KR101214839B1 - Authentication method and authentication system - Google Patents

Authentication method and authentication system Download PDF

Info

Publication number
KR101214839B1
KR101214839B1 KR1020120068368A KR20120068368A KR101214839B1 KR 101214839 B1 KR101214839 B1 KR 101214839B1 KR 1020120068368 A KR1020120068368 A KR 1020120068368A KR 20120068368 A KR20120068368 A KR 20120068368A KR 101214839 B1 KR101214839 B1 KR 101214839B1
Authority
KR
South Korea
Prior art keywords
authentication
terminal
key
user
service providing
Prior art date
Application number
KR1020120068368A
Other languages
Korean (ko)
Inventor
신봉준
Original Assignee
(주)더블유랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to KR1020120028683 priority Critical
Priority to KR20120028683 priority
Priority to KR20120053729 priority
Priority to KR1020120053729 priority
Application filed by (주)더블유랩 filed Critical (주)더블유랩
Application granted granted Critical
Publication of KR101214839B1 publication Critical patent/KR101214839B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0892Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • H04W12/0609Authentication using certificates or pre-shared keys

Abstract

The present invention relates to an authentication method and system. The present invention includes receiving an authentication request from a client terminal, transmitting an authentication key to the client terminal in response to the authentication request, receiving an authentication confirmation key from an authentication terminal, the authentication key and the authentication confirmation. Authenticating a user identifier associated with the authentication terminal based on a key; and transmitting authentication approval information according to a result of the authentication to a service providing server.

Description

Authentication method and system {AUTHENTICATION METHOD AND AUTHENTICATION SYSTEM}

The present invention relates to an authentication method and an authentication system, and more particularly, to a method and system for authenticating a user to an electronic terminal connected to the authentication system.

In general, online user authentication is performed by entering an ID and password in a user terminal. The ID and password input to the user terminal are transmitted to the authentication system, and the authentication system authenticates the user by determining whether the input ID and password match the ID and password stored in the database. This ID-password authentication method is used in most online sites because of the simplicity of the authentication process.

However, this ID-password authentication method has a disadvantage in that it is vulnerable to hacking of the user terminal. For example, a hacker can find out the user's ID and password by breaking into the user terminal and intercepting the keyboard input of the user terminal. In addition, many users do not change their usernames and passwords periodically, and because many online sites use the same usernames and passwords. This will cause additional damage to the password.

The risk of the authentication method of the ID-password input method is widely known through various damage cases. Accordingly, financial transaction sites such as banks and credit card companies, which are very sensitive to ID-password exposure, are required to install a keyboard anti-hook program, and in addition, it is recommended to use an official certificate and OTP (One time password). . However, in order to use the authentication method using the public certificate and the OTP, the user has to carry the public certificate and the OTP generator, which is cumbersome to use.

In addition, the use of public certificates and OTP generators does not fundamentally block keyboard hooking, so the possibility of hacking remains.

In this regard, Korean Patent No. 10-1087698 discloses a method of analyzing a feature of a user's face image by using a face authentication application and a camera to enhance security in the authentication process, and using the same for authentication.

It is an object of the present invention to provide an authentication method and an authentication system secured from keyboard hooking since there is no need to enter an ID and password.

It is another object of the present invention to provide an authentication method and an authentication system in which an authentication server provides authentication of each user terminal user to at least two service providing servers so that each service providing server can be free from the risk of authentication error.

Still another object of the present invention is to provide a method and an authentication system capable of minimizing resources for authentication by clearly separating the roles of the service providing server and the authentication server.

Still another object of the present invention is to provide an authentication method and an authentication system capable of selecting a user identifier to be authenticated among a plurality of user identifiers associated with an authentication terminal.

It is to provide an authentication method and an authentication system that can be easily linked to any kind or type of service providing server by providing an authentication web server providing authentication for the service providing server as an independent web service.

Technical means for achieving the above-described technical problem, the authentication method according to the first aspect of the present invention, receiving an authentication request from a client terminal, transmitting an authentication key to the client terminal in response to the authentication request Receiving an authentication confirmation key from an authentication terminal, performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key, and authenticating authentication information according to the authentication result. Transmitting to the service providing server.

In the authentication method according to the second aspect of the present invention, receiving an authentication key request from a service providing server, transmitting an authentication key to the service providing server, receiving an authentication confirmation key from an authentication terminal, the authentication Authenticating a user identifier associated with the authentication terminal based on a key and the authentication confirmation key; and transmitting authentication approval information according to a result of the authentication to a service providing server.

The authentication method according to the third aspect of the present invention comprises the steps of: receiving an authentication request from a client terminal, transmitting an authentication key to the client terminal in response to the authentication request, and receiving an authentication confirmation key from an authentication terminal. And performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key, and transmitting authentication approval information according to the authentication performance result to the client terminal.

An authentication system according to a fourth aspect of the present invention includes an authentication request receiving unit for receiving an authentication request from a client terminal, an authentication key generation unit for generating an authentication key, and authentication for transmitting an authentication key to the client terminal in response to the authentication request. A key transmission unit, an authentication confirmation key receiving unit for receiving an authentication confirmation key from the authentication terminal, an authentication performing unit for performing authentication on the user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key and the authentication And an authentication approval processing unit which transmits authentication approval information according to a result of the execution to one or more of the client terminal and the service providing server.

In accordance with a fifth aspect of the present invention, an authentication system includes an authentication request receiving unit for receiving an authentication key request from a service providing server, an authentication key generating unit for generating an authentication key, and an authentication key transmission unit for transmitting an authentication key to the service providing server. An authentication confirmation key receiving unit for receiving an authentication confirmation key from an authentication terminal, an authentication performing unit for performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key, and the authentication result. It includes an authentication approval processing unit for transmitting the authentication approval information according to the service providing server.

