WO2005059677A2 - The method of service to prevent using personal information by stealth - Google Patents

The method of service to prevent using personal information by stealth Download PDF

Info

Publication number
WO2005059677A2
WO2005059677A2 PCT/KR2004/003182 KR2004003182W WO2005059677A2 WO 2005059677 A2 WO2005059677 A2 WO 2005059677A2 KR 2004003182 W KR2004003182 W KR 2004003182W WO 2005059677 A2 WO2005059677 A2 WO 2005059677A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
authentication
authentication server
server
service
Prior art date
Application number
PCT/KR2004/003182
Other languages
French (fr)
Other versions
WO2005059677A3 (en
Inventor
Jay-Yeob Hwang
Original Assignee
Jay-Yeob Hwang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jay-Yeob Hwang filed Critical Jay-Yeob Hwang
Publication of WO2005059677A2 publication Critical patent/WO2005059677A2/en
Publication of WO2005059677A3 publication Critical patent/WO2005059677A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to prevention of personal information from being used by stealth.
  • the present invention has been made to prevent such appropriation cases, and it is an object of the present invention to provide a method in which a user can sense and prevent appropriation of his or her personal information or ID in real time anywhere on the Internet.
  • a user is allowed to log in a program serving as a sensor for inquiring an authentication server about personal information.
  • appropriation in many service web sites that operate shabby authentication systems having a risk of appropriation can be sensed and prohibited in an integral manner.
  • FIG. 1 shows the configuration and flowchart thereof according to the present invention.
  • FIG. 1 shows the configuration and flowchart thereof according to the present invention.
  • An authentication server 5, a plurality of service servers 9, and a plurality of user computers 6, 7 are all interconnected through a network.
  • the authentication server 5 is installed with a program for authenticating a user 6 for other service servers 9.
  • the service server 9 is a server for providing services to the user 6.
  • the service server 9 is programmed to request authentication from the authentication server 5 even after a login process is finished when a user, who tries to become a member, wants payment or tries to login, tries to have himself or herself authenticated.
  • the service server 9 is programmed to inquire the authentication server about real name information that is input from the user. In the case where authentication of a user who tries to login is performed, the service server 9 is programmed to inquire real name information or an authentication ID 1 of the authentication server. To this end, the service server has the authentication ID 1 of the user recorded in member information previously. Tables shown in FIG. 1 indicate database records recorded in the authentication server and the service server.
  • the user computer 6 is installed with an appropriation- sensing program, which is programmed to log in the authentication server 5. The process according to the present invention will now be described. An exemplary process shown in FIG.
  • 1 is a case where others 7 use an ID 10 of the user 6 by stealth in a state where the user 6 is being logged in the authentication server 5.
  • Appropriation-sensing program login process If the user 6 powers a computer on at his of her working place, an appropriation-sensing program is automatically executed. The user logs in the authentication server 5 through a predetermined authentication procedure (SI). The authentication server 5 records an access IP 3 of the user who has logged in (S2) . This means informing the authentication server 5 of the fact that the user 6 is located just at a location 3 where he or she is logged in. This tells that authentication of the user at other locations is an appropriation attempt. 2.
  • Authentication request process If users 6, 7 have access to a predetermined service server 9 to become a member, or input an ID 10 and a password 11 to log in (S3) , the service server 9 inquires an authentication server about a user's real name information input by the user or an authentication server ID 1 recorded in member information in order to carry out the user authentication (S4). 3. Authentication request location confirmation process If authentication is required from the service server 9, an input interface 8 through which a password of the authentication server ID is input is called on a user screen 7 (S5) .
