KR102153666B1 - System for preventing hacking according to key logging of authentication section and MITM and method thereof - Google Patents

Abstract

The present invention discloses a hacking prevention system in accordance with the key logging of an authentication section and the MITM, and a method thereof. That is, the hacking prevention system of the present invention shuffles a preset key table shared with a server by using a server key provided from a server in a terminal, generates various types of dynamic keyboards such as circular rings and cylinders based on the shuffled key table, provides a user input value in accordance with the user input on the generated dynamic keyboard and the server key to the server, and provides the authentication by determining whether the validity of the server key and the existing stored password match based on the user input value and the server key provided from the terminal in the server, so as to prevent hacking in accordance with the key logging and the meson attacks.

Description

TECHNICAL FIELD [System for preventing hacking according to key logging of authentication section and MITM and method thereof]

The present invention relates to a system and method for preventing hacking according to key logging of authentication section and MITM. In particular, a terminal shuffles a preset key table shared with the server using a server key provided from a server, and the shuffled Creates various types of keyboards such as circular rings and cylinders based on the key table, provides user input values according to user input on the generated keyboard and the server key to the server, and provides them from the terminal in the server The present invention relates to a system and method for preventing hacking according to key logging and MITM for providing authentication to the terminal by determining whether or not the user input value is matched with the previously stored password based on the server key.

Keylogging (or keystroke logging) refers to the act of intercepting and recording what a user enters into a PC with a keyboard. As such keylogging methods, there are various keylogging methods ranging from methods using hardware and software to techniques using electronic and sound technologies.

In order to prevent hacking according to such keylogging, a method of simply arranging the sequence of the keypad at random is used, but it is still possible to check the input value input to the corresponding keypad from the left/right/back of the user, and also a single screen. There is a possibility of key information leakage only through shot and mouse click events.

Man-in-the-middle Attack (MITM) is where data is transmitted between a device (PC/phone) and a web server, while using technology and tools, an attacker places himself between the two and intercepts data. This is the way. Typical man-in-the-middle attacks include sniffing, packing injection, session hijacking, and SSL stripping. This man-in-the-middle attack uses SSLStrip and Port Redirect to trick a user into having a secure Https connection and steal the account key in the middle.

Korean Patent Publication No. 10-2018-0067082 [Title: Dial-type virtual security keypad and authentication method and apparatus using the same]

An object of the present invention is to shuffle a preset key table shared with the server by using a server key provided from a server in a terminal, and generate various types of keyboards such as circular rings and cylinders based on the shuffled key table. , A user input value according to a user input on the generated keyboard and the server key are provided to the server, and whether the server matches an existing stored password based on the user input value provided from the terminal and the server key. It is to provide a hacking prevention system and method according to key logging and MITM of an authentication section that provides authentication to the terminal by determining whether to authenticate.

The method for preventing hacking according to the key logging of the authentication section and the MITM according to an embodiment of the present invention includes, by a terminal, transmitting a keypad format, an input format, and identification information of the terminal to a server when a preset event occurs; Generating, by the server, a server key having a preset size based on the input format; Shuffling, by the terminal, a key table previously stored in the terminal in response to the input format based on the server key transmitted from the server; Generating, by the terminal, a circular ring or cylindrical keyboard based on the shuffled key table, the keypad format, and the input format; Displaying, by the terminal, the generated keyboard on one side of the terminal to receive an input value corresponding to a password from a user; Receiving, by the terminal, an input value according to a user input for a keyboard displayed on one side of the terminal; Generating, by the terminal, a shift-calculated user input value by performing a preset shift operation based on the received input value, the server key, and values arranged in sequence corresponding to the keyboard; Transmitting, by the terminal, data obtained by combining the generated shifted user input value and the server key and identification information of the terminal to the server; Separating, by the server, the server key and the shifted user input value from the data transmitted from the terminal; By the server, the preset shift operation is performed based on a value that is sequentially sorted after being shuffled using a password registered in advance in the server, the server key, and the server key in response to the received terminal identification information. Performing a shift operation to generate a comparison target input value; Determining, by the server, whether or not the generated shifted comparison target input value and the separated shifted user input value match; Transmitting, by the server, information indicating that authentication was successful to the terminal when the shift-calculated comparison target input value and the shift-calculated user input value match as a result of the determination; Receiving, by the terminal, information indicating that authentication transmitted from the server was successful; Outputting, by the terminal, information indicating that the received authentication was successful; And performing, by the terminal, an additional function according to success of authentication by interworking with the server.

As an example related to the present invention, the event is, when a specific area displayed on the terminal is selected according to a mouse or user input, when a button of a mouse is selected while a screen for password input is displayed on the terminal , When a preset key on the keyboard is selected while the screen for password input is displayed on the terminal, and a specific area displayed on one side of the screen of the terminal while the screen for password input is displayed on the terminal, or A specific button is selected according to a user input, and the keypad format includes any one of a circular ring and a cylindrical shape as a shape of a keypad to be displayed on the terminal, and the input format is a number format, It may include any one of a character format, a special character format, and a combination format thereof.

As an example related to the present invention, the shuffling of the key table previously stored in the terminal includes a row including a key value and a key value for an n×m type sub-key table selected from an N×M type key table. The column containing the key value and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, one adjacent to the column containing the key value Sequentially selecting one of the diagonal ranges of the other columns and matrix-type key tables by the size of the server key; And shuffling the key table using the server key according to a plurality of sub-shuffle methods shifting by a preset unit in a preset direction based on the plurality of sequentially selected ranges, wherein the N and M is the same or different natural number, n is a natural number less than or equal to N, m is a natural number less than or equal to M, and n and m may be the same or different.

As an example related to the present invention, generating the keyboard includes: sequentially sorting values included in the shuffled key table based on a preset indicator corresponding to the shuffled key table; And generating a keyboard composed of the sequentially arranged values by sequentially arranging the sequentially arranged values on a circular ring or cylindrical keyboard corresponding to the keypad type.

As an example related to the present invention, when the determination result, when the shift-calculated comparison target input value and the shift-calculated user input value do not match, information indicating that authentication has failed is transmitted to the terminal by the server. Step to do; Receiving, by the terminal, information indicating that authentication transmitted from the server has failed; And outputting, by the terminal, information indicating that the received authentication has failed.

The key logging of the authentication section and the hacking prevention system according to the MITM according to the embodiment of the present invention transmits the keypad format, input format and terminal identification information to the server when a preset event occurs, and in response to the transmission, the Receiving a server key transmitted from a server, shuffling a key table previously stored in the terminal corresponding to the input format based on the server key, and circular ring based on the shuffled key table, the keypad format, and the input format Alternatively, to generate a cylindrical keyboard, display the generated keyboard on one side of the terminal to receive an input value corresponding to a password from a user, receive an input value according to a user input, and the received input value, the Data obtained by performing a preset shift operation based on a server key and values arranged in a sequence corresponding to the keyboard to generate a shifted user input value, and combining the generated shifted user input value and the server key And the terminal transmitting identification information of the terminal to the server. And separating the server key and the shifted user input value from the data transmitted from the terminal, and using a password previously registered in the server, the server key, and the server key in response to the received terminal identification information. After being shuffled, the preset shift operation is performed on the basis of the sequentially sorted values to generate a shifted comparison target input value, and the generated shifted comparison target input value and the separated shifted user A server that determines whether the input values match or not, and transmits, to the terminal, information indicating that authentication is successful when the shift-calculated comparison target input value and the shift-calculated user input value match. I can.

As an example related to the present invention, the terminal receives information indicating that the authentication was successful transmitted from the server, outputs information indicating that the received authentication was successful, and interlocks with the server to determine the authentication success. Additional functions can be performed.

The present invention shuffles a preset key table shared with the server using a server key provided from a server in a terminal, and generates various types of dynamic keyboards such as circular rings and cylinders based on the shuffled key table, A user input value according to a user input on the generated dynamic keyboard and the server key are provided to the server, and the server key validity and previously stored based on the user input value provided from the terminal and the server key in the server It is possible to prevent hacking due to keylogging and man-in-the-middle attacks by determining whether the password matches or not and providing the authentication status to the terminal.