According to an embodiment of the present invention having the above configuration, it is not necessary to enter the ID and password can provide a secure authentication method and authentication system from keyboard hooking.

In addition, according to another embodiment of the present invention, the authentication server provides authentication of each user terminal user to at least two or more service providing server so that each service providing server provides an authentication method and authentication system that can be free from the risk of authentication errors. Can provide.

In addition, according to another embodiment of the present invention, by clearly separating the roles of the service providing server and the authentication server, the service providing server may provide an authentication method and an authentication system capable of minimizing resources for authentication.

It is still another object of the present invention to provide an authentication method and an authentication system capable of selecting a user identifier to be authenticated among a plurality of user identifiers associated with an authentication terminal.

1 is a configuration diagram illustrating an authentication system according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of an authentication server in the authentication system according to an exemplary embodiment of the present invention.
3A and 3B illustrate examples of an authentication method according to an embodiment of the present invention.
4 is a flowchart illustrating an authentication method according to a first embodiment of the present invention.
5 is a flowchart illustrating an authentication method according to a second embodiment of the present invention.
6 is a flowchart illustrating an authentication method according to a third embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is "connected" to another part, this includes not only "directly connected" but also "electrically connected" with another element in between. . In addition, when a part is said to "include" a certain component, which means that it may further include other components, except to exclude other components unless otherwise stated.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a configuration diagram illustrating an authentication system according to an embodiment of the present invention.

The authentication system according to an embodiment of the present invention may include a client terminal 100, an authentication terminal 200, an authentication server 300, and a service providing server 400 connected to a network.

The network may be a local area network (LAN), a wide area network (WAN), a value added network (VAN), a personal local area network (PAN), or a mobile radio communication. It can be implemented in all kinds of wired and wireless networks such as a network or a satellite communication network.

The client terminal 100 and the authentication terminal 200 may be implemented as a computer, a portable terminal, a television, or the like, which may be connected to a remote server through a network or may be connected to other terminals and servers. Here, the computer includes, for example, a laptop, desktop, laptop, etc., which is equipped with a web browser, and the portable terminal is, for example, a wireless communication device that ensures portability and mobility. , Personal Communication System (PCS), Global System for Mobile communications (GSM), Personal Digital Cellular (PDC), Personal Handyphone System (PHS), Personal Digital Assistant (PDA), International Mobile Telecommunication (IMT) -2000, Code CDMA Division Multiple Access (2000), including all kinds of handheld based wireless communication devices such as W-Code Division Multiple Access (W-CDMA), Wireless Broadband Internet (WBRO) terminals, smart phones, etc. can do. In addition, the television may include an Internet Protocol Television (IPTV), an Internet Television (Internet Television), a terrestrial TV, a cable TV, or the like.

The client terminal 100 performs authentication on a service provided by the service providing server 400 through a network connection with the authentication server 300, and provides a service providing server through a network connection with the service providing server 400. You can get services.

The authentication terminal 200 may be a terminal that performs authentication together with the client terminal 100. For example, the authentication terminal 200 may be a smart phone capable of receiving predetermined authentication information displayed on the client terminal 100. However, the authentication terminal 200 is not limited to a smartphone, and may include any type of terminal capable of transmitting and receiving data with the authentication server 300 such as a mobile phone, a PDA, a notebook computer, and a PC.

The authentication server 300 is connected to the network with the client terminal 100, the authentication terminal 200 and the service providing server 400 to transmit and receive data, to generate an authentication key and transmit it to the client terminal 100 The authentication confirmation key may be received from the authentication terminal to perform authentication. In addition, the authentication server 300 provides the authentication approval information according to the result of the authentication to the service providing server 400.

The service providing server 400 is a server providing a service to the client terminal 100, and may form a service providing session with the client terminal 100 according to an authentication request of the client terminal 100. The service providing server 400 may include, for example, any type of server that provides a service that requires user authentication, such as a game server, an online banking server, an online shopping mall server, a portal service providing server, and the like.

According to one embodiment of the invention, the service providing server 400 receives the authentication approval information for the client terminal 100 from the authentication server 300, and forms a service providing session for the client terminal 100 Can provide services.

2 is a block diagram illustrating a configuration of an authentication server in an authentication system according to an embodiment of the present invention, and FIGS. 3A and 3B are diagrams showing an example of an authentication method according to an embodiment of the present invention. .

According to one embodiment of the invention, the authentication server 300, the authentication request receiving unit 310, authentication key generation unit 320, authentication key transmission unit 330, authentication confirmation key receiving unit 340, authentication performing unit ( 350 and an authentication approval processing unit 360.

The authentication request receiver 310 receives an authentication request from the client terminal 100.

The authentication request may include one or more of a service identifier, a client identifier, and a user identifier.

The service identifier is identification information that can identify the service providing server 400 and the other service providing server 400 and may include, for example, a host address, a serial number, a uniform resource identifier (URI) .

The service identifier may be included in the authentication request of the client terminal 100 and may identify a target to which a service providing session is to be formed with the client terminal 100 according to the authentication performance result. For example, when a user performs authentication at the authentication server 300 and needs to log in to NAVER, for example, the authentication server 300 may determine a service identifier of the service providing server 400 providing a service of NAVER. Will need.

The client identifier refers to identification information for identifying the client terminal 100 and another client terminal that transmits the authentication request. For example, an IP address, a serial number (SN), and a Mac address (Mac Address) may be used. And the like. However, the client identifier is not limited thereto, and may include both identification information that can identify the client terminal to other client terminals.

The user identifier is an identifier that allows an individual to be distinguished from other users, and may be, for example, a resident registration number, an i-PIN (Internet Personal Identification Number), or a personal ID.