  • the password input interface 8 includes an applet that acquires and reports an IP of a user computer, and is directly connected to the authentication server 5. Thus, the password input interface 8 can acquire an access IP 4 of the user (S5) along with output. 4.
  • Access location comparison process The authentication server 5 confirms whether the login location 3 exists in a current authentication server by inquiring the requested real name information or ID 1 (S6) , and compares the confirmed login location 3 with the access location 4 for which authentication is required (S7). If the login location 3 exists, the authentication server 5 determines that the user is in a login state. If the login location 3 does not exist, the authentication server 5 determines that the user is in a logout state. 5. Authentication process In the case where the user 6 for which authentication is requested is in a login state to the authentication server, if the access location 4 of the user 6 for which authentication is requested is different from the login access location 3, the authentication procedure is not performed. When two access locations 3 and 4 are identical to each other, the authentication procedure is performed.
  • the authentication procedure may be set to be omitted depending upon a degree of the importance of a service when the two access locations 3 and 4 are identical to each other. If the user is in a logout state to the authentication server 5, the authentication procedure is performed, and the results are sent to the service server 9.
  • the authentication procedure may employ various technologies for identifying the user not the password confirmation type. 6. Prohibition and alarm process If the access location 4 of the user for which authentication is requested in the authentication process and the access location 3 of the user who has logged in the authentication server are different from each other, this is estimated as an appropriation attempt, and a corresponding authentication case is regarded as authentication fail 8. An alarm message is sent to the user 6 who has logged in using the appropriation-sensing program (S8).
  • the alarm message can include the access IP 4, which is collected in the authentication request location tracking process, so as to utilize it as a report material.
  • the main configuration of the present invention has been described so far. However, since the importance of ID security in a given service may be different according to a user, services in which only existing ID and password are confirmed and the user authentication process according to the present invention is optionally omitted can be more preferred. That is, this service is for a person who wants to log in more simply than experiencing the user authentication procedure since it is not important to him.
  • a person who has joined in the authentication server registers his authentication ID in a web site that supports an ID security service
  • the service web site allows only members whose authentication IDs are registered among members that log in to experience the user authentication procedure.
  • a person whose authentication ID 1 is recorded in member information within the service server is allowed to experience the user authentication procedure, and a person not having the authentication ID 1 can directly use services.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method of preventing others from using a user's personal information by stealth on space by using others' ID by stealth. Users keep online by logging in to an authentication server through a predetermined appropriation-sensing program. A plurality of servers that provide services on the Internet requests user authentication from the authentication server when a user needs to be identified or a user logs in. The authentication server for which user authentication has been requested determines whether the user is logged in the authentication server. If the user is in a logout state, the authentication server performs a user authentication procedure. If the user is in a login state, the authentication server compares an access IP of a user for which authentication will be performed and an access IP of a user who has logged in to the authentication server. If the two access IPs are identical to each other, the authentication server performs the authentication procedure. If the two access Ips are different from each other, the authentication server does not perform the user authentication procedure. Thus, users who log in to the authentication server through the appropriation-sensing program can prevent their personal information from being used by stealth.the Internet and preventing others infringing others' cyber

Description

THE METHOD OF SERVICE TO PREVENT USING PERSONAL INFORMATION BY STEALTH
Technical Field The present invention relates to prevention of personal information from being used by stealth.
Background Art There are lots of authentication techniques for authenticating a user. Actually, methods such as public authentication or biometrics make a good score in stability. In existing authentication methods, however, stability is high, but convenience or popularity is low. For this reason, many services are mainly limited to authentication methods in which a password only is confirmed. As such, there frequently occur many cases where privacy is infringed by evading such shabby authentication methods and appropriating others' ID. Economic damages are also incurred on the Internet by using others' personal information by stealth.
Technical Problem Accordingly, the present invention has been made to prevent such appropriation cases, and it is an object of the present invention to provide a method in which a user can sense and prevent appropriation of his or her personal information or ID in real time anywhere on the Internet.
Advantageous Effects
According to the present invention, a user is allowed to log in a program serving as a sensor for inquiring an authentication server about personal information. Thus, appropriation in many service web sites that operate shabby authentication systems having a risk of appropriation can be sensed and prohibited in an integral manner.
Brief Description of Drawings FIG. 1 shows the configuration and flowchart thereof according to the present invention.
Best Mode for Carrying Out the Invention The present invention will now be described in detail in connection with preferred embodiments with reference to the accompanying drawings . FIG. 1 shows the configuration and flowchart thereof according to the present invention. An authentication server 5, a plurality of service servers 9, and a plurality of user computers 6, 7 are all interconnected through a network. The authentication server 5 is installed with a program for authenticating a user 6 for other service servers 9. The service server 9 is a server for providing services to the user 6. The service server 9 is programmed to request authentication from the authentication server 5 even after a login process is finished when a user, who tries to become a member, wants payment or tries to login, tries to have himself or herself authenticated. In order to perform the user authentication for member joining or payment through real name, the service server 9 is programmed to inquire the authentication server about real name information that is input from the user. In the case where authentication of a user who tries to login is performed, the service server 9 is programmed to inquire real name information or an authentication ID 1 of the authentication server. To this end, the service server has the authentication ID 1 of the user recorded in member information previously. Tables shown in FIG. 1 indicate database records recorded in the authentication server and the service server. The user computer 6 is installed with an appropriation- sensing program, which is programmed to log in the authentication server 5. The process according to the present invention will now be described. An exemplary process shown in FIG. 1 is a case where others 7 use an ID 10 of the user 6 by stealth in a state where the user 6 is being logged in the authentication server 5. 1. Appropriation-sensing program login process If the user 6 powers a computer on at his of her working place, an appropriation-sensing program is automatically executed. The user logs in the authentication server 5 through a predetermined authentication procedure (SI). The authentication server 5 records an access IP 3 of the user who has logged in (S2) . This means informing the authentication server 5 of the fact that the user 6 is located just at a location 3 where he or she is logged in. This tells that authentication of the user at other locations is an appropriation attempt. 2. Authentication request process If users 6, 7 have access to a predetermined service server 9 to become a member, or input an ID 10 and a password 11 to log in (S3) , the service server 9 inquires an authentication server about a user's real name information input by the user or an authentication server ID 1 recorded in member information in order to carry out the user authentication (S4). 3. Authentication request location confirmation process If authentication is required from the service server 9, an input interface 8 through which a password of the authentication server ID is input is called on a user screen 7 (S5) . The password input interface 8 includes an applet that acquires and reports an IP of a user computer, and is directly connected to the authentication server 5. Thus, the password input interface 8 can acquire an access IP 4 of the user (S5) along with output. 4. Access location comparison process The authentication server 5 confirms whether the login location 3 exists in a current authentication server by inquiring the requested real name information or ID 1 (S6) , and compares the confirmed login location 3 with the access location 4 for which authentication is required (S7). If the login location 3 exists, the authentication server 5 determines that the user is in a login state. If the login location 3 does not exist, the authentication server 5 determines that the user is in a logout state. 5. Authentication process In the case where the user 6 for which authentication is requested is in a login state to the authentication server, if the access location 4 of the user 6 for which authentication is requested is different from the login access location 3, the authentication procedure is not performed. When two access locations 3 and 4 are identical to each other, the authentication procedure is performed. Meanwhile, the authentication procedure may be set to be omitted depending upon a degree of the importance of a service when the two access locations 3 and 4 are identical to each other. If the user is in a logout state to the authentication server 5, the authentication procedure is performed, and the results are sent to the service server 9. The authentication procedure may employ various technologies for identifying the user not the password confirmation type. 6. Prohibition and alarm process If the access location 4 of the user for which authentication is requested in the authentication process and the access location 3 of the user who has logged in the authentication server are different from each other, this is estimated as an appropriation attempt, and a corresponding authentication case is regarded as authentication fail 8. An alarm message is sent to the user 6 who has logged in using the appropriation-sensing program (S8). The alarm message can include the access IP 4, which is collected in the authentication request location tracking process, so as to utilize it as a report material. This makes the person 7 who attempts appropriations feel that a danger of appropriation is high, and can discourage the person 7 to attempt appropriation. The main configuration of the present invention has been described so far. However, since the importance of ID security in a given service may be different according to a user, services in which only existing ID and password are confirmed and the user authentication process according to the present invention is optionally omitted can be more preferred. That is, this service is for a person who wants to log in more simply than experiencing the user authentication procedure since it is not important to him. As a result, for the purpose of his ID security, a person who has joined in the authentication server registers his authentication ID in a web site that supports an ID security service, the service web site allows only members whose authentication IDs are registered among members that log in to experience the user authentication procedure. In FIG. 1, a person whose authentication ID 1 is recorded in member information within the service server is allowed to experience the user authentication procedure, and a person not having the authentication ID 1 can directly use services.

