from the user terminal.
The details of other embodiments are included in the detailed description and the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS The advantages and / or features of the present invention, and how to accomplish them, will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. It should be understood, however, that the invention is not limited to the disclosed embodiments, but is capable of many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.
According to the present invention, an authentication server combines a one-time authentication number generated using an initial value initially generated in a user terminal and a previously generated outgoing authentication number to exclude the outgoing telephone number from the combined number when a call is connected to the user, The authentication server extracts the authentication number and provides the authentication number to the authentication server through the authentication request server, so that the authentication server can authenticate the user according to whether the one-way authentication number inputted through the terminal matches the one-time authentication number.
Also, according to the present invention, when the authentication server connects to the user terminal, a predetermined message is output to the user terminal and the response message is input to the telephone according to the user's request, thereby generating a charge in the communication company, .
In addition, according to the present invention, since the user terminal extracts the previously generated one-time authentication number except for the outgoing telephone number out of the displayed combined numbers, and then provides the encrypted data to the authentication request server, the user terminal encrypts the data encrypted by the malicious user Even if it is hacked, it is not possible to know the decryption password required for decryption, and malicious use can be prevented in advance.
According to the present invention, when the disposable authentication number is encrypted or decrypted, the disposable authentication number is excluded from the outgoing authentication number to use the telephone number, so that the authentication server and the user terminal additionally store an encryption key or a decryption key for encryption or decryption There is an advantage that it is not necessary.
1 is a network configuration diagram for explaining a user authentication system according to an embodiment of the present invention.
2 is a flowchart illustrating an embodiment of a user authentication method according to the present invention.
3 is a reference diagram for explaining a user authentication process according to the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
As used herein, the term " one-time authentication number " means a number arbitrarily generated by an authentication server for use in generating an originating telephone number, and may be a number between 4 and 8 digits.
1 is a network configuration diagram for explaining a user authentication system according to an embodiment of the present invention.
Referring to FIG. 1, the user authentication system includes an
The
The
The
When the acceptance message is received as a response message to a predetermined message, the
More specifically, the
At this time, the
That is, the
In this way, the
The encrypted data is provided to the
When the
The number displayed on the
When the
The
Then, the
Since the disposable authentication number received from the
When the encrypted data is encrypted by the
For example, if the displayed combination number is 010-0000-7777123456, the
The
2 is a flowchart illustrating an embodiment of a user authentication method according to the present invention.
2, the
The
The
The
While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the scope of the appended claims and equivalents thereof.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Modification is possible. Accordingly, the spirit of the present invention should be understood only by the appended claims, and all equivalent or equivalent variations thereof are included in the scope of the present invention.
100: authentication request server
200: user terminal
300: authentication server
Claims (14)
The authentication server combines the disposable authentication number generated using the initial value initially generated in the user terminal by making a call connection to the user terminal using the telephone number included in the user authentication request message and the outgoing telephone number generated in advance And displaying it on a user terminal;
Extracting a previously generated disposable authentication number from the displayed combined number, excluding the outgoing telephone number, and providing the disposable authentication number to the authentication request server when the call connection between the authentication server and the user terminal is terminated;
The authentication request server providing the disposable authentication number to the authentication server; And
Authenticating the user according to whether the disposable authentication number matches the previously generated disposable authentication number
User authentication method.
Selecting one of the plurality of telephone numbers provided by the authentication server by the communication company;
The authentication server generating a disposable authentication number; And
Further comprising the step of the authentication server generating the combination number using any one of the telephone number and the disposable authentication number
User authentication method.
The step of the user terminal extracting a previously generated disposable authentication number from the displayed combination numbers excluding the originating telephone number and providing the same to the authentication request server
And extracting the remaining number as a one-time authentication number except for the number corresponding to the number of digits of the preset telephone number among the total digits of the displayed combined number, and providing the same to the authentication requesting server doing
User authentication method.
The step of the user terminal extracting a previously generated disposable authentication number from the displayed combination numbers excluding the originating telephone number and providing the same to the authentication request server
And the user terminal encrypting the disposable authentication number and providing the encrypted data to the authentication request server
User authentication method.
Wherein the step of the user terminal encrypting the disposable authentication number and providing the encrypted data to the authentication request server
And encrypting the disposable authentication number using the remaining number, except for the one-time authentication number among the displayed combined numbers, and providing the encrypted data to the authentication request server
User authentication method.
The step of authenticating the user according to whether the disposable authentication number matches the previously generated disposable authentication number
When the authentication server receives the encrypted data from the authentication requesting server, extracting the disposable authentication number by decrypting the encrypted data using the telephone number used to generate the combination number, doing
User authentication method.
Wherein the user terminal extracts a previously generated disposable authentication number except for the telephone number among the displayed combined numbers and provides the extracted disposable authentication number to the authentication request server
When the authentication server and the user terminal make a call connection, the authentication server outputs a predetermined message to the user terminal, and the user terminal receives a response message for the predetermined message from the user;
Wherein the user terminal extracts a previously generated disposable authentication number from the displayed combination number in accordance with the response message when the call connection with the authentication server is completed, and provides the extracted authentication number to the authentication request server
User authentication method.
