KR101961714B1 - Service providing system and method for security based on multi-channel authentication with user equipment, and non-transitory computer readable medium having computer program recorded thereon - Google Patents

Abstract

The present invention relates to a system and a method for providing a security service based on multi-channel authentication with a user terminal, and a nonvolatile recording medium having a computer program recorded thereon and, more specifically, to a system and a method for providing a security service based on multi-channel authentication with a user terminal, and a nonvolatile recording medium having a computer program recorded thereon which supply one-time authentication information to a user terminal via a mobile communication network, and support to allow a sender transmitting one-time authentication information to be authenticated by a user to increase security during authentication via a plurality of channels receiving one-time authentication information from the user terminal via a data network to perform authentication. The present invention supports to allow authentication using a plurality of different channels for a user by a server providing a specific service and authentication of a user for a server processing user authentication to prevent one-time authentication information for authentication of the user from being seized in a transmission process by authentication between a service provider and a service user, and supports to allow an authentication process using an MT service-based special code which is difficult to forge by a server to prevent a hacker from fabricating a sender to induce a user and prevent access of a user for an unauthenticated server depending on whether a special code is used to greatly improve security.

Description

[0001] The present invention relates to a system and method for providing a multi-channel authentication-based security service with a user terminal, and a non-volatile recording medium in which a computer program is recorded having computer program recorded thereon}

The present invention relates to a system and method for providing a multi-channel authentication-based security service with a user terminal, and a nonvolatile recording medium on which a computer program is recorded. More particularly, A plurality of channels, each of which is connected to a user terminal so that a source transmitting one-time authentication information is authenticated by a user upon authentication through a plurality of channels for receiving the one-time authentication information from the user terminal through the network, An authentication-based security service providing system and method, and a nonvolatile recording medium on which a computer program is recorded.

Currently, various security services for user authentication are inevitably installed and serviced in various services such as web services and application-based services. In addition to the development of hacking technologies, various authentication methods for improving the vulnerability of such security services have appeared have.

Accordingly, a user authentication method using two-channel authentication has been developed by improving the security problem caused by the existing single-channel authentication, in which information is easily captured only by one-time hacking. It is intended to lower the risk of hacking by performing authentication.

When two channels are used, the security is higher than when a single channel is used. However, since the hacking technique has recently become more sophisticated and intelligent, the reliability of the authentication method has been lowered.

In particular, since the existing two-channel authentication method relies on only the authentication process provided by the user and performs no authentication by the user during the authentication process, There is a case where a user creates a phishing site and accesses the phishing site with the authentication information provided by the hacker, thereby relieving the security information and requesting the security information. In this case, the damage to the user is continuously increased It is true.

Korean Patent Laid-Open No. 10-2000-0017997 [Title of the invention: System and method for user authentication for internet electronic commerce using wireless communication terminal]

The present invention provides a service providing server that supports a plurality of different channels for a user to authenticate a user to a server requesting authentication, It is an object of the present invention to prevent security information from being stolen by connecting to an unauthorized server, and to enhance security for multi-channel authentication.

It is another object of the present invention to provide a security service that can enhance security without increasing the number of operations required by a user in an existing multi-channel authentication process.

A method for providing a multi-channel authentication-based security service with a user terminal of a security service providing system including a first server and a second server communicating with a user terminal according to an embodiment of the present invention through a different communication network, An authentication request step of receiving user identification information from the user terminal connected to the data network and transmitting authentication request information including terminal information on the user terminal corresponding to the user identification information, And the second server transmits special information on a randomly selected special number in a special list preset in correspondence with the authentication request information to the first server, generates authentication information corresponding to the authentication request information, The terminal transmits the text message including the authentication information and using the special number as the calling number A storing step of transmitting the authentication information through the mobile communication network and matching the authentication information with the terminal information together with the terminal information and storing the response request information including the special information and requesting the authentication information, Transmitting the response information including the authentication information received from the user terminal to the second server in response to the response request information, and transmitting the response information to the second server, And an authentication completion step of comparing the authentication information with the authentication information previously generated corresponding to the response information, authenticating the user according to whether the authentication information matches the authentication information, and transmitting the authentication result information to the first server.

As an example related to the present invention, the authentication information may be OTP information.

In the authentication request step, the first server may generate the authentication request information upon user authentication based on the user identification information.

In one embodiment of the present invention, a method for providing a security service includes allowing the first server to access the user terminal to the first server according to the authentication result information upon receiving the authentication result information after the authentication completion step And further comprising:

In one embodiment of the present invention, the first server is configured as a web server, and the second server is configured as an authentication server.

As an example related to the present invention, the text message may be transmitted through an MT service.

According to an embodiment of the present invention, in the transmitting step, the first server requests one or more digit codes selected from the authentication information composed of a plurality of digits to the user terminal through the response request information have.

When receiving the authentication request information for user authentication from the first server communicating with the user terminal connected to the first server according to another embodiment of the present invention through the data network, Wherein the second server transmits the authentication request information to the second server and the user terminal of the one server via the second server, And transmits a special message corresponding to the randomly selected special number to the first server, generates a text message including the one-time authentication information and using the special number as a calling number, And transmits the one-time authentication information together with the special information to the terminal, And the first server transmits response request information for requesting the authentication information including the special information to the user terminal so that the special information is displayed on the user terminal And a second server for receiving response information including the one-time authentication information from the user terminal in response to the response request information, And authenticating the user according to whether the one-time authentication information is identical to the one-time authentication information included in the response information through mutual comparison.

As an example related to the present invention, a method of providing a security service may be configured such that an application unit configured in the user terminal sends a special message including a source number of a text message received from the first server and special information included in response request information received from the second server And generates the response information including the one-time authentication information according to a user input through the interface, and transmits the response information to the first server The method comprising the steps of:

A computer-readable nonvolatile recording medium on which the program according to the embodiment of the present invention is recorded may be stored with a computer program for performing the method according to the above-described embodiment.

A multi-channel authentication-based security service providing system with a user terminal including a first server and a second server for communicating with a user terminal according to an embodiment of the present invention through a communication network different from the user terminal comprises: And transmits authentication request information including terminal information on the predetermined user terminal corresponding to the user identification information to the second server, and transmits the authentication request information to the second server in response to the authentication request information And generates response request information for requesting the authentication information, and transmits the response request information to the user terminal so that the response request information is displayed on the user terminal. In response to the response request information, response information including the authentication information A first server for transmitting to the second server upon receipt, Matching the randomly selected special number with the terminal information, transmitting the special information on the special number to the first server, generating the authentication information corresponding to the authentication request information And transmitting a text message including the authentication information and having the special number as a calling number to the user terminal and transmitting authentication information included in the response information received from the first server and the terminal information corresponding to the response information And a second server for comparing the authentication information matched and stored in advance and authenticating the user according to whether the authentication information matches or not, and transmitting authentication result information to the first server.

In the present invention, a server providing a specific service not only supports authentication using a plurality of different channels for a user but also supports authentication of a user with respect to a server processing user authentication, And prevents the hacker from manipulating the source and guiding the user by supporting the authentication process using the special service which is difficult for the user to falsify based on the MT service in the server At the same time, according to whether or not a special use is made, the user is prevented from accessing the unauthorized server in advance, thereby greatly improving the security.