Claims

What Is Claimed Is:
1. A service method of preventing a user's personal information from being used by stealth, comprising: a step in which an authentication server, a plurality of service servers and a plurality of user computer are all interconnected through a network; a step of allowing a client program in the user computer to log in to the authentication server; a step of allowing the authentication server to receive an authentication request through the service server; a step of collecting a current access location of a subject for which authentication is requested; a step of determining whether the subject for which authentication is requested is in a current login state; and a step in which in the case of the login state, when the access location of the user who has requested authentication is different from the access location of the user who has logged in, a user authentication procedure is not performed, and if the subject is in a logout state, the user authentication procedure is performed.
2. A service method of preventing a user's ID from being used by stealth, comprising: a step in which an authentication server, a plurality of service servers and a plurality of user computers are all interconnected through a network; a step of allowing the user to register his or her authentication server ID in member information within the plurality of the service servers; a step of allowing a client program in the user computer to log in to an authentication server; a step of allowing the user to log in the service server; a step in which the service server requests authentication by sending the authentication server ID of the user who has logged in to the service server to the authentication server; a step of collecting a current access location of a subject for which authentication is requested; a step of determining whether the subject for which authentication is requested is in a current login state; a step in which in the case of the login state, if the access location of the user who has requested authentication is different from the access location of the user who has logged in, a user authentication procedure is not performed, and if the two access locations are different from each other, a corresponding authentication case is regarded as authentication fail, and an alarm message is sent to the user; and a step in which if the user is in a logout state, the user authentication procedure is performed.
PCT/KR2004/003182 2003-12-06 2004-12-06 The method of service to prevent using personal information by stealth WO2005059677A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020030088433A KR20050054797A (en) 2003-12-06 2003-12-06 The method of service to prevent using personal information by stealth
KR10-2003-0088433 2003-12-06

Publications (2)

Publication Number Publication Date
WO2005059677A2 true WO2005059677A2 (en) 2005-06-30
WO2005059677A3 WO2005059677A3 (en) 2005-08-18

Family

ID=34698381

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2004/003182 WO2005059677A2 (en) 2003-12-06 2004-12-06 The method of service to prevent using personal information by stealth

Country Status (2)

Country Link
KR (1) KR20050054797A (en)
WO (1) WO2005059677A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100786478B1 (en) * 2005-07-27 2007-12-17 서울신용평가정보 주식회사 System and Apparatus for verifing authenticity of a person useing customer behavior analysis information
KR20090060644A (en) * 2007-12-10 2009-06-15 주식회사 엔씨소프트 Apparatus and method for automatically declaring account embezzlement of on-line game using mobile phone

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000054777A (en) * 2000-06-23 2000-09-05 김상돈 Method of authenticating on the basis of mac address in a network connection
KR20020020520A (en) * 2000-09-09 2002-03-15 구자홍 operation method of system for perform login and system for the same

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000054777A (en) * 2000-06-23 2000-09-05 김상돈 Method of authenticating on the basis of mac address in a network connection
KR20020020520A (en) * 2000-09-09 2002-03-15 구자홍 operation method of system for perform login and system for the same

Also Published As

Publication number Publication date
WO2005059677A3 (en) 2005-08-18
KR20050054797A (en) 2005-06-10

Similar Documents

Publication Publication Date Title
US7024556B1 (en) Distributed system authentication
US9189615B2 (en) Systems and methods for system login and single sign-on
US10623958B2 (en) Authorization of authentication
KR100489561B1 (en) Method for measuring time of accessing a web site through the Internet and recording media for storing a program thereof
US20110047606A1 (en) Method And System For Storing And Using A Plurality Of Passwords
US20020019828A1 (en) Computer-implemented method and apparatus for obtaining permission based data
US20060173793A1 (en) System and method for verifying the age and identity of individuals and limiting their access to appropriate material and situations
US20070056022A1 (en) Two-factor authentication employing a user's IP address
US20070169175A1 (en) Killing login-based sessions with a single action
JP2004509387A (en) Method and apparatus for network evaluation and authentication
EP1955252A1 (en) Human factors authentication
JP2005063439A (en) Apparatus, system, and method for authorized remote access to a target system
JP4334515B2 (en) Service providing server, authentication server, and authentication system
CN107809438A (en) A kind of network authentication method, system and its user agent device used
JP2007280393A (en) Device and method for controlling computer login
JP4718917B2 (en) Authentication method and system
CN110869928A (en) Authentication system and method
JP2005267529A (en) Login authentication method, login authentication system, authentication program, communication program, and storage medium
WO2005059677A2 (en) The method of service to prevent using personal information by stealth
JP2007310630A (en) Recovery system and method for function of personal identification
Cisco Cisco Teams with Security Dynamics
KR20090075524A (en) Method and system for blocking detour access to unallowable site
JP2002108822A (en) Security control system
JP2016130875A (en) File management device
JP2004078327A (en) Access control system and access control method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase