KR100987351B1 - System and Method for certification - Google Patents

Abstract

The present invention relates to an authentication system and method, wherein the system performs load distribution according to a connection request and a service request from a client on a networked system, and provides a client even when a failure occurs in a specific part of the networked system. At least two L4 switches, each set in an active state and a standby state to provide stable service processing; A plurality of authentication servers that are mounted and driven by an authentication module that processes an authentication request from the client and extracts an authentication result; And receiving the authentication data including the index of the key in the HSM (Hardware Security Module) from the client through the authentication module, and performing the decryption operation using the index of the key for deriving the authentication result. It includes a plurality of HSM to pass to the authentication module.

According to the present invention, it is possible to implement an independent security authentication system and method considering physical scalability and considering scalability of the authentication system.

Authentication, Security, HSM, IC Card

Description

Certification System and Method {System and Method for certification}

The present invention relates to authentication systems and methods, and more particularly, to authentication systems and methods that are not dependent on the host system.

As the use of credit cards that can be used without cash while replacing the functions of conventional cash is becoming common, problems of personal information leakage or theft due to the loss of credit cards are also increasing in proportion to the number of credit cards used. to be.

In addition to credit cards, in recent years, various service providers including telecommunication companies have provided various affiliate cards including customer information.

Types of such cards include magnetic cards and IC cards. Magnetic cards are cards that input certain information on their own, and ICs (integrated circuits) are electronic devices that can store a large amount of information by installing memory devices. As a card, the ISO standard refers to any card with more than one IC.

As transactions using magnetic cards or IC cards with various functions are becoming more common in offline and online commerce, it is very important to secure the personal information stored in the certificate and / or card connected with the card. In recent years, a lot of credit card types are easily copied, and the trend of switching from conventional magnetic cards, which are less secure, to IC cards is becoming a trend.

However, despite the transition to IC cards, the host authentication system required for the issuance of credit card member companies and credit card transactions is still implemented in software form without physical security system, making it difficult to overcome security weaknesses. There was a problem.

The technical problem to be achieved by the present invention, by introducing an independent authentication system in the existing magnetic card without replacement of the existing system according to the issuance of the IC card, not only the IC card authentication but also all the encryption and decryption work using the verification of the existing magnetic card and other keys. An object of the present invention is to provide an authentication system and method for performing the same.

In the authentication system of the present invention for achieving the above object, the load distribution according to the connection and service request from the client on the networked system, and even if a failure occurs in a specific part on the networked system At least two L4 switches, each of which is set to an active state and a standby state to provide stable service processing to the service; A plurality of authentication servers that are mounted and driven by an authentication module that processes an authentication request from the client and extracts an authentication result; And receiving the authentication data including the index of the key in the HSM (Hardware Security Module) from the client through the authentication module, and performing the decryption operation using the index of the key for deriving the authentication result. It may be made to include a plurality of HSM to deliver to the authentication module.

The authentication module receives a connection request from a client and operates an authentication processing process, receives an operation signal from the connection processing process, connects to an HSM, and then receives verification data through encryption and decryption in the HSM. And an authentication processing process for transmitting an authentication result derived through authentication logic operation in an authentication module to the client based on the received verification data, wherein the authentication processing process is assigned among a plurality of HSMs. In case of failure of the HSM, it may include a function to control the authentication process using another HSM.

In addition, the authentication module includes an encryption / decryption function implemented in software. Also, in the encryption / decryption operation using an arbitrary session key that does not use the key in the HSM, the authentication module does not load the HSM and decrypts it in the authentication server including the authentication module. You can make the operation work.

In addition, the authentication module enables the HSM to be used regardless of the type and environment of the system including the server in all the clients that support the standard socket communication, thereby establishing a flexible connection environment. It can be implemented as a framework that provides a set of collaborative classes that can be easily reused for the design and implementation of desired processing forms, such as adding or deleting existing processes.

