KR101749304B1 - Method and server for improving security of password authentication - Google Patents
Method and server for improving security of password authentication Download PDFInfo
- Publication number
- KR101749304B1 KR101749304B1 KR1020160027191A KR20160027191A KR101749304B1 KR 101749304 B1 KR101749304 B1 KR 101749304B1 KR 1020160027191 A KR1020160027191 A KR 1020160027191A KR 20160027191 A KR20160027191 A KR 20160027191A KR 101749304 B1 KR101749304 B1 KR 101749304B1
- Authority
- KR
- South Korea
- Prior art keywords
- user terminal
- string
- password
- input
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
According to an embodiment of the present invention, there is provided an authentication method for performing a password authentication process consisting of N digits, the authentication method comprising the steps of: (a) performing N character string mapping indicating a mapping relationship between each numeric value, Creating a table; (b) transmitting the N character string mapping tables to a user terminal; (c) receiving, from the user terminal, N strings each mapped in the N string mapping tables for N numeric values input by the user in order; And (d) extracting the numerical value entered by the user from the received string.
Description
The present invention relates to a password authentication security improvement method and server, and more particularly, to a method and server for improving security of password authentication by mapping different strings according to an input order.
With the development of the Internet infrastructure and the financial transaction infrastructure, user authentication has become a very important issue for financial transactions and website access.
In particular, phishing has recently been used as a means of obtaining phishing, such as obtaining personal financial transaction information (for example, an authentication number or credit card number, account information, etc.) (Pharming) which steals personal information such as personal ID, password, account information, etc., from a user's keyboard or the like (For example, a personal ID, a password, account information, etc.) to be hacked by a user, and the like are becoming a problem, and a safer and more efficient method for financial transactions is sought.
On the other hand, in a recent customer wireless terminal, in order to authenticate the validity of the financial transaction in a predetermined financial transaction (payment and / or bill delivery, etc.) in connection with the connected financial transaction means, Procedures are in progress.
However, due to the nature of the information and communication technology, the password for the financial transaction transmitted through the network may be hacked, stolen, lost or abused, thereby preventing hacking, theft or loss for a safer and more reliable financial transaction, It is necessary to improve the security so that the password can not be easily guessed and stolen even if it is stolen or lost.
SUMMARY OF THE INVENTION The present invention has been made to solve the above-mentioned problems of the conventional art, and it is an object of the present invention to prevent an easy password leakage due to hacking or the like by mapping each numeric value of a password to a character string in accordance with an input sequence.
It is another object of the present invention to further enhance security by transmitting and receiving an encrypted string between a user terminal and an authentication server.
Yet another object of the present invention is to prevent a leakage of mapping information in advance by generating a new mapping table every time a password authentication request is made.
According to another aspect of the present invention, there is provided an authentication method for performing a password authentication process comprising N (N is a natural number) number, comprising the steps of: (a) Generating N character string mapping tables representing mapping relationships between each numeric value that can be configured and an arbitrary string; (b) transmitting the N character string mapping tables to a user terminal; (c) receiving, from the user terminal, N strings each mapped in the N string mapping tables for N numeric values input by the user in order; And (d) extracting the numerical value entered by the user from the received string.
The step (b) comprises transmitting one string mapping table before each numerical value is entered by the user.
And encrypting all the strings in the string mapping table after step (a), wherein (b) transmits N encrypted string mapping tables to the user terminal, and (c) And N encrypted strings respectively mapped in the N encrypted string mapping tables are received from the user terminal.
And (c) decrypting the encrypted character string after the step (c).
In the step (d), a character string received from the user terminal is converted into a corresponding numerical value according to the N character string mapping table in consideration of a user input sequence, and a value input to the user terminal is extracted A password authentication security method is provided.
Before the step (b), randomly combining one or more characters to generate the strings.
And configuring a keypad array in which the numeric values are randomly arranged after the step (a), and transmitting the keypad array to the user terminal.
According to another embodiment of the present invention, there is provided an authentication server for performing a password authentication process comprising N (N is a natural number) number, wherein each of the numeric values configurable by the password is mapped to an arbitrary string A character string mapping table generation unit for generating N character string mapping tables indicating a relationship and transmitting N encrypted string mapping tables to a user terminal; A string encryption unit for encrypting a string of the N character string mapping tables; A communication unit for receiving, from the user terminal, an encryption string corresponding to a value input to the user terminal according to the encrypted string mapping information; A character string decryption unit for decrypting the encrypted character string received from the user terminal; And an input value extracting unit for extracting a value input to the user terminal from the character string received from the user terminal.
And a user information DB in which user information including card information of a user and a password set by the user are stored.
And an authentication unit that determines whether a value input to the user terminal extracted from the input value extracting unit matches the pre-stored password.
According to the embodiment of the present invention, the numerical value of the password is mapped to the character string by reflecting the input order, so that even if one mapping information is leaked by hacking or the like, information on the entire password can be prevented from being leaked.
According to an embodiment of the present invention, security can be further enhanced by encrypting a string transmitted and received between the user terminal and the authentication server.
According to an embodiment of the present invention, a new mapping table may be generated every time a password authentication request is made so that mapping information is not leaked in advance.
It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.
1 is a configuration diagram of a password authentication security system according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of an authentication server according to an embodiment of the present invention.
FIG. 3 is a flowchart illustrating a password authentication security improvement method according to an exemplary embodiment of the present invention. Referring to FIG.
4 is a flowchart illustrating a password authentication security improvement method according to another embodiment of the present invention, according to the flow of time.
FIG. 5 is a table showing a table in which a numerical value according to an input order is mapped to a character string according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as "comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a configuration diagram of a password authentication security system according to an embodiment of the present invention.
Referring to FIG. 1, the password authentication security system may include a
First, the communication network can be configured without regard to its communication mode such as wired and wireless. A local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), and the like. Preferably, the communication network according to one embodiment may be implemented as a WWW (World Wide Web).
The
According to the embodiment of the present invention, when the
The
The
That is, even the same numeric value is mapped to a different character string depending on how many digits are located in the order of constructing the password.
The
In addition, the
That is, when a password authentication request is received from the
In addition, the
2 is a block diagram illustrating a configuration of an
2, the
The keypad
The keypad array means that the numeric values 0 to 9 are arranged on the keypad of the screen of the
The keypad
Depending on the shape of the keypad, the types of coordinates that can place each numerical value in the keypad
For example, when the keypad of
The keypad
The character string
According to one embodiment, the string mapping
According to the embodiment of the present invention, the string mapping
For example, if the
Generally, if the password is composed of N numeric values (N is a natural number), that is, N digits, the character string mapping
According to another embodiment of the present invention, the N character mapping tables may be transmitted to the user terminal at the time of requesting the password authentication. Alternatively, the N character mapping tables may be sequentially transmitted one by one, .
As described above, according to the embodiment of the present invention, by configuring different mapping information according to the input order of each numeric value, even if a certain number of mapping strings are leaked out, the entire password can not be extracted, Security can be improved.
The string mapping
At this time, according to the embodiment of the present invention, when receiving the password authentication request from the
The
The
When the
Accordingly, when there is an input of a password in the
Since the string combination is made up of an encrypted string in the password authentication process between the
DES (Data Encryption Standard) cipher algorithm is a typical symmetric cipher system, which is a block cipher system which can make a 64-bit plain text into a 64-bit cipher text by using a 56-bit secret key. It is a scheme that repeats DES three times in a proposed way as an alternative to the vulnerability caused by having a short key length of bits. The Advanced Encryption Standard (AES) is one of the symmetric encryption schemes, and is an encryption algorithm specified by the international standard. The symmetric encryption scheme refers to an encryption algorithm or scheme that uses the key used in the encryption process and the key used in the process of decrypting the password.
The character
By decoding the string encrypted by the
The input
The
According to the embodiment of the present invention, since the string is mapped by reflecting the number of digits constituting the password, that is, the input order, the input
The
The
If it is confirmed that the value input to the
The
The
FIG. 3 is a flowchart illustrating a password authentication security improvement method according to an exemplary embodiment of the present invention. Referring to FIG.
First, when the
The
The strings that are mapped to different numbers are configured differently, and even in the case of the same numeric value, the character string mapped to each numeric value is mapped to a different character string according to the input order of the digits constituting the password.
Thereafter, the
The
When the password input screen where each numeric value is located is displayed according to the keypad array received from the
In step S360, the
The
The
If the input value matches the registration password, the
4 is a flowchart illustrating a password authentication security improvement method according to another embodiment of the present invention, according to the flow of time.
When the
At this time, the
Strings mapped to different numbers are configured differently, and even in the case of the same numeric value, a character string mapped to each numeric value is mapped to a different character string according to the input order.
The
The
When a password input screen in which each numeric value is located according to the keypad array received from the
In step S460, the
When the first encryption string is received, the
If the second input corresponding to the second secret number is performed in step S480, the
When the second encryption string is received, the
Although FIG. 4 shows a case where the password is composed of three digits for convenience of explanation, the password according to the embodiment of the present invention may be composed of two or more numerical values without regard to the number of digits.
Therefore, if the password is four digits, the process of S440 to S460 is repeated four times. If the password is six digits, the above process may be repeated six times.
When all the numeric values of the password are input and all the encryption strings to be mapped are transmitted, the
FIG. 5 is a table showing a table in which a numerical value according to an input order is mapped to a character string according to an embodiment of the present invention.
Referring to FIG. 5, it can be seen that a mapping string for a numerical value of 0 to 9 is shown.
The mapping of such a string is performed according to the input order for each place of the password, and in the case of FIG. 5, a string mapping table for the six-digit password is shown.
For example, as shown in the right user input numeric value table of FIG. 5, when the password is set to '133242', a numeric value of 1 corresponding to the first input order is 'dsfsfsfe' The mapping string for the
As described above, even in the case of the same numerical value, the
Therefore, the
As described above, according to the embodiment of the present invention, a different character string is mapped according to the input order, whereby the password can be prevented from being leaked by hacking or the like, and the security of the password authentication can be improved.
It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.
100: User terminal
200: authentication server
210: Keypad array generating unit
220: String mapping table creation unit
230: string encryption unit
240: String decoding unit
250: input value extracting unit
260: User information DB
270:
280:
290:
Claims (10)
(a) a mapping table indicating a mapping relationship between each numeric value and each string that can constitute each digit of the password, wherein the mapping table has N strings Generating a mapping table;
(b) transmitting the N character string mapping tables to a user terminal;
(c) receiving from the user terminal, N strings mapped in each of the N character mapping tables, for N numeric values input by the user in order; And
(d) extracting the numerical value entered by the user from the received string.
The step (b)
And transmitting one string mapping table before a numerical value of each digit constituting the password is input by a user.
After the step (a)
Further comprising encrypting all strings in the string mapping table,
In the step (b), N encrypted string mapping tables are transmitted to the user terminal,
Wherein the step (c) comprises receiving, from the user terminal, N encrypted strings respectively mapped in the N encrypted string mapping tables.
After the step (c)
And decrypting the encrypted string.
The step (d)
Wherein the character string received from the user terminal is converted into a numeric value corresponding to the N character string mapping table in consideration of a user input sequence and a value input to the user terminal is extracted.
Before the step (b)
Randomly combining one or more characters to generate the strings.
After the step (a)
Configuring a keypad array in which the numeric values are randomly arranged, and transmitting the keypad array to the user terminal.