In addition, the present invention provides a server having a special list including a plurality of different specials, and each time a terminal of a user connects to a server, the server transmits a one-time authentication information to the terminal, And the one-time authentication information is transmitted from the server to the user terminal through the MT service, so that the hacker can support the one who can not grasp the channel through which the one-time authentication information is transmitted, It has an effect of greatly improving the property.

In addition, the present invention provides a one-time authentication information that is difficult to be falsified in a two-channel authentication process of inputting one-time authentication information received from a server to a user terminal through a second channel and transmitting the one- And authentication of the server requesting the one-time authentication information to be performed at the user terminal, thereby preventing the user from easily accessing the unauthorized server, and in contrast to the existing two-channel authentication process It is effective to increase the security without increasing the operation of another user.

1 is a configuration diagram of a multi-channel authentication-based security service providing system with a user terminal according to an embodiment of the present invention;
2 is a diagram illustrating a user authentication process of a web server in a multi-channel authentication-based security service providing system with a user terminal according to an embodiment of the present invention.
FIG. 3 is a diagram illustrating an example of a user authentication process by interworking a web server and an authentication server in a multi-channel authentication-based security service providing system with a user terminal according to an exemplary embodiment of the present invention;
4 is a view illustrating an automatic verification and authentication process for a source and a server in a user terminal according to an embodiment of the present invention;
5 is a flowchart illustrating a method for providing a security service based on a multi-channel authentication with a user terminal according to an embodiment of the present invention.

It is noted that the technical terms used in the present invention are used only to describe specific embodiments and are not intended to limit the present invention. In addition, the technical terms used in the present invention should be construed in a sense generally understood by a person having ordinary skill in the art to which the present invention belongs, unless otherwise defined in the present invention, Should not be construed to mean, or be interpreted in an excessively reduced sense. In addition, when a technical term used in the present invention is an erroneous technical term that does not accurately express the concept of the present invention, it should be understood that technical terms that can be understood by a person skilled in the art can be properly understood. In addition, the general terms used in the present invention should be interpreted according to a predefined or prior context, and should not be construed as being excessively reduced.

Furthermore, the singular expressions used in the present invention include plural expressions unless the context clearly dictates otherwise. The term "comprising" or "comprising" or the like in the present invention should not be construed as necessarily including the various elements or steps described in the invention, Or may further include additional components or steps.

Furthermore, terms including ordinals such as first, second, etc. used in the present invention can be used to describe elements, but the elements should not be limited by terms. Terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or similar elements throughout the several views, and redundant description thereof will be omitted.

In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. It is to be noted that the accompanying drawings are only for the purpose of facilitating understanding of the present invention, and should not be construed as limiting the scope of the present invention with reference to the accompanying drawings.

When the user accesses the first server 100 through the data network using the first terminal and logs in, the server generates one-time authentication information and transmits the one-time authentication information to the second terminal of the user, 2 terminal and receives the one-time authentication information displayed on the screen of the second terminal through the first terminal and transmits the one-time authentication information previously generated on the server side and the one-time authentication information received from the second terminal And may have a multi-channel authentication configuration that authenticates the user by mutual comparison.

Recently, a user terminal 10 such as a smart phone supporting both a data network and a mobile communication network has appeared. Accordingly, the present invention can be configured to support a two-channel authentication configuration with a server in a single user terminal 10 .

Accordingly, the present invention performs the above-described multi-channel authentication process of transmitting the one-time authentication information through the data network of the first channel after receiving the one-time authentication information from the single user terminal 10 through the mobile communication network of the second channel After the user confirms the text message and inputs all or a part of the one-time authentication information through the user terminal 10 and transmits the information through the data network, after receiving the one-time information input by the user on the server side, It is possible to authenticate the user by verifying all or a part of the authentication information, and to allow the authenticated user to access the server to which the user terminal 10 is connected, and to use various services provided by the server.

At this time, in most cases, the user believes that the authentication number has been received from the authenticated origin because the user does not know the telephone number of the originating originating the authentication number.

Accordingly, in the multi-channel authentication method, when a service provider providing a service to a user is a hacker, a phishing site that imitates a site of a legitimate service provider is opened, and a phishing site, which is not a legitimate service provider, The user has to pass the authentication number and input the authentication number. Thus, there is a risk that the user is required to input security information after deceiving the user.

Therefore, the present invention utilizes a special number so that the user can clearly identify the originator (or originator) of the authentication information that does not have a current verification method, in order to prevent such a danger from the source and to solve the problem of the multiple channel authentication method.

These specials (special numbers or special numbers) are used for MO and MT services and are specifically granted only to authorized servers by MO and MT service providers, so that even if a hacker seizes these specials, The user can easily confirm whether the server is authenticated through the special number as well as the source can be blocked so that the seized special number can not be used.

Accordingly, the present invention utilizes the special number as a transmission / reception channel of the authentication information and at the same time as the authentication means of the server, so that the user can confirm whether or not the server is authenticated through special confirmation, (Or telephone number) of the special number is provided to the terminal of the user connected to the server corresponding to the special number, and the special number and the one-time authentication information provided from the server requesting the one- The user is authenticated to the server through verification based on mutual comparison of the transmitted origin, and by inducing the user to transmit the one-time authentication information upon completion of the authentication of the user to the server, authentication User is connected to a server that is not connected It may be configured to fundamentally prevent that.

In addition, the present invention provides a system and method for supporting a random change in a random number of a source that sends a one-time authentication information requested by a server every time a user accesses a server of a legitimate service provider through the terminal, The reliability can be increased.

To this end, the present invention provides a plurality of specials (for example, # 1234) for using the MO and MT services on the server side or one or more specials allocated to the server by n more digits Extension # 123456), it is possible to increase the number of available specials, and to support a random selection of the server's side of the originating party transmitting the one-time authentication information every time the user is authenticated.

1 is a configuration diagram of a multi-channel authentication-based security service providing system with a user terminal 10 according to an embodiment of the present invention. Referring to FIG. 1, As shown in the figure, the first server 100 and the second server 200 may communicate with each other through a communication network different from the user terminal 10.

At this time, the first server 100 and the second server 200 can communicate with each other through a communication network, and can communicate with each other through a wired connection.

It goes without saying that any one of the first server 100 and the second server 200 may be included in the other.

In addition, a multi-channel authentication-based security service provision system with the user terminal 10 may be implemented by a larger number of components than the components shown in FIG. 1, and a plurality A channel authentication based security service providing system may be implemented.

The user terminal 10 described in the present invention may be a smart phone, a portable terminal, a mobile terminal, a personal digital assistant (PDA), or the like, which supports both communication using a data network and communication using a mobile communication network A personal digital assistant (PDA), a portable multimedia player (PMP) terminal, a telematics terminal, a navigation terminal, a slate PC, a tablet PC, a wearable device, For example, various terminals such as a smartwatch, a smart glass, and a head mounted display (HMD), a flexible terminal, and the like can be applied.

The communication network described in the present invention may include a wired / wireless communication network. Examples of the wireless communication network include a wireless LAN (WLAN), a digital living network alliance (DLNA), a wireless broadband (Wibro) (WIMAX), Global System for Mobile communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice- Data Only), WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), IEEE 802.16, Long Term Evolution (LTE) Advanced, Wideband Wireless Mobile Broadband Service (WMBS), Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, Near Field Communication (NFC), second (UC), Visible Light Communication (VLC), Wi-Fi, and Wi-Fi Direct. The wired communication network may be a wired LAN, a wired WAN, a power line communication (PLC), a USB communication, an Ethernet, a serial communication, Cables and the like.