In addition, the authentication module is called the block encryption algorithms SEED, DES (Data Encryption Standard), TDES (Triple Data Encryption Standard), and Advanced Encryption Standard by using keys securely stored in the HSM at the client, and AES is known to replace the existing DES. (Encryption Encryption Standard), RSA (Rivest Shamir Adleman) can be implemented to use the encryption and decryption function through at least one or more of the encryption algorithms provided by HSM, such as RSA (Rivest Shamir Adleman) It can be implemented to be freely used by the client.

The HSM may be configured to be connected to the authentication server in a one-to-one correspondence.

In the authentication method of the present invention for achieving the above object, (a) when a connection request from a client is received through a connection processing process, the connection processing process forwards the connection request to an authentication processing process to authenticate in the HSM. Connecting to a module and maintaining a connection state; (b) if an authentication request including authentication data from the client is received through an authentication processing process, Transmitting verification data to the HSM to generate verification data through an encryption and decryption operation in the HSM; And (c) the authentication processing process may include transmitting the authentication result derived by performing authentication logic operation on the verification data after receiving the verification data generated from the HSM.

The authentication data received from the client in step (b) may be information including an index of a key.

The authentication method may further include the step of terminating the connection with the client and the HSM when the connection release request from the client is received by the connection processing process.

In addition, in another authentication method of the present invention for achieving the above object, (a) when a connection request from a client is received through the connection processing process, the connection processing process forwards the connection request to the authentication processing process; step; (b) when the authentication request including authentication data is received from the client through an authentication processing process, generating verification data through an authentication module including encryption and decryption operations; (c) The authentication processing process may include transmitting an authentication result derived by performing an authentication logic operation on the generated verification data to the client.

The authentication data received from the client in step (b) may be information including an index of a key.

According to the present invention, in the case of a card approval system that is being used, the approval operation for another type of card can be continued with the addition of an interface only without a total replacement.

Even if the increase in processing capacity is required, the maximum number of processing of each server can be controlled only by correcting the configuration file without modifying the overall program, and the processing capacity can be increased by increasing the processes that can be processed simultaneously by only adding hardware.

In addition, the authentication system of the present invention can establish a flexible connection environment that does not depend on the server on the client side.

The authentication system of the present invention can be used not only for the authentication of the IC card but also for all tasks requiring encryption and decryption of data using a key requested online, and also provides a key to the physically secure HSM (Hardware Security Module). ), It is impossible to read or leak the key, so it can maintain a very high level of security.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

As shown in FIG. 1, the client 100 of the present invention is a type of external system connected to an authentication system and a network, and may be connected to the authentication system 300 through various paths of networking. FEP (Front-End-Processor) belonging to the client 100 refers to a program or hardware that reduces the processing time of the processor by processing the input data in advance before the computer processor (Process), the user terminal In other words, it means a small processing device that serves as an interface to the main computer from various input / output devices and data communication devices, and processes and processes the data and sends the data to the main computer.

In the authentication system 300 of the present invention, the L4 switch 310, the authentication server 320, and the HSM 330 are included as main components, and each device is composed of two or more.

The L4 switch 310 switches TCP / UDP, which is a 4 Layer (L4: Transport Layer) protocol, and analyzes the TCP / UDP port information to use the type of service currently used by the packet (HTTP, FTP, Telnet, SMTP, It processes the packet after identifying which request is given priority for each protocol (such as POP3 and SSL). It load balances loads to servers connected to L4 switch properly and includes fail over function that handles other servers to automatically respond in case of server down for stable service provision.

In the present invention, the L4 switch is an access point to an external client during the configuration of the authentication system, and in case of a failure, a plurality of configurations of an active state and a standby state are preferable. Expected number of authentication servers processed * Number of authentication servers.

L2 switch performs switching function in Ethernet, frame relay, ATM, etc., which is a protocol of 2 Layer (Datalink Layer), and recognizes an address and transmits a packet to a corresponding device.

This L2 switch is appropriately selected according to the specifications of the L4 switch.

The authentication server 320 is equipped with an authentication module for processing an authentication request to play a role of direct transmission and reception of a connection and authentication-related data with a client, and to access another authentication system configuration HSM. All of these authentication servers are preferably implemented in an active state.

The authentication module, which is software installed in the authentication server, is a listener commonly used on a network program (which serves to receive a socket for a connection status with a client on a network). Connection processing process that operates the processing process, and receive the operation signal from the connection processing process to access the HSM, and then receives the verification data derived through the encryption and decryption performed by the authentication module in the HSM to perform the authentication logic to derive It is configured to include an authentication processing process that serves to send the authentication results to the client.

More specifically, the connection processing process is applied with a multi-threading function (an execution path existing in a process, that is, a series of executable code is called a thread, which refers to an environment that executes several threads simultaneously in one process). There can be one process running on each server that acts as a supervisory authority to start, restart or stop the authentication process.

The authentication process is also multi-threaded, with N processes running on each server. The number of processes can be flexibly adjusted to match the number of transactions and the performance of the HSM. In addition, when creating a thread, each thread should always be connected to the HSM, and in case of an allocated HSM failure, another HSM can be used.

HSM (Hardware Security Module) 330 is basically a system that lowers the possibility of leakage of the encrypted key by solving the security operation in the HSM itself, such as encryption key generation, key management, encryption, decryption using its own CPU. It is desirable to have one-to-one connection with the authentication server.

When explaining the operation relationship of the authentication system with an embodiment of the card payment including the present inventor authentication method, when a user requests a smart card (credit card) payment after purchasing a specific product in the shopping mall, the terminal of the shopping mall The information required to approve the transaction is generated using the data of the card and the terminal to generate a full text of the request for approval. The generated approval request text is transmitted to the card company's external system through the PSTN network, which belongs to the client in the present invention.

Such an external system (client) transmits encrypted data, such as personal information and random numbers generated from a card, to an authentication system in an authentication request message, and the authentication system receiving the encrypted data Verification data is generated through an operation for encryption / decryption using a key of the HSM, and the generated verification data is transferred back to the external system. At this time, the transmitted data is encrypted and transmitted with a mutually agreed key between the external system (client) and the authentication system, and is encrypted in the internal network to transmit and receive.

The external system, which has received the verification data, decrypts the encrypted value and generates a full text of approval or rejection based on the decrypted value, and transmits it to the shopping mall terminal.

Looking at the execution path of the above embodiment, EFT-POS → PSTN network → card company external system → authentication system [L4 → [authentication server → HSM] → authentication server → L4] → card company external system → PSTN network → EFT-POS The number of times of processing between the [authentication server → HSM] may vary depending on various conditions such as the type of work.

A more specific embodiment of the authentication system according to the present invention on the execution path is shown in FIG. 2, in which an access request is received from an external system (client) through an access processing process with the authentication server activated (S210). If so, the connection processing process transmits the connection request to the authentication processing process and maintains a connection state with the HSM (S220).

After the authentication request including the authentication data of the user from the client is received through the access processing process in the authentication module (S230), by operating the authentication processing process to transmit the authentication data to the HSM (S240) and the authentication data in the HSM Based on the encryption and decryption using the index of the key to calculate the resulting verification data and deliver it back to the authentication processing process in the authentication module (S250). In the authentication processing process, the authentication logic operation is again performed based on the verification data, and the authentication result derived through the verification data is transmitted to the client (S260). Then, when the request for disconnection from the client is received by the connection processing process (S270), the service is terminated by terminating the connection with the client and the connection with the authentication module in the HSM (S280).

Figure 3 is a simplified representation of the processing flow of the authentication module comprising a connection processing process and the authentication processing process operating in the present invention, Figure 4 is a more detailed representation of the operation relationship in Figure 3 in accordance with the actual programming order will be.

In the connection process of ① in FIG. 3, a connection request is received and connected from the client to the authentication server, and the socket delivery process of ② is a connection processing process (listener), which is an authentication module mounted in the authentication server. It accepts the connection request from the client and passes the received socket to the authentication processing process. The authentication processing process is also connected to the HSM to perform an operation. In addition, the present invention can be implemented to perform an encryption / decryption operation in an authentication server including an authentication module without burdening the HSM during an encryption / decryption operation using an arbitrary session key that does not use a key in the HSM.