According to an embodiment of the present invention, the user identifier is a personal ID (ID) at the authentication server 300 or the service providing server 400, or an identifier corresponding to the personal ID (ID) at the service providing server 400. Can be. For example, when a user needs to perform authentication through the authentication server 300 in order to use a web service provided by the service providing server 400, the authentication server 300 may require an ID of the user. . In this case, the service providing server 400 may not provide the user's ID to the authentication server 300 as it is for the protection of personal information of the corresponding web service user, but may provide the user's ID as an alias. For example, if the ID of the user's web service is 'abcd1234', the service providing server 400 does not provide 'abcd1234' to the authentication server 300, but the authentication management ID corresponding to 'abcd1234'. 'id_000001' may be provided to the authentication server 300. Subsequently, the service providing server 400 receives authentication approval information for 'id_000001' from the authentication server 300 and, for example, an authentication session for the actual ID 'abcd1234' in the web service corresponding to 'id_000001'. Can be formed.

The authentication key generation unit 320 generates an authentication key in response to the authentication request received from the client terminal 100.

The authentication key may include, for example, one or more of one-dimensional bar code, QR code, color bar code, text, image, and smart tag. The authentication key may be any code randomly generated, and may further include a validity check code for determining the validity of a code such as a checksum. In addition, the authentication key may include a client identifier or a service identifier of the client terminal 100 requesting authentication.

The authentication key generation unit 320 may extract, for example, one or more of a service identifier, a client identifier, and a user identifier from the authentication request and use the same to generate the authentication key.

The authentication key generator 320 may store the generated authentication key in an authentication key storage (not shown). In addition, the authentication key generation unit 320 may store a service identifier, a client identifier, a user identifier, and the like together with the authentication key. The service identifier or client identifier included in the authentication key may be extracted again from the authentication key. For example, the authentication performing unit 350, which will be described later, may extract a service identifier, a client identifier, etc. from the authentication key and use it in the authentication process. have.

The authentication key transmitter 330 transmits the authentication key to the client terminal 100.

The authentication key transmitted to the client terminal 100 by the authentication key transmission unit 330 is displayed on the client terminal 100, and the client terminal 100 receives the received authentication key, for example, a QR code ( 100). If the received authentication key is not in the form of a QR code, the authentication key may be converted into a QR code and displayed.

The authentication confirmation key receiving unit 340 receives the authentication confirmation key from the authentication terminal 200.

According to an embodiment of the present invention, the user may proceed with the authentication procedure by inputting the authentication confirmation key to the authentication terminal 200 based on the authentication key displayed on the client terminal 100.

The authentication confirmation key is a key corresponding to the authentication key displayed on the client terminal 100 and is a key input to the authentication terminal 200 to inform the authentication server 300 that the user has received the authentication key.

The authentication confirmation key may be the same as the authentication key generated by the authentication server 300, or may be modified by a certain rule. According to an embodiment of the present invention, the authentication terminal 200 may receive an authentication confirmation key by scanning an authentication key displayed on a screen of the client terminal 100, for example, a QR code. Also, for example, if the authentication key generated by the authentication server 300 is converted into a QR code on the client terminal 100 and displayed, the authentication terminal 200 scans the QR code and reversely converts the QR code to authenticate. Can be used as a confirmation key. In this case, the authentication confirmation key receiving unit 340 may receive the same authentication confirmation key as the authentication key.

In the above example, the authentication key is displayed as a QR code as an example, but is not limited thereto. The authentication key may be displayed in the form of text, or may be displayed in the form of an image including data such as one-dimensional barcode, color barcode, smart tag, and the like. Alternatively, in order to make it difficult for a user to decrypt the authentication key code, an image may be generated and displayed on a screen by hiding an encrypted code at a specific position on the picture. In addition, the display method of the authentication key is not limited to the visual display on the screen. The authentication key may be output in the form of sound through an output device of the client terminal 100, for example, a speaker, or may be displayed through any method for transmitting information.

When the authentication key displayed on the client terminal 100 is text, the authentication terminal 200 may receive an authentication confirmation key by using a keyboard or a touch pad, and the authentication key displayed by the client terminal 100 is an image. In this case, the authentication terminal 200 may receive an authentication confirmation key through a camera included in the authentication terminal 200. When the authentication key displayed by the client terminal 100 is in the form of a sound, the authentication confirmation key may be input through a microphone included in the authentication terminal 200. In addition, when the authentication key displayed on the client terminal 100 includes recognizable text in the text or image, the authentication confirmation key may be received through voice input.

The authentication confirmation key receiving unit 340 may receive an authentication confirmation key and an authentication terminal identifier together from the authentication terminal 200. Here, the authentication terminal identifier refers to identification information for identifying the authentication terminal 200 with another authentication terminal 200, and is matched with the authentication terminal 200 in the authentication performing unit 350 to be described later. It may be utilized in tasks such as selecting a user to be authenticated among a plurality of users.

Meanwhile, the terminal identifier for authentication may be transmitted to the authentication server 300 at the same time as the authentication confirmation key, but is not necessarily limited thereto. For example, before the authentication terminal 200 logs in to the authentication server 300 before transmitting the authentication confirmation key, it forms a session with the authentication server 300 in advance and transmits the terminal identifier for authentication to the authentication server 300. You can also do it.

The authentication performing unit 350 performs authentication on the user identifier associated with the authentication terminal 200 based on the authentication key transmitted to the client terminal 100 and the authentication confirmation key received from the authentication terminal 200.

The authentication performing unit 350 may perform authentication on a user identifier associated with the authentication terminal 200.