1 is a block diagram showing the configuration of a hacking prevention system according to the key logging of an authentication section and MITM according to an embodiment of the present invention.
2 is a block diagram showing the configuration of a terminal according to an embodiment of the present invention.
3 to 5 are diagrams showing an example of a key table according to an embodiment of the present invention.
6 is a diagram showing an example of a cylindrical shuffle method according to an embodiment of the present invention.
7 is a diagram showing an example of a circular ring composed of a plurality of indicators according to an embodiment of the present invention.
8 is a diagram showing an example of a cylinder composed of a plurality of indicators according to an embodiment of the present invention.
9 to 10 are flowcharts illustrating a method for preventing hacking according to the key logging of an authentication section and MITM according to an embodiment of the present invention.
11 is a diagram showing an example of a shuffle process according to an embodiment of the present invention.
12 is a diagram showing an example of a keyboard in the form of a circular ring according to an embodiment of the present invention.
13 is a diagram illustrating an example of generating a user input value subjected to a shift operation according to an embodiment of the present invention.

It should be noted that the technical terms used in the present invention are used only to describe specific embodiments, and are not intended to limit the present invention. In addition, the technical terms used in the present invention should be interpreted as generally understood by those of ordinary skill in the technical field to which the present invention belongs, unless otherwise defined in the present invention, and is excessively comprehensive. It should not be construed as a human meaning or an excessively reduced meaning. In addition, when a technical term used in the present invention is an incorrect technical term that does not accurately express the spirit of the present invention, it should be replaced with a technical term that can be correctly understood by those skilled in the art. In addition, general terms used in the present invention should be interpreted as defined in the dictionary or according to the context before and after, and should not be interpreted as an excessively reduced meaning.

In addition, the singular expression used in the present invention includes a plurality of expressions unless the context clearly indicates otherwise. In the present invention, terms such as “consisting of” or “comprising” should not be construed as necessarily including all of the various components or steps described in the invention, and some components or some steps may not be included. It should be construed that it may or may further include additional components or steps.

In addition, terms including ordinal numbers such as first and second used in the present invention may be used to describe the constituent elements, but the constituent elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, a first component may be referred to as a second component, and similarly, a second component may be referred to as a first component.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numerals regardless of the reference numerals, and redundant descriptions thereof will be omitted.

In addition, in describing the present invention, when it is determined that a detailed description of a related known technology may obscure the subject matter of the present invention, a detailed description thereof will be omitted. In addition, it should be noted that the accompanying drawings are only for easily understanding the spirit of the present invention and should not be construed as limiting the spirit of the present invention by the accompanying drawings.

1 is a block diagram showing the configuration of a hacking prevention system 10 according to the MITM and key logging of an authentication section according to an embodiment of the present invention.

As shown in FIG. 1, the hacking prevention system 10 according to the key logging of the authentication section and MITM is composed of a terminal 100 and a server 200. Not all of the components of the hacking prevention system 10 shown in FIG. 1 are essential components, and the hacking prevention system 10 may be implemented by more components than the components shown in FIG. 1, or less. Hacking prevention system 10 may also be implemented by components.

The terminal 100 is a smart phone (Smart Phone), a portable terminal (Portable Terminal), a mobile terminal (Mobile Terminal), a foldable terminal (Foldable Terminal), Personal Digital Assistant (PDA), PMP (Portable Multimedia Player) Terminal, Telematics Terminal, Navigation Terminal, Personal Computer, Laptop Computer, Slate PC, Tablet PC, Ultrabook, Wearable Device (Wearable) Device, for example, including smartwatch, smart glass, HMD (Head Mounted Display), Wibro terminal, Internet Protocol Television (IPTV) terminal, smart TV, digital broadcasting It can be applied to various terminals such as terminals, audio video navigation (AVN) terminals, audio/video (A/V) systems, flexible terminals, digital signage devices, POS devices, ATMs, and KIOSK.

As shown in FIG. 2, the terminal 100 includes a communication unit 110, a storage unit 120, a display unit 130, an audio output unit 140, and a control unit 150. Not all of the components of the terminal 100 shown in FIG. 2 are essential components, and the terminal 100 may be implemented by more components than the components shown in FIG. 2, or by fewer components. The terminal 100 may be implemented.

The communication unit 110 communicates with an internal component or at least one external terminal through a wired/wireless communication network. In this case, the external terminal may include the server 200 or the like. Here, as the wireless Internet technology, wireless LAN (WLAN), DLNA (Digital Living Network Alliance), Wireless Broadband: Wibro, Wimax (World Interoperability for Microwave Access: Wimax), HSDPA (High Speed Downlink Packet Access) ), High Speed Uplink Packet Access (HSUPA), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), Wireless Mobile Broadband Service (WMBS), etc. In addition, the communication unit 110 transmits and receives data according to at least one wireless Internet technology in a range including Internet technologies not listed above. In addition, short-range communication technologies include Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, and Near Field Communication (NFC). , Ultra Sound Communication (USC), Visible Light Communication (VLC), Wi-Fi, Wi-Fi Direct, and the like may be included. In addition, wired communication technologies may include power line communication (PLC), USB communication, Ethernet, serial communication, optical/coaxial cable, and the like.

In addition, the communication unit 110 may mutually transmit information with an arbitrary terminal through a universal serial bus (USB).

In addition, the communication unit 110 includes technical standards or communication methods for mobile communication (for example, GSM (Global System for Mobile communication), CDMA (Code Division Multi Access), CDMA2000 (Code Division Multi Access 2000)), EV -DO (Enhanced Voice-Data Optimized or Enhanced Voice-Data Only), WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), HSUPA (High Speed Uplink Packet Access), LTE (Long Term Evolution), LTE-A (Long Term Evolution-Advanced), etc.), transmits and receives radio signals to and from the base station, the server 200, and the like.

In addition, the communication unit 110 receives a key table and a server key transmitted from the server 200 under the control of the control unit 150.

The storage unit 120 stores various user interfaces (UIs), graphic user interfaces (GUIs), and the like.

In addition, the storage unit 120 stores data and programs necessary for the terminal 100 to operate.

That is, the storage unit 120 may store a plurality of application programs (application programs or applications) driven by the terminal 100, data for operation of the terminal 100, and commands. At least some of these application programs may be downloaded from an external server through wireless communication. In addition, at least some of these application programs may exist on the terminal 100 from the time of shipment for basic functions of the terminal 100. Meanwhile, the application program may be stored in the storage unit 120, installed in the terminal 100, and driven by the controller 150 to perform an operation (or function) of the terminal 100.

In addition, the storage unit 120 is a flash memory type (Flash Memory Type), a hard disk type (Hard Disk Type), a multimedia card micro type (Multimedia Card Micro Type), a card type memory (e.g., SD or XD Memory, etc.), magnetic memory, magnetic disk, optical disk, RAM (Random Access Memory: RAM), SRAM (Static Random Access Memory), ROM (Read-Only Memory: ROM), EEPROM (Electrically Erasable Programmable Read-Only Memory), It may include at least one storage medium among Programmable Read-Only Memory (PROM). In addition, the terminal 100 may operate a web storage that performs a storage function of the storage unit 120 over the Internet, or may operate in connection with the web storage.

In addition, the storage unit 120 stores the received key table, server key, and the like under the control of the control unit 150.

The display unit (or display unit) 130 may display various contents such as various menu screens using a user interface and/or a graphic user interface stored in the storage unit 120 under the control of the control unit 150. have. Here, the content displayed on the display unit 130 includes various text or image data (including various information data) and a menu screen including data such as icons, list menus, and combo boxes. In addition, the display unit 130 may be a touch screen.

In addition, the display unit 130 includes a liquid crystal display (LCD), a thin film transistor liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), and a flexible display. It may include at least one of (Flexible Display), 3D display, e-ink display, and LED (Light Emitting Diode).

In addition, the display unit 130 displays the received key table, server key, and the like under the control of the control unit 150.

The audio output unit 140 outputs audio information included in a signal processed by a predetermined signal by the control unit 150. Here, the audio output unit 140 may include a receiver, a speaker, a buzzer, and the like.

In addition, the voice output unit 140 outputs a guide voice generated by the control unit 150.

In addition, the voice output unit 140 outputs voice information (or sound effect) corresponding to the received key table, server key, etc. under the control of the control unit 150.

The controller or microcontroller unit (MCU) 150 executes an overall control function of the terminal 100.

In addition, the control unit 150 executes an overall control function of the terminal 100 using programs and data stored in the storage unit 120. The control unit 150 may include RAM, ROM, CPU, GPU, and bus, and RAM, ROM, CPU, GPU, and the like may be connected to each other through a bus. The CPU can access the storage unit 120 and perform booting using the O/S stored in the storage unit 120, and use various programs, contents, data, etc. stored in the storage unit 120 Thus, various operations can be performed.

In addition, the control unit 150 provides a service (or content) provided by the server 200 through a dedicated app and/or website provided by the server 200 by interworking with the server 200 Signs up as a user to receive, and registers personal information in the server 200.

In addition, the controller 150 may subscribe as a user to the server 200 by using the SNS account information subscribed by the user of the corresponding terminal 100. Here, the SNS account may be information related to Facebook, Twitter, and Kakao Story. In this case, depending on the user who creates the content and the user who uses the content, the dedicated app may be configured with different user interfaces.

In addition, when performing the membership registration procedure, the control unit 150 must complete the authentication function through an identity authentication means (eg, mobile phone, credit card, i-PIN, etc.) to normally perform the membership registration procedure for the server 200. Can be completed.

In addition, after membership registration is complete, the controller 150 corresponds to a dedicated app (or application/application/specific app) provided from the server 200 in order to use the service provided by the server 200. It is installed in the terminal 100. In this case, the dedicated app may be an app for receiving a service (or content) provided by the server 200.

In addition, when a preset event occurs for inputting a password, the control unit 150 transmits a keypad format, an input format, and identification information of the terminal 100 to the server 200 through the communication unit 110. do. Here, in the event, when a specific area displayed on the display unit 130 is clicked (or selected/touched) according to a mouse (not shown) or a user input (or touch), a screen for inputting a password is displayed on the display unit 130. When any one of the left button/right button/wheel button of the mouse is clicked (or selected) while being displayed, the keyboard (not shown) while the screen for entering the password is displayed on the display unit 130 When a preset key (or a combination of a plurality of keys) on the image is clicked/selected, a specific area or a specific button displayed on one side of the screen of the display unit 130 while the screen for entering the password is displayed on the display unit 130 Or when a specific menu/item) is selected (or touched) according to a user input (or touch). In addition, the keypad type is selected or preset according to a user input, and the shape of the keypad to be displayed on the display unit 130 (or a user interface/graphical user interface related to the keypad) is circular, cylindrical (or slot machine). Of cylindrical reel), etc. In addition, the input format is selected or preset according to the user input, and is for designating the format of numbers, characters, special characters (or symbols) to be displayed on the keypad, and the number format, character format, and special characters Forms, combinations thereof, and the like are included. In addition, the identification information of the terminal 100 includes a Mobile Directory Number (MDN), a mobile IP, a mobile MAC, a subscriber identity module (SIM) card unique information, a serial number, and the like.

In addition, the controller 150 receives a server key transmitted from the server 200 through the communication unit 110 in response to a keypad format, an input format, etc. transmitted previously.

In addition, the control unit 150 shuffles the key table previously stored (or registered) in the storage unit 120 according to the input format based on the received server key. Here, the key table may be stored (or managed/maintained) in the terminal 100 and the server 200 in the same manner, and a key table composed of only 4×4 numbers as shown in FIG. , A key table composed of only 6×6 characters as shown in FIG. 4, a key table composed of only special characters, and a key table composed of a combination of numbers, letters, and special characters (for example, numbers as shown in FIG. 5 And a key table consisting of a combination of lowercase letters and letters). In this case, the shuffle method for the key table performs a shuffle function in a plurality of steps by using a value included in the received server key for an n×m type sub key table selected from an N×M type key table. . Here, N and M may be the same or different and may be a natural number, n may be a natural number less than or equal to N, m may be a natural number less than or equal to M, and n and m may be the same or different.

That is, the control unit 150 includes a first key value (or a first identifier) included in the received server key of the preset size from a key table previously stored in the storage unit 120 corresponding to the input format, and a second The key value, the third key value, etc. are sequentially shuffled according to a pre-set shuffle method to generate (or prepare) a final shuffled key table. Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key table, and includes a row including a key value (or identifier) and a key value. In a column, the row containing the key value and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, and the column containing the key value One or more adjacent columns and a range of diagonals in a matrix-type key table (e.g., including a diagonal from 1 o'clock to 7 o'clock, a diagonal from 11 o'clock to 5 o'clock, etc.) Select sequentially as much as the size of, and shift (or diagonally) by a preset unit (or size) in a preset direction (including, for example, up/down/left/right) based on the plurality of ranges selected in sequence. In the case of, it is configured in a plurality of sub-shuffle methods that symmetrically exchange left/right based on a diagonal range), and is used to shuffle the key table using the server key according to the sequentially selected plurality of sub-shuffle methods.

In addition, in the case of a cylindrical (or cylindrical reel of a slot machine), as shown in FIG. 6, the control unit 150 has a plurality of indexes 610 (for example, 1, 2, 3, 4). Each shuffle is performed according to the set shuffle method.

That is, the control unit 150 shuffles the numbers 0 to 9 included in the index 1 according to the first shuffle method in which the order is set in advance, and for uppercase English letters A to M included in the index 2 Shuffle is performed according to the second shuffle method in which the order is set, and the uppercase letters N to Z included in the index 3 are shuffled according to the third shuffle method in which the order is set, and the plurality included in index 4 Shuffle is performed for special characters of (for example, !, @, #, $, %, ^, &, *, (, ), <, >, ?) according to the 4th shuffle method in which the order is set in advance.

In addition, in the case of the cylinder, a specific portion 620 of the shuffled key table shown in FIG. 6 is displayed on the display unit 130 as a screen for user input, and the cylinder is up/down or As it rotates left/right, another part of the shuffled key table may be displayed on the display unit 130 as a screen for user input.

In this way, the control unit 150 performs sub-shuffle sequentially according to a plurality of sub-shuffle methods set in advance in response to the server key targeting the key table stored in the storage unit 120, and finally shuffles You can create a table of keys.

In addition, the control unit 150 generates various types of keyboards such as circular rings and cylinders based on the shuffled key table, the keypad type, and the input type.

That is, the control unit 150 includes a value (for example, a number, a number, or an indicator) included in the shuffled key table based on a preset indicator (or a preset reference position in the N×M matrix) corresponding to the shuffled key table. Characters, special characters, or a combination of them) in order.

In addition, the control unit 150 sequentially arranges (or arranges) the sequentially arranged values on a circular ring or cylindrical keyboard corresponding to the keypad type, thereby generating a keyboard composed of the sequentially arranged values. .

In addition, the control unit 150 displays the generated keyboard on one side of the display unit 130 in order to receive an input value corresponding to a password or the like from a user.

In addition, the controller 150 receives an input value according to a user input (or user touch/control) with respect to the keyboard displayed on one side of the display unit 130. Here, the input value may be composed of at least one data (or key) according to numbers, letters, special characters, and combinations thereof.

In addition, in the case of a cylinder (or a cylinder reel of a slot machine), a specific area in the cylinder rotating in a certain direction in the cylindrical keyboard displayed on one side of the display unit 130 is the area in which the user's finger or mouse focuses (or In part), when a direction change occurs in a direction different from a predetermined direction, which is a rotation direction of the cylinder, the controller 150 may receive a value corresponding to a focused area by a corresponding finger or mouse as an input value.

For example, a cylindrical keyboard is set to rotate from top to bottom on one side of the display unit 130, and the number '3' corresponding to the first index is touched (or focused), and the When a change of direction from left to right (or change of direction from bottom to top) different from the direction of rotation from top to bottom occurs, the control unit 150 corresponds to the time when the direction change occurs, the number of the touched state ' 3'is received as the first input value.

In addition, in a state in which the English capital letter'E' corresponding to the second index is continuously touched, a direction change from left to right different from the direction of rotation from top to bottom according to the user's touch (or change from bottom to top) When) occurs, the control unit 150 receives the touched English capital letter'E' as a second input value corresponding to the point in time when the direction change occurs.