③ is a socket receiving process. The authentication process is a process of receiving a socket from a connection processing process and maintaining it until a request for revocation is received from the client, and waiting for an authentication request from the client.

In addition, when ④ is transmitted from the client to the server, the authentication request (full text) waits for the verification data from the HSM and sends the authentication result (full text) generated by the authentication module to the client as shown in ⑤. In case of ⑥ that indicates the request for disconnection from the client, the authentication system receives this to release the client socket and notifies the authentication processing process. The authentication processing process causes the socket to be used in response to the notification of the termination from the connection processing process. do.

Hereinafter, the communication relationship between the authentication server and the client of the present invention will be described by reference.

The communication protocol between the authentication server and client uses TCP / IP, and the authentication server is configured to transmit the result in response to the client's request. It uses the assigned port, and all requests from the client start from the client. The authentication server consists of executing only the response.

Full text such as authentication data or authentication result between authentication server and client is used to process verification or signature generation for authentication processing. It can be implemented to generate out errors and disconnect from the authentication server.

In addition, data is encrypted during communication, and an encryption algorithm may be implemented to use a symmetric key, and in addition, the encryption range of the data message may be limited to an input data portion and an output data portion.

The above embodiment is an example for describing the technical idea of the present invention in detail, and the present invention is not limited to the above embodiment, various modifications are possible to those skilled in the art and various embodiments of the same technical idea Naturally, it belongs to the protection scope of the invention.

1 is a block diagram of an authentication system according to the present invention.

2 is a flowchart of an authentication process according to the present invention.

3 is a flowchart showing an operation relationship between a client and an authentication system of the present invention.

4 is a block diagram illustrating the operation relationship of FIG. 3 in more detail according to actual programming order.

Claims (11)

In order to distribute the load according to the connection and service request from the client on the networked system, and to provide stable service processing to the client even when a specific part of the networked system fails, the active and At least two L4 switches, set in a standby state; A plurality of authentication servers mounted and driven by an authentication module which processes an authentication requested by the client and extracts an authentication result; And The client receives the authentication data including the index of the key in the HSM (Hardware Security Module) from the client through the authentication module, performs an encryption / decryption operation using the index of the key for deriving the authentication result, and verifies the verification data. Including a plurality of HSMs delivered to the authentication module, The authentication module receives a connection request from the client to operate an authentication processing process, receives an operation signal from the connection processing process, and accesses the HSM. And an authentication processing process for transmitting the authentication result derived from the authentication logic operation in the authentication module to the client based on the received verification data through encryption and decryption in the HSM. The encryption and decryption function is implemented, and the encryption / decryption operation is processed in the authentication server including the authentication module without burdening the HSM when the encryption / decryption operation is performed using an arbitrary session key that does not use the key in the HSM. And the client automatically generates a time out error when there is no response from the authentication server for a predetermined time, and terminates the connection with the authentication server. delete delete The method of claim 1, The authentication module is an authentication system, characterized in that all clients that support standard socket communication to use the HSM without depending on the type and environment of the system, including the server. The method of claim 1, The authentication module uses HSMs such as SEED, DES (Triple Data Encryption Standard), TDES (Triple Data Encryption Standard), AES (Advanced Encryption Standard), and RSA (Rivest Shamir Adleman) by using keys securely stored in the HSM. Authentication system, characterized in that the decryption function can be implemented using at least one or more of the provided encryption and decryption algorithms. The method of claim 1, The authentication processing process, characterized in that it comprises a function to control to perform the authentication process using a different HSM when a failure occurs in the assigned HSM of the plurality of HSM. The method of claim 1, The authentication module provides a framework for providing a series of collaborative classes that can be easily reused for the design and implementation of a desired processing type such as adding another process for authentication processing or deleting an existing process. Framework) authentication system, characterized in that. delete delete delete delete

Images