According to an embodiment of the present invention, the authentication performing unit 350 may request a user identifier stored in the authentication terminal 200 from the authentication terminal 200. The authentication performing unit 350 may receive a user identifier from the authentication terminal 200 and perform authentication on the received user identifier. For example, if a user identifier 'patent_1234' is stored in the local storage of the authentication terminal 200, the authentication performing unit 350 may call the user identifier and use it to perform authentication. In addition, when receiving a plurality of user identifiers from the authentication terminal 200, the authentication performing unit 350 may request the authentication terminal 200 to select any one of the plurality of user identifiers, and the user authenticates. The user terminal 200 may perform authentication on the selected user identifier.

According to an embodiment of the present invention, the authentication performing unit 350 transmits a plurality of user identifiers associated with the authentication terminal 200 to the authentication terminal 200, and a plurality of user identifiers from the authentication terminal 200. Any one of the user identifier can be received. For example, when a user uses the authentication terminal 200 to use a mail service, and a user identifier, for example, has a plurality of mail accounts of a user, select one of the plurality of accounts as an authentication target. Can be.

Referring to the example illustrated in FIG. 3A, the authentication performing unit 350 converts 'patent_1234', 'goodman', and 'tm_0123' as the user identifier 31 associated with the authentication terminal 200 to the authentication terminal 200. Can transmit

The authentication performing unit 350 may transmit the user identifier and the service identifier together in the process of transmitting the plurality of user identifiers associated with the authentication terminal 200 to the authentication terminal 200. That is, the service identifier and the user identifier may be associated and transmitted to the authentication terminal 200. For example, 'naver'-'patent_1234', 'naver'-'goodman', 'daum'-'tm_0123' The service identifier and the user identifier can be transmitted together.

For example, in order for a user to use a predetermined service in the client terminal 100, the user performs authentication through the authentication server 300 without accessing the service providing server 400 providing the corresponding service and performing authentication. In the case of accessing the service providing server 400 afterwards, since the authentication server 300 does not know which service the user intends to use, the user identifier and service identifier associated with the authentication terminal 200 used for authentication are used. All of them may be provided, and authentication of a corresponding service may be performed by selecting an authentication target service identifier from a user.

According to an embodiment of the present invention, the authentication performing unit 350 may extract a plurality of user identifiers matching the terminal identifier for authentication from the user information database 390 to be used for authentication. For example, the authentication performing unit 350 transmits the extracted plurality of user identifiers to the authentication terminal 200, receives a user identifier to be authenticated from the authentication terminal 200, and transmits the user identifier to the corresponding user identifier. Authentication can be performed.

Here, the authentication terminal identifier may be received through, for example, the authentication confirmation key receiver 340 described above, or may be received from the authentication server 300 before the authentication confirmation key is received.

When there is no user identifier matching the terminal identifier for authentication in the user information database 390, the terminal for authentication 200 may be determined not to be registered in the authentication server 300. In this case, the authentication system may reject the authentication request and end the authentication procedure, or may register a user identifier for authentication from the authentication terminal 200.

According to another embodiment of the present invention, the authentication performing unit 350 transmits a user identifier 33 associated with the authentication terminal 200 to the authentication terminal 200, and from the authentication terminal 200, the user identifier. Whether or not can be received.

Referring to the example illustrated in FIG. 3B, the authentication performing unit 350 transmits 'patent_1234' as the user identifier 31 associated with the authentication terminal 200 to the authentication terminal 200, and the authentication terminal 200. ), Whether or not to perform a login, for example, with the corresponding user identifier. According to the example of FIG. 3B, when the user identifier 33, 'patent_1234', received from the authentication system is a user identifier to log in, for example, the user clicks the select button 35 to authenticate with the user identifier. Can be performed.

The authentication performing unit 350 corresponds to the authentication key if the authentication confirmation key received from the authentication terminal 200 is the same as the authentication key transmitted to the client terminal 100 or is converted according to a predetermined rule. You can judge that.

When the authentication server 300 stores the authentication key in the authentication key store (not shown) before transmitting the authentication key to the client terminal 100, the authentication performing unit 350 is provided with an authentication key corresponding to the authentication confirmation key. The authentication may be performed based on the existence of the authentication key by searching from the authentication key store. That is, when the authentication key and the corresponding authentication key is not stored in the authentication key store, it may be determined that the authentication key is not issued. Thus, the authentication request can be rejected and the authentication procedure can be terminated.

The authentication performing unit 350 may determine the validity of the authentication confirmation key before performing authentication. For example, when the authentication key includes a validation code, the authentication performing unit 350 determines whether the validation code included in the authentication confirmation key conforms to a predetermined rule, such as a checksum rule, for authentication. The validity of the confirmation key can be determined.

The authentication approval processing unit 360 according to an embodiment of the present invention transmits the authentication approval information according to the authentication performance result to one or more of the client terminal 100 and the service providing server 400.

The certification approval information may include a result code indicating that the certification has been approved or that the certification has failed. In addition, the authentication approval information may include one or more of a client identifier and a user identifier. Here, the user identifier may be a user identifier selected for authentication by the authentication performing unit 350.

The authentication approval processing unit 360 may transmit the authentication approval information to one or more of the client terminal 100 and the service providing server 400. The transmission target of the authentication approval information may vary depending on the configuration of the authentication system.

For example, when the authentication server 300 and the service providing server 400 in the authentication system are separated, the subject performing authentication is the authentication server 300, but the service is provided to the user according to the authentication result. Since the subject is the service providing server 400, the authentication server 300 may transmit authentication approval information according to a result of performing authentication to the service providing server 400.

According to an embodiment of the present invention, the authentication approval processing unit 360 may provide authentication approval information to both the client terminal 100 and the service providing server 400. Through this, the authentication system can reduce the risk of authentication error and can perform authentication with more security.

