KR101553049B1 - User authentication system using mobile terminal and User authentication method - Google Patents

Abstract

The present invention relates to a user authentication system and a user authentication method using a mobile communication terminal, and in a user authentication method, a method of logging in without a user directly inputting a password is adopted to simplify an authentication procedure and enhance security It provides a system and method to minimize the leakage of personal information.

More particularly, the present invention relates to a user authentication system using a mobile communication terminal, including: a service provider server which is capable of wireless communication with a mobile communication terminal and stores a security program capable of generating a password and an authentication code; A user terminal that accesses the service provider server and is provided with a service provided by the service provider, executes the security program that can be downloaded from the service provider server, and generates a password and an authentication code And an authentication server which receives the password and the authentication code generated in the security program of the mobile communication terminal of the user, and performs the authentication processing and the login processing.

Mobile communication terminal, security program, OTP, item, payment, server

Description

Technical Field [0001] The present invention relates to a user authentication system and a user authentication method using a mobile communication terminal,

The present invention relates to a user authentication system and a user authentication method using a mobile communication terminal, and adopts a method in which a user logs in without inputting a password directly, thereby simplifying an authentication procedure and enhancing security against hacking, To a system and method for minimizing the amount of data.

Recently, due to the development of the internet environment, various activities on the web have become possible, so that user authentication is often required. For example, when a user wants to make a payment using a credit card or a mobile communication terminal for a purchase price of a paid item in an online game shopping mall, or to transfer money by transferring money deposited in a user's account in Internet banking, Even a web site may require confirmation of a real user at a later time. As such, as activities over the Internet become more diverse, authentication of real users as an precondition has become increasingly important.

These e-commerce services are very likely to cause not only economic loss but also social disruption if user authentication and information security are not ensured. That is, devices such as computers that can access specific information requiring security through various communication paths due to the development of various electronic and communication technologies are widely used, and the security of information according to the existing encryption technology is dismantled Technology has also become readily available. Accordingly, security technologies for protecting information by blocking illegal activities such as accessing, browsing, copying, stealing or destruction of specific information by an unauthorized person are continuously being developed.

The most common and basic authentication method is to enter the access ID and password for online access. Further, in a field where authentication is very important, such as Internet banking, a separate security card is issued to allow a user to input a code assigned to a specific serial number on the security card, thereby confirming a user having the security card as a true user It is also used in combination.

The user authentication method includes a method using user login information (ID and password), an operation of an encryption program installed in a computer, a method using an encryption key provided by a service provider, and a method using a smart card. First, the biggest problem in the method using the first user login information is that the user can use the information due to the leakage of the user's information. Second, the use of the encryption program and the encryption key provided by the service provider is widely used in the current Internet banking, and it has a spatial restriction when applying the electronic commerce. This is a space constraint because the system is installed in the user's computer. The third method using the smart card is very secure in user authentication, and there is no space limitation, but there is a problem in device deployment.

However, it has become clear that it is possible to access and steal by outsiders through hacking and the like even by this method. That is, since it is possible to access the other person's computer through hacking and monitor the entire process that the other person inputs through the keyboard, it is possible to hack the authorized authentication number or the number on the security card inputted by the user at the time of internet banking do. Even if software for security is developed and strict procedures are required for authentication, it is very difficult to prevent such theft of others.

Therefore, in order to solve such a problem, a computerized system in which an OTP (one-time password: hereinafter referred to as OPT) function is introduced is increasing. The disposable password is a password that is issued in real time whenever a user tries to access a computer system, not a password fixedly determined at the time of registration as a member in a computer system as in the past, .

However, since the user authentication process using the mobile communication terminal equipped with the OPT function requires a process of inputting the password generated in the mobile communication terminal once again on the web page after login to the web page, the user authentication process becomes complicated, There is a problem that the possibility of leakage is great.

Accordingly, there is a demand for an authentication method and a system capable of performing user authentication processing without requiring a user to input a password generated in a mobile communication terminal or the like again on a web page.

 In recent years, online games have evolved into various forms due to the rapid development of Internet infrastructure in recent years. The classic RPG (Role Playing Game) evolved into MMORPG (Massively Multiplayer Online Role Playing Game) Large MMORPG online games with access to tens of thousands of online games have been commercialized.