A mapping table that indicates a mapping relationship between each of the numeric values that can constitute each digit of the password and an arbitrary character string and includes N character mapping tables having different mapping relationships between the numeric values and the character strings per digit of the password, And transmits N encrypted string mapping tables to the user terminal;
A communication unit for receiving, from the user terminal, N strings mapped in each of the N character mapping tables for N numeric values sequentially input to the user terminal; And
And an input value extracting unit for extracting a value input to the user terminal from a character string received from the user terminal.
And a user information DB storing user information including card information of a user and a password set by the user.
And an authentication unit that determines whether a value input to the user terminal extracted from the input value extracting unit matches the pre-stored password.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160027191A KR101749304B1 (en) | 2016-03-07 | 2016-03-07 | Method and server for improving security of password authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160027191A KR101749304B1 (en) | 2016-03-07 | 2016-03-07 | Method and server for improving security of password authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101749304B1 true KR101749304B1 (en) | 2017-06-20 |
Family
ID=59281542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160027191A KR101749304B1 (en) | 2016-03-07 | 2016-03-07 | Method and server for improving security of password authentication |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101749304B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111262645A (en) * | 2019-10-21 | 2020-06-09 | 上海百事通信息技术股份有限公司 | Data transmission method, device, storage medium and terminal |
CN113779554A (en) * | 2021-09-01 | 2021-12-10 | 中国银行股份有限公司 | Information encryption transmission method, device and related equipment |
-
2016
- 2016-03-07 KR KR1020160027191A patent/KR101749304B1/en active IP Right Grant
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111262645A (en) * | 2019-10-21 | 2020-06-09 | 上海百事通信息技术股份有限公司 | Data transmission method, device, storage medium and terminal |
CN111262645B (en) * | 2019-10-21 | 2023-07-18 | 上海百事通信息技术股份有限公司 | Data transmission method, device, storage medium and terminal |
CN113779554A (en) * | 2021-09-01 | 2021-12-10 | 中国银行股份有限公司 | Information encryption transmission method, device and related equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11516201B2 (en) | Encryption and decryption techniques using shuffle function | |
US11882220B2 (en) | Multi-tenant data protection in a centralized network environment | |
US9258296B2 (en) | System and method for generating a strong multi factor personalized server key from a simple user password | |
US20180198774A1 (en) | Method for authenticating a user via a non-secure terminal | |
CN107733656A (en) | A kind of cipher authentication method and device | |
EP3407565B1 (en) | Device authentication | |
Nyang et al. | Keylogging-resistant visual authentication protocols | |
EP3230917B1 (en) | System and method for enabling secure authentication | |
US20160127134A1 (en) | User authentication system and method | |
US9768959B2 (en) | Computer security system and method to protect against keystroke logging | |
KR101754017B1 (en) | Method and server for improving security of password authentication by double mapping | |
JP6701359B2 (en) | Dynamic graphical password-based network registration method and system | |
CN111047305A (en) | Private key storage and mnemonic method for encrypted digital currency wallet based on digital watermarking technology | |
ES2758706T3 (en) | Methods and systems for the secure transmission of identification information through public networks | |
KR101749304B1 (en) | Method and server for improving security of password authentication | |
KR101832815B1 (en) | Method and server for improving security of password authentication by real-time mapping | |
US10445510B2 (en) | Data checking apparatus and method using same | |
KR100828558B1 (en) | The financial system and the method which create a variable height arrangement | |
KR101808313B1 (en) | Method of encrypting data | |
US20200084035A1 (en) | Transmission and reception system, transmission device, reception device, method, and computer program | |
CN114640526B (en) | Commercial cipher algorithm-based web application data encryption technology implementation method and system | |
EP3979556B1 (en) | Electronic communication device for performing an authentication operation | |
KR101684905B1 (en) | User authentication device for multi-authenticating by using fingerprint, security key and wireless tag | |
Sarang et al. | A Secured Two-Factor Authentication Protocol for One-Time Money Account | |
JP2015230724A (en) | Transaction system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |