KR20190058081A - Security certification method and apparatus using hybrid biometrics information - Google Patents

Abstract

Disclosed are a security authentication method using complex biometric information and an apparatus thereof. The security authentication method is based on complex biometric information and is realized by a computer. The security authentication method comprises the following steps. An input signal is transmitted to a human body of a user. The transmitted input signal receives a modified output signal through the human body of the user. External generation information is generated based on the output signal. And, the external generation information and the biometric information of the user are combined to generate authentication information.

Description

TECHNICAL FIELD [0001] The present invention relates to a security authentication method and apparatus using complex biometric information,

The following description relates to a technique for authenticating a user by generating authentication information based on biometric information.

Electronic devices such as smartphones have become popular as user's necessities and the wired and wireless Internet has been developed so that the user can receive desired services such as route guidance, search, shopping, mail confirmation, mobile banking, It is now possible to be provided. In order to provide a service desired by the user, user authentication is required. As a method for authenticating the user himself / herself, a method of confirming the ID and password specified by the user is widely used. In addition, the present invention can be applied to a user based on a user's behavioral characteristics such as a fingerprint of a person, a face, a retina, an iris, a hand shape, a vein, DNA and the like and voice, signature, key stroke, Technology for authentication is being developed.

A fingerprint recognition method, which is one of widely used biometric information based authentication methods, is a method of identifying a user by using a fingerprint of a finger of either the left or right hand of the user. For example, fingerprints of any one of ten fingerprints are registered in the system to identify the user, and it is difficult to reuse the registered fingerprints when they are leaked. In the biometric authentication method using the iris of the eye, the retina or the face, the iris, the retina, or the pattern of the face are used to identify the user. One or two patterns of iris, retina, and face are used, and it is difficult to reuse when spilled. In the case of the authentication method using the user's voice, the user is identified by using the voice pattern. The voice is changed according to the condition of the user, so that it is difficult to identify the voice, and it is difficult to reuse the voice when it is leaked.

As described above, when biometric information such as iris, fingerprint, retina, voice, and face unique to each user is used for authentication, unique biometric information can not change the fingerprint or the retina upon leakage, There is a problem.

Therefore, there is a need for a technique for providing authentication information that can be reused, such as biometric information or information used for authentication, even if it is leaked.

Korean Patent Laid-Open No. 10-2015-0049550 (published on May 08, 2015) discloses a technique for providing security using complex biometric information obtained by combining two or more biometric information detected through a sensor module.

Even if the biometric information inherent to each user is leaked, such as fingerprint, iris, retina, face, voice, gait, etc., it is possible to use authentication information And performing security authentication based on the generated authentication information to increase the information recognition rate upon authentication.

In addition, even if authentication information combined with other information (e.g., external generated information) is leaked based on biometric information or biometric information, a technique for providing secure security authentication by generating and generating new authentication information by transforming and processing the externally generated information .

Further, the present invention relates to a technology for providing security authentication that is difficult for other users to steal by using information that can be provided only by the user as external generated information.

A method of authenticating a complex bio-information based security authentication system, the method comprising: transmitting an input signal to a human body of the user; receiving an output signal of the input signal modified through the user's body; And generating authentication information by combining the externally generated information and the biometric information of the user.

According to an aspect of the present invention, the step of transmitting the input signal to a user's body may selectively transmit a predetermined number of input signals among a plurality of predefined input signals to the user's body.

According to another aspect, the step of transmitting the input signal to the user's body may transmit a predefined current, voltage, vibration, sound, or heat according to the biological component to the user's body as the input signal . In addition, various predetermined input signals may be transmitted to the user's body and used for generating external information.

According to another aspect of the present invention, the generating of the authentication information may include generating the authentication information based on the external generation information and the biometric information of the user based on a predefined logical operator, an encryption function, a random value, Information can be generated.

According to another aspect, the method may further include transmitting the generated authentication information to the server together with the identifier information of the user and registering the authentication information.

According to another aspect of the present invention, there is provided a method of authenticating a user, the method comprising: receiving the authentication information registered in the server from the server; recovering the user's biometric information based on the authentication information received from the server, And authenticating the user based on the restored biometric information of the user and the biometric information of the obtained user.

According to another aspect, the step of generating the authentication information may include receiving the biometric information of the user from a storage medium detachably attached to the computer or an external electronic device connected to the computer via the network.

A security authentication apparatus based on complex biometric information, comprising: a signal sensing unit for transmitting an input signal to a human body of a user and sensing an output signal of the input signal transmitted through the user's body; An externally generated information generating unit for generating externally generated information, and an authentication information generating unit for generating the authentication information by combining the externally generated information and the biometric information of the user.

According to an aspect of the present invention, the signal sensing unit may selectively transmit a predetermined number of input signals among a plurality of predefined input signals to the user's body.

According to another aspect of the present invention, the information processing apparatus may further include an information registration unit that transmits the generated authentication information to the server together with the identifier information of the user and registers the authentication information.

According to another aspect of the present invention, the authentication information registered in the server is received from the server, the biometric information of the user is restored based on the authentication information received from the server and the output signal received at the present time, And an authentication unit for authenticating the user based on the biometric information of the user and the biometric information of the obtained user.

According to another aspect of the present invention, the signal sensing unit transmits the input signal to a human body of a user who has previously contacted the sensing area defined in the security authentication apparatus, and the user's touch to the sensing area is maintained for a predetermined period of time or more The output signal can be sensed.

According to another aspect of the present invention, there is provided a method for transmitting a predefined current, voltage, vibration, sound, or heat according to a biological component to a human body of a user contacting the sensing area as the input signal, And a housing provided with a line for transmitting the sensing signal to the sensing unit.

According to another aspect, the housing may include a socket for connection with a connection port connected to the security authentication device, and a charging device or communication port for charging the power of the security authentication device .

According to another aspect, the housing may be detachably attached to the security authentication device and have a structure in the form of a cover surrounding the edge of the security authentication device.

According to embodiments of the present invention, even if biometric information inherent to each user such as fingerprint, iris, retina, face, voice, gait, etc. is leaked, It is possible to generate authentication information using possible external generation information, and to perform security authentication based on the generated authentication information, thereby increasing the information recognition rate in authentication.

Further, even if the authentication information combined with other information (e.g., externally generated information) is leaked based on biometric information or biometric information, the externally generated information is modified and processed to generate new authentication information, Authentication can be provided.

Further, by using the information that can be provided only by the user himself / herself as the externally generated information, it is possible to provide security authentication that is difficult to be stolen by other users.

1 is a diagram illustrating a network environment formed by a security authentication apparatus according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating an embodiment of the present invention in which the externally generated information is related to the human body of the user.
3 is a block diagram illustrating an internal configuration of a security authentication apparatus according to an embodiment of the present invention.
4 is a flowchart illustrating a security authentication method according to an exemplary embodiment of the present invention.
5 is a diagram provided for explaining an operation of generating external generation information, in an embodiment of the present invention.
6 is a diagram illustrating an operation of registering authentication information in a security authentication apparatus in a server according to an embodiment of the present invention.
7 is a flowchart illustrating a method of performing user authentication based on authentication information in an embodiment of the present invention.
FIG. 8 is a view for explaining an operation of acquiring biometric information of a user through a security authentication apparatus according to an embodiment of the present invention; FIG.
9 is a diagram illustrating a structure for sensing an output signal corresponding to an input signal internally in the security authentication device itself and a structure for sensing an output signal through a housing in a cover shape in an embodiment of the present invention.
10 is a view showing a structure of a housing according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Embodiments of the present invention relate to a security authentication method and apparatus using complex biometric information. More particularly, the present invention relates to a security authentication method and apparatus using complex biometric information, and more particularly, to a security authentication method and apparatus using complex biometric information, And performing security authentication based on the generated authentication information.

In the present embodiments, the 'external generation information' is information for transmitting a predefined voltage, current, vibration, sound, or heat according to a biocomponent to the user's body, It may indicate a measurement of the voltage, current or vibration output again. For example, the sound may comprise speech, a pre-specified audio signal, etc., and the column may include a temperature within a predetermined range.

In the present embodiments, the 'biological component' may represent body fat, body water, intracellular water, extracellular water, somatic amount, skeletal muscle amount, muscle, protein, minerals and the like.

In the present embodiments, biometric information such as a fingerprint, iris, retina, face, hand shape, vein shape, DNA, voice, signature, key stroke, gait, etc. is largely transformed .

In the present embodiments, biometric information such as fingerprint, iris, retina, face, hand shape, vein shape, DNA, voice, signature, key stroke, gait, To the user ' s body and can be sensed simultaneously when measured. For example, when the left and right sides of the user terminal are grasped by the left hand for fingerprint recognition and fingerprints of the right hand fingerprint are used for recognition, fingerprints of the right hand fingerprint are scanned and at the same time, Voltage, current, or vibration can be transmitted. Then, the externally generated information can be generated through the sensor of the user terminal held by the left hand.

1 is a diagram illustrating a network environment formed by a security authentication apparatus according to an embodiment of the present invention.

1, the security authentication device 101, the external electronic device 103, and the server 102 may form the network 100. [ In FIG. 1, the arrow indicates that data can be transmitted and received between elements using a wired / wireless network.

In FIG. 1, the secure authentication device 101 may represent a user terminal, and the external electronic device 103 may represent another user terminal. For example, when the security authentication apparatus 101 is a smart phone, the external electronic apparatus 103 may represent a tablet, a PC, and the like. Conversely, when the security authentication apparatus 101 is a PC, May represent a smartphone, a tablet, and the like.

The secure authentication device 101 and the external electronic device 103 may execute one or more processes configured to perform one or more of the features described herein. The security authentication device 101 and the external electronic device 103 may refer to all terminal devices capable of connecting to a web / mobile site related to security authentication of a user or installing and executing a service-dedicated application. At this time, the security authentication apparatus 101 and the external electronic device 103 can perform operations of the entire service such as service screen configuration, data input, data transmission / reception, and data storage under control of a web / mobile site or a dedicated application.

Examples of the security authentication device 101 and the external electronic device 103 include a smart phone, a tablet, a wearable computer, a personal computer (PC), a laptop computer, a laptop computer a laptop computer, and the like, but are not limited thereto.

The security authentication device 101 and the external electronic device 103 may be directly or indirectly coupled to the network 100 (e.g., the Internet or a local area network, etc.). For example, the personal computer and the notebook computer may be directly coupled to the network 100 via a wired network connection. The laptop computer may be wirelessly coupled to the network 100 via a wireless communication channel established between the laptop computer and a wireless access point (i.e., WAP). The smartphone may be wirelessly coupled to the network 100 via an established wireless communication channel between the smartphone and the cellular network / bridge. At this time, the network 100 can communicate with one or more secondary networks (not shown), and examples of the secondary networks include a local area network, a wide area network (WAN), or an intranet < / RTI > intranet).

The security authentication apparatus 101 can interface with at least one of the server 102 and the external electronic device 103 via the network 100 described above.

It is also possible that at least some of the components are implemented in the form of an application in order to provide security authentication or in a form included in a platform providing services in a client-server environment.

The server 102 may execute one or more processes configured to perform one or more of the features described herein. The server 102 may be implemented on a service platform that provides a security authentication service that includes the features described herein and may be a user terminal that is a client using a secure authentication service, It is possible to provide an environment for providing security authentication to each other.

The server 102 corresponds to a server computer. Examples of the server computer may include a server computing device, a personal computer, a server computer, a series of server computers, a minicomputer, and / or a mainframe computer, But is not limited thereto. The server computer may be a distributed system, and the operations of the server computer may be executed concurrently and / or sequentially on one or more processors.

FIG. 2 is a diagram illustrating an embodiment of the present invention in which the externally generated information is related to the human body of the user.

Referring to FIG. 2, when an input signal 201 such as a predetermined range of voltage, current, vibration, sound, or heat is injected into the user's body 203 and flows therein, The measured value of the output signal (result) 202 corresponding to the injected input signal may be different. If a voltage, current, or vibration of a predetermined range, which is predetermined according to a living body component, is transmitted to the user's body and voltage, current, or vibration output through the user's body is used, You can authenticate. In other words, a measurement value of voltage, current, or vibration outputted through the user's body can be generated as externally generated information and used for user authentication.

The external generation information 210 is information that can be modified and processed, and authentication information 230 can be generated in combination with biometric information such as iris, fingerprint, voice, and gait, which are unique information for each user. For example, as a specific operation (e.g., a logical operation) is performed on the externally generated information 210 and the biometric information 220, the authentication information based on the original biometric information is modified, A new authentication information 230 of a new type can be generated.

2, the fingerprint information is used as the user's biometric information 220. However, this corresponds to the embodiment. In addition to the fingerprint information, the face, the retina, the iris, the gait, and the voice are used as the biometric information 220 . 2, the biometric information 220 is received directly through the security authentication device 101 such as a smart phone or a wearable watch. However, the biometric information 220 may be transmitted to the security authentication device 101, Stored in a storage medium, read out, stored in a cloud, or received via a network for authentication information generation.

Hereinafter, the operation of generating a new type of authentication information (i.e., one-time complex biometric information) by combining externally generated information and biometric information will be described in detail with reference to FIG. 3 and FIG.

FIG. 3 is a block diagram illustrating an internal configuration of a security authentication apparatus according to an exemplary embodiment of the present invention, and FIG. 4 is a flowchart illustrating a security authentication method according to an embodiment of the present invention.

The security authentication apparatus 300 according to the present embodiment may include a process 310, a bus 320, a network interface 330, a memory 340, and a database 350. The memory 340 may include an operating system 341 and a security authentication routine 342. The processor 310 may include a signal sensing unit 311, an externally generated information generating unit 312, an authentication information generating unit 313, an information registering unit 314, and an authenticating unit 315. In other embodiments, the secure authentication device 300 may include more components than the components of FIG. However, there is no need to clearly illustrate most prior art components. For example, the secure authentication device 300 may include other components such as a display or a transceiver.

The memory 340 may be a computer-readable recording medium and may include a permanent mass storage device such as a random access memory (RAM), a read only memory (ROM), and a disk drive. Also, the memory 340 may store program codes for the operating system 341 and the security authentication routine 3424. [ These software components may be loaded from a computer readable recording medium separate from the memory 340 using a drive mechanism (not shown). Such a computer-readable recording medium may include a computer-readable recording medium (not shown) such as a floppy drive, a disk, a tape, a DVD / CD-ROM drive, or a memory card. In other embodiments, the software components may be loaded into the memory 340 via the network interface 330 rather than from a computer readable recording medium.

The bus 320 may enable communication and data transfer between the components of the secure authentication device 300. The bus 320 may be configured using a high-speed serial bus, a parallel bus, a Storage Area Network (SAN), and / or other suitable communication technology.

Network interface 330 may be a computer hardware component for connecting security authentication device 300 to a computer network. The network interface 330 may connect the security authentication device 300 to the computer network via a wireless or wired connection.

The database 350 may store and maintain information required to provide a security authentication service or all information shared through the service. In one example, the database 350 can store and retain user identification information (e.g., user ID) of the user using the security authentication service and input signals such as current, voltage, vibration, etc., have. In addition, the database 350 may store biometric information such as a user's iris, retina, voice, fingerprint, gait, and key stroke. At this time, the biometric information may be stored in an external electronic device (for example, a desktop PC or the like) separate from the security authentication device 300, or may be separately stored in a storage medium such as USB. In FIG. 3, the database 350 is constructed and included in the security authentication apparatus 300. However, the present invention is not limited to this, and may be omitted depending on the system implementation method or environment, It is also possible to exist as an external database built on another system of the system. Alternatively, it is also possible that the database 350 is implemented as a local database included in an application installed on the security authentication apparatus 300.

The processor 310 may be configured to process instructions of a computer program by performing basic input, output, and arithmetic operations of the arithmetic, logic, and security authenticating device 300. The instructions may be provided by the memory 340 or the network interface 330 and to the processor 310 via the bus 320.

3, the processor 310 includes a signal sensing unit 311, an externally generated information generating unit 312, an authentication information generating unit 313, an information registering unit 314, and an authenticating unit 315 . The components of such processor 310 may be representations of different functions performed by processor 310 in accordance with control instructions provided by at least one program code. For example, the signal sensing unit 311 may be used as a functional representation that operates to control the security authentication device 300 so that the processor 310 senses the output signal corresponding to the input signal transmitted to the user's body .

The components of processor 310 and processor 310 may perform steps 410 through 450, which are included in the security authentication method of FIG. For example, the components of processor 310 and processor 310 may be implemented to execute instructions in accordance with at least one of the above-described program codes with the code of the operating system that memory 340 contains. Here, at least one program code may correspond to a code of a program implemented to process the security authentication method.

The security authentication method may not occur in the order shown, and some of the steps may be omitted or an additional process may be further included.

First, the processor 310 may load the program code stored in the program file for the security authentication method into the memory 340. [ For example, the program file for the secure authentication method may be stored in a persistent storage device, and the processor 310 may load the program code from the program file stored in the persistent storage device via the bus 320 into the memory 340 So that the security authentication device 300 can be controlled. The signal generation unit 311, the externally generated information generation unit 312, the authentication information generation unit 313, the information registration unit 314, and the authentication unit 315, which are included in the processor 310 and the processor 310, Each of which may be different functional representations of processor 310 for executing instructions of a corresponding one of the program codes loaded into memory 340 to execute subsequent steps 410 through 450. [ For the execution of steps 410-450, the processor 310 and the components of the processor 310 may process the operation according to the direct control command or control the secure authentication device 300. [

In step 410, the signal sensing unit 311 may transmit a predetermined range input signal (for example, current, voltage, or vibration) defined in advance according to the body component to the user's body for a predetermined predetermined time.

For example, the signal sensing unit 311 may transmit a predetermined range of a predetermined range of current, voltage, or vibration according to the body component to the user's body as an input signal. At this time, the signal sensing unit 311 may selectively transmit a predetermined number of input signals among a plurality of input signals previously defined according to the body component, to the user's body. For example, the signal sensing unit 311 may divide an input signal (current, voltage, or vibration) into 1024, which is a range that can be provided, using 1024 resolution. The signal sensing unit 311 can transmit a predetermined number of randomly selected input signals (for example, four, five, etc.) among the 1024 input signals to the user's body.

Here, the body component may include body fat, body water, intracellular water, extracellular water, somatic cell amount, skeletal muscle amount, muscle, protein, minerals and the like. And ranges of current, voltage and the like may be different from each other. At this time, the electric resistance can be measured as an output signal when the body fat is used for generating the externally generated information, and the capacitive resistance (i.e., the inductive resistance) can be measured as the output signal when the body water is used, If moisture is used, the phase angle can be measured as the output signal, and a vector interpretation can be used if extracellular water is used. In addition, multiple frequencies can be measured when somatic cell volume is used to generate exogenous information, and bioimpedance measurements can be used if skeletal muscle volume is used. Depending on the measurement conditions, an error may exist within a predefined tolerance range.

In operation 420, the signal sensing unit 311 may receive (i.e., measure) the output signal of the user, the input signal being transmitted to the user's body, through the user's body.

For example, when a randomly selected level of current (for example, four currents of 1 μA, 2 μA, 3 μA, and 3.5 μA) among the currents of 0 μA to 10 μA is delivered to the user's body for a certain period of time, The signal sensing unit 311 may sense the signal that the current of the predetermined level selected at random is output again through the user's body. Then, the measured value of the sensed output signal can be measured. As such, after the input signal is injected into the user's body, the modified signal passing through the user's body may correspond to the output signal.

In step 430, the externally generated information generating unit 312 may generate externally generated information based on the output signal. For example, the externally generated information generating unit 312 may generate a measured value of current, voltage, or vibration output through the user's body as externally generated information.

In step 440, the authentication information generation unit 313 can generate authentication information by performing logic operations on externally generated information and biometric information of a user based on predefined logical operators.

For example, the authentication information generation unit 313 can generate authentication information through XOR operation, AND operation, OR operation, NOR operation, or a combination of at least two of them. As described above, the biometric information and the externally generated information are combined through calculation, so that a new type of biased complex biometric information usable as a disposable one can be generated as the authentication information. The generated authentication information is generated by combining biometric information having a high recognition rate and externally generated information having a relatively low recognition rate rather than biometric information, so that it is possible to secure even when the biometric information is leaked while increasing the recognition rate.

At this time, the authentication information generating unit 313 may generate authentication information using a predetermined operation (for example, an encryption function, a random random value, or a current time) in addition to the logical operation. When a logical operator is used, authentication information may be generated through a single logical operation, or authentication information may be generated through two or more logical operations. When performing two or more logical operations, the same logical operator may be used, or different logical operators may be used. For example, an XOR operation may be used for the first logical operation, and logical operations such as AND, OR, and NOR may be used for the second logical operation. If three or more logical operations are used, different logical operators may be used all three times, at least two of the same operators may be used, and the rest may be of different operators.

The biometric information of the user includes unique information such as a fingerprint (a fingerprint of one of a right hand or a left hand), a face, a retina on either side of the face, iris, gait, voice, key stroke, And the authentication information generating unit 313 may receive the biometric information directly from a user through a sensor provided in the security authentication apparatus 300 or may be a storage device such as a USB The biometric information stored in a cloud or the like may be received through a network or may be received through an external electronic device such as a fingerprint reader.

In step 450, the information registration unit 314 transmits the generated authentication information to the server 102 together with the identifier information of the user (e.g., the ID of the user, etc.) to register the authentication information. Then, the server 102 may match the authentication information transmitted from the security authentication apparatus 300 and the user's identifier information, and store the authentication information in association with the corresponding user.

Then, the authentication unit 315 can perform user authentication based on the authentication information registered in the server 102, the external generation information sensed through the security authentication apparatus 300, and the acquired biometric information of the user.

5 is a diagram provided for explaining an operation of generating external generation information, in an embodiment of the present invention.

5, an input signal generating function for generating an input signal may be predefined, and the signal sensing unit 311 may include a predetermined number of predetermined signals among a plurality of input signals generated based on the input signal generating function, (For example, four) input signals can be selected.

For example, the current value y according to the time x can be calculated based on the input signal generating function, and the predetermined number of pairs of the plurality of (x, y) pairs is selected as the input signal, Lt; / RTI > For example, when using 1024 resolution, (1,1), (5,4), (10,8), (11,88) out of 1024 pairs can be selectively transmitted to the user's body as an input signal . Then, the signal through which the input signal passes through the user's body can be measured. For example, four (x, y ') may correspond to the output signal, and (1,1), (5,4), (10,8), (11,88) (1,3), (5,5,8), (10,5), (11,7) can be sensed as output signals. Then, 3, 5.8, 5, and 7 corresponding to y 'can be generated as external generation information.

Here, y represents a current, voltage, or vibration value (i.e., level) selected randomly (i.e., randomly), and y in FIG. 5 may represent a current value when the decimal point is one digit between 0 μA and 10 μA. Although FIG. 5 shows four y values, this corresponds to the embodiment, and y can be randomly selected within a range of 100 or less. For example, y can be selected up to 100 in total.

And, y 'does not always have any one correct value but can have a value allowed within a predefined error range. At this time, the recognition rate may vary depending on the degree of tolerance. That is, y 'is a measurement value of a current, voltage, or vibration passing through the human body of the user, and may have some errors depending on the climate, temperature, and environmental conditions at the time of measurement. However, Within the range y 'can be regarded as the same value.

5, y values are selected in the order of 1, 4, 8, and 8.8, but this corresponds to the embodiment, and the order may be changed. Even if the order is changed, the y 'value corresponding to the y may be measured have. For example, the y value may be selectively input to the user's body in the order of 8, 4, 8.8, 1, so that the output signal may be sensed to measure y ' The output signal is sensed and y 'is measured, and y can be input in various orders.

6 is a diagram illustrating an operation of registering authentication information in a security authentication apparatus in a server according to an embodiment of the present invention.

Referring to FIG. 6, the security authentication apparatus 300 can directly request registration of authentication information together with user identification information (user's ID, etc.) through a web page of a web site provided by a server providing security authentication service .

Then, the server 611 may register the authentication information by storing the identifier information of the user provided from the security authentication device 330 and the authentication information in the registration request, and storing the matching information in the DB 612. Then, information indicating that the registration of the authentication information has been completed can be provided to the security authentication device 300. [ For example, a message such as " registration of authentication information has been completed " or the like may be displayed on the screen of the security authentication apparatus 300 on which the web page is displayed.