For example, when the client terminal 100 requests a service from the service providing server 400 based on the authentication approval information, if the service providing server 400 knows in advance whether the client terminal 100 has approved the authentication, The client terminal 100 may, for example, control requesting a service based on false authentication authorization information.

According to an embodiment of the present invention, the authentication approval processing unit 360 may transmit the authentication approval information to the authentication terminal 200 in addition to the client terminal 100 and the service providing server 400. Through this, the authentication terminal 200 may perform additional operations based on authentication with one or more of the client terminal 100 and the service providing server 400 based on the authentication approval information. For example, the authentication terminal 200 may perform a session release request between the client terminal 100 and the service providing server 400 based on the authentication approval information.

According to an embodiment of the present invention, the service providing server 400 may be a set of a plurality of servers providing the same service, in which case the authentication approval processing unit 360 may provide authentication approval information to all of the plurality of servers. Alternatively, the authentication approval information may be provided to only one of the plurality of servers, and the server provided with the authentication approval information may share the authentication approval information by broadcasting to the remaining servers.

The authentication approval processor 360 may determine the service providing server 400 to which the authentication approval information is transmitted based on the service identifier included in the authentication request.

According to an embodiment of the present invention, the service providing server 400 receives authentication approval information from the authentication server 300, and establishes, for example, an authentication session on the client terminal 100, so that the user can use the service. To be. This completes the authentication procedure for the user to use the service of the service providing server 400.

As another example, when the authentication server 300 and the service providing server 400 are integrally configured to form an integrated authentication server, for example, since the integrated authentication server performs authentication and service provision together, the integrated authentication server May transmit the authentication approval information according to the authentication performance result to the client terminal 100.

The user information database 390 may store user information including a user identifier and a terminal identifier for authentication.

The user identifier and the terminal identifier for authentication may be input and stored when the user registers for the authentication system according to an embodiment of the present invention. The authentication terminal identifier refers to an identifier for distinguishing it from other authentication terminals, and may be, for example, a unique value assigned to a terminal such as a serial number (SN) and a MAC address of the authentication terminal. . However, the present invention is not limited thereto, and the terminal identifier for authentication may be an identifier that can be distinguished from other terminals for authentication, even if it is not a unique value assigned to the terminal. For example, in the case of a mobile phone or a smartphone, the terminal identifier for authentication may be a Universal Subscriber Identity Module (USIM) card number or a mobile phone number, or the terminal for authentication 200 accesses the authentication server 300. It may be the ID you need. Alternatively, the authentication terminal identifier may be a combination of at least two or more of the above-listed serial number, Mac address, USIM card number, mobile communication number and ID. For example, a serial terminal, a USIM card number, and a mobile communication number of the smartphone may be combined to generate one terminal identifier for authentication, and may be stored in the user information database 390. By generating a terminal identifier for authentication by combining a plurality of identifiers, even if any one of the serial number, USIM card number, mobile communication number of the authentication terminal 200 is exposed to others can reduce the possibility of theft. In addition, the terminal identifier for authentication may include a soft key. The soft key may be granted by the authentication terminal 200 from the authentication server 300 or the service providing server 400, and the authentication terminal 200 may be previously provided with the authentication server 300 or the service providing server 400. You can also create and use a shared algorithm. For example, in the process of the user performing authentication through the authentication terminal 200, the soft terminal synchronized with each other between the authentication terminal 200 and the authentication server 300, the authentication terminal 200 and the authentication server. Each of the 300 records can be utilized.

The user information database 390 may match and store the user identifier and the authentication terminal identifier, and thus may extract a user identifier matching the authentication terminal identifier from the user information database 390.

4 is a flowchart illustrating an authentication method according to a first embodiment of the present invention.

The authentication method according to the embodiment shown in FIG. 4 includes steps that are processed in time series on the authentication server 300 shown in FIG. 2, and includes a client terminal 100, an authentication terminal 200, and a service providing server ( And processing on 400). Therefore, the following description of the authentication server 300 shown in FIG. 2 may be applied to the authentication method according to the embodiment shown in FIG. .

In this regard, the authentication system receives an authentication request from the client terminal 100 (S4100).

In addition, the authentication system transmits the authentication key to the client terminal 100 in response to the authentication request (S4200).

In addition, the authentication system receives an authentication confirmation key from the authentication terminal 200 (S4300).

In addition, the authentication system performs authentication on the user identifier associated with the authentication terminal 200 based on the authentication key transmitted to the client terminal 100 and the authentication confirmation key received from the authentication terminal 200 (S4400). .

In addition, the authentication system transmits the authentication approval information according to the result of the authentication to the service providing server 400 (S4500).

Here, the step S4500 may include a method indirectly provided in addition to the method in which the authentication server 300 directly transmits the authentication approval information to the service providing server 400.

For example, in step S4500, the authentication server 300 transmits the authentication approval information to the client terminal 100, and the client terminal 100 requests or authenticates the service to the service providing server 400 based on the authentication approval information. Performing a verification request, requesting confirmation of whether the corresponding client terminal 100 is authenticated by the service providing server 400 to the authentication server 300, and authenticating the authentication server 300 to the service providing server 400. The method may include transmitting authentication approval information for the corresponding client terminal 100. As such, the authentication server 300 indirectly transmits the authentication approval information to the service providing server 400, so that, for example, the client terminal 100 receives the service from the service providing server 400 based on the false authentication approval information. It can be prevented from being provided. In addition, in a financial service, for example, after a predetermined time elapses after the client terminal 100 receives an authentication approval through the authentication server 300, it is necessary to perform re-authentication due to security problems. As described above, a method of indirectly providing authentication approval information may be utilized. That is, when the authentication server 300 transmits the authentication approval information to the client terminal 100 and the service providing server 400 confirms the request to the authentication server 300 as to whether the client terminal 100 performs authentication. Normal service may be provided only when the time difference is within a preset time.

In addition, the authentication server 300 may transmit the authentication approval information to the client terminal 100 as well as the service providing server 400 in step S4500.

The authentication server 300 may provide authentication approval information to both the client terminal 100 and the service providing server 400. Through this, the authentication system can reduce the risk of authentication error and can perform authentication with more security.

For example, when the client terminal 100 requests a service from the service providing server 400 based on the authentication approval information, if the service providing server 400 knows in advance whether the client terminal 100 has approved the authentication, The client terminal 100 may, for example, control requesting a service based on false authentication authorization information.

The authentication system according to an embodiment of the present invention performs the authentication for the service providing server 400 of the client terminal 100 through the above process, and if the authentication is successful, the service providing server 400 is the client terminal 100 ) Can establish an authentication session.

For example, when the authentication server 300 transmits the authentication approval information to the service providing server 400 in step S4500, the service providing server 400 forms an authentication session with the specific client terminal 100 on which authentication has been performed. You are ready to go. Thereafter, when the client terminal 100 makes a service request or an authentication confirmation request to the service providing server 400, the service providing server 400 may form an authentication session with the corresponding client terminal 100.

According to an embodiment of the present invention, the client terminal 100 starts the service providing server 400 from a predetermined time point, such as a time point for transmitting an authentication request to the authentication server 300, a time point for receiving an authentication key from the authentication server 300. ) Can periodically check for authentication. For example, when the authentication server 300 provides the authentication approval information only to the service providing server 400, the client terminal 100 may not know when the authentication is completed. In addition, even from the perspective of the service providing server 400, although the specific client terminal 100 can receive authentication approval information from the authentication server 300 that the authentication is completed, depending on the configuration of the system with the client terminal 100 This is because it may be necessary to receive a request from the client terminal 100 to establish an authentication session.

5 is a flowchart illustrating an authentication method according to a second embodiment of the present invention.

The authentication method according to the embodiment shown in FIG. 5 includes steps processed in time series on the authentication server 300 shown in FIG. 2, and includes a client terminal 100, an authentication terminal 200, and a service providing server ( And processing on 400). Therefore, the following descriptions regarding the authentication server 300 shown in FIG. 2 may be applied to the authentication method according to the embodiment shown in FIG. .

In this regard, the authentication system receives an authentication key request from the service providing server 400 (S5100).

In addition, the authentication system transmits the authentication key to the service providing server 400 in response to the authentication key request (S5200).

In addition, the authentication system receives an authentication confirmation key from the authentication terminal 200 (S5300).

In addition, the authentication system performs authentication on the user identifier associated with the authentication terminal 200 based on the authentication key transmitted to the service providing server 400 and the authentication confirmation key received from the authentication terminal 200 (S5400). ).

In addition, the authentication system transmits the authentication approval information according to the result of the authentication to the service providing server 400 (S5500).

Here, step S5500 may include a method indirectly provided in addition to the method in which the authentication server 300 directly transmits the authentication approval information to the service providing server 400. Description of this is omitted since it has been described above in the description of FIG. 4.

6 is a flowchart illustrating an authentication method according to a third embodiment of the present invention.

The authentication method according to the embodiment shown in FIG. 6 includes steps processed in time series on the authentication server 300 shown in FIG. 2, and includes a client terminal 100, an authentication terminal 200, and a service providing server ( And processing on 400). Therefore, the following description of the authentication server 300 shown in FIG. 2 may be applied to the authentication method according to the embodiment shown in FIG. .

In this regard, the authentication system receives an authentication request from the client terminal (S6100).

In addition, the authentication system transmits the authentication key to the client terminal 100 in response to the authentication request (S6200).

In addition, the authentication system receives an authentication confirmation key from the authentication terminal 200 (S6300).

In addition, the authentication system performs authentication on the user identifier associated with the authentication terminal 200 based on the authentication key transmitted to the client terminal 100 and the authentication confirmation key received from the authentication terminal 200 (S6400). .

In addition, the authentication system transmits the authentication approval information according to the authentication result to the client terminal 100 (S6500).

Here, the step S6500 may include a method indirectly provided in addition to the method in which the authentication server 300 directly transmits the authentication approval information to the service providing server 400. The description thereof will be omitted since it is described above in the description of FIG. 4.

After operation S6500, the client terminal 100 according to an embodiment of the present invention may perform an authentication confirmation request to the service providing server 400 based on the authentication approval information.

Subsequently, the service providing server 400 according to an embodiment of the present invention makes a verification request to the authentication server 300 as to whether or not the client terminal 100 that has made an authentication verification request is authenticated, and receives the verification request. 300 may provide the service providing server 400 with whether the client terminal 100 is authenticated.

When the client terminal 100 is a terminal successfully authenticated by the authentication server 300, the service providing server 400 may form an authentication session with the corresponding client terminal 100.

The authentication method according to the embodiments described with reference to FIGS. 4, 5 and 6 may also be implemented in the form of a recording medium including instructions executable by a computer, such as a program module executed by the computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.

The foregoing description of the present invention is intended for illustration, and it will be understood by those skilled in the art that the present invention may be easily modified in other specific forms without changing the technical spirit or essential features of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is shown by the following claims rather than the above description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

Claims (17)

  1. In the method for performing authentication, the authentication server connected to the service providing server and the terminal for authentication,
    (a) receiving an authentication request from a client terminal;
    (b) transmitting an authentication key to the client terminal in response to the authentication request;
    (c) receiving an authentication confirmation key from the authentication terminal;
    (d) performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key; And
    (e) transmitting authentication approval information according to a result of performing the authentication to a service providing server,
    The step (d)
    (d-1) transmitting a plurality of user identifiers associated with the authentication terminal to the authentication terminal;
    (d-2) receiving one of the plurality of user identifiers from the authentication terminal; And
    (d-3) performing authentication for any one of the user identifiers.
  2. In the method for performing authentication, the authentication server connected to the service providing server and the terminal for authentication,
    (a) receiving an authentication key request from a service providing server;
    (b) transmitting an authentication key to the service providing server;
    (c) receiving an authentication confirmation key from the authentication terminal;
    (d) performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key; And
    (e) transmitting authentication approval information according to a result of performing the authentication to a service providing server,
    The step (d)
    (d-1) transmitting a plurality of user identifiers associated with the authentication terminal to the authentication terminal;
    (d-2) receiving one of the plurality of user identifiers from the authentication terminal; And
    (d-3) performing authentication for any one of the user identifiers.
  3. In the method for the authentication server to perform authentication,
    (a) receiving an authentication request from a client terminal;
    (b) transmitting an authentication key to the client terminal in response to the authentication request;
    (c) receiving an authentication confirmation key from the authentication terminal;
    (d) performing authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key; And
    (e) transmitting authentication approval information according to the authentication performance result to the client terminal,
    The step (d)
    (d-1) transmitting a plurality of user identifiers associated with the authentication terminal to the authentication terminal;
    (d-2) receiving one of the plurality of user identifiers from the authentication terminal; And
    (d-3) performing authentication for any one of the user identifiers.
  4. delete
  5. The method according to any one of claims 1 to 3,
    The step (c)
    Further receiving an authentication terminal identifier from the authentication terminal,
    Step (d-1),
    Extracting the plurality of user identifiers matching the terminal identifier for authentication from a user information database,
    The authentication approval information includes any one user identifier.
  6. delete
  7. The method according to claim 1 or 3,
    Step (d-1),
    Extracting a plurality of user identifiers matching the client identifiers of the client terminals from a user information database;
    Extracting a user identifier associated with the authentication terminal from among the plurality of user identifiers.
  8. delete
  9. The method of claim 1,
    In step (e),
    Determining the service providing server based on the authentication request.
  10. The method of claim 1,
    Wherein the authentication request includes one or more of a service identifier, a client identifier, and a user identifier.
  11. The method of claim 1,
    And the authentication authorization information comprises one or more of a client identifier and a user identifier.
  12. 4. The method according to any one of claims 1 to 3,
    The authentication key,
    An authentication method comprising one or more of a one-dimensional barcode, QR code, color barcode, text, image, and smart tag.
  13. In the authentication system,
    An authentication request receiving unit receiving an authentication request from a client terminal;
    Authentication key generation unit for generating an authentication key;
    An authentication key transmitter for transmitting an authentication key to the client terminal in response to the authentication request;
    An authentication confirmation key receiving unit for receiving an authentication confirmation key from an authentication terminal;
    An authentication performing unit configured to perform authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key; And
    An authentication approval processing unit which transmits authentication approval information according to a result of the authentication to one or more of the client terminal and the service providing server;
    The authentication performing unit,
    Transmit a plurality of user identifiers associated with the authentication terminal to the authentication terminal, Receive any one of the plurality of user identifiers from the authentication terminal, and perform authentication on any one user identifier Authentication system.
  14. In the authentication system,
    An authentication request receiver for receiving an authentication key request from a service providing server;
    Authentication key generation unit for generating an authentication key;
    An authentication key transmission unit for transmitting an authentication key to the service providing server;
    An authentication confirmation key receiving unit for receiving an authentication confirmation key from an authentication terminal;
    An authentication performing unit configured to perform authentication on a user identifier associated with the authentication terminal based on the authentication key and the authentication confirmation key; And
    An authentication approval processing unit which transmits authentication approval information according to a result of performing the authentication to the service providing server,
    The authentication performing unit,
    Transmit a plurality of user identifiers associated with the authentication terminal to the authentication terminal, Receive any one of the plurality of user identifiers from the authentication terminal, and perform authentication on any one user identifier Authentication system.
  15. delete
  16. The method according to claim 13 or 14,
    The authentication confirmation key receiving unit,
    Further receiving an authentication terminal identifier from the authentication terminal,
    The authentication performing unit,
    Extracting the plurality of user identifiers matching the terminal identifier for authentication from a user information database, and transmitting the extracted user identifiers to the terminal for authentication;
    The authentication approval information includes any one user identifier.
  17. The method according to claim 13 or 14,
    The authentication performing unit,
    And transmitting the user identifier associated with the authentication terminal to the authentication terminal, receiving the authentication of the user identifier from the authentication terminal, and performing authentication on the user identifier.
KR1020120068368A 2012-03-21 2012-06-26 Authentication method and authentication system KR101214839B1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR1020120028683 2012-03-21
KR20120028683 2012-03-21
KR20120053729 2012-05-21
KR1020120053729 2012-05-21

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2013/002296 WO2013141602A1 (en) 2012-03-21 2013-03-20 Authentication method and system for same

Publications (1)

Publication Number Publication Date
KR101214839B1 true KR101214839B1 (en) 2012-12-24

Family

ID=47908141

Family Applications (3)

Application Number Title Priority Date Filing Date
KR1020120068376A KR101214836B1 (en) 2012-03-21 2012-06-26 Authentication method and authentication system
KR1020120068368A KR101214839B1 (en) 2012-03-21 2012-06-26 Authentication method and authentication system
KR1020120145070A KR20130107188A (en) 2012-03-21 2012-12-13 Server and method for authentication using sound code

Family Applications Before (1)

Application Number Title Priority Date Filing Date
KR1020120068376A KR101214836B1 (en) 2012-03-21 2012-06-26 Authentication method and authentication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
KR1020120145070A KR20130107188A (en) 2012-03-21 2012-12-13 Server and method for authentication using sound code

Country Status (2)

Country Link
KR (3) KR101214836B1 (en)
WO (2) WO2013141602A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101757692B1 (en) 2015-06-19 2017-07-14 주식회사 경동원 Remote control system of home network device using token server authentication and method thereof
KR101809012B1 (en) * 2016-07-13 2017-12-14 주식회사 비케이소프트 System, method and program for detecting replica by client key
WO2018012672A1 (en) * 2016-07-13 2018-01-18 주식회사 비케이소프트 Private key-based forgery detection system, method and program
WO2018012673A1 (en) * 2016-07-13 2018-01-18 주식회사 비케이소프트 Client key-based forgery detection system, method and program
KR102123405B1 (en) * 2016-02-23 2020-06-16 최건 System and method for providing security membership and login hosting service

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9578451B2 (en) 2013-10-20 2017-02-21 Lg Electronics Inc. Method and device for performing wireless connection between devices in wireless communication system
KR101648932B1 (en) 2015-04-28 2016-08-30 주식회사 사운드잇 Method for unlocking door-lock device and door-lock device
WO2017051947A1 (en) * 2015-09-24 2017-03-30 (주) 이스트몹 P2p transmission method and program having enhanced security
KR101747743B1 (en) * 2016-01-05 2017-06-15 케이티비솔루션 주식회사 Method for processing user certification using sign information providing personalized pass rate
WO2018093012A1 (en) * 2016-11-16 2018-05-24 망고슬래브 주식회사 Printer system and method for printing restickable note
KR101725324B1 (en) * 2016-11-16 2017-04-11 망고슬래브 주식회사 Printer system for printing a repositionable note and a method thereof
KR101984838B1 (en) * 2017-06-21 2019-09-03 주식회사 아이티스테이션 Method and system for managing security of client terminal using portable terminal
WO2019103289A1 (en) * 2017-11-24 2019-05-31 모비두 주식회사 Sound wave communication platform, communication method using sound wave signal, and device therefor
KR102025524B1 (en) * 2017-11-24 2019-09-26 모비두 주식회사 Communication platform based on sound
WO2019235802A1 (en) * 2018-06-04 2019-12-12 엘지전자 주식회사 User authentication method through bluetooth device and device therefor

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100372683B1 (en) 2000-03-07 2003-02-17 주식회사 모비젠 User authentification system and the method using personal mobile device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060118247A (en) * 2005-05-16 2006-11-23 에스케이 텔레콤주식회사 System and method for security of information
KR100858144B1 (en) * 2006-12-29 2008-09-10 주식회사 케이티프리텔 User authentication method in internet site using mobile and device thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100372683B1 (en) 2000-03-07 2003-02-17 주식회사 모비젠 User authentification system and the method using personal mobile device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101757692B1 (en) 2015-06-19 2017-07-14 주식회사 경동원 Remote control system of home network device using token server authentication and method thereof
KR102123405B1 (en) * 2016-02-23 2020-06-16 최건 System and method for providing security membership and login hosting service
KR101809012B1 (en) * 2016-07-13 2017-12-14 주식회사 비케이소프트 System, method and program for detecting replica by client key
WO2018012672A1 (en) * 2016-07-13 2018-01-18 주식회사 비케이소프트 Private key-based forgery detection system, method and program
WO2018012673A1 (en) * 2016-07-13 2018-01-18 주식회사 비케이소프트 Client key-based forgery detection system, method and program
KR101839348B1 (en) * 2016-07-13 2018-03-22 주식회사 비케이소프트 System, method and program for detecting replica by individual key

Also Published As

Publication number Publication date
KR20130107188A (en) 2013-10-01
WO2013141602A1 (en) 2013-09-26
KR101214836B1 (en) 2012-12-24
WO2013141632A1 (en) 2013-09-26

Similar Documents

Publication Publication Date Title
US10348715B2 (en) Computer-implemented systems and methods of device based, internet-centric, authentication
US9990489B2 (en) System and method for peer to peer mobile contextual authentication
US9405889B2 (en) Device, method, and system for augmented reality security
US10735419B2 (en) Techniques for authentication via a mobile device
ES2701926T3 (en) Method and system to verify an account operation
US10050952B2 (en) Smart phone login using QR code
US8739266B2 (en) Universal authentication token
CN104065653B (en) A kind of interactive auth method, device, system and relevant device
JP5843941B2 (en) Flexible quasi-out-of-band authentication structure
US10187797B2 (en) Code-based authorization of mobile device
KR101671351B1 (en) Privacy enhanced key management for a web service provider using a converged security engine
DK2885904T3 (en) Procedure for user-easy authentication and device using a mobile application for authentication
US9979720B2 (en) Passwordless strong authentication using trusted devices
EP2901616B1 (en) Method for mobile security context authentication
US9537661B2 (en) Password-less authentication service
ES2553222T3 (en) Enhanced 2CHK authentication security with query transactions
US9130929B2 (en) Systems and methods for using imaging to authenticate online users
US9813236B2 (en) Multi-factor authentication using a smartcard
US8751794B2 (en) System and method for secure nework login
KR101699733B1 (en) Barcode authentication for resource requests
US9027085B2 (en) Method, system and program product for secure authentication
JP5719871B2 (en) Method and apparatus for preventing phishing attacks
US8689290B2 (en) System and method for securing a credential via user and server verification
EP2887615A1 (en) Cloud-based scalable authentication for electronic devices
US9836594B2 (en) Service channel authentication token

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
N231 Notification of change of applicant
E701 Decision to grant or registration of patent right
N231 Notification of change of applicant
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20150911

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20161206

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20170928

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20190801

Year of fee payment: 8