At this time, all the various online games provided by the online game company cause the purchase of the items of the character acquired or traded in the game or the cost of purchasing various contents in addition to the billing based on the game use. In the conventional online game users, Most of them used credit card payment or mobile phone payment.

Since the user has to input the ID and password in text form online in the existing login method of the existing online game, the account information leakage accident occurred frequently due to the hacking tool, and especially in the online game, And service providers, and there has been a problem that measures for protecting customer information are urgently required.

Accordingly, there is a need for a user authentication method and system that does not require a user to input a password directly on the keyboard of a keyboard in connection with the above-described problems of the related art, and it is an object of the present invention to provide an avatar trading system .

The present invention relates to a method and system for authenticating a user who wishes to use a predetermined service by accessing a predetermined service providing system. The present invention relates to a method and system for authenticating a user using a mobile communication terminal, And minimizing the leakage of personal information through a dual log-in by the mobile communication terminal in the login of the web service provided by the service provider server using the mobile communication terminal equipped with the security program. There is a purpose.

It is another object of the present invention to provide a payment system or an item sale system that is operated as a security program on a mobile communication terminal to provide a more convenient payment method or item purchase method.

In order to achieve the above object, the present invention provides a service providing system, comprising: a service provider server capable of wireless communication with a mobile communication terminal and storing a security program capable of generating a password and an authentication code; A user terminal connected to the service provider server and provided with a service provided by the service provider, a user's mobile communication device capable of generating the password and the authentication code by executing the security program downloaded from the service provider server, And an authentication server which receives the password and the authentication code generated in the security program of the terminal and the mobile communication terminal and performs authentication processing and login processing.

In the present invention, the security program includes a program capable of generating a password and generating a logical authentication code upon inputting a password. Also, the security program includes a program capable of wireless communication with a mobile communication terminal as well as a wired communication network.

In the present invention, the security program may include a program having an OTP (One-Time Password) function. The OTP is not a password fixed at the time when a user registers as a member in a computer system, A password issued in real time every time you want to connect to the system. Therefore, even if the password for each member is leaked due to the wiretapping of the telephone network or the hacking of the Internet, the disposable password has a merit that the password is one-time and does not cause a fatal problem to the member or the computer system.

Since the disposable password is randomly generated as a different number or code each time it is given to the user, the disposable password generation route is separated from the path that the user connects to the Internet, thereby preventing the possibility that the disposable password is hacked by another person.

At this time, the disposable password is generated by a dedicated device, that is, a user has a dedicated device for generating a disposable password, and generates a disposable password through the device. At this time, the device transmits the one-time password generated by itself to the authentication server performing the authentication, or synchronizes the device and the authentication server by hardware configuration or software configuration so that the random one- We have a mechanism that can be seen in.

Therefore, unlike the present invention, in the authentication method using the normal OPT function, the user is given a one-time password generated at random using the device held by the user, and receives the one-time password given in the web site Upon input, the web site is performed by the device authenticating the user by checking whether the password entered by the user through the authentication server side is the same as the one-time password generated for authentication.

According to this method, authentication is performed only for a user having a device for generating a one-time password. In this case, generation of a one-time password is irrelevant to a web site access path. Therefore, even if the hackers hack the user's other authentication passwords, it is impossible to detect the one-time password generated as the different number every time, so that the user authentication with a certain degree of security can be made from the risk such as hacking.

In the present invention, even if a password generated by the OPT function is used, the authentication code generated by the security program is directly transmitted to the login page of the web connected to the service provider server via the authentication server. Therefore, There is a feature that the login process is performed by pressing only the reject button.

In the present invention, the security program may include a program having a mobile one-time password (MOTP) function. The MOTP is a one-time password generation software that can be installed in a mobile phone. OTP software generates a different password each time In addition to being able to provide strong security because of the cycle, OTP software is installed in the mobile phone so that the user of the mobile phone can authenticate the user anytime and anywhere.

Internet service providers have the advantage of using MOTP to reduce operating costs because they are token type, and can provide a convenient and strong user authentication service to the users, thereby enhancing service quality. MOTP, which combines time and event methods to enhance security, has the advantage that it can be used permanently unlike a hardware token (Token) that must be periodically replaced.

In the present invention, the service provider server includes a wireless communication device capable of wireless communication with a mobile communication terminal and a security program. Also, in the present invention, the authentication server includes receiving an authentication code generated in the security program, and performing an authentication process and a login process.

A server is a computer or a device operating management software for controlling access to all or a part of a communication network to other computers on a communication network and for accessing resources (disk devices, files, printers, etc.) Program.

In the present invention, the service provider server may include a billing system and an item sale system, which will be described later. In the case of using the billing system and the item sale system, the service provider server can be used only by one login process. Feature.

In the present invention, the user terminal may be able to execute a security program and access a service provider server to receive a service. Also, the user terminal includes a PDA, a notebook PC, and a desktop PC, and a PDA (Personal Digital Assistants (PDA)) is a portable personal information terminal capable of managing personal information and schedule, like an electronic notebook. It is possible to input handwritten information directly, utilize all functions of wireless internet such as online stock trading and electronic commerce as well as exchange information through computer. It also has a variety of functions such as knowing various traffic information in combination with a mobile phone, performing facsimile function, and the like.

In the present invention, the mobile communication terminal includes a security program that can be downloaded from a web page connected to a service provider server. In addition, the mobile communication terminal may be a portable communication terminal including a personal mobile communication terminal (PC), a personal digital assistant (PDA), a smart phone, a wireless LAN terminal, A terminal capable of implementing various functions using an application program.

In the present invention, the mobile communication terminal includes a connection system access program that can be operated together with a security program.

In the present invention, the payment system includes a mobile communication terminal including a connection system access program of a user who intends to settle a predetermined service usage fee or a payment fee for the article by using his or her mobile phone, and a data storage unit in the service provider server And a service provider server that receives the buyer information and the payment fee information, generates a transaction code therefor, and authorizes approval of payment for the payment fee.

In the present invention, the mobile communication terminal includes a program for accessing an item sales system that can be operated together with a security program.

The item selling system according to the present invention includes a user terminal for loading a program necessary for a game, a service provider server for allowing a connection of the user terminal through the Internet network and proceeding with a game through data transmission and reception, A member database for storing various information about a user accessing the service provider server, a game database for storing data necessary for a game and providing the requested data, A charge processing server for processing and storing a charge for an item purchased or sold by the user through the user terminal, and a charge database for storing information on the charge processed by the charge processing server.

In the present invention, a user authentication method includes the steps of: a user accessing a service provider server through a user terminal and downloading a security program stored in the service provider server, the security program being capable of generating a password and an authentication code to the user terminal; Downloading and installing the security program from the user terminal to a mobile communication terminal capable of wireless communication with the terminal, executing the security program at the user terminal connected to the service provider server by the user, The method comprising the steps of generating a password and an authentication code by driving a security program of the communication terminal, transmitting a password and an authentication code generated in the security program of the mobile terminal to an authentication server, Authentication process and login by sending to security program of .

In the present invention, the user authentication method includes charging a service use fee using a payment system access program running together with a security program in the mobile communication terminal.

The payment method using the settlement system according to the present invention includes: receiving a user authentication by executing a security program of a user terminal and a mobile communication terminal; accessing a service provider server using a connection program of the mobile communication terminal of the user, Receiving a buyer's information and payment fee information from a data storage unit in a service provider server and generating a transaction code therefor, and allowing the service provider server to approve payment of the user's payment fee .

In the present invention, the user authentication method includes the step of purchasing an item using a program for accessing an item sales system operated together with a security program in the mobile communication terminal.

The method of selling an item using the item sale system in the present invention includes the steps of receiving a user authentication by executing a security program of the user terminal and the mobile communication terminal, receiving the user authentication by using the access program for accessing the item sale system of the mobile communication terminal, Requesting a payment service, checking user information and item information using a member database and a game database at a service provider server, generating a transaction code, processing a fee for an item to be purchased at a charge processing server And storing the charge information.

According to the present invention, unlike the related art, the authentication code transmitted from the mobile communication terminal to the authentication server is automatically connected to the web page security program, so that it is unnecessary to input a separate password, thereby simplifying the authentication procedure. It is possible to prevent an account theft through dual log-in, and it is possible to minimize the damage to the aftermath of personal information leakage of other sites.

In addition, according to the present invention, it is possible to purchase an item using the payment system and the item sale system without inputting a separate user ID and password even after the login process through the mobile communication terminal, It is possible to provide various mobile services to users.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to this, terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms, and the inventor should appropriately interpret the concepts of the terms appropriately It should be interpreted in accordance with the meaning and concept consistent with the technical idea of the present invention based on the principle that it can be defined. Therefore, the embodiments described in this specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and do not represent all the technical ideas of the present invention. Therefore, It is to be understood that equivalents and modifications are possible.

1 is a block diagram illustrating a configuration of a user authentication system including a service provider server, a user terminal, a mobile communication terminal, and an authentication server according to an embodiment of the present invention.

1, users who wish to receive services such as online games access the service provider server 140 via a terminal 110 via a wired or wireless communication network, input an ID, and perform a user authentication procedure They are ultimately provided with services.

The user terminal 110 is a means for connecting to the service provider server 200 through a communication network. The user terminal 110 may be a computer terminal equipped with a web browser supporting Internet access, a mobile terminal such as a mobile phone capable of wireless Internet, a PDA, And the like.

The service provider server 140 is a server of a service provider that provides a service through a wired or wireless Internet web site. The service provider can provide a variety of services such as online game, product sales such as items through electronic commerce, and Internet banking. The service provider server 140 may include a billing system server or an item sale system server.

The service provider server 140 is equipped with a security program capable of generating a password and an authentication code. Users using the service can access the security program provided from the service provider server 140 through a wired or wireless communication network 110).

The mobile communication terminal 120 is capable of communicating with the user terminal 110 and the authentication server 130 through a wireless communication network and includes a Personal Mobile Communication Services Terminal (PCS), a Personal Digital Assistants (PDA), a smart phone, and a wireless LAN terminal, and is capable of implementing various functions using an application program including wireless communication.

The service users can download and install the security program on the user terminal 110 downloaded and installed from the service provider server 140 to the mobile communication terminal 120 through wireless communication. It is also possible to download and install directly from the service provider server 140 to the mobile communication terminal 120.

When the security program is installed in the mobile communication terminal 120, a password generated from the security program of the user terminal 110 is transmitted to the mobile communication terminal 120. When the user accepts the execution of the security program, And transmits the authentication code to the authentication server 130 again. At this time, when the user accepts the login without directly inputting the password on the web page screen of the user terminal 110 connected to the authentication server 130, the authentication process and the login process are completed. Online games, and the like.

      According to an embodiment of the present invention, the mobile communication terminal 120 may include a program for accessing a payment system provided by the service provider server 140.

In the present invention, the payment system includes a mobile communication terminal 120 including a connection system access program of a user who wishes to settle a predetermined service usage fee or a payment fee for an article using his or her mobile phone, And a service provider server 140 that receives the buyer information and payment fee information from the data storage unit in the service provider terminal and the service provider server 140, generates a transaction code therefor, and authorizes approval of payment for the payment fee, ≪ / RTI >

No separate log-in and authentication processing is required when accessing the payment system, and when the user authentication processing described above is completed, a payment processing such as a service usage fee such as an online game can be performed by one-time login and authentication processing.

Therefore, the service user can easily process the settlement of the online game service use fee or the purchase of the goods by the electronic commerce with only the pre-processed user authentication.

According to an embodiment of the present invention, the mobile communication terminal 120 may include an access program capable of accessing an avatar trading system provided by the service provider server 140. [

The item selling system according to the present invention includes a user terminal 110 for loading a program necessary for online games and the like, a service provider server 140 for allowing a connection of the user terminal through the Internet network, A mobile communication terminal 120 including an access program for accessing the avatar trading system, a member database for storing various information about a user accessing the service provider server 140, A fee database for processing and storing fees for items purchased or sold by a user and a fee database for storing information about charges processed by the fee processing server, .

2 is a flowchart of a user authentication method according to an embodiment of the present invention.