In addition, the security authentication apparatus 300 can transmit the identifier information and the authentication information of the user to the server 611 while requesting registration of the authentication information through the application. Then, the server 611 can register the authentication information by storing the identifier information of the user who has been requested to register and the authentication information in the DB 612. [ Then, it can be provided to the security authentication apparatus 300 through the application that the registration of the authentication information has been completed. For example, the completion of the registration of the authentication information may be notified to the security authentication apparatus 300 through the application or may be displayed on the screen of the security authentication apparatus 300.

7 is a flowchart illustrating a method of performing user authentication based on authentication information in an embodiment of the present invention.

In Fig. 7, the steps 710 to 730 can be performed by the authentication unit 315 in Fig. The user authentication based on the authentication information described in FIG. 7 may be performed in combination with an international standard biometric authentication technology such as FIDO (Fast Identity Online).

7, when the authentication information associated with the user is registered in the server 611, that is, when the user's ID information (user ID) matches the authentication information and is stored in the DB 612 of the server 611, , User authentication can be performed based on the registered authentication information.

First, the authentication unit 315 may request authentication information for user authentication from the server 611 through a web page or an application. At this time, the authentication unit 315 can provide the user's identifier information to the server 611. [

Table 1 below shows registered authentication information and restored biometric information.

Authentication information (one-time complex biometric information) Restored biometric information (fingerprint information) Fingerprint information 451E 1011 8700 5546 2201 E15B ... Operation result value 452E 1049 8750 5536 2231 E103 ... Y '(random order) 0058] Y '(random order) 0058] Operation result value 452E 1049 8750 5536 2231 E103 ... Fingerprint information 451E 1011 8700 5546 2201 E15B ...

According to Table 1, an operation result value obtained by XORing fingerprint information and externally generated information acquired by the security authentication apparatus 300 can be generated as authentication information, and the generated authentication information (452E 1049 8750 5536 2231 E103 ... May be registered in the server 611 together with the user's identifier information (user ID). In Table 1, the value corresponding to Y 'can be represented by 4 digits, and the fourth digit can represent the number of decimal places. For example, 1 may be expressed as 0010, 3 as 0003, 5.8 as 0058, or the like.

In step 710, the authentication unit 315 can receive authentication information matched with the identifier information of the user registered in the server 611 from the server 611. [

For example, the authentication unit 315 may receive authentication information (452E 1049 8750 5536 2231 E103...) Corresponding to the calculation result value in Table 1 from the server 611.

In step 720, the authentication unit 315 can restore the user's biometric information based on the authentication information transmitted from the server 611 and the output signal received at the current time.

For example, while requesting the authentication information, the signal sensing unit 311 transmits a current, a voltage, a vibration or the like of a specific range to the user's body through the user's finger or the like in contact with the predetermined sensing area of the security authentication apparatus 300 As an input signal. At this time, the input signal transmitted to the user's body for authentication may correspond to the input signal (for example, four (x, y)) selected at the time of generating the authentication information, Information may be stored and maintained in the database 350 of the security authentication apparatus 300 in a manner matching with the identifier information of the user and the identifier information of the security authentication service. Then, the signal sensing unit 311 may transmit the selected input signal (for example, four (x, y)) at the time of generating the authentication information to the user's body at the present time and sense the output signal.

Then, the authentication unit 315 can convert Y 'included in the sensed output signal into a 4-digit number. The authentication unit 315 can restore the biometric information (e.g. fingerprint information) by XORing the converted Y 'and authentication information (452E 1049 8750 5536 2231 E103 ...) received from the server 611 have.

In step 730, the authentication unit 315 can perform user authentication by checking whether the restored biometric information matches the biometric information of the user obtained at the current time within a predetermined error range. Here, the biometric information of the user obtained at the current time may indicate the fingerprint, iris, retina, voice, etc. of the user sensed through at least one sensing area previously designated in the security authentication device 300.

For example, when they match within the error range, the authentication unit 315 can determine that the user authentication is successful, and can provide the server 611 that the user authentication is successful. If they do not match within the error range, the authentication unit 315 determines that the user authentication has failed and can notify the server 611 of the user authentication failure.

In FIG. 7, as shown in Table 1, the operation of generating authentication information using Y 'as external generation information in combination with biometric information and restoring biometric information based on Y' has been described. However, As shown in Table 2, Y may be used as external generation information to generate authentication information and restore the biometric information to perform user authentication.

Authentication information (one-time complex biometric information) Restored biometric information (fingerprint information) Fingerprint information 451E 1011 8700 5546 2201 E15B ... Operation result value 450E 1051 8780 55CE 2211 E11B ... Y (random order) 0010 0040 0080 0088 0010 0040 ... Y (random order) 0010 0040 0080 0088 0010 0040 ... Operation result value 450E 1051 8780 55CE 2211 E11B ... Fingerprint information 451E 1011 8700 5546 2201 E15B ...

According to Table 2, the authentication information generation unit 313 converts the selected Y value (e.g., 1, 4, 8, 8.8) randomly (i.e., randomly) into four-digit numbers, and outputs the converted Y value and fingerprint information It is possible to generate one-time complex biometric information, i.e., authentication information, by performing a logical operation (e.g., XOR operation). Then, the information registration unit 314 can transmit the generated authentication information together with the identifier information of the user to the server 611 and register it. At this time, the authentication information (450E 1051 8780 55CE 2211 E11B ...), which is an operation result value, can be converted into a value to which the original information can not be inferred, and the Y 'value may be set before or after the biometric information Or the same logical operation (for example, an XOR operation) may be performed in addition to a predetermined specific position. When authentication information is received from the server 611, the authentication unit 315 can restore biometric information (e.g., fingerprint information) by XORing the Y value and the received authentication information, The user can be authenticated by checking whether the restored biometric information matches the obtained biometric information within the error range.

FIG. 8 is a view for explaining an operation of acquiring biometric information of a user through a security authentication apparatus according to an embodiment of the present invention; FIG.

8 illustrates an example of acquiring fingerprint information as biometric information of a user. However, this example corresponds to the embodiment. In addition to the fingerprint information, the biometric information may be a retina, an iris, a voice, a gait, a keystroke, .

According to FIG. 8, the signal sensing unit 311 can acquire biometric information such as fingerprint information by sensing a fingerprint of a user who has previously contacted the designated sensing areas 810, 820, and 830.

The signal sensing unit 311 injects an input signal into the human body of the user who touches the predetermined sensing areas 811, 812, 821, 822, 831, and 833 for a predetermined period of time. The sensing areas 811, 821, 822, 831, and 833, respectively. In this case, when the user holds the security authentication device (e.g., a smartphone or the like) with one hand, the input signal may be injected / delivered to the user's body through the hand holding the security authentication device 300, When held together with both hands, input signals can be injected / transmitted to the user's body through both hands. In addition, a signal output from the user through the user's body can be sensed while the user is held for a predetermined period of time.

In this case, input signals such as current, voltage, and vibration may be generated internally in the security authentication device (e.g., a smart phone or the like) itself and may be transmitted to the user's body. the input signal may be transmitted to the user's body through an accessory-type housing which is covered with a cover.

9 is a diagram illustrating a structure for sensing an output signal corresponding to an input signal internally in the security authentication device itself and a structure for sensing an output signal through a housing in a cover shape in an embodiment of the present invention.

Referring to 910, a home button peripheral area 911 of the security authentication device 300 can be specified in advance for fingerprint and input signal transmission and output signal sensing. In addition to the area around the home button, at least one sensing area (for example, areas mainly caught by users according to the size of the security authentication device, 912, 913) may be designated in advance for input signal transmission and output signal sensing.

For example, the signal sensing unit 311 may detect a fingerprint of a user who touches the area around the home button 911 by inputting a predetermined number of inputs within a specific range predefined in the sensing areas 912 and 913 A signal (e.g., a selected level of current) can be delivered to the user's body. Then, it is possible to sense a signal (e.g., an output current) output through the human body of the user. At this time, the point at which the sensing is completed from the time of starting the finger fingerprint sensing of the user may correspond to a predetermined time until the output signal is measured by flowing the input signal.

920, a cover for preventing breakage of a smart phone or the like may correspond to a housing 921 of the security authentication apparatus 300

The housing 921 may be detachable to the security authentication device 300 and may include connection ports 922 and 931 for connection with the security authentication device 300. At this time, input signals such as current, voltage, and vibration are transmitted to a human body of a user who touches (for example, grasping) a predetermined side sensing area of the housing 921, and passes through the human body through the side sensing area The output signal can be sensed. At this time, the housing 921 may include an electronic circuit board that generates the input signal and senses the output signal to generate externally generated information.

The housing 921 is connected to a charging device or a communication port for charging the power source (e.g., power) of the security authentication device 300 in addition to connection ports 922 and 931 connected to the security authentication device And a socket 932 for connection. For example, the socket 932 may be used to provide a connection with a charging cable port for charging the battery of the security authentication device 300, a USB port, or a port connecting the security authentication device 300 to a desktop PC, have.

The housing 921 may further include a physical sensing area 933 for sensing biometric information such as a fingerprint around the home button of the security authentication device 300. Then, the fingerprint of the user can be sensed as the finger of the user touches the area where the sensing area 933 is located.

10 is a view showing a structure of a housing according to an embodiment of the present invention.

According to Fig. 10, the housing 1000 may be detachably attached to the security authentication device and have a structure in the form of a cover surrounding the edge of the security authentication device.

The housing 1000 includes a physical sensing area 1001 in the vicinity of a home button to which a user's body such as a fingerprint is contacted, a connection port 1002 for connecting the housing 1000 and the security authentication device 300 to the security authentication device, A socket 1003, an electronic circuit board 1004, and a plurality of lines 1005, 1006, and 1007.