In this way, the controller 150 can change the direction in a direction different from a preset direction in which the cylindrical keyboard rotates in a state in which a certain area is touched (or in a focused state) on the cylindrical keyboard displayed on the display unit 130. When it occurs, numbers, characters, special characters, etc. corresponding to a certain area of the touched state (or the focused state) at the time when the corresponding direction change occurs may be received as an input value.

In addition, in the embodiment of the present invention, only one indicator is described, but the present invention is not limited thereto, and the number of indicators may be plural.

That is, as shown in FIG. 7, for a circular ring keyboard, the control unit 150 may include a plurality of indicators (eg, a, b, c, d).

For example, as shown in FIG. 7, in a state in which an input value is received through a circular ring keyboard, when the state is set to the state illustrated in FIG. 7 according to a user's touch, the controller 150 6 corresponding to the indicator, 4 corresponding to the b indicator, 9 corresponding to the c indicator, and '6491' corresponding to 1 corresponding to the d indicator may be received as input values.

For another example, as shown in FIG. 7, in a state in which an input value is received through a circular ring keyboard, when the state is set to the state illustrated in FIG. 7 according to a user touch, the controller 150 6 corresponding to the set indicator a and '61' corresponding to 1 corresponding to the d indicator may be received as input values.

In addition, as shown in FIG. 8, for a cylindrical keyboard, the control unit 150 may include a plurality of indicators (eg, a, b, c, d, e, f).

For example, as shown in FIG. 8, in a state in which an input value is received through a cylindrical keyboard, when the state is set to the state illustrated in FIG. 8 according to a user touch, the controller 150 When the number '2' of the first index is selected on the line, the direction changes in a second direction (eg, from bottom to top) opposite to the first direction in which the cylindrical keyboard rotates (eg, top to bottom) When this occurs, the number '2' of the selected first index is received as a first input value, and when a direction change to the second direction occurs while the English capital letter'C' of the second index is selected, the selected second When the uppercase English letter'C' of the index is received as the second input value, and the direction change to the second direction occurs while the uppercase English letter'P' of the third index is selected, the uppercase English letter'P' of the selected third index 'Is received as the third input value, and when the direction change to the second direction occurs while the special character'#' of the fourth index is selected, the special character'#' of the selected fourth index is used as the fourth input value. By receiving, the entire input value (eg, 2CP#) may be received based on the received first to fourth input values.

In this way, even if the keyboard displayed on the terminal 100 and the corresponding input value are viewed or monitored by another user over the shoulder, it is impossible to check which indicator the input value is received based on.

In addition, as described above, when a plurality of indicators are included in the keyboard displayed on the terminal 100, the terminal 100 inputs at least one value corresponding to at least one preset indicator among the plurality of indicators. You can receive it.

In addition, the control unit 150 is in advance based on the received input value, the server key, and a value arranged in sequence corresponding to the keyboard (or a value sequentially arranged in the shuffled key table). A set shift operation is performed to generate (or calculate) a shifted user input value (or user input value). Here, the shift operation may be a shift operation in a predetermined direction (eg, right direction, left direction, etc.) according to the input value.

In addition, the control unit 150 transmits data (or packets) obtained by combining the generated (or calculated) shift-calculated user input value and the server key, identification information of the terminal 100, etc. to the communication unit 110 It is transmitted to the server 200 through.

At this time, the control unit 150 includes a combination of 0 and 1 of a preset number of bits (including 4 bits, 8 bits, etc.) for a plurality of numbers, characters, and special characters included in the server key. The data in binary form may be generated by converting each to a decimal number and combining the server key converted to the binary number and the generated shifted user input value. In addition, the control unit 150 may transmit the generated binary data and identification information of the terminal 100 to the server 200 through the communication unit 110.

Here, the control unit 150 uses a preset encryption method for data (or packet) obtained by combining the generated (or calculated) shift-calculated user input value and the server key, and identification information of the terminal 100. Through encryption, to generate encrypted digital data. In addition, the control unit 150 may transmit the generated digital data to the server 200 through the communication unit 110. In this case, the encryption method may include various symmetric key encryption methods, asymmetric key encryption methods, and the like.

When the shift-calculated comparison target input value generated by the server 200 and the shift-calculated user input value do not match, the control unit 150 combines the previously transmitted shift-calculated user input value and the server key. In response to data or the like, information indicating that authentication transmitted from the server 200 has failed is received through the communication unit 110.

In addition, the control unit 150 outputs information indicating that the received authentication has failed through the display unit 130 and/or the audio output unit 140.

In addition, when the shift-calculated comparison target input value generated by the server 200 and the shift-calculated user input value match, the control unit 150 combines the previously transmitted shift-calculated user input value and the server key. In response to one data or the like, information indicating that authentication transmitted from the server 200 is successful is received through the communication unit 110.

In addition, the control unit 150 outputs information indicating that the received authentication is successful through the display unit 130 and/or the audio output unit 140.

In addition, the control unit 150 interworks with the server 200 to perform an additional function according to authentication success.

In addition, the control unit 150 outputs result information according to the execution of the additional function through the display unit 130 and/or the audio output unit 140.

In the embodiment of the present invention, it is described that the terminal 100 provides a service (or content/authentication function execution) function provided by the server 200 in the form of a website, but is not limited thereto. In addition to the website, the service function may be provided through a dedicated app (or a specific app) provided by the server 200.

The server 200 communicates with the terminal 100 and the like.

In addition, the server 200 corresponds to the communication unit 110, the storage unit 120, the display unit 130, the audio output unit 140, and the control unit 150 constituting the terminal 100 It can be configured including each component.

In addition, the server 200 performs a member registration procedure for users such as the terminal 100.

In addition, the server 200 registers personal information related to a user such as the terminal 100. In this case, the server 200 may register (or manage) corresponding personal information in a DB server (not shown).

In addition, the server 200 performs a member management function for users such as the terminal 100.

In addition, the server 200 provides a dedicated app and/or web site that provides various services (or contents) managed by the server 200 and the like to the terminal 100.

In addition, the server 200 receives a keypad format, an input format, and identification information of the terminal 100 transmitted from the terminal 100.

In addition, the server 200 generates a server key having a high value based on the input format and having a preset size.

At this time, the server 200 randomly selects any one of a number range, a character range, a special character range, and a combination thereof of a preset unit (or size) based on the input format, and the randomly selected one May be generated with the server key. Here, the server 200 determines a range of numbers in a unit set in advance for each input type, a range of characters in a preset unit, a range of special characters in a preset unit, and a range by a combination of numbers and characters and special characters in a preset unit. Can be managed.

In addition, the server 200 transmits the generated server key to the terminal 100.

In addition, the server 200 receives data obtained by combining a shifted user input value and a server key transmitted from the terminal 100, identification information of the terminal 100, and the like.

Here, when the server 200 receives the encrypted digital data transmitted from the terminal 100, the server 200 decrypts the received encrypted digital data through a preset decryption method, and the shift Data obtained by combining the calculated user input value and the server key, and identification information of the terminal 100 are checked.

In addition, the server 200 separates the server key and the shifted user input value from the received data. At this time, when the server key is converted to a binary number and included in the data, the server 200 checks the number of bits set in advance according to the preset data frame type with the server key, and determines the number of remaining bits as the t You can check it with the shifted user input value.

In addition, the server 200 is shuffled by using a password registered in advance in the server 200, the server key, and the server key in response to the identification information of the received terminal 100, and the like Based on the shift operation set in advance, the shifted comparison target input value (or comparison target input value) is generated (or calculated). Here, the shift operation may be a shift operation in a preset direction (eg, a right direction, a left direction, etc.).

That is, the server 200 shuffles the key table previously stored (or registered) in the server 200 in response to the received input format based on the generated server key. Here, the key table may be stored (or managed/maintained) in the terminal 100 and the server 200 in the same manner, and a key table composed of only numbers, a key table composed of only letters, and a key composed of only special characters. It includes a table, a key table composed of combinations of numbers, letters, and special characters. In this case, the shuffle method for the key table performs a shuffle function in a plurality of steps by using a value included in the received server key for an n×m type sub key table selected from an N×M type key table. . Here, N and M may be the same or different and may be a natural number, n may be a natural number less than or equal to N, m may be a natural number less than or equal to M, and n and m may be the same or different.

In this way, the server 200 pre-stores a key table corresponding to the input format for the first key value (or first identifier), the second key value, and the third key value included in the server key of the preset size. The final shuffled key table is generated (or prepared) by sequentially shuffling according to the shuffle method set in the order. Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key tables, a row including a key value (or identifier), a column including a key value, and a key value. A row containing and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, one or more other columns adjacent to the column containing the key value, and Select one of the diagonals in the matrix-type key table (e.g., including diagonals from 1 o'clock to 7 o'clock, diagonals from 11 o'clock to 5 o'clock, etc.) by the size of the server key And, based on the plurality of ranges selected in sequence, shift by a preset unit (or size) in a preset direction (including, for example, up/down/left/right) (or left based on the diagonal range in the case of a diagonal line). /Right symmetrical exchange) is configured in a plurality of sub-shuffle methods, and is used to shuffle the key table using the server key according to the sequentially selected plurality of sub-shuffle methods.

In addition, the server 200 is a value obtained by sequentially sorting the password registered in advance in the server 200, the server key, and the values included in the shuffled key table in response to the received identification information of the terminal 100 Based on the shift operation set in advance, the shifted comparison target input value (or comparison target input value) is generated (or calculated).

In this way, the server 200 sequentially arranges values (or values included in the shuffled key table) corresponding to the server key and the keyboard with respect to the input value according to the user input from the terminal 100. The user input value is generated by performing a preset shift operation in the terminal 100 and the server 200 using a value sorted by ), and the corresponding stored in the server 200 For a password corresponding to the identification information of the terminal 100, the shift operation is performed using a value obtained by sequentially arranging the server key and the values included in the shuffled key table to generate a shifted comparison target input value. can do.

Further, the server 200 determines (or confirms) whether the generated (or calculated) shift-operated comparison target input value and the separated shift-operated user input value match.

That is, the server 200 is a shift-calculated comparison target input value generated based on a password corresponding to the identification information of the terminal 100 stored in the server 200 and a user input from the terminal 100 It is determined whether or not the shifted user input values generated based on the input values match.

If the determination result (or the confirmation result), the shift-calculated comparison target input value and the shift-calculated user input value do not match, the server 200 transmits information indicating that authentication has failed to the terminal 100 ).

In addition, when the determination result (or the confirmation result), the shift-calculated comparison target input value and the shift-calculated user input value match, the server 200 transmits information indicating that authentication was successful to the terminal ( 100).

In addition, when the shift-calculated comparison target input value and the shift-calculated user input value match, the server 200 interworks with the terminal 100 to perform an additional function according to authentication success.

In addition, the server 200 provides a result of performing an additional function to the terminal 100.

In this way, the terminal shuffles the preset key table shared with the server using the server key provided from the server, and generates various types of dynamic keyboards such as circular rings and cylinders based on the shuffled key table, A user input value according to a user input on the generated dynamic keyboard and the server key are provided to the server, and the server key validity and previously stored based on the user input value provided from the terminal and the server key in the server It is possible to determine whether or not to match the password and provide the terminal with authentication.

Hereinafter, a key logging of an authentication section and a hacking prevention method according to the MITM according to the present invention will be described in detail with reference to FIGS. 1 to 13.

9 to 10 are flowcharts illustrating a method for preventing hacking according to the key logging of an authentication section and MITM according to an embodiment of the present invention.

First, when a preset event occurs for inputting a password or the like, the terminal 100 transmits a keypad format, an input format, and identification information of the terminal 100 to the server 200. Here, in the event, when a specific area displayed on the terminal 100 is clicked (or selected/touched) according to a mouse (not shown) or a user input (or touch), a screen for entering a password is displayed on the terminal 100. When one of the left button/right button/wheel button of the mouse is clicked (or selected) while being displayed, the keyboard (not shown) while the screen for entering the password is displayed on the terminal 100 When a preset key (or a combination of a plurality of keys) on the screen is clicked/selected, a specific area or a specific button displayed on one side of the screen of the terminal 100 while the screen for entering the password is displayed on the terminal 100 Or when a specific menu/item) is selected (or touched) according to a user input (or touch). In addition, the keypad type is selected or preset according to a user input, and the shape of the keypad to be displayed on the terminal 100 (or a user interface/graphical user interface related to the keypad) is circular ring, cylindrical (or slot machine). Of cylindrical reel), etc. In addition, the input format is selected or preset according to the user input, and is for designating the format of numbers, characters, special characters (or symbols) to be displayed on the keypad, and the number format, character format, and special characters Forms, combinations thereof, and the like are included. Further, the identification information of the terminal 100 includes MDN, mobile IP, mobile MAC, Sim (subscriber identification module) card unique information, serial number, and the like.

As an example, when the first terminal 100 accesses a website operated by ABCD Bank and attempts to input a password to perform an account transfer, the first terminal 100 is in the form of a first keypad and a number form related to the circular ring. The first input format, identification information of the first terminal, etc. are transmitted to the server 200.

As another example, when accessing the ZZZ web site from the second terminal 100 and entering a password, the second terminal is a second keypad type related to a cylinder, a second input in a combination of numbers, letters, and special characters. The format and identification information of the second terminal are transmitted to the server 200 (S910).

Thereafter, the server 200 receives a keypad format, an input format, and identification information of the terminal 100 transmitted from the terminal 100.

In addition, the server 200 generates a server key having a high value based on the input format and having a preset size.

At this time, the server 200 randomly selects any one of a number range, a character range, a special character range, and a combination thereof of a preset unit (or size) based on the input format, and the randomly selected one May be generated with the server key. Here, the server 200 determines a range of numbers in a unit set in advance for each input type, a range of characters in a preset unit, a range of special characters in a preset unit, and a range by a combination of numbers and characters and special characters in a preset unit. Can be managed.

In addition, the server 200 transmits the generated server key to the terminal 100.

For example, the server 200 receives a first keypad format (eg, circular ring), a first input format (eg, number format), identification information of the first terminal, etc. transmitted from the first terminal. .

In addition, the server 200 is a random number range (for example, 0000, 0001, 0002, ~, 9999) of a preset 4-digit unit based on the received first input format (including, for example, a number format). A number (eg, 3795) is selected, and the selected number (eg, 3795) is generated (or set) as a first server key.

In addition, the server 200 transmits the generated first server key (eg, 3795) to the first terminal.

As another example, the server 200 receives a second keypad format, a second input format, and identification information of a second terminal transmitted from the second terminal.

In addition, the server 200 is based on the received second input format (for example, including a combination format of numbers, letters, and special characters) from among a range of preset 4-digit combinations of numbers and characters and special characters. Any one (for example, 5AD#) is randomly selected, and the selected one (for example, 5AD#) is generated as a second server key.

In addition, the server 200 transmits the generated second server key (eg, 5AD#) to the second terminal (S920).

Thereafter, the terminal 100 receives a server key transmitted from the server 200 in response to the previously transmitted keypad format, input format, and the like.

In addition, the terminal 100 shuffles the key table previously stored (or registered) in the terminal 100 in response to the input format based on the received server key. Here, the key table may be stored (or managed/maintained) in the terminal 100 and the server 200 in the same manner, and a key table composed of only numbers, a key table composed of only letters, and a key composed of only special characters. It includes a table, a key table composed of combinations of numbers, letters, and special characters. In this case, the shuffle method for the key table performs a shuffle function in a plurality of steps by using a value included in the received server key for an n×m type sub key table selected from an N×M type key table. . Here, N and M may be the same or different and may be a natural number, n may be a natural number less than or equal to N, m may be a natural number less than or equal to M, and n and m may be the same or different.

That is, the terminal 100 includes a first key value (or first identifier), a second key value, a third key value, etc. included in the received server key of a preset size from a key table stored in advance corresponding to the input format. A final shuffled key table is generated (or prepared) by sequentially shuffling according to a pre-set shuffle method. Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key tables, a row including a key value (or identifier), a column including a key value, and a key value. A row containing and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, one or more other columns adjacent to the column containing the key value, and Select one of the diagonals in the matrix-type key table (e.g., including diagonals from 1 o'clock to 7 o'clock, diagonals from 11 o'clock to 5 o'clock, etc.) by the size of the server key And, based on the plurality of ranges selected in sequence, shift by a preset unit (or size) in a preset direction (including, for example, up/down/left/right, etc.) It is configured in a plurality of sub-shuffle methods that perform symmetric left/right exchange), and is used to shuffle the key table using the server key according to the plurality of sub-shuffle methods sequentially selected.

