KR101525154B1 - Security authentication method and apparatus therefor - Google Patents

Abstract

The present invention relates to a security authentication method and apparatus for securely protecting user data from external hacking and a method for performing security authentication of a user according to the present invention, Receiving virtual data included therein; Outputting a plurality of object selection interfaces in which each object is disposed and the object position is changeable; Setting a plurality of entities located at the same position in each entity selection interface as a combination set when the safety input device determines the position of the entity; The safety input device verifies the virtual code of each entity in the virtual data, and combines the virtual codes of the respective entities with each other to generate a plurality of multi-virtual codes classified according to the combination set; And transmitting, by the safety input device, the plurality of generated multi-virtual codes to the authentication server as authentication information of the user.

Description

[0001] DESCRIPTION [0002] Security authentication method and apparatus therefor [

The present invention relates to a security authentication technique, and more particularly, to a security authentication method and apparatus for securely protecting user data from external hacking.

As a universal method for user authentication, a password authentication method is used. The password authentication method stores an initial input password from a user, compares the password input by the user with the pre-stored password whenever necessary, and determines that the password authentication is successful if the password is identical. In addition, a technique for authenticating a user using a touch pattern set by a user is further disclosed in the existing password authentication method. The following patent document discloses a mobile terminal for authenticating a user using a pattern and a method for locking and unlocking the same.

However, passwords have various exposure possibilities. For example, a third party can watch the password input process of the user and find out the password. Further, the hacking program can hack the password input from the user terminal to find out the password.

Therefore, a password authentication method is required to prevent a third party from using a password even if the password of the user is exposed to a third party. In addition, a password input method for protecting a user's password from a peeking attack or the like is needed.

Korean Patent Publication No. 10-2009-0013432

SUMMARY OF THE INVENTION It is an object of the present invention to provide a security authentication method and apparatus for securely protecting user authentication data from shoulder surfing, hacking, and the like.

It is another object of the present invention to provide a security authentication method and an apparatus therefor, in which an authentication data input screen is exposed to others, and it is impossible for others to detect secret data of a user.

Other objects and advantages of the present invention will become apparent from the following description, and it will be understood by those skilled in the art that the present invention is not limited thereto. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

According to a first aspect of the present invention, there is provided a method of performing security authentication of a user, the security input device including: receiving virtual data including an entity-specific virtual code from an authentication server; Outputting a plurality of object selection interfaces in which each object is disposed and the object position is changeable; Setting a plurality of entities located at the same position in each entity selection interface as a combination set when the safety input device determines the position of the entity; The safety input device verifies the virtual code of each entity in the virtual data, and combines the virtual codes of the respective entities with each other to generate a plurality of multi-virtual codes classified according to the combination set; And transmitting the plurality of multi-virtual codes generated by the safety input device to the authentication server as authentication information of the user.

According to a second aspect of the present invention, there is provided a safety input device for receiving virtual data including a virtual code for each object to generate a plurality of object selection interfaces in which respective objects are arranged and object positions can be changed, An interface generating unit for outputting an output signal; And setting a plurality of entities located at the same position in each entity selection interface as a combination set, confirming a virtual code of each entity in the virtual data, And a multi-virtual code generator for generating a plurality of multi-virtual codes classified by the combination sets as security authentication information of the user by combining the sets of the combinations with each other.

According to a third aspect of the present invention, there is provided an authentication apparatus comprising: a storage unit for storing a plurality of secret entities set by a user; A virtual data providing unit for generating virtual codes for each of the plurality of secret objects and the camouflage objects and transmitting the virtual data including the virtual codes of each of the plurality of secret objects and the camouflaged objects to the communication apparatus of the user; And receiving, from the communication device, a plurality of multi-virtual codes generated by the communication device based on the input signal of the user and the virtual data, whether or not the multi-virtual code matching the authentication code exists among the plurality of multi- And an authentication unit for authenticating the user.

According to a fourth aspect of the present invention, there is provided a safety input device including: a storage unit for storing a plurality of secret objects set by a user; An interface generation unit for generating and outputting a plurality of object selection interfaces in which respective objects are arranged and whose object positions can be changed; And setting a plurality of entities located at the same position in each entity selection interface as a group when the location of the entity is determined in the entity selection interface and including a plurality of secret objects stored in the storage unit And authenticating the user by confirming whether or not the group exists.

The present invention has an advantage of protecting authentication-related secret data of a user from external attacks such as shoulder surfing and the like because a plurality of objects arranged in the object selection interface are combined according to their positions and the user is authenticated based on the combined object .

The present invention also relates to a method for generating object related data based on a uniform resource locator (URL) and a one-time virtual code randomly generated for each authentication, By authenticating the user based on the code, there is an effect of preventing the data of the user's main data (e.g., a password, an authorized certificate, etc.) from being exposed to the communication network.

In particular, since the present invention provides a virtual URL and a virtual code for each user to a user and authenticates the user based on a multi-virtual code having a combination of virtual codes, even if the authentication data related to the user is hacked, In addition, since the hacked multi-virtual code can not be reused, it has the advantage of protecting user data more securely.

Furthermore, since the present invention converts a plurality of multi-virtual codes based on the conversion seed value set by the user, there is an advantage that the confidentiality of the user's authentication data is further improved. In particular, the present invention has the advantage that when the user's login password is used as the conversion seed value, the login password is not sent to the server, thereby minimizing the exposure of the user's password.