As described above, the user terminal 10 supports both communication via the data network and the mobile communication network, and includes a wired LAN, a wired wide area network (WAN), a power line communication (PLC) , USB communication, Ethernet, serial communication, optical / coaxial cable communication, wireless LAN (WLAN), DLNA (Digital Living Network Alliance), Wireless Broadband (Wibro), WiMAX And may be configured to communicate with the first server 100 via wired and wireless data networks such as Interoperability for Microwave Access (WIMAX), Wi-Fi, Wi-Fi Direct, and the like.

In addition, the user terminal 10 may be a GSM (Global System for Mobile communication), a Code Division Multi Access (CDMA), a Code Division Multi Access 2000 (CDMA2000), an Enhanced Voice-Data Optimized or Enhanced Voice- WCDMA, HSDPA, HSUPA, IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE) And may communicate with the second server 200 through a mobile communication network such as a wireless mobile broadband service (WMBS).

According to the above-described configuration, the present invention is configured such that the first and second servers 100 and 200 communicate with each other through a communication network of a different type from the user terminal 10 held by the user, (Or channel dispersion).

The first server 100 may be configured as a web server 100 for providing a web service and a plurality of web servers 100 registered through a web site provided by the web server 100 And member DB 101 in which different user-specific member information is stored.

The member information may include the user's name, contact information, address, terminal information for the user terminal 10, and login information (e.g., member ID and password (password)). At this time, the terminal information may include an MDN (Mobile Directory Number), a mobile IP, a mobile MAC, a SIM (subscriber identity module) card unique information, a serial number, and the like.

In addition, some of the information stored in the member information may be set as user identification information, and the user identification information may be used as information for user authentication in at least one of the first server 100 and the second server 200 have.

In addition, the second server 200 accesses the first server 100 in order to use the web service provided by the first server 100 and transmits the user identification information to the normal server 100, And an authentication server 200 for authenticating whether or not the authentication is performed.

Also, the first server 100 and the second server 200 may be implemented in the form of a web server, a database server, a proxy server, or the like. In addition, the first server 100 and the second server 200 may be provided with at least one of a network load balancing mechanism, various software for allowing the server to operate on the Internet or another network, System. The network may also be an http network, a private line, an intranet or any other network. Furthermore, the connection between the first server 100 and the second server 200 and the user terminal 10 can be connected to the secure network so that the data is not attacked by any hacker or other third party. In addition, the first server 100 and the second server 200 may include a plurality of database servers, which may be connected to the first server 100 through any type of network connection, including a distributed database server architecture. And the second server 200 may be separately connected.

Based on the above-described configuration, the first server 100 can receive the user identification information from the user terminal 10 connected to the first server 100 through the data network.

At this time, the first server 100 may store data related to a web site for providing a web service, and the web site may be composed of a plurality of web pages.

The plurality of web pages may include a landing page, a login related web page, a product page by product, a payment page, a purchasing history related purchase management page corresponding to the user, a content providing page for providing various contents, and the like .

Accordingly, the user terminal 10 can access the web site provided by the first server 100, receive the web page included in the corresponding web site, and receive the web page based on the user input through the received web page User identification information may be generated and transmitted to the first server 100 through the data network.

At this time, the user terminal 10 may transmit the corresponding user identification information as log-in information.

The first server 100 compares the user identification information according to the member information stored in the member DB 101 and the user identification information received from the user terminal 10 upon receiving the user identification information, You can authenticate.

At this time, when the first server 100 authenticates the user only with the user identification information, when the user identification information is hacked, the user is easily impersonated to use the web service, and there is a risk that the user's personal information is leaked do.

Accordingly, even if the user authentication is successfully performed on the basis of the user identification information, the first server 100 maintains a state of blocking access to other web pages configured on web sites other than the currently accessed web page, The connection state of the user terminal 10 can be set to a standby state in which the user terminal 10 is kept in a blocked state so as not to log in to the user-related account registered in advance in the first server 100.

In addition, when the user authentication of the user terminal 10 is completed, the first server 100 accesses the first server 100 and transmits the user identification information to the first server 100, (Or membership information) to allow access to the first server 100 only to the normal user having the login authority, and to block the connection of the abnormal user who masquerades as the user by seizing the user identification information of the user The user connected to the second server 200 through the user terminal 10 can be authenticated through another channel different from the data network.

To this end, the first server 100 includes terminal information for the user terminal 10 set in advance in the user-related member information of the member DB 101 corresponding to the user identification information upon completion of user authentication based on the user identification information And transmits the generated authentication request information to the second server 200.

At this time, the first server 100 may generate authentication request information only when the user is authenticated by comparing the user identification information with the preset user's membership information.

On the other hand, the second server 200 extracts the terminal information included in the authentication request information upon receipt of the authentication request information, extracts the terminal information from the plurality of different specials included in the preset list for MT (Mobile Terminated) A random number can be selected for use in authentication.

In this case, the MT (Mobile Terminated) service described in the present invention is a service for relaying a text message transmitted from the second server 200 to be transmitted to the user terminal 10, and in order to use the corresponding MT service, And can receive a text message transmitted from the second server 200 at the user terminal when the second server 200 transmits the text message.

That is, there are MO (Mobile Originated) and MT (Mobile Terminated) in the text message transmission mode, MO denotes a text message generated from the user terminal, and MT denotes a text message generated in the server.

In addition, a service transmitted from a mobile communication terminal to a server is referred to as an MO service in transmitting / receiving a message between a user's mobile communication terminal and a server, and conversely, a service transmitted from a server to a mobile communication terminal is referred to as an MT service.

In this MT service, in order to transmit a message from a specific server to a mobile communication terminal, a special number ("special" in the present invention) When a message is transmitted from a specific server to a mobile communication terminal, the caller is transmitted with a special message assigned to the specific server. As a result, the message relayed from the server corresponding to the special message is transmitted to the mobile communication terminal .

In other words, the second server 200 of the present invention transmits a message related to user authentication based on the MT service using the special service, so that the second server 200, which transmits a message using the special service, Not only can the user be able to identify and determine that the server is authenticated by the service provider of the first server 100 that provides the MT service and the MT service provider (e.g., mobile communication company) that provides the MT service, Since the special pattern (or format) given by the MT service provider is different from the pattern of the normal telephone number, the user can easily distinguish the ordinary telephone number and the special number.

Accordingly, in the present invention, information for user authentication is provided by using a special number assigned in the MT service during the user authentication process, so that the special service based on the MT service can not be used, An unauthorized server providing an illegal web site such as a phishing site that provides an unauthorized web site such as a phishing site providing a user can easily distinguish the unauthorized server through a special use of a message originator and prevent access to the unauthorized server.

Also, although the MO and MT services are provided based on the mobile communication network provided by the mobile communication company, the relay service server for the separate MO and MT services exists in the mobile communication network and relays the corresponding SMS messages based on the MO and MT services .

Accordingly, the second server 200 may set a special list including a plurality of different specials in advance in the second server 200 in order to transmit a text message to the user terminal 10 through the MT service.

At this time, the mobile communication company may provide MO and MT services by setting a plurality of different specials corresponding to the second server 200, and the second server 200 may provide MO and MT services from the MO and the MT service provider A special list including a plurality of different specials is generated by expanding the assigned special number of the predetermined multiple digits by a predetermined number of digits, and is set in the relay service server or the mobile communication company server of the corresponding MO and MT service provider, Multiple different specials included can be used for MT and MO services. For example, if the second server 200 is assigned # 1234 as a special number, the special number of special digits is extended by 2 digits to generate a special list including a plurality of different special numbers such as # 123411 and # 123412, A special list can be registered with the service server of the MO and MT service providers and the specials of the corresponding special list can be used for MO and MT services.

Meanwhile, the second server 200 may generate the one-time authentication information for user authentication in response to the authentication request information when receiving the authentication request information, and may transmit special information on the selected special number corresponding to the authentication request information to the first server 100 to the first server 100 in response to the authentication request information.

In addition, the first server 100 may include a special authentication server (not shown) including the special information received corresponding to the authentication request information from the second server 200, Related response request information to the user terminal 10 through the data network.

At this time, the first server 100 may generate an authentication page, which is a web page for user authentication, as the response request information, and transmit the authentication page to the user terminal 10 through the data network.

Accordingly, the user terminal 10 can display the authentication page, which is the response request information including the special information received via the data network, and displays the special information through the corresponding authentication page, so that when the user transmits the one- The special number (originating number of the calling party) can be displayed so that it can be confirmed.

Meanwhile, the second server 200 may store the generated one-time authentication information corresponding to the special request information corresponding to the selected special number and the authentication request information corresponding to the authentication request information with the terminal information included in the authentication request information, The second server 200 may include a separate authentication DB 201 and may match and store special (or special information), one-time authentication information, and terminal information in the corresponding authentication DB 201.

In addition, the second server 200 generates a text message including the one-time authentication information corresponding to the authentication request information, selects the special number corresponding to the authentication request information, generates a text message including the one- The terminal 10 can transmit the corresponding text message on the MT service basis (or using the MT service) through the mobile communication network.

Accordingly, when receiving a text message, the user terminal 10 can display the corresponding text message so that the user can confirm the one-time authentication information requested by the first server 100 through the corresponding text message, The user of the user terminal 10 can compare the special number corresponding to the source of the received text message with the special number corresponding to the special number information displayed on the user terminal 10 and authenticate the source according to whether or not they match.

The user terminal 10 generates response information including all or part of the one-time authentication information included in the text message received by the user terminal 10 based on the user's input, 1 server 100 through the data network and the first server 100 may transmit the response information to the second server 200. [

At this time, the user terminal 10 generates response information including all or a part of the one-time authentication information input to the authentication page, based on user input through the authentication page received as response request information from the first server 100 To the first server (100).

Also, the first server 100 may include the terminal information of the user terminal 10 corresponding to the response information when receiving the response information or the special information received from the second server 200 in the response information, ).

At this time, the user terminal 10 may transmit the special information included in the response request information received from the first server 100 to the first server 100 in the corresponding response information.

Accordingly, upon receiving the response information from the first server 100, the second server 200 searches the authentication DB 201 for the one-time (registered) information corresponding to the corresponding terminal information based on the terminal information or the special information included in the response information, It is possible to identify the authentication information, compare the one-time authentication information identified in the authentication DB 201 with the one-time authentication information included in the response information, and check whether the one-time authentication information matches or not.

For example, when the one-time authentication information included in the response information corresponding to the same special information or the same terminal information and the one-time authentication information stored in advance in the authentication DB 201 coincide with each other, the second server 200 has succeeded in authentication And generates authentication result information on the authentication success. If the one-time authentication information of the response information and the previously stored one-time authentication information do not coincide with each other, the authentication result information on the authentication failure can be generated.

The second server 200 may transmit the authentication result information to the first server 100. When the first server 100 succeeds in authentication according to the authentication result information upon receiving the authentication result information, ), Or may provide the user terminal 10 with personal information related to the content or the web page or the user requiring security.

As described above, according to the present invention, based on the user identification information transmitted through the data network, which is the first channel, to the user of the user terminal 10 accessing the first server 100 through the data network, And provides the one-time authentication information to the user terminal 10 through the mobile communication network of the second channel in accordance with the communication between the first server 100 and the second server 200, The multi-channel authentication is performed through channel separation by performing the first and second channel-based authentication by receiving the one-time authentication information through the data network. In the first and second channel-based authentication processes, By comparing the transmitted special information with the calling number of the source transmitting the one-time authentication information to the user terminal 10 so as to allow the user to confirm the calling party transmitting the one-time authentication information 1, the source channel and the authentication by the user with using a two channel (or verification) can be made so as to support.

In other words, the first server 100 provides the one-time authentication information to the user terminal 10 via the data network, together with the request for the one-time authentication information, Information about a source providing the one-time authentication information is informed to the user in advance and the one-time authentication information is transmitted to the user terminal 10 through a text message in which the special number of the special information transmitted from the second server 200 to the user terminal 10 is the originating number The user can be authenticated as to whether the one-time authentication information is provided at a legitimate originator by verifying and confirming the originator on the basis of the special number in the state that the user has previously recognized the source of the one-time authentication information by transmitting it to the terminal 10 .

That is, according to the present invention, a server providing a specific service supports authentication using a plurality of different channels for a user, authentication (or verification) of a user with respect to a server processing user authentication, It prevents authentication information for user authentication from being stolen from transmission process through inter-authentication, and supports authentication process using a special authentication method based on MT service based on MT server, so that hackers manipulate the source It is possible to prevent the user from accessing the unauthorized server in advance according to the use of the special use, thereby greatly improving the security.

In addition, the present invention provides a server having a special list including a plurality of different specials so that each time a user terminal accesses a server, a special number set as a source of authentication information for user authentication is randomly selected in the special list The authentication information is transmitted through the MT service when the authentication information is transmitted from the server to the user terminal, so that the hacker can support the authentication server so that the hacker can not grasp the channel through which the authentication information is transmitted. .

Hereinafter, a detailed operation of the security service providing process of the multi-channel authentication-based security service providing system with the user terminal 10 according to the embodiment of the present invention will be described in detail with reference to the drawings .

Here, the first server 100 and the second server 200 are described as the web server 100 and the authentication server 200, respectively. However, the first server 100 and the second server 200 are not limited thereto. 2 server 200 may be composed of various kinds of servers.

2 illustrates an operation example of a user authentication process of the web server 100. As shown in the figure, the user terminal 10 communicates with the web server 100 through a data network, which is a first channel, The web server 100 may transmit a predetermined web page among a plurality of web pages constituting a web site for providing web services to the connected user terminal 10. [

At this time, the web server 100 may transmit a log-in related web page when the user terminal 10 is initially connected.

The control unit of the user terminal 10 may be a user terminal 10 and a control unit of the user terminal 10. The control unit of the user terminal 10 may be a user terminal 10, And transmits the user identification information to the web server 100 through the communication unit configured in the user terminal 10. [

At this time, the user identification information may be composed of login information including a login ID and password of the user.

The web server 100 extracts member information corresponding to the corresponding user identification information among a plurality of different user-specific member information stored in advance in the member DB 101 when the user identification information is received from the user terminal 10, If the comparison result is matched, the user can be first authenticated based on the data network of the first channel.

At this time, even if the user authentication based on the first authentication is succeeded, the web server 100 blocks the connection of the abnormal user such as the hacker who seizes the user identification information, which is not the normal user corresponding to the user identification information, Secondary authentication can be performed.

Also, the web server 100 may block the access of the user terminal 10 to other web pages constituting the web site other than the login related web page until the second authentication for the user is completed, and the user terminal 10 ) Can remain in a standby state while accessing a login related web page.

Referring to FIG. 3, the authentication process of the user through the interworking of the web server 100 and the authentication server 200 will be described. As shown in FIG. 3, when the first channel- The terminal information for the user terminal 10 set in advance in the member information corresponding to the terminal information can be extracted from the member information.

Also, the web server 100 may generate authentication request information for secondary authentication including the corresponding terminal information, and may transmit the generated authentication request information to the authentication server 200 interworking with the corresponding web server 100.

The authentication server 200 extracts the terminal information from the corresponding authentication request information upon receipt of the authentication request information and uses the terminal information for authentication with the user terminal 10 in a special list including a plurality of different special- The user can randomly select a special number to correspond to the terminal information.

At this time, the special list may include a plurality of different specials assigned to the authentication server 200 by the service provider providing the MT service.

In addition, the service provider providing the corresponding MT service may be a mobile communication company.

Meanwhile, the authentication server 200 may generate one-time authentication information for user authentication in response to the authentication request information upon receiving the authentication request information.

At this time, the one-time authentication information may be configured as OTP (One Time Password) information.

Accordingly, the authentication server 200 generates special information corresponding to the randomly selected special number corresponding to the authentication request information, corresponding to the authentication request information, and transmits the special information to the web server 100.

At this time, the authentication server 200 may include the terminal information in the corresponding special information so that the web server 100 can confirm the authentication request information corresponding to the special information to the web server 100.

Also, the authentication server 200 matches the terminal information included in the authentication request information with the special information corresponding to the authentication request information and the one-time authentication information, and stores it in the authentication DB 201 included in the authentication server 200 .

On the other hand, the web server 100 identifies the special information corresponding to the authentication request information transmitted to the authentication server 200 based on the terminal information included in each of the authentication request information and the special information, It is possible to identify the user terminal 10 corresponding to the terminal information included in the special information and transmit the corresponding special information to the user terminal 10.

The control unit configured in the user terminal 10 receives the special information from the web server 100 through the communication unit configured in the user terminal 10 and displays the special information through the display unit configured in the corresponding user terminal 10 So that the user can display the special number of the originating party to which the one-time authentication information is to be transmitted later.

At this time, the web server 100 includes the corresponding special information when receiving the special information from the authentication server 200, and for guiding the one-time authentication information received from the source corresponding to the special number according to the corresponding special information Response request information (for requesting the authentication information to the user terminal 10), and transmits the response request information to the user terminal 10.

As an example of the response request information, the web server 100 may generate an authentication page, which is a web page related to user authentication, and may transmit the authentication page to the user terminal 10, and may transmit the authentication page to a pop- And transmit the generated data to the user terminal 10.

In addition, the authentication page may include an input area for allowing a user to input and transmit the one-time authentication information, and if the phone number and the special number of the text message match and match, the one-time authentication information (for example, OTP number) ".

Accordingly, when the authentication page is received from the web server 100, the control unit of the user terminal 10 displays the corresponding authentication page through the display unit of the user terminal 10 or displays the authentication page in a pop-up form And can display the special information received from the web server 100 through the authentication page.

Meanwhile, the authentication server 200 generates a text message including the generated one-time authentication information corresponding to the authentication request information by making the selected special number corresponding to the authentication request information the originating number of the originator, Through the MT service of the mobile communication network.

At this time, the authentication server 200 can transmit a corresponding text message through the mobile communication network to the MO and MT service system composed of one or more relay devices providing the preset MO and MT services, and can transmit a text message from the authentication server 200 The receiving relay device can relay the transmission of the text message so that the corresponding text message is transmitted to the user terminal 10 based on the MT service.

Also, the text message may be composed of a short messaging service (SMS) message or a multimedia messaging service (MMS) message.

The controller configured in the user terminal 10 receives the text message transmitted through the MT service of the mobile communication network from the authentication server 200 through the communication unit configured in the user terminal 10, Can be displayed through the display unit configured in the display unit (10).

At this time, the control unit can identify the special number which is the source number of the corresponding text message, and display the corresponding special number by matching with the text message through the display unit of the user terminal 10.

Accordingly, the user terminal 10 can compare the special number, which is the calling party number (the telephone number of the calling party) of the received text message, with the special information received and displayed in the user terminal 10, and transmits the one- The Web server 100 requesting the originator and the one-time authentication information is the originator authenticated by the specific service provider (the operator of the Web server 100) corresponding to the Web server 100 connected to the user terminal 10, It is possible to confirm whether the web server 100 is a normal web server 100 authenticated by an MT service provider (for example, a mobile communication company) according to whether or not the web server 100 is used.

The controller configured in the user terminal 10 generates response information including the one-time authentication information based on the user input through the input unit configured in the user terminal 10 and transmits the response information through the communication unit configured in the user terminal 10 Information to the web server 100 through the data network.

At this time, the controller generates response information including the one-time authentication information through the authentication page received from the web server 100 based on the user input, and transmits the response information to the web server 100 that has transmitted the authentication page For example, the control unit may transmit the one-time authentication information input in the input area preset in the authentication page to the web server 100 according to the user's input.

Meanwhile, the web server 100 may transmit the response information to the authentication server 200 when receiving the response information from the user terminal 10. [

At this time, when the response information is received, the web server 100 may include the terminal information extracted from the member information of the member DB 101 corresponding to the corresponding response information in the response information and transmit the information to the authentication server 200. [

Alternatively, the control unit of the user terminal 10 may include special information in the corresponding response information, or may include special information corresponding to the response information when the web server 100 receives the response information, .

Also, the authentication server 200 extracts the one-time authentication information from the response information received from the Web server 100, and transmits the one-time authentication information extracted from the response information to the authentication DB 201, The information can be compared with previously stored one-time authentication information to determine whether or not the information matches.

At this time, the authentication server 200 identifies the terminal information corresponding to the response information in the authentication DB 201 based on the terminal information included in the response information, and transmits the one-time The authentication information can be compared with the one-time authentication information of the response information.

Also, the authentication server 200 may determine that the authentication is successful if the one-time authentication information is mutually matched as a result of the comparison, and may generate the authentication result information about the authentication success and transmit the authentication result information to the web server 100.

If the one-time authentication information does not coincide with each other, the authentication server 200 determines that the authentication fails and generates authentication result information about the authentication failure and transmits the authentication result information to the web server 100.

At this time, the authentication server 200 may include the terminal information for identifying the user in the authentication result information and transmit it to the web server 100.

Accordingly, when receiving the authentication result information, the web server 100 confirms the authentication result of the authentication result information, permits the user terminal 10 to access the website only when authentication is successful, The connection of the user terminal 10 can be blocked.

At this time, the web server 100 may allow the access of the user terminal 10 to the web site in case of authentication failure, but may block the access of the user terminal 10 to the personal web page or the user's personal information of the web site .

Also, the web server 100 may transmit the authentication result information to the user terminal 10 in the case of authentication failure, and display the authentication result information on the display unit of the user terminal 10. [

Meanwhile, in the above-described configuration, the web server 100 arbitrarily selects one or more digits from one-time authentication information composed of a plurality of digits in cooperation with the authentication server 200, and transmits arbitrarily selected one or more digit codes to the user terminal 10 And transmits the generated response request information to the user terminal 10.

At this time, the response request information may include special information, and the response request information may be composed of the above-described authentication page, which is a web page including special information.

Accordingly, when receiving the response request information, the control unit of the user terminal 10 transmits a response request including an input area for inputting a code configuring the one-time authentication information for each place selected by the web server 100, Information or authentication page can be displayed.

Also, the control unit generates response information including at least one arbitrary selected digit code requested by the web server 100 in response to the one-time authentication information based on the response request information or the user's input through the authentication page, To the server (200).

That is, the web server 100 can request all or a part of a plurality of codes for constituting the one-time authentication information to the user terminal 10 in cooperation with the authentication server 200, When receiving a text message including the one-time authentication information, the user terminal 10 responds to all or a part of the plurality of digit codes that constitute the one-time authentication information to the web server 100, To the web server 100.

Also, the authentication server 200 transmits one or more digit codes included in the response information when the response information is received from the Web server 100 to one or more codes constituting preset one-time authentication information corresponding to the user terminal 10 And the authentication result information according to the determination result may be generated and transmitted to the web server 100. The authentication result information may be transmitted to the web server 100 via the network.

As described above, according to the present invention, authentication information is requested and responded through a special password which is difficult for forgery and falsification, and can be specifically confirmed to be used, thereby enhancing security. Particularly, in the special case used in the present invention, not only the arbitrary users are allocated to the trusted authentication provider by the examination not the number that can be requested, but also the server side It is possible to prevent the hacker from knowing the channel (or the contact or the number of the channel) in which the authentication information is transmitted or received by supporting a plurality of specials randomly selected each time the user attempts to access the authentication information, Can be greatly increased.

Also, in the present invention, the one-time authentication information received from the server through the mobile communication network, which is the second channel, to the user terminal 10 is input to the user terminal 10 and is transmitted through the data network, which is the first channel, By adding the process of authenticating the user to the server requesting the one-time authentication information and the source providing the one-time authentication information through the naked eye identification of the user who is difficult to forge or forgive, it is easy for the user to connect to the unauthorized server And the security can be improved without increasing the number of separate user's operations in comparison with the existing two-channel authentication process.

Meanwhile, in the above-described configuration, the user terminal 10 may include a communication unit, a storage unit, a display unit, a sound output unit, and a control unit.

Not all of the components of the user terminal 10 are essential components, and the user terminal 10 may be implemented by more components than the components of the user terminal 10, (10) may be implemented.

The communication unit communicates with at least one external terminal or any internal component via a wired / wireless communication network. At this time, an arbitrary external terminal may include the first server 100 (or the web server 100) and the second server 200 (or the authentication server 200).

The communication unit may include a first communication module that communicates through the wireless data network and a second communication module that communicates through the mobile communication network.

The first communication module may be a wireless LAN (WLAN), a Digital Living Network Alliance (DLNA), a Wireless Broadband (Wibro), a World Interoperability for Microwave Access (WiMAX), a Wi- , Wi-Fi Direct, and the like. The first server 100 may be configured to communicate with the first server 100 via a wireless data network. Here, the first communication module may communicate with the first server 100 through a wired data network such as a wired LAN (Local Area Network), a wired WAN (Wide Area Network) or the like.

Also, the second communication module may be a communication module such as Global System for Mobile communication (GSM), Code Division Multi Access (CDMA), Code Division Multi Access 2000 (CDMA2000), Enhanced Voice-Data Optimized or Enhanced Voice- WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution- And can communicate with the base station, the first and second servers 100 and 200 through a mobile communication network and a wireless mobile broadband service (WMBS).

At this time, the second communication module transmits data generated by the control unit of the user terminal 10 to the external server through the mobile communication network as well as voice communication, text message such as SMS or MMS through the mobile communication network, To the control unit of the user terminal 10, data received via the mobile communication network.

That is, the second communication module can support data communication based on the mobile communication network.

On the other hand, the communication unit can transmit information to an arbitrary terminal through a universal serial bus (USB).

The communication unit receives various kinds of information transmitted from the first server 100 or the second server 200 under the control of the control unit.

The storage unit stores various user interfaces (UI), a graphical user interface (GUI), and the like.

In addition, the storage unit stores data and programs necessary for the user terminal 10 to operate.

That is, the storage unit may store a plurality of application programs (application programs or applications) running on the user terminal 10, data for operation of the user terminal 10, and commands. At least some of these application programs may be downloaded from the external service providing device via wireless communication. Also, at least some of these application programs may reside on the user terminal 10 from the time of shipment for the basic functions of the user terminal 10 (e.g., call incoming, outgoing, message receiving, originating functions). Meanwhile, the application program may be stored in the storage unit, installed in the user terminal 10, and may be driven to perform the operation (or function) of the user terminal 10 by the control unit.

The storage unit may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or XD memory) A random access memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read- Only Memory < / RTI > Also, the user terminal 10 may operate web storage or operate in connection with web storage, which performs the storage function of the storage unit on the internet.

In addition, the storage unit may store various kinds of information received through the communication unit under the control of the control unit.

The display unit may display various contents such as various menu screens by using the user interface and / or graphical user interface stored in the storage unit under the control of the control unit. Here, the content displayed on the display unit includes various text or image data (including various information data) and a menu screen including data such as an icon, a list menu, and a combo box. Further, the display unit may be a touch screen.

The display unit may be a liquid crystal display (LCD), a thin film transistor liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), a flexible display, , A 3D display, an e-ink display, and a light emitting diode (LED).

Further, the display unit may be configured as a stereoscopic display unit for displaying a stereoscopic image.

In the stereoscopic display unit, a three-dimensional display system such as a stereoscopic system (glasses system), an autostereoscopic system (no-glasses system), a projection system (holographic system) can be applied.

Further, the display unit displays various kinds of information received through the communication unit under the control of the control unit.

The voice output unit outputs voice information included in the signal subjected to the predetermined signal processing by the control unit. Here, the audio output unit may include a receiver, a speaker, a buzzer, and the like.

The voice output unit outputs the guidance voice generated by the control unit.

In addition, the sound output unit can output the sound information corresponding to the information received through the communication unit under the control of the control unit.

The control unit executes the overall control function of the user terminal 10.

Also, the control unit executes the overall control function of the user terminal 10 using the program and data stored in the storage unit. The control unit may include a RAM, a ROM, a CPU, a GPU, and a bus, and the RAM, the ROM, the CPU, and the GPU may be connected to each other via a bus. The CPU accesses the storage unit, performs booting using an O / S (Operating System) stored in the storage unit, and can perform various operations using various programs, contents, and data stored in the storage unit .

In addition, the control unit performs the membership registration procedure for the user of the corresponding user terminal 10 by interlocking with the first server 100.

In addition, at the time of performing the membership registration procedure, the control unit normally completes the membership registration procedure for the first server 100 in order to complete the authentication function through the authentication unit (for example, mobile phone, credit card, can do.

If the user of the control unit is not a member registered in advance in the first server 100, the control unit may control the user terminal 10 (or the user terminal 10) based on the guide information related to the membership subscription provided from the first server 100 The user of the corresponding user terminal 10).

The first server 100 may generate membership information upon completion of the membership procedure of the user terminal 10 and may store the membership information in the member DB 101 included in the first server 100. [

At this time, the second server 200 may access the corresponding member DB 101 and share the member DB 101 with the first server 100. [

The user terminal 10 may further include an interface unit (not shown) that serves as an interface with all the external devices connected to the corresponding user terminal 10. For example, the interface unit may include a wired / wireless headset port, an external charger port, a wired / wireless data port, a memory card port, a port for connecting a device having an identification module, an audio I / Input / output (I / O) port, video I / O (input / output) port and earphone port. Here, the identification module is a chip for storing various information for authenticating the usage right of the user terminal 10, and includes a user identity module (UIM), a subscriber identity module (SIM) A Universal Subscriber Identity Module (USIM), and the like. In addition, a device provided with the identification module can be manufactured in a smart card format. Thus, the identification module can be connected to the user terminal 10 via the port. The interface unit receives data from an external device or receives power from the external device and transmits the received data to each component in the user terminal 10 or allows data in the user terminal 10 to be transmitted to an external device.

In addition, when the user terminal 10 is connected to an external cradle, the interface unit may be a path through which power from the cradle is supplied to the corresponding user terminal 10, or various command signals input from the cradle by the user, (10). ≪ / RTI > The various command signals input from the cradle or the corresponding power source may be operated as a signal for recognizing that the user terminal 10 is correctly mounted on the cradle.

The user terminal 10 also includes an input unit (not shown) for receiving a command or a control signal generated by an operation such as a button operation by the user or a function selection, or a touch / Not shown).

The input unit may include at least one of a command, a selection, data, and information of a user. The input unit may include a plurality of input keys and function keys for inputting numeric or character information and setting various functions.

The input unit may include a key pad, a dome switch, a touch pad (static / static), a touch screen, a jog wheel, a jog switch, a jog shuttle, a mouse, , A stylus pen, a touch pen, and the like can be used. Particularly, when the display portion is formed in the form of a touch screen, some or all of the functions of the input can be performed through the display portion.

In addition, each component (or module) of the user terminal 10 may be software stored on the memory (or storage) of the user terminal 10. The memory may be an internal memory of the user terminal 10, and may be an external memory or other type of storage device. Further, the memory may be a non-volatile memory. The software stored on the memory may include a set of instructions that, when executed, cause the user terminal 10 to perform certain operations.

On the other hand, the web server 100 transmits the special information displayed through the user terminal 10 and the unique match indicated by the calling number of the text message including the one-time authentication information included in the response request information, And the one-time authentication information can be inputted by the user only when the verification result is matched. Thus, after confirming whether or not the automatic matching of the different channels is automatic, the one-time authentication information is transmitted to the authentication server 200, which will be described in detail with reference to FIG.

As shown in the figure, the user terminal 10 may include an application unit 11 configured to access the web server 100, and the application unit 11 may be a dedicated application configured to communicate with the web server 100 means a control unit in a state in which the application has been executed or may be a dedicated application in a state of being executed by the control unit in the user terminal 10 which is composed of dedicated application related data stored in the storage unit of the user terminal 10. [

The application unit 11 may be configured as a control unit that controls each component of the user terminal 10 or may control each component of the user terminal 10 on behalf of the control unit.

The application unit 11 described above can be activated in the user terminal 10 when the corresponding dedicated application is executed in the user terminal 10 and the application unit 11 accesses the web server 100, And may transmit the user identification information to the web server 100 based on the user input through the input unit of the web server 10.

Also, the web server 100 transmits the authentication request information to the authentication server 200 as described above, and the authentication server 200 generates special information for the randomly selected special number corresponding to the authentication request information, (100).

The web server 100 may generate response request information including the corresponding special information and transmit the response request information to the application unit 11 of the user terminal 10. The application unit 11 transmits the response request information to the user terminal 10 to receive the response request information from the web server 100 through the display unit of the user terminal 10.

In addition, the authentication server 200 may transmit a text message containing the one-time authentication information to the user terminal 10 and using a special number corresponding to the special information transmitted to the web server 100, as a calling number.

In this case, the application unit 11 of the user terminal 10 can work with a messenger application related to a text message installed in the user terminal 10, and upon receiving a text message, The user can directly judge whether or not there is a match by comparing the identification number corresponding to the text message with the special number of the special information included in the response request information displayed on the user terminal 10 by comparing them.

Accordingly, if the special number matches the calling number identified in correspondence with the text message, the application unit 11 displays the preset notification-related notification information through the display unit of the user terminal 10 and displays a text message with the special number as the calling number Can be provided.

The application unit 11 also transmits predetermined interface-related data for inputting the one-time authentication information stored in the storage unit of the user terminal 10 to the response request information And generates the one-time authentication information identical to the one-time authentication information included in the text message according to user input through the interface.

That is, the application unit 11 executes a preset interface capable of inputting the one-time authentication information only when the origination number identified in correspondence with the text message and the special number corresponding to the special information included in the response request information are mutually matched, And can be displayed on the display unit of the terminal 10.

The application unit 11 can generate response information including the one-time authentication information generated through the interface in response to the response request information. The response information generated in response to the response request information is transmitted to the web server 100, Lt; / RTI >

At this time, the application unit 11 may include special information or terminal information in the response information, and transmit the response information to the web server 100.

Through the above-described configuration, the web server 100 can perform the authentication process for the user in association with the authentication server 200 when receiving the response information including the one-time authentication information, as described above.

5 is a flowchart illustrating a method of providing a security service in a security service providing system including a first server 100 and a second server 200 communicating with a user terminal 10 according to an embodiment of the present invention through different communication networks It is a flowchart.

As shown in the figure, the first server 100, which has received the user identification information from the user terminal 10 connected to the first server 100, And transmits the generated authentication request information to the second server 200 (S1, S2, S3).

Also, the second server 200 corresponds to the user terminal 10 connected to the first server 100, randomly selects a special number corresponding to the authentication request information in a special list preset upon receiving the authentication request information, Specific information on the special number to the first server 100 (S4, S5).

Also, the second server 200 generates one-time authentication information corresponding to the authentication request information (S4), generates a text message including the one-time authentication information and a randomly selected special number corresponding to the authentication request information as a calling number can do.

Also, the second server 200 transmits the corresponding text message to the user terminal 10 according to the terminal information of the user terminal 10 included in the authentication request information (S8), and transmits the one-time authentication information together with the special information May be stored in the authentication DB 201 by matching with the terminal information included in the request information.

Meanwhile, the first server 100 transmits the response request information for requesting the one-time authentication information to the user terminal 10 in response to the authentication request information from the second server 200, So that a special number corresponding to the special information can be displayed through the user terminal 10 (S6, S7).

In response to the response request information, the first server 100 receives the response information including the one-time authentication information from the user terminal 10 (S9), and the second server 200 interacts with the second server 200 The user can be authenticated according to whether the one-time authentication information included in the transmitted text message is identical to the one-time authentication information included in the response information (S10, S11).

Accordingly, the first server 100 determines that the user authentication is completed when the user authentication is successfully performed through the interoperation with the second server 200, and transmits various service-related contents and data required for user authentication to the user terminal 10 To proceed to the next step (S12).

The user terminal 10 and the first and second servers 100 and 200 described above may be implemented as a combination of hardware components, software components, and / or hardware components and software components, respectively, A processor, an engine, and the like.

In addition, the components described in the embodiments may be implemented in various forms such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) unit, a microprocessor, or any other device capable of executing and responding to instructions.

The user terminal 10 and the first and second servers 100 and 200 may execute one or more software applications that are executed on an operating system (OS) and an operating system.

In addition, the user terminal 10 and the first and second servers 100 and 200 may access, store, manipulate, process, and generate data in response to execution of the software.

For ease of understanding, each component may be described as being used individually, but one of ordinary skill in the art will recognize that the processing device may be configured to include a plurality of processing elements and / Element can be included.

For example, the user terminal 10 and the first and second servers 100 and 200 may comprise a plurality of processors or a processor and a controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may include a user terminal 10 and first and second servers 100, Or to collectively command them independently.

The software and / or data may be interpreted by the user terminal 10 and the first and second servers 100, 200 or may include instructions or data to the user terminal 10 and the first and second servers 100, (Embody) any type of machine, component, physical device, virtual equipment, computer storage media or device, or a signal wave to be transmitted, ).

The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method of providing a multi-channel authentication-based security service with the user terminal 10 according to the embodiment of the present invention described in the above-described embodiment can be written as a computer program, and the codes and code segments constituting the computer program Can be easily deduced by a computer programmer. The computer program may also be stored in a computer readable medium and stored in a computer readable medium such as a computer or the user terminal 10 according to an embodiment of the present invention and the first and second servers 100 and 200 So that a method of providing a security service based on a multiple channel authentication with the user terminal 10 can be implemented.

The information storage medium includes a magnetic recording medium, an optical recording medium, and a carrier wave medium. A computer program for implementing a method for providing a security service based on multiple channels with a user terminal 10 according to an embodiment of the present invention is stored in a built-in memory of the user terminal 10 and the first and second servers 100 and 200 And can be installed. Alternatively, an external memory such as a smart card, which stores and installs a computer program implementing the multi-channel authentication-based security service providing method with the user terminal 10 according to the embodiment of the present invention, And may be mounted to the first and second servers 100 and 200.

The various devices and components described herein may be implemented by hardware circuitry (e.g., CMOS-based logic circuitry), firmware, software, or a combination thereof. For example, it can be implemented utilizing transistors, logic gates, and electronic circuits in the form of various electrical structures.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or essential characteristics thereof. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

In the present invention, a server providing a specific service not only supports authentication using a plurality of different channels for a user but also supports authentication of a user with respect to a server processing user authentication, And prevents the hacker from manipulating the source and guiding the user by supporting the authentication process using the special service which is difficult for the user to falsify based on the MT service in the server At the same time, according to whether or not to use the special use, the user is prevented from accessing the unauthorized server in advance, thereby greatly improving the security, and can be widely used in the fields of payment service and security service.

10: user terminal 11: application unit
100: first server, web server 200: second server, authentication server

Claims (11)

A security service providing method of a security service providing system including a first server, which is a web server, and a second server, which is an authentication server, communicating with a user terminal via a different communication network,
The first server receives user identification information from the user terminal connected to the data network and transmits authentication request information including terminal information for the user terminal corresponding to the user identification information to the second server An authentication request step;
The second server transmits to the first server special information on a randomly selected special number in a special list starting with '#' for the MT service, which is preset in correspondence with the authentication request information, And transmits the text message including the authentication information and the special number as a calling number to the user terminal through the mobile communication network so that the user can confirm the authentication information and the calling number, Storing the special information together with the terminal information together with the special information;
The first server transmits the response request information for requesting the authentication information including the special information to the user terminal in the form of a web page so that the user can check the special information on the screen and input the authentication information A transmission step of transmitting, to the second server, response information including the authentication information received from the user terminal in response to the response request information; And
The second server compares the authentication information included in the response information with the authentication information generated in advance in correspondence with the response information, authenticates the user according to whether the authentication information matches the authentication information, and transmits the authentication result information to the first server The method of claim 1, further comprising: ◈ Claim 2 is abandoned due to payment of registration fee. The method according to claim 1,
Wherein the authentication information is OTP information. ≪ RTI ID = 0.0 > 18. < / RTI > The method according to claim 1,
Wherein the authentication request step further comprises the step of the first server generating the authentication request information upon user authentication based on the user identification information. The method according to claim 1,
Further comprising the step of allowing the connection of the user terminal to the first server according to the authentication result information when the first server receives the authentication result information after the authentication completion step A method for providing a security service based on channel authentication. delete ◈ Claim 6 is abandoned due to the registration fee. The method according to claim 1,
Wherein the text message is transmitted through an MT service. ◈ Claim 7 is abandoned due to registration fee. The method according to claim 1,
Wherein the first server requests the user terminal through the response request information for one or more digit codes selected from the authentication information including a plurality of digits, Service delivery method. When receiving authentication request information for user authentication from the first server communicating with a user terminal connected to a first server, which is a web server, through a data network through an application unit configured in the user terminal, generates one-time authentication information, A second server, which is an authentication server, for transmitting to the user terminal through the first server and the first server,
When the second server receives the authentication request information, transmits to the first server special information about a randomly selected special number corresponding to the authentication request information in a special list starting with '#' for the MT service, Generating a text message including the one-time authentication information and including the special number as a calling number, transmitting the text message to the user terminal according to the terminal information included in the authentication request information so that the user can confirm the authentication information and the calling number, Matching the one-time authentication information with the terminal information included in the authentication request information together with the special information;
When the first server transmits the response request information including the special information and requesting the authentication information to the user terminal, the application unit of the user terminal displays the received special information and response request information on the screen, Providing an interface capable of receiving authentication information to be input in response to request information; And
When receiving response information including the one-time authentication information from the user terminal in response to the response request information, the first server transmits the one-time authentication information included in the text message transmitted by the second server, And authenticating the user according to whether or not the one-time authentication information included in the response information is coincident with each other through mutual comparison. 9. The method of claim 8,
Wherein the application unit configured in the user terminal compares the origination number of the text message received from the first server with the special number according to the special information included in the response request information received from the second server, Further comprising the step of displaying an interface for inputting information and generating the response information including the one-time authentication information according to a user input through the interface and transmitting the response information to the first server. A method for providing a security service based on a multi-channel authentication. ◈ Claim 10 is abandoned due to the registration fee. A computer-readable non-volatile recording medium recording a computer program for performing the method according to any one of claims 1 to 4, 6 to 9. A security service providing system including a first server which is a web server communicating with a user terminal through a communication network different from each other and a second server which is an authentication server,
Receiving authentication identification information from the user terminal connected to the data network and transmitting authentication request information including terminal information on the user terminal corresponding to the user identification information to the second server, Response information for requesting authentication information including special information starting from '#' for the MT service, which is received from the second server in response to the information, is transmitted to the user terminal, And transmits the response information including the authentication information to the second server when the response information including the authentication information is received from the user terminal in response to the response request information. 1 server; And
A random number selected from a preset list corresponding to the authentication request information is matched with the terminal information and stored, and the special information on the special number is transmitted to the first server. In response to the authentication request information, Transmits a text message including the authentication information and the special number as a caller ID to the user terminal so that the user can confirm the authentication information and the caller ID, and transmits the response information received from the first server And a second server for comparing the authentication information included in the authentication information with the terminal information corresponding to the response information to compare the authentication information stored in advance and authenticating the user according to whether the authentication information matches the authentication information and transmitting the authentication result information to the first server A system for providing a security service based on a multiple channel authentication with a user terminal.

Images