As an example, the first terminal receives a first server key (eg, 3795) transmitted from the server 200 in response to a first keypad format, a first input format, etc. transmitted previously.

In addition, as shown in FIG. 11, the first terminal includes a first key table of a 4×4 format stored in advance corresponding to the first input format, from the first row to the third row and the first column to the third column. Selecting the configured 3×3 type first sub-key table, and using a pre-set shuffle method for the first server key (for example, 3795) in 4-digit units for the selected first sub-key table. The included first sub-shuffle method (for example, a second row containing the first key value (or first identifier) (for example, 3) included in the first server key and a first row adjacent to the second row The first sub-key table is shuffled first according to a shuffle method that shifts by one size in a preset downward direction) to create a first sub-key table 1110 shuffled first as shown in FIG. 11. do. In this case, as shown in FIG. 11, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, as shown in FIG. 11, the first terminal is included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the first sub-key table 1110 shuffled first. Second sub-shuffle method (for example, shifting the second column containing the second key value (for example, 7) included in the first server key and the first column adjacent to the second column by one size in a preset left direction The first sub-key table shuffled secondarily is shuffled according to the shuffle method) to generate the secondly shuffled first sub-key table 1120 as shown in FIG. 11. In this case, as shown in FIG. 11, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, as shown in FIG. 11, the first terminal is included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the secondly shuffled first sub-key table 1120. According to a third sub-shuffle method (for example, a shuffle method in which a left/right symmetrical exchange is performed based on a diagonal line from 1 o'clock to 7 o'clock in the first sub-key table of the 3×3 matrix type) The first sub-key table shuffled by the difference is shuffled to generate the first sub-key table 1130 shuffled in the third order as shown in FIG. 11. In this case, as shown in FIG. 11, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, as shown in FIG. 11, the first terminal included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the thirdly shuffled first sub-key table 1130. According to the fourth sub-shuffle method (for example, a shuffle method in which the first column containing the fourth key value (for example, 5) included in the first server key is shifted by two sizes in a preset right direction) The third shuffled first sub-key table is shuffled to generate a final shuffled first key table 11140 as shown in FIG. 11. Here, in the final shuffled first key table 1140, the value (or state) of the third shuffled first sub key table 4 and the first key table is being maintained (or shuffled It is composed of the values included in the fourth row and the fourth column (S930).

Thereafter, the terminal 100 generates various types of keyboards such as circular rings and cylinders based on the shuffled key table, the keypad format, and the input format.

That is, the terminal 100 is based on a preset indicator (or a preset reference position in the N×M matrix) corresponding to the shuffled key table, based on a value (for example, a number, Characters, special characters, or a combination thereof) are arranged in sequence, and the sequentially arranged values are sequentially arranged (or placed) on a circular ring or cylindrical keyboard corresponding to the keypad type, and the values are arranged in the sequence. Create a keyboard consisting of.

In addition, the terminal 100 displays the generated keyboard on one side of the terminal 100 in order to receive an input value corresponding to a password or the like from a user.

For example, the first terminal corresponds to a first key table in a 4x4 format related to the first input format (e.g., a number format). A plurality of numbers included in the final shuffled first key table of FIG. 15 are sequentially sorted based on (or as a starting point) a 2×2 position/point in the key table (e.g., 6, 3, 2, 8, 5, 9, 1, 7, 4, 0), and the sequentially arranged values are sequentially arranged on the keyboard of the circular ring corresponding to the first keypad type (for example, circular ring), As shown in FIG. 12, the first key table that has been shuffled and the first keyboard 1200 formed in the form of the first keypad (for example, a circular ring) are generated. At this time, when sequentially sorting the plurality of numbers included in the final shuffled key table, the first terminal only skips when a value is included in the final shuffled key table (or skips when a value is not included). Leap) Can be aligned based on the first indicator.

In addition, the first terminal displays the generated first keyboard on one side of the screen of the first terminal (S940).

Thereafter, the terminal 100 receives an input value according to a user input (or user touch/control) with respect to a keyboard displayed on one side of the terminal 100. Here, the input value may be composed of at least one data (or key) according to numbers, letters, special characters, and combinations thereof.

For example, a first input value (eg, 3905) according to a user input is received on a first keyboard displayed on one side of the first terminal (S950).

Thereafter, the terminal 100 in advance based on the received input value, the server key, and a value arranged in sequence corresponding to the keyboard (or a value sequentially arranged in the shuffled key table). A set shift operation is performed to generate (or calculate) a shifted user input value (or user input value). Here, the shift operation may be a shift operation in a predetermined direction (eg, right direction, left direction, etc.) according to the input value.

In addition, the terminal 100 transmits data (or packets) obtained by combining the generated (or calculated) shift-calculated user input value and the server key, identification information of the terminal 100, etc. to the server 200 Transfer to. At this time, the terminal 100 converts a plurality of numbers, characters, special characters, etc. included in the server key into binary numbers composed of a combination of 0 and 1 of a preset number of bits (for example, 4 bits), and , The data in binary form may be generated by combining the server key converted to the binary number and the generated shift-operated user input value.

Here, the terminal 100 uses a preset encryption method for data (or packet) obtained by combining the generated (or calculated) shift-calculated user input value and the server key, and identification information of the terminal 100. Through encryption, encrypted digital data may be generated, and the generated digital data may be transmitted to the server 200. In this case, the encryption method may include various symmetric key encryption methods, asymmetric key encryption methods, and the like.

As an example, as shown in FIG. 13, the first terminal has a total of 10 according to the sequentially sorted values (eg, 6, 3, 2, 8, 5, 9, 1, 7, 4, 0). In a state 1310 in which an initial value (eg 0) is preset for the bit, the ninth bit related to '3' corresponding to the first input value included in the first input value (eg 3905) is By performing a pre-set NOT operation on the remaining bits, the value of the 9th bit is maintained as '0' and the value of the remaining bit is replaced (or changed/converted/modified) from '0' to '1', A first result value (for example, 1111011111) 1320 is calculated by performing a right shift operation by '3' corresponding to the first value included in the first server key (for example, 3795) in a round robin method. .

In addition, the first terminal relates to '9' corresponding to the second input value included in the first input value (eg 3905) with respect to the first result value (for example, 1111011111) (1320). Performs a preset NOT operation on the 5th bit, replaces the value of the 5th bit from '1' to '0', maintains the value of the remaining bit, and maintains the first server key (e.g. 3795) A second result value (eg 1001111111) 1330 is calculated by performing a right shift operation by '7' corresponding to the second value included in.

In addition, the first terminal relates to '0' corresponding to the third input value included in the first input value (eg, 3905) with respect to the second result value (for example, 1001111111) (1330). By performing a pre-set NOT operation on the first bit, the value of the first bit is substituted from '1' to '0', the value of the remaining bit is maintained as it is, and the first server key (eg 3795) A third result value (for example, 0011111101) 1340 is calculated by performing a right shift operation by '9' corresponding to the third value included in.

In addition, with respect to the third result value (for example, 0011111101) (1340), the first terminal relates to '5' corresponding to the fourth input value included in the first input value (for example, 3905). By performing a preset NOT operation on the 6th bit, the value of the 6th bit is replaced from '1' to '0', and the value of the remaining bit is maintained as it is, and the first server key (for example, 3795) A user input value (for example, 1110100110) 1350 subjected to the first shift operation is finally calculated by performing a right shift operation by '5' corresponding to the fourth value included in.

In addition, the first terminal generates first data (for example, 37951110100110) by combining the first server key (for example, 3795) and the calculated user input value (for example, 1110100110) do. In this case, the first terminal converts the first server key 3795 into a 4-bit binary number to generate 0011011110010101, and uses the generated value (0011011110010101) to the calculated first shifted user input value (for example, For example, second data (for example, 00110111100101011110100110) may be generated in combination with 1110100110.

In addition, the first terminal encrypts the generated first data (for example, 37951110100110) (or second data), identification information of the first terminal, etc. through a preset public key encryption method, and the encrypted first data And transmits the generated encrypted first data to the server 200 (S960).

Thereafter, the server 200 receives data obtained by combining the shifted user input value and the server key transmitted from the terminal 100, identification information of the terminal 100, and the like.

Here, when the server 200 receives the encrypted digital data transmitted from the terminal 100, the server 200 decrypts the received encrypted digital data through a preset decryption method, and the shift Data obtained by combining the calculated user input value and the server key, and identification information of the terminal 100 are checked.

In addition, the server 200 separates the server key and the shifted user input value from the received data. At this time, when the server key is converted to a binary number and included in the data, the server 200 checks the number of preset bits with the server key according to a preset data frame type, and shifts the number of remaining bits. You can check it with the calculated user input value.

For example, the server 200 receives the encrypted first data transmitted from the first terminal, decrypts the received encrypted first data through a preset public key decryption method, and the first data ( For example, 37951110100110) and identification information of the first terminal are checked.

In addition, the server 200 separates the first 4 digits and the remaining 10 digits, respectively, from the first data, and the first server key (eg 3795) and the first shifted user The input value (for example, 1110100110) is checked (or separated) (S970).

Thereafter, the server 200 is shuffled using a password registered in advance with the server 200 in response to the received identification information of the terminal 100, the server key, and the server key, and the values are sequentially sorted. Based on the shift operation set in advance, the shifted comparison target input value (or comparison target input value) is generated (or calculated). Here, the shift operation may be a shift operation in a preset direction (eg, a right direction, a left direction, etc.).

That is, the server 200 shuffles the key table previously stored (or registered) in the server 200 in response to the received input format based on the generated server key. Here, the key table may be stored (or managed/maintained) in the terminal 100 and the server 200 in the same manner, and a key table composed of only numbers, a key table composed of only letters, and a key composed of only special characters. It includes a table, a key table composed of combinations of numbers, letters, and special characters. In this case, the shuffle method for the key table performs a shuffle function in a plurality of steps by using a value included in the received server key for an n×m type sub key table selected from an N×M type key table. . Here, N and M may be the same or different and may be a natural number, n may be a natural number less than or equal to N, m may be a natural number less than or equal to M, and n and m may be the same or different.

In this way, the server 200 pre-stores a key table corresponding to the input format for the first key value (or first identifier), the second key value, and the third key value included in the server key of the preset size. The final shuffled key table is generated (or prepared) by sequentially shuffling according to the shuffle method set in the order. Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key tables, a row including a key value (or identifier), a column including a key value, and a key value. A row containing and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, one or more other columns adjacent to the column containing the key value, and Select one of the diagonals in the matrix-type key table (e.g., including diagonals from 1 o'clock to 7 o'clock, diagonals from 11 o'clock to 5 o'clock, etc.) by the size of the server key And, based on the plurality of ranges selected in sequence, shift by a preset unit (or size) in a preset direction (including, for example, up/down/left/right) (or left based on the diagonal range in the case of a diagonal line). /Right symmetrical exchange) is configured in a plurality of sub-shuffle methods, and is used to shuffle the key table using the server key according to the sequentially selected plurality of sub-shuffle methods.

In addition, the server 200 is a value obtained by sequentially sorting the password registered in advance in the server 200, the server key, and the values included in the shuffled key table in response to the received identification information of the terminal 100 Based on the shift operation set in advance, the shifted comparison target input value (or comparison target input value) is generated (or calculated).

As an example, the server 200 includes a first key table of a 4×4 format previously stored in the server 200 corresponding to the first input format, from the first row to the third row and the first column to the third column. Selecting the configured 3×3 eleventh sub-key table, targeting the selected eleventh sub-key table, for the first server key (e.g., 3795) in 4-digit units in a pre-set shuffle method The included first sub-shuffle method (for example, a second row containing the first key value (or first identifier) (for example, 3) included in the first server key and a first row adjacent to the second row The first sub-key table is firstly shuffled according to a shuffle method in which is shifted by one size in a preset downward direction) to generate an eleventh sub-key table shuffled first. In this case, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, the server 200 includes a second sub-shuffle method (e.g., the first server key) included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the firstly shuffled eleventh sub-key table. 1 The second column containing the second key value (e.g., 7) included in the server key and the first column adjacent to the second column are shifted to the left by one size in a preset left direction). The shuffled eleventh sub-key table is shuffled to generate the secondly shuffled eleventh sub-key table. In this case, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, the server 200 includes a third sub-shuffle method (for example, the third sub-shuffle method) included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the secondly shuffled eleventh sub-key table. The 11th sub-key table shuffled in the second order is shuffled 3 times according to the shuffle method in which the diagonal line from the 1 o'clock direction to the 7 o'clock direction is symmetrically exchanged in the 11th sub-key table in a matrix form) The eleventh sub-key table shuffled by car is generated. In this case, the values (or data) included in the fourth row and the fourth column of the first key table may be maintained as they are.

In addition, the server 200 includes a fourth sub-shuffle method included in a pre-ordered shuffle method for the first server key of the 4-digit unit in the eleventh sub-key table shuffled three times (for example, the 1 Shuffle the eleventh key table shuffled to the third order in the fourth order according to the shuffle method in which the first column containing the fourth key value (for example, 5) included in the server key is shifted by two sizes in a preset right direction) Thus, a final shuffled first key table is generated.

In addition, the server 200 has an initial value (for example, for a total of 10 bits) according to the sequentially sorted values (for example, 6, 3, 2, 8, 5, 9, 1, 7, 4, 0). For example, when 0) is set in advance, '3' corresponding to the first input value included in the first password (for example, 3905) previously registered in the server 200 in response to the identification information of the terminal 100 By performing a pre-set NOT operation on the remaining bits except the 9th bit related to, the value of the 9th bit is maintained as '0' and the value of the remaining bit is replaced from '0' to '1', and round robin In a method, a right shift operation is performed by '3' corresponding to the first value included in the first server key (eg, 3795) to calculate an eleventh result value (eg, 1111011111).

In addition, for the eleventh result value (for example, 1111011111), the server 200 performs a fifth bit related to '9' corresponding to the second input value included in the first password (for example, 3905). By performing a pre-set NOT operation for, the value of the 5th bit is substituted from '1' to '0', and the value of the remaining bit is maintained as it is, and included in the first server key (for example, 3795). A twelfth result value (for example, 1001111111) is calculated by performing a right shift operation by '7' corresponding to the second value.

In addition, the server 200, for the twelfth result value (for example, 1001111111), the first bit related to '0' corresponding to the third input value included in the first password (for example, 3905). By performing a pre-set NOT operation on the first bit, replacing the value of the first bit from '1' to '0', keeping the value of the remaining bit as it is, and included in the first server key (for example, 3795). A 13th result value (for example, 0011111101) is calculated by performing a right shift operation by '9' corresponding to the third value.

In addition, the server 200 is the sixth bit related to '5' corresponding to the fourth input value included in the first password (for example, 3905) for the thirteenth result value (for example, 0011111101). By performing a pre-set NOT operation for, the value of the 6th bit is substituted from '1' to '0', the value of the remaining bit is maintained as it is, and included in the first server key (for example, 3795). By performing a right shift operation by '5' corresponding to the fourth value, the first shifted comparison target input value (for example, 1110100110) is finally calculated (S980).

Thereafter, the server 200 determines (or confirms) whether the generated (or calculated) shift-operated comparison target input value and the separated shift-operated user input value match.

That is, the server 200 is a shift-calculated comparison target input value generated based on a password corresponding to the identification information of the terminal 100 stored in the server 200 and a user input from the terminal 100 It is determined whether or not the shifted user input values generated based on the input values match.

For example, the server 200 determines whether the calculated first shift-operated comparison target input value (for example, 1110100110) and the separated first shift-operated user input value (for example, 1110100110) match. It is determined (S990).

If the determination result (or the confirmation result), the shift-calculated comparison target input value and the shift-calculated user input value do not match, the server 200 transmits information indicating that authentication has failed to the terminal 100 ).

In addition, the terminal 100 receives information indicating that authentication has failed from the server 200 in response to data obtained by combining a previously transmitted shift-calculated user input value and a server key.

In addition, the terminal 100 outputs information indicating that the received authentication has failed.

As an example, when the calculated first shift-operated comparison target input value and the separated first shift-operated user input value do not match, the server 200 provides information indicating that authentication has failed. Send to the terminal.

In addition, the first terminal receives information indicating that authentication has failed from the server 200 in response to previously transmitted first data (for example, 37951110100110), and indicates that the received authentication has failed. Information is output (S1000).

In addition, when the determination result (or the confirmation result), the shift-calculated comparison target input value and the shift-calculated user input value match, the server 200 transmits information indicating that authentication was successful to the terminal ( 100).

In addition, the terminal 100 receives information indicating that authentication was successful, transmitted from the server 200 in response to data obtained by combining a previously transmitted shifted user input value and a server key.

In addition, the terminal 100 outputs information indicating that the received authentication was successful.

In addition, the terminal 100 interworks with the server 200 to perform an additional function according to authentication success.

For example, when the calculated first shift-calculated comparison target input value (for example, 1110100110) and the separated first shift-calculated user input value (for example, 1110100110) match, the server 200 Information indicating that authentication is successful is transmitted to the first terminal.

In addition, the first terminal receives information indicating that authentication was successful, transmitted from the server 200 in response to the previously transmitted first data (for example, 37951110100110), and indicates that the received authentication was successful. Display the indicated information.

In addition, the first terminal interlocks with the server 200 according to the successful authentication, performs an account transfer function to an account related to Hong Gil-dong through the website operated by the ABCD bank, and outputs the result of the account transfer. (S1010).

As described above, the embodiment of the present invention shuffles a preset key table shared with the server using a server key provided from a server in the terminal, and based on the shuffled key table, a circular ring, a cylinder, etc. It generates various types of dynamic keyboards, provides a user input value and the server key according to the user input on the generated dynamic keyboard to the server, and the server provides the user input value and the server key provided from the terminal. Based on the validity of the server key and whether it matches the existing stored password, the authentication status is provided to the terminal, thereby preventing hacking due to key logging and man-in-the-middle attacks.

The above contents may be modified and modified without departing from the essential characteristics of the present invention by those of ordinary skill in the technical field to which the present invention belongs. Accordingly, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention, but to explain the technical idea, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be interpreted by the following claims, and all technical ideas within the scope equivalent thereto should be interpreted as being included in the scope of the present invention.

10: Key logging of authentication section and prevention of hacking according to MITM
100: terminal 200: server
110: communication unit 120: storage unit
130: display unit 140: audio output unit
150: control unit

Claims (7)

When a preset event occurs, transmitting, by the terminal, a keypad format, an input format, and identification information of the terminal to a server;
Generating, by the server, a server key having a preset size based on the input format;
Shuffling, by the terminal, a key table previously stored in the terminal in response to the input format based on the server key transmitted from the server;
Generating, by the terminal, a circular ring or cylindrical keyboard based on the shuffled key table, the keypad format, and the input format;
Displaying, by the terminal, the generated keyboard on one side of the terminal to receive an input value corresponding to a password from a user;
Receiving, by the terminal, an input value according to a user input for a keyboard displayed on one side of the terminal;
Generating, by the terminal, a shift-calculated user input value by performing a preset shift operation based on the received input value, the server key, and values arranged in sequence corresponding to the keyboard;
Transmitting, by the terminal, data obtained by combining the generated shifted user input value and the server key and identification information of the terminal to the server;
Separating, by the server, the server key and the shifted user input value from the data transmitted from the terminal;
By the server, the preset shift operation is performed based on a value that is sequentially sorted after being shuffled using a password registered in advance in the server, the server key, and the server key in response to the received terminal identification information. Performing a shift operation to generate a comparison target input value;
Determining, by the server, whether or not the generated shifted comparison target input value and the separated shifted user input value match;
Transmitting, by the server, information indicating that authentication was successful to the terminal when the shift-calculated comparison target input value and the shift-calculated user input value match as a result of the determination;
Receiving, by the terminal, information indicating that authentication transmitted from the server was successful;
Outputting, by the terminal, information indicating that the received authentication was successful; And
By the terminal, interlocking with the server, including the step of performing an additional function according to the authentication success,
The step of shuffling the key table previously stored in the terminal,
The n×m type subkey table selected from the N×M type key tables is sequentially shuffled according to a pre-set shuffle method using the values included in the received server key to perform a shuffle function over multiple steps. Performing;
Including,
Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key tables, and includes a row including a key value, and a column including a key value. ), the row containing the key value and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, and one or more adjacent columns containing the key value One range of diagonal lines in the key table in the form of another column and matrix is sequentially selected by the size of the server key, and shifted by a preset unit in a preset direction based on each of the plurality of ranges selected in sequence,
The authentication section, characterized in that N and M are the same or different natural numbers, n is a natural number less than or equal to N, m is a natural number less than or equal to M, and n and m are the same or different Hacking prevention method according to keylogging and MITM. The method of claim 1,
The above event is:
When a specific area displayed on the terminal is selected according to a mouse or user input, when the button of the mouse is selected while the screen for password input is displayed on the terminal, a screen for password input is displayed on the terminal Among the cases in which a preset key on the keyboard is selected in the current state, and a specific area displayed on one side of the screen of the terminal or a specific button is selected according to the user input while the screen for password input is displayed on the terminal. Includes any one,
The keypad format is:
The shape of the keypad to be displayed on the terminal includes any one of a circular ring and a cylindrical shape,
The above input format is:
A method for preventing hacking according to MITM and key logging of an authentication section, comprising any one of a number format, a character format, a special character format, and a combination format thereof. delete The method of claim 1,
Generating the keyboard,
Sequentially sorting values included in the shuffled key table based on a preset indicator corresponding to the shuffled key table; And
And generating a keyboard composed of the sequentially arranged values by sequentially arranging the sequentially arranged values on a circular ring or cylindrical keyboard corresponding to the keypad type. Hacking prevention method according to logging and MITM. The method of claim 1,
Transmitting, by the server, information indicating that authentication has failed to the terminal when the shift-calculated comparison target input value and the shift-calculated user input value do not match as a result of the determination;
Receiving, by the terminal, information indicating that authentication transmitted from the server has failed; And
And outputting, by the terminal, information indicating that the received authentication has failed. When a preset event occurs, a keypad format, an input format, and identification information of a terminal are transmitted to the server, and in response to the transmission, a server key transmitted from the server is received, and the input format is responded to the input format based on the server key. In order to shuffle the key table previously stored in the terminal, generate a circular ring or cylindrical keyboard based on the shuffled key table, the keypad format and the input format, and receive an input value corresponding to the password from the user, the Display the generated keyboard on one side of the terminal, receive an input value according to a user input, and perform a preset shift operation based on the received input value, the server key, and values arranged in sequence corresponding to the keyboard. The terminal for generating a shift-calculated user input value by performing, and transmitting data obtained by combining the generated shift-calculated user input value and the server key and identification information of the terminal to the server; And
Separating the server key and the shifted user input value from the data transmitted from the terminal, and using a password previously registered in the server, the server key, and the server key in response to the identification information of the received terminal. After being shuffled, the preset shift operation is performed on the basis of the sequentially sorted values to generate a shifted comparison target input value, and the generated shifted comparison target input value and the separated shifted user input A server that determines whether the values match or not, and transmits information indicating that authentication is successful to the terminal when the shift-calculated comparison target input value and the shift-calculated user input value match,
The terminal,
The n×m type subkey table selected from the N×M type key tables is sequentially shuffled according to a pre-set shuffle method using the values included in the received server key to perform a shuffle function over multiple steps. Perform,
Here, the pre-ordered shuffle method targets an n×m type sub-key table selected from the N×M type key tables, a row including a key value, and a column including a key value. ), the row containing the key value and one or more other rows adjacent to the row, one or more other rows adjacent to the row containing the key value, the column containing the key value and one or more other columns adjacent to the column, and one or more adjacent columns containing the key value One range of diagonal lines in the key table in the form of another column and matrix is sequentially selected by the size of the server key, and shifted by a preset unit in a preset direction based on each of the plurality of ranges selected in sequence, The authentication section, characterized in that N and M are the same or different natural numbers, n is a natural number less than or equal to N, m is a natural number less than or equal to M, and n and m are the same or different Hacking prevention system according to keylogging and MITM. The method of claim 6,
The terminal,
Authentication characterized in that it receives information indicating that the authentication was successful transmitted from the server, outputs information indicating that the received authentication was successful, and performs an additional function according to authentication success by interworking with the server Hacking prevention system according to section key logging and MITM.

Images