In addition, since the security authentication method according to the present invention authenticates a user based on the one-time authentication code, it can replace the existing one-time password (OTP) authentication method.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments of the invention and, together with the description, serve to explain the principles of the invention. And shall not be construed as limited to such matters.
1 is a diagram of an authentication system, in accordance with an embodiment of the present invention.
2 is a flowchart illustrating a method of registering a secret entity of a user in an authentication system according to an embodiment of the present invention.
3 is a view showing a secret object selection window according to an embodiment of the present invention.
4 is a flow diagram illustrating a method for authenticating a user using a multi-virtual code in an authentication system, in accordance with an embodiment of the present invention.
Figures 5A-5C illustrate various embodiments of an entity selection interface in accordance with the present invention.
6 is a diagram illustrating a safety input device according to another embodiment of the present invention.
7 is a flowchart illustrating a method of setting a secret object in the safety input device according to another embodiment of the present invention.
8 is a flow chart illustrating a method for authenticating a user in a secure input device, according to another embodiment of the present invention.

The foregoing and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail.

Prior to describing the constitution of the present invention, the following terms will be described.

An object is placed in an object selection interface as a kind of key information selectable by the user such as an image, a sound, a moving picture, a text, a number, and the like.

A secret object is an entity set by a user for security authentication service among a plurality of entities.

The gastrointestinal object is an object arbitrarily selected in order to minimize the exposure of the secret object.

A pseudo code is a one-time character string corresponding to an entity, and is generated separately at each authentication.

The multi-virtual code is a string in which the plurality of virtual codes are combined.

The object selection interface is a graphical user interface in which a plurality of objects are arranged and a position of an object can be moved according to a user's operation. One secret object and a plurality of camouflage objects are disposed in the object selection interface.

A virtual URL (uniform resource locator) is an entity's one-time URL, which is generated separately for each authentication, just like an authentication code.

Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram of an authentication system, in accordance with an embodiment of the present invention.

As shown in FIG. 1, an authentication system according to an embodiment of the present invention includes a safety input device 10 and an authentication server 20. The safety input device 10 and the authentication server 20 communicate with each other via the network 30. Here, the network 30 includes a mobile communication network and a wired broadband Internet network, and corresponds to a well-known conventional technology in the present invention, and thus a detailed description thereof will be omitted.

The safety input device 10 generates authentication information protected from hacking such as peeking attack and transmits it to the authentication server 20. [ In addition, the safety input device 10 generates and displays a plurality of object selection interfaces in which one secret object and a plurality of camouflage objects are arranged and the object can be moved, using the virtual data received from the authentication server 20 . In addition, when the movement of the object is completed, the safety input device 10 generates a plurality of multi-virtual codes and transmits the plurality of multi-virtual codes to the authentication server 20 so as to transmit the user authentication to the authentication server 20 request. The safety input device 10 may be a wireless input device such as a wired or wireless information communication terminal such as a notebook computer, a desktop computer, a tablet computer, a mobile communication terminal and other portable terminals, an ATM device (cash dispensing device), a door lock, And the like can be applied to electric and electronic devices having a processor and a memory.

The safety input device 10 includes a service register 11, an interface generator 12, a multi-virtual code generator 13, and a code converter 14.

The service registration unit 11 registers the security authentication service of the user with the authentication server 20. Specifically, the service registration unit 11 requests the authentication server 20 to register the security authentication service of the user after the user accesses the authentication server 20 and succeeds in the login authentication based on the ID and the password. In addition, the service registration unit 11 receives the secret object selection window (see FIG. 3) in which a plurality of objects are arranged from the authentication server 20 and outputs the received secret object selection window to the screen, And registers it in the authentication server 20 as a secret entity of the user. At this time, the service registration unit 11 sets a secret object for each object selection interface according to the order of the input entity, and registers the secret object of each object selection interface set in the authentication server 20.

The interface generation unit 12 generates a plurality of object selection interfaces based on the virtual data received from the authentication server 20 and outputs them to a screen. That is, upon receiving the virtual data for each object selection interface from the authentication server 20, the interface generation unit 12 identifies the virtual URL and the virtual code included in each object selection interface, It is acquired for each selected interface. In addition, the interface generation unit 12 randomly arranges the acquired objects at the object display position of the corresponding object selection interface, and outputs a plurality of object selection interfaces (see FIG. 5A to FIG. 5B) . The number of the entity selection interfaces may be set in advance and may be set in proportion to the number of secret entities set by the user.

On the other hand, when the sound URL is recorded in the virtual data, the interface generation unit 12 arbitrarily generates object display information such as sound 1, sound 2, and the like, and outputs the sound object display information to the object selection interface . In this case, when the specific sound object display information is clicked, the interface generating unit 12 acquires audio corresponding to the sound object through the URL corresponding to the sound object display information, and outputs the audio to the speaker.

In addition, if the object is an image, text, or number, the interface generating unit 12 may not blind the object and expose the object to the screen. In this case, the interface generating unit 12 blinds the object corresponding to the position of the touch coordinates or the mouse pointer, and outputs the blinded object. That is, when the user's touch signal is detected at the position of the blind processed object or when the mouse pointer is detected at the blind processed object position, the interface generating unit 12 removes the blind of the blind object and exposes the object to the screen.

On the other hand, the interface generating unit 12 may blind the user's movement value of the object. Specifically, when the user inputs an object movement signal by key movement, drag-and-drop, touch, or the like, the interface generation unit 12 substantially moves the object in the corresponding object selection interface, I never do that. In addition, the interface generation unit 12 updates the internal object alignment data that is not displayed on the screen according to the object movement signal of the user, but does not display the graphic information according to the object movement on the object selection interface that is outputting on the screen. In this case, even if the screen of the safety input device 10 is exposed to a third party, the sorted entity is not exposed to a third party, and the security of the user's secret object is further improved.

The multi-virtual-code generation unit 13, when receiving the entity movement completion signal from the user, generates a plurality of multi-virtual codes. Specifically, when the entity position is determined in each entity selection interface, the multi-virtual code generation unit 13 selects a combination set of entities located at the same position in each entity selection interface, The code generates the multi-pseudo code combined according to the sequence of the object selection interface for each combination set.

The code conversion unit 14 performs a function of converting data or encrypting data. That is, when the multi-pseudo code generation unit 13 generates the multi-pseudo code for each group, the code conversion unit 14 converts the multi-pseudo code for each group using the conversion function to which the seed value set by the user is applied do. Preferably, the seed value is a login password of the user. In addition, the code conversion unit 14 encrypts the converted multi-virtual codes for each group and transmits them to the authentication server 20.

The authentication server 20 is an authentication device for authenticating a user, and performs a function of providing a security authentication service to a user. In particular, the authentication server 20 stores a plurality of secret entities set by the user, generates virtual data so that the unique information of the user is not exposed, and provides the virtual data to the safety input device 10 of the user. In addition, the authentication server 20 receives a plurality of multi-virtual codes from the safety input device 10, and authenticates the user based on the plurality of multi-virtual codes.

The authentication server 20 includes a storage unit 21, a secret entity registration unit 22, a virtual data generation unit 23, a restoration processing unit 24 and an authentication unit 25.

The storage unit 21 stores the login ID and the login password of the user, and stores the secret object and the seed value for each object selection interface, which are set by the user, with the login ID of the user. In addition, the storage unit 21 stores a pool of objects in which a plurality of objects are registered. Various types of objects such as images, moving pictures, texts, and sounds are registered in the object pool. In addition, the storage unit 21 stores the one-time authentication code of the user.

The secret entity registration unit 22 receives a plurality of secret entities from the user and stores the received secret entities as a secret entity of the user in the storage unit 21. [ That is, when receiving the security authentication service from the safety input device 10, the secret object registration unit 22 transmits a secret object selection window to which the plurality of secret objects can be set, to the safety input device 10. In addition, the secret entity registration unit 22 receives the secret entity of each entity selection interface selected by the user from the safety input device 10, maps the secret entity of the received entity selection interface to the login ID of the user, 21).

The virtual data generation unit 23 generates virtual data for each object selection interface. Specifically, the virtual data generating unit 23 confirms the secret ID of each object selection interface mapped to the user's login ID in the storage unit 21. The virtual data generating unit 23 minimizes the exposure of the secret object and selects a certain number of camouflage objects disposed together with the respective secret objects for each object selection interface in the object pool of the storage unit 21. At this time, the virtual data generating unit 23 selects the camouflage entity among the entities excluding the secret entity. Preferably, the virtual data generation unit 23 identifies the type of the selected secret object in each object selection interface, and selects a plurality of spoof objects corresponding to the same type of the secret object, for each object selection interface.

 Furthermore, the virtual data generating unit 23 generates virtual URLs of each secret object and each camouflage object, and links the generated virtual URL with the corresponding object. In addition, the virtual data generating unit 23 generates virtual codes for each of the secret objects and the camouflage objects, generates virtual data for each object selection interface by mapping the generated virtual codes and virtual URLs for each object, And provides it to the input device 10. In addition, the virtual data generation unit 23 confirms the virtual code for each secret object of the user among the generated virtual codes, and the virtual code in which the virtual code is combined according to the object selection interface is stored as a one- 21).

The restoration processing unit 24 performs a function of decrypting the encrypted data and restoring the converted data. More specifically, the restoration processing unit 24 decrypts the plurality of multi-virtual codes when receiving a plurality of encrypted multi-virtual codes from the safety input device 10. In addition, the restoration processing unit 24 confirms the seed value set by the user in the storage unit 21, and restores a plurality of converted multi-virtual codes using the inverse transformation function to which the seed value is applied. Preferably, the seed value may be a login password of the user. In this case, the restoration processing unit 24 confirms the user's login password in the storage unit 21, and converts the login password into an inverse transformation function And restores a plurality of processed multi-virtual codes.

The authentication unit 25 not only performs login authentication based on an ID and a password but also performs security authentication of a user based on a plurality of multi-virtual codes restored by the restoration processing unit 24. [ In particular, the authentication unit 25 checks whether there exists a virtual code matching the user's one-time authentication code stored in the storage unit 21 among the plurality of restored virtual codes, And if it does not exist, the security authentication of the user is failed. In addition, when the authentication of the user is completed, the authentication unit 25 deletes the virtual URL, virtual code, and one-time authentication code for each object generated by the virtual data generation unit 23.

2 is a flowchart illustrating a method of registering a secret entity of a user in an authentication system according to an embodiment of the present invention.

Referring to FIG. 2, the service registration unit 11 accesses the authentication server 20 and transmits a login request message including a user ID and a password to the authentication server 20 (S201).

Then, the authentication unit 25 of the authentication server 20 extracts the ID and the password included in the login request message, and determines whether the extracted ID and password are stored in the storage unit 21 as the authentication information of the same user The login authentication of the user is performed (S203). Then, when the authentication of the user is successful, the authentication unit 25 of the authentication server 20 transmits a login authentication success notification message to the safety input device 10 (S205).

Next, when the safety input device 10 succeeds in the login authentication of the user, the service registration unit 11 can receive the security authentication service registration from the user. In this case, the service registration unit 11 transmits a security authentication service request message to the authentication server 20 (S207).

The secret entity registration unit 22 of the authentication server 20 then transmits a secret object selection window to the safety input device 10 in which one or more secret objects can be set among the entities registered in the object pool of the storage unit 21 (S209). Next, the service registration unit 11 of the safety input device 10 outputs the secret object selection window received from the authentication server 20 to the screen.

3 is a view showing a secret object selection window according to an embodiment of the present invention.

3, the secret object registration unit 22 of the authentication server 20 sends a secret object selection window as shown in FIG. 3 in which a plurality of objects are arranged and a user can select a secret object to the safety input device 10 do. At this time, the secret entity registration unit 22 may include direction keys 300a and 300b for changing a plurality of entities disposed in the secret entity selection window in the secret entity selection window. In this case, the secret object registration unit 22 transmits a secret object selection window in which some objects (for example, 25 objects) among the objects registered in the object pool of the storage unit 21 are listed to the safety input device 10, When the direction keys 300b and 300b are input from the safety input device 10, another plurality of objects are extracted from the object pool of the storage unit 21 and transmitted to the safety input device 10, You can change the object.

In this case, when the output of the sound object is requested by the user, the secret registering unit 22 may include a sound object and audio data of the sound object in the secret object selection window. In this case, Acquires audio data and outputs it to a speaker. Preferably, the audio data corresponding to the sound object has a short playback time such as an effect sound, an animal sound, and the like.

Next, the service registration unit 11 of the safety input device 10 sequentially selects a plurality of secret objects from among the objects arranged in the secret object selection window from the user (S211). It is preferable that the user sequentially selects a plurality of objects which can be easily memorized in the secret object selection window. For example, the user can sequentially select a plurality of animal image objects constituting a food chain, or can select a plurality of objects having a specific meaning to him.

Then, the service registration unit 11 sets a secret entity for each object selection interface according to the order of the input secret objects. For example, when three secret objects are sequentially selected from the user, the service registration unit 11 sets the first selected secret object as the first object selection interface, and selects the second selected secret object, the third selected secret object, To the second entity selection interface and the third entity selection interface, respectively. Then, the service registration unit 11 transmits the plurality of secret entities, i.e., the secret entities for each entity selection interface, to the authentication server 20 (S213).

Then, the secret entity registration unit 22 of the authentication server 20 maps the secret entity according to the object selection interface to the login ID of the user and stores it in the storage unit 21 (S215), thereby completing registration of the secret entity of the user.

4 is a flow diagram illustrating a method for authenticating a user using a multi-virtual code in an authentication system, in accordance with an embodiment of the present invention.

4, the service registration unit 11 of the safety input device 10 transmits a security authentication request message including the user's login ID to the authentication server 20 in order to perform the enhanced security authentication service of the user (S401).

The virtual data generating unit 23 of the authentication server 20 confirms the login ID of the user recorded in the authentication request message and stores the secret entity of each object selection interface mapped to the login ID in the storage unit 21, (S403). That is, the virtual data generation unit 23 confirms the secret ID of the user mapped to the login ID of the user in the storage unit 21.

Then, the virtual data generating unit 23 selects a certain number (e.g., five) of camouflage objects disposed in each of the object selection interfaces from the object pool of the storage unit 21 (S405). At this time, the virtual data generation unit 23 selects a camouflage object among a plurality of entities excluding the secret entity. Preferably, the virtual data generating unit 23 identifies the type of the secret object set in each object selection interface, and selects a certain number of camouflage objects corresponding to the same type as the secret object for each object selection interface. For example, when the secret object of the first object selection interface is an image, the virtual data generation unit 23 extracts a certain number of camouflage objects corresponding to the image from the object pool of the storage unit 21, Select as the camouflage object of the selection interface. As another example, if the secret object set in the third entity selection interface is a sound, the virtual data generation unit 23 may extract a certain number of camouflage entities corresponding to sounds from the entity pool of the storage unit 21, 3 Select the object as the camouflage object of the selection interface.

Next, the virtual data generating unit 23 generates virtual URLs for each of the object-specific interface objects, i.e., the secret object and the camouflage, and stores the generated virtual URLs and corresponding objects (i.e., camouflage objects or secret objects) (S407). Then, the virtual data generating unit 23 generates virtual codes for the respective objects, i.e., the secret objects and the camouflage objects in step S409. The generated virtual data and virtual URLs are mapped on a per- Respectively. Then, the virtual data generation unit 23 confirms the virtual code for the secret entity from among the generated virtual codes, and stores the multi-virtual code in which the virtual code is combined according to the order of the entity selection interface as a one- (Step S411). Next, the virtual data generation unit 23 transmits the virtual data for each object selection interface to the safety input device 10 (S413).