Upon receiving the user authentication request message from the authentication requesting server, the call connection is made to the user terminal using the telephone number included in the user authentication request message, and the disposable authentication number generated using the initial value, An authentication server which combines a previously generated outgoing telephone number and displays it on a user terminal and authenticates the user according to whether the disposable authentication number received from the authentication request server agrees with a previously generated disposable authentication number;
A user terminal for extracting a previously generated disposable authentication number from the displayed combined number, excluding a telephone number, when the call connection between the authentication server and the user terminal is completed, and providing the disposable authentication number to the authentication request server; And
When receiving the disposable authentication number from the user terminal, includes an authentication request server provided to the authentication server
User authentication system.
The authentication server
Characterized in that the telephone number of any one of the plurality of telephone numbers provided by the communication company is selected and a disposable authentication number is generated and the combination number is generated using any one of the telephone number and the disposable authentication number
User authentication system.
The user terminal
And extracts the remaining number as a one-time authentication number excluding the number corresponding to the number of digits of the preset telephone number among the total digits of the outgoing telephone number, and provides the extracted authentication number to the authentication request server
User authentication system.
The user terminal
And encrypts the disposable authentication number to provide the encrypted data to the authentication request server
User authentication system.
The user terminal
Encrypts the disposable authentication number by using the remaining numbers except for the one-time authentication number generated in advance among the outgoing telephone numbers, and provides the encrypted data to the authentication request server
User authentication system.
The authentication server
When receiving the encrypted data from the authentication requesting server, extracts the disposable authentication number by decrypting the encrypted data using the telephone number used to generate the originated telephone number
User authentication system.
The authentication server
Outputting a predetermined message to the user terminal when the authentication server and the user terminal are connected to each other,
The user terminal
Wherein the mobile terminal receives a response message for the predetermined message from the user, and when the connection of the call between the authentication server and the user terminal is terminated, the telephone number of the displayed combined number is excluded according to the response message, And provides it to the authentication requesting server
User authentication system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150130726A KR101725939B1 (en) | 2015-09-16 | 2015-09-16 | User authentication method and system performing the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150130726A KR101725939B1 (en) | 2015-09-16 | 2015-09-16 | User authentication method and system performing the same |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170032985A true KR20170032985A (en) | 2017-03-24 |
KR101725939B1 KR101725939B1 (en) | 2017-04-13 |
Family
ID=58500538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150130726A KR101725939B1 (en) | 2015-09-16 | 2015-09-16 | User authentication method and system performing the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101725939B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20230138213A (en) | 2022-03-23 | 2023-10-05 | 박지윤 | Authentication method and system based on call connection of user |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110112089A (en) * | 2010-04-06 | 2011-10-12 | 서울신용평가정보 주식회사 | Method and apparatus for user verifing process with enhanced security |
KR20120024300A (en) * | 2010-09-06 | 2012-03-14 | 브이피 주식회사 | Method and system of secure payment using onetime authentication information |
KR20130010522A (en) * | 2011-07-18 | 2013-01-29 | 순천향대학교 산학협력단 | An authentication method for preventing damages from lost and stolen smart phones |
KR101379711B1 (en) * | 2013-11-14 | 2014-04-01 | (주)지란지교소프트 | Method for file encryption and decryption using telephone number |
-
2015
- 2015-09-16 KR KR1020150130726A patent/KR101725939B1/en active IP Right Grant
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20110112089A (en) * | 2010-04-06 | 2011-10-12 | 서울신용평가정보 주식회사 | Method and apparatus for user verifing process with enhanced security |
KR20120024300A (en) * | 2010-09-06 | 2012-03-14 | 브이피 주식회사 | Method and system of secure payment using onetime authentication information |
KR20130010522A (en) * | 2011-07-18 | 2013-01-29 | 순천향대학교 산학협력단 | An authentication method for preventing damages from lost and stolen smart phones |
KR101379711B1 (en) * | 2013-11-14 | 2014-04-01 | (주)지란지교소프트 | Method for file encryption and decryption using telephone number |
Also Published As
Publication number | Publication date |
---|---|
KR101725939B1 (en) | 2017-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
US9231925B1 (en) | Network authentication method for secure electronic transactions | |
US9800562B2 (en) | Credential recovery | |
US9137223B2 (en) | Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer | |
US11501294B2 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
JP6399382B2 (en) | Authentication system | |
KR102456959B1 (en) | System and Method for Enabling Secure Authentication | |
CN105634737B (en) | Data transmission method, terminal and system | |
EP3662430B1 (en) | System and method for authenticating a transaction | |
CN105719131A (en) | Server, client and paying-for-another method of e-payment | |
EP2840735A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
US11652640B2 (en) | Systems and methods for out-of-band authenticity verification of mobile applications | |
KR20170124953A (en) | Method and system for automating user authentication with decrypting encrypted OTP using fingerprint in mobile phone | |
US20190251249A1 (en) | Methods and Systems for Securing and Recovering a User Passphrase | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
KR101799517B1 (en) | A authentication server and method thereof | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
KR101725939B1 (en) | User authentication method and system performing the same | |
KR101443849B1 (en) | Security management method for authentication message | |
CN111491064B (en) | Voice service identity authentication method and system | |
KR101891733B1 (en) | User authentication method and system performing the same | |
TWM583082U (en) | User identity verification system for safety transaction environment | |
KR101298216B1 (en) | Authentication system and method using multiple category | |
KR101663694B1 (en) | Method for Providing Service by using User’s Handheld Phone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) | ||
GRNT | Written decision to grant |