The housing 1000 may be configured to contact the sensing area 1001 with a predefined current, voltage or vibration as an input signal according to the biocomponent, or to control the sensing area 1001, (I.e., lines) for transmitting the signal output from the human body to the signal sensing unit 311 or the electronic circuit board 1005 may be provided.

For example, the line 1005 is a line that connects the electronic circuit board 1004 to the area 1001 where the user's fingerprint is sensed. The line 1005 senses the fingerprint of the user who has made contact with the sensing area 1001, Information can be transferred to the electronic circuit board 1004. The line 1006 connects the electronic circuit board 1004 to any one of the sensing areas 1008 specified on the left side of the housing 1000. The line 1006 connects the sensing area 1008 specified on the left side of the housing 1000, Voltage, or vibration generated in the electronic circuit board 1004 to a human body (e.g., a hand, etc.) of the user who has made contact with the user's body and transmits a current, voltage, Sensed and transmitted to the electronic circuit board 1004. The line 1007 connects the electronic circuit board 1004 to any one of the sensing areas 1009 specified on the right side of the housing 1000. The line 1007 contacts the sensing area 1009 specified on the right side of the housing 1000, Voltage, or vibration generated in the electronic circuit board 1004 by a human body (e.g., a hand) of a user, and senses a current, voltage, or vibration output through the user's body To the electronic circuit board 1004.

Power can be supplied to the security authentication apparatus 300 through VCC and GND in FIG. For example, the electronic circuit board 1004 can sense an output signal passing through the human body through the line 1006 and the line 1007 after flowing a current through the line 1005. And send the sensed output signal to a processing program, e.g., process 310. At this time, the sensed output signal can be transmitted through D + and D-, and a minute value can be used to such an extent that there is no problem to the human body. For example, a current in a range that is considered to be harmless to the human body through clinical experiments or medical data can be designated and used in advance according to a living body component.

The shape of the connection port 1002 and the socket 1003 shown in FIG. 10 corresponds to the embodiment, and the shape differs depending on the type of the security authentication device (for example, a terminal specification such as an Android phone, an iPhone, .

The methods according to embodiments of the present invention may be implemented in the form of a program instruction that can be executed through various computer systems and recorded in a computer-readable medium.

The program according to this embodiment can be configured as an application dedicated to a mobile terminal or a PC-based program. The application to which the present invention is applied may be implemented in a program form that operates independently, or in an in-app form of a specific application, so that the application can be implemented in the specific application.

Further, the methods according to the embodiment of the present invention can be performed by an application associated with a server system providing a security authentication service by controlling a user terminal (i.e., a security authentication device). As an example, such an application may execute one or more processes configured to perform one or more of the features described herein. Further, such an application can be installed in a user terminal through a file provided by a file distribution system. For example, the file distribution system may include a file transfer unit (not shown) for transferring the file at the request of the user terminal.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the apparatus and components described in the embodiments may be implemented as a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA), a programmable logic unit, a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For ease of understanding, the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG. For example, the processing unit may comprise a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded. The software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. For example, it is to be understood that the techniques described may be performed in a different order than the described methods, and / or that components of the described systems, structures, devices, circuits, Lt; / RTI > or equivalents, even if it is replaced or replaced.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (8)

A computer-implemented biometric information-based security authentication method,
Transmitting an input signal to a user's body;
Receiving the modified output signal through the human body of the user;
Generating externally generated information based on the output signal; And
Generating authentication information by combining the externally generated information and the biometric information of the user
Wherein the secure authentication method comprises: The method according to claim 1,
Wherein the step of transmitting the input signal to a user's body comprises:
Selectively transmitting a predetermined number of input signals among a plurality of predefined input signals to the user's body
The security authentication method comprising: The method according to claim 1,
Wherein the step of transmitting the input signal to a user's body comprises:
Transmitting a predefined current, voltage, vibration, sound, or heat according to a biological component to the user's body as the input signal
The security authentication method comprising: The method according to claim 1,
Wherein the generating the authentication information comprises:
Generating the authentication information by performing an operation on the externally generated information and the user's biometric information based on a predefined logical operator, an encryption function, a random value, or a current time
The security authentication method comprising: The method according to claim 1,
And transmitting the generated authentication information together with the identifier information of the user to the server and registering
Further comprising: 6. The method of claim 5,
Receiving the authentication information registered in the server from the server;
Restoring the user's biometric information based on the authentication information transmitted from the server and the output signal received at the current time; And
Authenticating the user based on the restored biometric information of the user and the biometric information of the obtained user
Further comprising: The method according to claim 1,
Wherein the generating the authentication information comprises:
Receiving biometric information of the user from a storage medium detachably attached to the computer or from an external electronic device connected to the computer through a network
Wherein the secure authentication method comprises: A complex authentication device based on biometric information,
A signal sensing unit for transmitting an input signal to a user's body and sensing the output signal of the input signal transmitted through the user's body;
An externally generated information generating unit for generating externally generated information based on the output signal; And
An authentication information generating unit for generating authentication information by combining the externally generated information and the biometric information of the user,
.

Images