Then, the interface generation unit 12 of the authentication server 20 confirms the virtual URL and virtual code of each entity in the virtual data for each object selection interface. Then, the interface generation unit 12 acquires entities for each entity selection interface through the identified virtual URLs (S415). Then, the interface generating unit 12 generates a plurality of object selection interfaces by randomly arranging the acquired objects at the object display positions implemented in the corresponding object selection interface. Next, the interface generation unit 12 outputs the generated plurality of object selection interfaces to the screen (S417).

On the other hand, when the sound URL is recorded in the virtual data, the interface generation unit 12 arbitrarily generates object display information such as sound 1, sound 2, and the like, and outputs the sound object display information to the object selection interface . In this case, when the specific sound object display information is clicked, the interface generating unit 12 acquires audio corresponding to the sound object through the URL corresponding to the sound object display information, and outputs the audio to the speaker.

Figures 5A-5C illustrate various embodiments of an entity selection interface in accordance with the present invention.

5A to 5C, the interface generation unit 12 generates a plurality of object selection interfaces in which a plurality of objects are arranged. 5A and 5B, the individual selection interfaces 510a, 510b, 520a, 520b, 530a, and 530b are circles. In FIG. 5C, the object selection interfaces 510c, 520c, and 530c are represented in a rectangular shape. Meanwhile, the entity selection interface according to the present invention may be modified to various shapes.

A plurality of objects of the same kind such as a plurality of texts, a plurality of images, a plurality of sounds, and the like are disposed in each of the object selection interfaces. That is, a plurality of objects in the form of text are arranged in the object selection interfaces 1 510a, 510b and 510c, a plurality of objects in an image form are arranged in the object selection interfaces 2 520a, 520b and 520c, A plurality of objects in the form of a sound may be disposed in the respective units 530a, 530b, and 530c. Preferably, when the sound URL is recorded in the virtual data, the interface generating unit 12 arbitrarily generates object display information such as sound 1, sound 2, and the like as in the object selection interface 3 (530a, 530b, and 530c) , Sound object display information is placed in the object selection interface 3 (530a, 530b, 530c) instead of outputting sound. In this case, when a specific sound object is clicked on the object selection interface 3 (530a, 530b, 530c), the interface generation unit 12 acquires audio data through a URL corresponding to the sound object and outputs the audio data to the speaker.

In addition, the position of the object placed in each object selection interface can be changed according to the operation of the user. That is, the user can change an object placed on each object selection interface through an input means such as a mouse, a keyboard, or a touch screen. For example, the user can change the position of each object through manipulation techniques such as object rotation, object drag and drop, and the like. Preferably, positional movement is possible between entities located in the same entity selection interface.

On the other hand, if the object is an image, a text, or a number, the interface generating unit 12 may not blind the object and expose the object to the screen. In this case, the interface generating unit 12 blinds the object corresponding to the position of the touch coordinates or the mouse pointer, and outputs the blinded object. That is, when the touch signal of the user is detected at the position of the blind processed object or when the mouse pointer is detected at the blind processed object position, the interface generating unit 12 removes the blind of the blind object and exposes the blind to the screen of the object.

In another embodiment, the interface generating unit 12 may blind the object movement value of the user. That is, when the user inputs an object movement signal by key movement, drag-and-drop, touch, or the like, the interface generation unit 12 substantially moves the object in the corresponding object selection interface but does not display the moved object on the screen . In other words, the interface generating unit 12 updates the internal object sorting data that is not displayed on the screen according to the object moving signal of the user, but does not display the graphic information according to the moving object on the object selecting interface .

When the plurality of object selection interfaces are output to the safety input device 10, the user adjusts the object position so that the plurality of secret objects sequentially set by the user are sequentially placed at the same position in each object selection interface, Enter the Move Object Complete menu.

For example, the user may select one of the first object selection interfaces 510a and 510b, the second object selection interfaces 520a and 520b, the third object selection interface 530a , And 530b in the order of the azimuth angle of 0 degrees, and then input the object movement completion menu. As another example, the user may select one of the first object selection interface 510c, the second object selection interface 520c, the third object selection interface 530c You can change the position of the object so that it is positioned at the left end or right end in order.

The multi-virtual code generation unit 13 verifies the position of each entity in which the entity position is determined when the user determines the entity position, and selects a plurality of entities located at the same position in each entity selection interface as a combination set do. For example, if the object selection interface is the same as that shown in FIG. 5A or 5B, the multi-virtual code generation unit 13 sets three objects arranged at azimuth angle 0 degrees as a first combination set, Are selected as the second combination set, and the objects located respectively at the azimuth angles of 120 degrees, 180 degrees, 240 degrees, and 300 degrees are selected as the third combination set, the fourth combination set, the fifth combination set, and the sixth combination set, respectively . 5C, the multi-virtual code generation unit 13 selects the first set of three entities located on the first left of each entity selection interface as a first set of combinations, The second set of three entities is selected as the second set of combinations, and the entities placed at the remaining positions are selected as a separate set of combinations based on the above location criteria.

When the selection of the combination set is completed, the multi-virtual-code generation unit 13 generates a multi-virtual code in which the virtual codes of the objects included in the combination set are combined for each combination set (S419). That is, when the user completes the movement of the object in the object selection interface, the multi-virtual code generation unit 13 selects the combination set of the objects placed at the same position in each object selection interface, Generated by the combination of the virtual code of the object selection interface and the virtual code of the object selection interface. For example, the multi-virtual code generation unit 13 may generate a plurality of objects (ie, '!', '★', and 'sound 1') located at azimuth angle 0 ° The first combination set is selected. Further, the '!' Of the first object selection interface 510a, The virtual code of the 'sound 1' object of the third object selection interface 510c is' 88xk ', the virtual code of the object is' 10xie', the virtual code of the '*' object of the second object selection interface 510b is' In the case of 'kxkZZ', the multi-pseudo-code generation unit 11 generates '10xie88txkkxkZZ' as the multi-pseudo code of the first combination set.

Next, the code conversion unit 14 outputs a seed value input window for receiving the seed value set by the user, and receives the seed value from the user through the seed value input window. Subsequently, the code conversion unit 14 sets the seed value input from the user as a seed of the conversion function, and outputs the seed value to the multi-virtual per-combination set generated by the multi- The code is converted (S421). Preferably, the code conversion unit 14 may receive the user's login password as a seed value from the user, and convert the multi-virtual code for each combination set using the conversion function with the login password set to the seed value. Then, the code conversion unit 14 encrypts the converted multi-virtual code for each combination set, and transmits the encrypted multi-virtual code for each combination set to the authentication server 20 (S423, S425).

Then, the restoration processing unit 24 of the authentication server 20 decrypts the encrypted multi-virtual code for each combination set received from the safety input device 10 (S427). Then, the restoration processing unit 24 confirms the login ID included in the authentication request message in step S401, and extracts the seed ID mapped to the login ID from the storage unit 21. Then, the reconstruction processing unit 24 sets the extracted seed value as a seed of the inverse transformation function, and restores the transformed multi-virtual code for each combination set using the inverse transformation function set in step S429. On the other hand, when the login password of the user is set as the seed value, the restoration processing unit 24 confirms the user's login password in the storage unit 21, and uses the inverse transformation function in which the user's login password is set as the seed value, It is possible to restore the multi-pseudo code according to the converted combination set.

Next, the authentication unit 25 checks the virtual code for each combination set restored by the restoration processing unit 24 and determines whether there exists a virtual code matching the one-time authentication code stored in step S411 among the multiple virtual codes for each combination set (S431).

Then, if there is no multi-virtual code matching the one-time authentication code among the virtual codes of the authentication result combination set, the authentication unit 25 fails to process the user authentication for the safety input device 10, The authentication failure notification message is transmitted to the device 10 (S433).

On the other hand, if there is a multi-virtual code matching the one-time authentication code among the virtual codes of each combination set, the authentication unit 25 successively processes the user authentication of the safety input device 10, To the input device 10 (S435), and provides the service requested by the user.

On the other hand, the authentication unit 25 deletes the virtual URL, the virtual code, and the one-time authentication code for each object generated by the virtual data generation unit 23 when the user authentication is completed.

Meanwhile, the security authentication method using the entity selection interface according to the present invention may be applied to a stand alone environment in which network communication is not required.

6 is a diagram illustrating a safety input device according to another embodiment of the present invention.

6, the safety input device 60 according to another embodiment of the present invention includes a display unit 61, a storage unit 62, a secret object setting unit 63, an interface generating unit 64, (65).

The display unit 61 is a display unit based on a liquid crystal display (LCD) technology, a light emitting polymer display (LPD) technology, an LED (light emitting diode) technology or the like, and outputs various information processed by the safety input device 60. In addition, the display unit 61 displays a plurality of object selection interfaces. The display unit 61 may be a touch display. In this case, the display unit 61 receives the touch information of the user.

The storage unit 62 stores a secret entity for each object selection interface set by the user. In addition, the storage unit 62 stores a pool of objects in which a plurality of objects are registered.

The secret entity setting unit 63 sets a secret entity for each object selection interface from the user and stores the secret entity in the storage unit 62. [ Specifically, the secret object setting unit 63 outputs a secret object selection window to the display unit 61 in which one or more secret objects can be set among a plurality of objects registered in the IP pool of the storage unit 62, And sequentially selects a plurality of secret objects from the user through the selection window. The secret object setting unit 63 sets a secret object for each object selection interface in accordance with the order of the input secret object, and stores the secret object of each object selection interface in the storage unit 62.

The interface generation unit 64 generates a plurality of object selection interfaces and outputs the generated object selection interfaces to the display unit 61. That is, the interface generating unit 64 checks a secret object for each object selection interface in the storage unit 62, and then stores a certain number of camouflaged objects disposed together with the secret object in the object selection interface in the object pool of the storage unit 62 Object selection Select by interface. In addition, the interface generation unit 64 generates a plurality of object selection interfaces in which the secret object and the camouflage object are disposed, and outputs the object selection interface to the display unit 61.

When the entity position is determined in the entity selection interface, the authentication unit 65 sets a plurality of entities located at the same position in each entity selection interface as a group, and among the set groups, And authenticates the user by checking whether or not a group matching the secret entity exists.

7 is a flowchart illustrating a method of setting a secret object in the safety input device according to another embodiment of the present invention.

Referring to FIG. 7, the safety input device 60 receives a request from the user for security authentication setting (S701). Then, the secret entity setting unit 63 of the safety input device 60 outputs a secret object selection window in which a plurality of entities registered in the IP pool of the storage unit 62 are placed, to the display unit 61 (S703). That is, the safety input device 60 outputs the secret object selection window as shown in FIG. 3 to the display unit 61. In this case, when the sound object is included in the secret object selection window and the playback of the sound object is requested from the user, the secret object setting unit 63 extracts the audio of the sound object from the storage unit 62, Output.

Then, the secret entity setting unit 63 sequentially receives selection information of a plurality of secret objects from the user through the secret entity selection window (S705). Then, the secret object setting unit 63 sets a secret object for each object selection interface in accordance with the order of the secret object selected by the user, and stores the secret object of each object selection interface set in the storage unit 62 S707).

8 is a flow chart illustrating a method for authenticating a user in a secure input device, according to another embodiment of the present invention.

Referring to FIG. 8, when the storage of the secret object of the user is completed, the interface generation unit 64 checks the secret object of each object selection interface stored in the storage unit 62 (S801). Next, the interface generating unit 64 selects a certain number of camouflage objects arranged in the individual object selecting interfaces from the object pool of the storage unit 62 (S803). At this time, the interface generation unit 64 selects a camouflage object among a plurality of entities excluding the secret entity. Preferably, the interface generation unit 64 identifies the type of the secret object set in each object selection interface, and selects a certain number of camouflage objects corresponding to the same type as the secret object, for each object selection interface.

Next, the interface generating unit 64 generates a plurality of object selection interfaces in which the selected plurality of camouflage objects and the respective secret objects are arranged, and outputs the generated object selection interfaces to the display unit 61 (S805). That is, the interface generation unit 64 generates an entity selection interface as shown in FIG. 5A, FIG. 5B, or FIG. 5C and outputs it to the display unit 61. The interface generating unit 64 arbitrarily generates display information for a sound when a sound is included in the object, and places the sound object display information in the object selecting interface instead of outputting the sound. In this case, when the specific sound object display information is clicked, the interface generating unit 64 extracts audio data corresponding to the sound object display information from the storage unit 62 and outputs the extracted audio data to the speaker.

On the other hand, if the object is an image, text, or number, the interface generating unit 64 may not blind the object and expose the object to the screen. In this case, the interface generating unit 64 blindly removes the object corresponding to the touched coordinates or the position of the mouse pointer, and outputs the blinded object to the screen. That is, when the user's touch signal is detected at the blind-processed object position or the mouse pointer is detected at the blind-processed object position, the interface generating unit 64 removes the blind of the blind object and exposes the blind to the screen of the object.

When the plurality of object selection interfaces are displayed, the user inputs the object movement completion menu after adjusting the object position so that the plurality of secret objects set by the user are arranged in order at the same position in each object selection interface.

Then, the authentication unit 65 receives the entity movement completion signal through the entity selection interface (S807). Then, the authentication unit 65 confirms the position of each entity in each entity selection interface, and selects a plurality of entities located at the same position in the same group (S809).

Next, the authentication unit 65 authenticates whether there is a group matching each secret entity according to the object selection interface stored in the storage unit 62 among the plurality of groups (S811).

The authentication unit 65 successively authenticates the user if there is a group coinciding with the secret entity for each object selection interface stored in the storage unit 62 as a result of the authentication (S813) , Folder unlock, document unlock, door lock unlock, etc.) to the user. On the other hand, if there is no group matching the secret entity for each object selection interface stored in the storage unit 62 as a result of the authentication in step S813, the authentication unit 65 fails to authenticate the user (S815).

As described above, the present invention has an advantage of protecting a user's secret object from external attacks such as shoulder surfing by authenticating a user based on a plurality of objects located in the object selection interface.

The present invention also relates to a method and apparatus for generating an object-related data based on a virtual URL and a virtual code randomly generated for each authentication, and for authenticating a user based on a plurality of multi- Thereby preventing the data of the user's main data (e.g., a password, an authorized certificate, etc.) from being exposed to the network 30. [

In particular, since the present invention provides the user with the virtual URL and the virtual code for each object and authenticates the user based on the multi-virtual code combined with the virtual code, even if the authentication-related data of the user is hacked, , The user's secret object is protected more securely.

In addition, since the present invention converts a plurality of multi-virtual codes based on the seed value set by the user, the user can be authenticated more securely and securely.

While the specification contains many features, such features should not be construed as limiting the scope of the invention or the scope of the claims. In addition, the features described in the individual embodiments herein may be combined and implemented in a single embodiment. Conversely, various features described in the singular < Desc / Clms Page number 5 > embodiments herein may be implemented in various embodiments individually or in combination as appropriate.

Although the operations have been described in a particular order in the figures, it should be understood that such operations are performed in a particular order as shown, or that all described operations are performed to obtain a sequence of sequential orders, or a desired result . In certain circumstances, multitasking and parallel processing may be advantageous. It should also be understood that the division of various system components in the above embodiments does not require such distinction in all embodiments. The above-described program components and systems can generally be implemented as a single software product or as a package in multiple software products.

The method of the present invention as described above can be implemented by a program and stored in a computer-readable recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto optical disk, etc.). Such a process can be easily carried out by those skilled in the art and will not be described in detail.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. The present invention is not limited to the drawings.

10: Safety input device 11: Service registration
12: interface generation unit 13: multi-virtual code generation unit
14: code conversion unit 20: authentication server
21: storage unit 22: secret object registration unit
23: virtual data generation unit 24: restoration processing unit
25: authentication unit 30: network
60: Safety input device 61: Display
62: storage unit 63: secret object setting unit
64: interface generation unit 65: authentication unit

Claims (20)

A method for performing security authentication of a user,
The safety input device receiving virtual data including an entity-specific virtual code from an authentication server;
Outputting a plurality of object selection interfaces in which each object is disposed and the object position is changeable;
Setting a plurality of entities located at the same position in each entity selection interface as a combination set when the safety input device determines the location of the entity;
The safety input device verifying the virtual code of each entity in the virtual data and combining virtual codes of each entity set as the same combination set to generate a plurality of virtual codes separated by the combination set; And
And transmitting the plurality of multi-virtual codes generated by the safety input device to the authentication server as authentication information of the user. The method according to claim 1,
After the step of transmitting to the authentication server,
Further comprising the step of authenticating the user by checking whether the multi-virtual code matching the stored authentication code exists among the plurality of multi-virtual codes of the authentication server. 3. The method of claim 2,
Before the step of receiving the virtual data,
The authentication server generating virtual codes for a plurality of secret objects and camouflage entities; And
And storing, as the authentication code, a multi-virtual code in which the authentication server combines the virtual codes of the plurality of secret entities generated by the authentication server. The method of claim 3,
Wherein the generating of the virtual code comprises:
Further comprising: generating, by the authentication server, a virtual URL for each of the secret object and the camouflage entity,
Wherein the step of receiving the virtual data comprises:
Wherein the security input device receives the virtual data including the virtual URL and the virtual code for each entity from the authentication server. 5. The method of claim 4,
Wherein the outputting of the object selection interface comprises:
The safety input device verifies the virtual URL according to the object selection interface in the virtual data, and acquires the entity for each object selection interface through the virtual URL; And
And arranging the acquired objects in the interfaces, respectively. 3. The method of claim 2,
Wherein the step of transmitting to the authentication server comprises:
The safety input device sets a seed value set by the user as a seed of a conversion function, converts the plurality of multi-virtual codes using the conversion function, and transmits the converted multi-virtual codes to the authentication server,
Wherein authenticating the user comprises:
The authentication server extracts the seed value of the user, restores the converted plurality of multi-virtual codes by setting the seed value as a seed of the inverse transformation function, and transmits the stored authentication code Whether a multi-pseudo code corresponding to the multi-pseudo code exists. The method according to claim 6,
And the seed value set by the user is the login password of the user. 8. The method according to any one of claims 1 to 7,
Wherein the outputting of the object selection interface comprises:
Wherein the safety input device generates display information of an object corresponding to a sound and places it on an object selection interface, and plays the sound when the display information of the object is clicked. An interface generation unit for receiving virtual data including a virtual code for each object and generating and outputting a plurality of object selection interfaces in which respective objects are arranged and object positions can be changed; And
A plurality of entities disposed at the same position in each entity selection interface are set as a combination set, and virtual codes of the entities are confirmed in the virtual data, And a multi-virtual code generation unit for generating a plurality of multi-virtual codes separated by a combination set by combining the virtual codes of the individual entities and transmitting the generated multiple virtual codes to the authentication server as security authentication information of the user A safety input device. 10. The method of claim 9,
The interface generation unit may include:
A virtual URL for each object is identified in the virtual data, an object for each object selection interface is obtained through the virtual URL, and each object is placed in the corresponding object selection interface. 11. The method of claim 10,
The interface generation unit may include:
Wherein when the virtual URL is a URL of a sound object, the display information of the sound object is generated and placed in the object selection interface, and when the display information of the sound object is clicked, the sound is acquired and reproduced through the URL Device. 12. The method according to any one of claims 9 to 11,
Further comprising a code conversion unit configured to set a seed value received from the user as a seed of a conversion function and to convert a plurality of multi-virtual codes using the conversion function and transmit the converted multi-virtual code to an authentication server. . 13. The method of claim 12,
Wherein the code conversion unit comprises:
And a user's login password is input as the seed value. 12. The method according to any one of claims 9 to 11,
Further comprising a service registering unit configured to set a secret entity for each object selection interface from the user and register the secret entity for each object selection interface with the authentication server. A storage unit for storing a plurality of secret objects set by a user;
A virtual data providing unit for generating virtual codes for each of the plurality of secret objects and the camouflage objects and transmitting the virtual data including the virtual codes of each of the plurality of secret objects and the camouflaged objects to the communication apparatus of the user; And
Virtual code generated in the communication device on the basis of the input signal of the user and the virtual data is received from the communication device and whether or not there is a multi-virtual code matching the authentication code among the plurality of multi- And an authentication unit for authenticating the user,
Wherein a plurality of entities located at the same position in each entity selection interface of the communication device are set as a combination set and then the virtual codes of respective entities set as the same combination set are combined to form the plurality of multi- And the authentication information is generated in the communication device. 16. The method of claim 15,
Wherein,
Wherein the authentication unit authenticates the user by setting a multi-virtual code in which virtual codes of a plurality of secret objects set by the user are combined among the generated virtual codes as the authentication code. 17. The method according to claim 15 or 16,
Wherein the virtual data providing unit comprises:
Generates a virtual URL for each of the secret object and the spoofed object, and transmits the virtual data including the generated virtual URL of each object to the communication device of the user. 17. The method according to claim 15 or 16,
Further comprising: a decompression processor for extracting a seed value set by the user and setting the seed value as a seed of an inverse transform function to recover a plurality of multi-
Wherein,
Virtual code matching the authentication code among the plurality of restored virtual virtual codes. 17. The method according to claim 15 or 16,
Further comprising a secret entity registration unit configured to receive a plurality of secret entities from the user and to store the secret entities in the storage unit. delete

Images