2, a user accesses a web page provided by a service provider server 140 using a user terminal 110, inputs a user's ID on a login page of the web page, (Step S210).

When the user executes the security program on the user terminal 110, the security program already downloaded and communicates wirelessly with the installed mobile communication terminal 120 to execute the security program installed in the mobile communication terminal. If the security program is not installed in the mobile communication terminal 120, since the password and the authentication code are not generated, the user must transmit the security program of the user terminal 110 to the mobile communication terminal 120 so that the user authentication method can be executed (S220)

When the security program is executed in the mobile communication terminal 120 at step S220, a password and an authentication code are generated and transmitted to the authentication server 130 through wireless communication at step S230.

When the authentication code is confirmed in the authentication server 130, the processing result is transmitted to the service provider server 140 and the connection is executed in the service provider server 140 (S240)

When this process is completed, the user completes login and authentication processing on the web and can use the service (S250)

3 is a flow chart of a method of authenticating a user on an actual web page screen and an actual mobile communication terminal according to an embodiment of the present invention.

Referring to FIG. 3, the user authentication method of the present invention can be understood more easily. A user who wishes to use the service inputs an ID into a web login page on the user terminal 110 provided by the service provider server, When the execution button is clicked, the security program of the user terminal 110 is executed. (S310)

When the security program of the user terminal 110 is executed, a password or a password generated in the mobile communication terminal 120 is wirelessly transmitted (S320). When the authentication processing of the password or the password is passed in the mobile communication terminal 120, A screen for asking the user whether the security program is executed on the mobile communication terminal 120 is displayed (S330)

At this time, when the user presses the accept button, the security program on the mobile communication terminal 120 is executed, and a password and an authentication code are generated and transmitted to the authentication server 130 (S340)

When the authentication procedure is completed, the authentication server 130 transmits the processing result to the service provider server 140 through the Internet network. The service provider server 140 again transmits a password to the user terminal 110 send. At this time, since the user simply selects the accept or reject button, the password need not be input again to the web login page (S350)

Here, if the user clicks the accept button on the screen on the user terminal 110, the service can finally be accessed and the service can be freely used (S360)

Although the present invention has been described in connection with the specific embodiments of the present invention, it is to be understood that the present invention is not limited thereto. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents. Various modifications and variations are possible.

1 is a block diagram illustrating a configuration of a user authentication system including a service provider server, a user terminal, a mobile communication terminal, and an authentication server according to an embodiment of the present invention.

2 is a flowchart of a user authentication method according to an embodiment of the present invention;

3 is a flow chart of an actual web page screen and a method of authenticating a user on an actual mobile communication terminal according to an embodiment of the present invention.

DESCRIPTION OF THE REFERENCE NUMERALS OF THE DRAWINGS FIG.

110: User terminal

120: Mobile communication terminal

130: authentication server

140: Service Provider Server

Claims (9)

A user authentication system using a mobile communication terminal, A service provider server having a security program for providing a service to the user via a wired or wireless Internet web site according to the authentication result of the authentication server and generating a password and an authentication code; A user terminal using the service provided by the service provider server, downloading and executing the security program from the service provider server, generating a password or a password when the security program is executed, and transmitting the generated password or password to the mobile communication terminal; The security program can be downloaded from the service provider server or the user terminal and executed. When the user terminal is authenticated upon receiving the password or the password from the user terminal, the security program is executed to generate a password and an authentication code, A mobile communication terminal for transmitting to a server; And And an authentication server for executing authentication processing based on the encryption and authentication code received from the mobile communication terminal and for providing the result of the authentication processing to the service provider server The method according to claim 1, Wherein the security program has an OTP (One-Time Password) function. The method according to claim 1, Wherein the user terminal comprises a PDA (Personal Digital Assistants), a notebook PC, and a desktop PC. The method according to claim 1, Wherein the mobile communication terminal comprises a personal digital assistant (PDA) equipped with a personal communication service terminal (PCS), a cellular phone, a smart phone, and a mobile communication module capable of bidirectional data communication. The method according to claim 1, The mobile communication terminal may further include: And a payment system access program. The method according to claim 1, Wherein the mobile communication terminal includes an item sale system access program that can be operated together with the security program, delete delete delete

Images