KR20010084043A - The methods for ecommerce and Certificate Authorization System by means of dynamic password algorithm - Google Patents

Abstract

PURPOSE: An Internet commerce method and a document authentication system using a variable code algorithm are provided to activate an Internet commerce by enabling a user to receive an encoding/decoding program and to encode/decode data according to an encoding system set and registered by an encoding/document authentication company. CONSTITUTION: A user connects to a homepage of a shopping mall and purchases a product(31). The user judges whether the user's own bank selects and uses a customer information protection system(32). The user enters a site of the bank in case that the bank selects the system(33). The user enters a company site of the system in case that the bank doesn't select the system(34). The user inputs an account number and a password(35). In addition, the user inputs an account number of the shopping mall and the amount of money(36).

Description

The method for ecommerce and Certificate Authorization System by means of dynamic password algorithm

The present invention relates to a system to which the present inventors apply a 'variable encryption algorithm'.

The method of using a credit card is a method of accessing a credit card company's computer system using a dedicated line or a telephone line, using a PC banking using a PC, making a transaction through a vending machine using an ATM card, and using the Internet. There are ways to buy and sell. Active, secure, and complete banking and commerce using credit cards is not available over the Internet. It is done in some but semi-passive forms, and users are very nervous about entering credit card numbers and passwords on the Internet. The Internet is a very convenient tool for banking and commerce. However, there are some inconveniences. The Internet has the potential of exposing information due to the nature of TCP / IP, and there is always a risk that computer system administrators will see this data because the data is always logged to the computer. The present invention improves these problems so that banking and commerce can be made safely and conveniently through the Internet without the above problems.

In order to enter data on the Internet, you can directly enter the data using a keyboard, copy and paste other documents, store data such as passwords or names as cache data, and enter the data automatically. There is a way. The present invention uses the HTML or XML specification to search and input the content by searching in the URL of the web. This data is configured to combine the input data with a card reader such as a credit card to generate the necessary password.

There are many methods for document authentication, but it is inconvenient to use different methods for each company. In addition, the current document authentication method is complex, and users receive and use keys from various companies, and one person uses a plurality of e-mail accounts and addresses, which is inconvenient in this case. However, the present invention is simple because the encryption / decryption program is encrypted and decrypted by the encryption / decryption program set / registered by the password / document authentication company without the inconvenience when the password / document authentication company uses the same algorithm.

When conducting financial transactions or commerce through the Internet, transactions are made through a credit card company as of today, and bank transfers are directly performed on the Internet without paying a credit card fee. This procedure is the simplest. To lose.

Direct transactions are made by accessing the banking server through the Internet, and secure transactions are possible without exposing personal information. In other words, it does not use the computer or keyboard input as a log, and establishes an internet commerce method that prevents hackers from hacking and obtaining data on the Internet.

Construct a basic cryptographic algorithm used for commerce on the Internet. It also allows you to configure various passwords. In other words, the transaction is added to the cryptocurrency to confirm the configuration.

When input from a user is required to generate a user's password using a variable password or another encryption algorithm, a password is simply generated by receiving information from the Internet through a homepage including user information and combining the information.

Only the information used as a password is selected and used as a password by means of having a customer's encryption algorithm and other information and a means having other information.

In the above system, this information can be obtained from the card in the form of a card having customer information or other target information, or the password can be obtained by using the information obtained from the homepage of the Internet containing such information. To create it.

In order to obtain the necessary information from the homepage of the Internet in the above system, the information is standardized and there must be a delimiter to select and use only the necessary information. Specify these separators in specifications such as HTML, SGML, or XML. Use it.

By constructing the variable encryption algorithm that is most suitable for internet commerce, it can be made simply by internet and computer system without complicated procedure. In this way, the cryptosystem is used so that all information related to the transaction manager or the sender and the receiver is used for the encryption.

Secure server access Uses a secure password system on behalf of banks that do not use one. By establishing an adopted server system and allowing users to use a secure cryptographic system, users can securely use credit cards or online transactions between customers and banks.

By using the characteristics of the variable password system, the password is configured to be used in various ways as needed. In other words, it is prefabricated so that it can be used in various ways according to the steps by configuring the basic password at times and sometimes including other related matters in the password, and sometimes configuring other items as passwords. Configure it for convenience.

It is used as a document authentication system using a variable password system.

Encrypt using the document creator's password and decrypt using the document recipient's password by using a variable system using the algorithm. Registered with the certification company to receive the program necessary for encryption and decryption. This program is encrypted by the password registered by the document creator (password registrant) and cannot be decrypted except by the correct document creator.

The certification company's program creates and encrypts the document using the document creator's password, and decrypts it with its own password when receiving the document. In this case, the document can only be viewed. The modification must match the password of the document creator and the time variable at the time of document creation. Since it is already encrypted with the last time variable, it is impossible to modify it.

Build and use a convenient document authentication system using your own password.

If the document authentication registration process is complicated in case of a variable password, the user can set it arbitrarily or set it arbitrarily by using the registrant's information from the certification company. Make it available.

Figure 1 shows the type of transaction between a commerce company and a customer that adopts a customer information protection system and a customer's transaction type that does not, and adopts a customer information protection system on behalf of a company that does not adopt a customer information protection system. Represents a type of transaction through an intermediary security company.

2 shows a procedure for making a transaction using the customer information protection system.

3 shows a flow chart of the procedure of FIG. 2.

4 shows a document authentication method and procedure when a document is exchanged using an electronic mail system.

5 shows an example of setting a cipher by adopting a variable cipher technique.

FIG. 6 shows information required for the variable encryption technique included in the document when the document is created by the document authentication system using the variable encryption technique.

1. Direct banking transactions using internet, computer systems and variable cryptography

By using the variable password algorithm, which the inventors have applied for in the patent application, a method of constructing a cryptosystem by linking variable variables such as time and place with a cipher uses the fact that the cipher actually inputs the cipher from time to time. This covers the disadvantage of exposing data, which is a disadvantage of the Internet, and is particularly advantageous for online shopping or online banking.

1 is a diagram showing this method. 1 is a normal user. 2 and 3 are financial institutions such as banks (hereinafter referred to as 'banks') on the Internet online. 2 is a bank with a system for protecting variable passwords or other customer information, and 3 is a bank without a system for protecting variable passwords or other customer information. 4 is a shopping company that does not have a system to protect customer information. There is no problem because the customer information is well protected when the user accesses the bank of 2 directly. However, in the case of 3 banks or 4 shopping companies, this is a problem because the customer's information is not properly protected. In the case of 4 shoppers, a lot of confirmation process is required for the customer to purchase and pay for the goods in the conventional manner. Confirmation of purchaser's intention, confirmation of buyer's credit, confirmation of seller's intention. 6 represents the Internet. In the case of 2 banks using variable passwords, passwords are not directly exposed, so it is safe. Therefore, it is desirable for banks 3 and 4 to conduct shopping or banking transactions through an intermediary security company 5 that employs a system that protects user information such as variable passwords. There is no privacy mechanism for 1 and 3 or 1 and 4 to make transactions and make payments through 3 banks.

2 is a diagram illustrating a procedure for realizing secure commerce using the present invention.

21, user 1 goes to the online shopping company 4 to buy the goods.

22 informs banks 2 and 3 of the purchase. 22 'notifies the intermediary security firm 5, which confirms the password, in the middle of the purchase.

23 and 23 'means the buyer notifies 2, 3 or 5 of the purchase from the user. Here 22, 22 ', 23 and 23' can be done simultaneously on the Internet. In other words, when the user clicks, each bank will be notified at once.

3 is a diagram illustrating this procedure.

One). The user accesses an internet homepage of a shopping company and purchases an item (31).

2). In order to pay for the purchase of goods, it is determined whether the customer's own bank uses the customer information protection system (32).

3). If a bank adopts a customer information protection system, it will enter its bank's site (33),

4). In the case of an unstable bank that does not adopt the customer information protection system, it enters the site of the customer information protection system company (34). In some cases, it may be difficult to determine whether your bank has adopted a customer information protection system. In this case, enter the customer information protection system company's site. After inputting the account number and password of the sender (customer) (35) to check the customer's credit status, the account number and amount of the payment destination (shopping company) are input (36) to finish the payment. Here, the password may be a variable password or the like and may be entered on the Internet or data may be recorded on the computer of a shopping company and remain safe, and all of the processes of FIGS. 22, 22 ', 23, and 23' of FIG. 2 may be secured on the Internet.

In order to notify the bank, the user generates a password and sends a notification when using a variable password. Cryptography can be simplified by using variable variables of time, but basically, the following structure is used to make online transactions and eliminate unnecessary communication.

1) variable variables that represent you (basic passwords, etc.),

2) Variables representing the other party (e.g., email, business name, host ip address, web domain, etc. of the shopping company),

3) Variable representing time

4) Imaginary variables that make decryption difficult

5) Substitute variable variable or static password to replace any of the above (variable variable)

You and the other party are the opposite of the user and the shopper. In this structure, the time when the action is performed by one password, the subject of the action (the person) and the counterpart (the shopping company) of the action are displayed.

The system of passwords is not limited to the above variables, but in the case of a shopping company, the password can be configured in various ways such as the amount of money purchased by the user.

The above cipher component may be different for each bank, but it is inconvenient for a customer or a shopping company to input one on the home page. This information is described on the homepage in advance using the html or xml specification to describe the user's information, so that the automatic password calculation and input using the software program. This method is quite convenient in view of the fact that variable ciphers have to calculate and input the ciphers one by one. There is all the resource information (information 'A') corresponding to the variable on the shopping company's homepage, and the user's information is provided on the homepage of the user or the customer information protection system or read from a smart card type card (information 'B'). '), This information combines' A' and 'B'. Configure to automatically generate a password for the full input. There should be a process to confirm the authenticity of information 'B'. The password is divided into a password system that allows users to input automatically and a simple calculation and a password that can be input by the user. The method of automatic input from the homepage is to search the homepage contents or the source code using regular expressions, and automatically fill in the corresponding contents in the blank form and generate the necessary password. The following shows the source code of the example that is set to automatically search and input data on the homepage of the web URL site.

<HEAD>

<META NAME = source data for author to input CONTENT = for Choonyeol Yu>

</ HEAD>

<BODY>

<SOURCE><1 ^st NAME> Choonyeol </ 1 ^st NAME><LASTNAME> Yu </ LAST NAME>

<ID NO> 570312-1059621 </ ID NO>

<EMAIL 1> jongho123@hon.com </ EMAIL 1>

<EMAIL 2> jongho132@hang.co.kr </ EMAIL 2>

</ SOURCE>

</ BODY>

If you enter the URL with the above homepage, check the name in the <MEAT> column, and then read the data between <SOURCE></SOURCE> to display the name (1 ^ST NAME), last name (LAST NAME), and email address (EMAIL 1). Or find and search EMAIL 2) and use it as the data for password generation.

This can be an alternative to filling out various forms on the Internet.

This automatic data input method using the homepage solves the inconvenience of having to go through the process of registering one's personal information on a certain homepage at once.

2. Prefab variable password system

Variable passwords are not a system of entering a specific character, but a system of creating and entering characters using algorithms. Use these features to assemble passwords. Can be used. That is, it is divided into the following steps.

1) self-check

2) Checking others (eg destination)

3) Other matters such as transaction amount, place of residence and period of stay

1) Self-confirmation is the addition of a time variable or place variable to the default password.

2) Others confirmation is a variable for destination confirmation when sending a document by e-mail.

3) is a variable used when making purchases in online shopping and transferring money in online banking. The following table shows an example of this.

Variable Cryptographic Standards Password steps Variable Types of Passwords Password to enter Self-check Default static password 1234 Time variable 1023 Check others Tyne Variable (jgyu = 4031) 4031 Confirm transaction amount Amount variable (123,000 123 x 4 = 0492) 0492 Password to enter last 6780

These passwords sometimes use only self-identifying passwords, and in some cases, they can be used in combination with self-identifying + third-party verification passwords, or prefabricated passwords can be added to e-commerce.

3. Document Authentication using Variable Password

The minimum components of cryptography required for commerce are described above. The same components are used for document authentication. The time variable uses the time at which the user reads the document.

1) variable variables that represent you (basic passwords, etc.),

2) Variables representing the other party (e.g., email, business name, host ip address, web domain, etc. of the shopping company),

3) Variable representing time

4) Imaginary variables that make decryption difficult

5) Substitute variable variable or static password to replace any of the above (variable variable)

4 illustrates a document authentication method using a variable cipher and a process thereof.

41 is the document creator (sender), 42 is the document recipient and 43 is the password. It is a document certification company. The document sender 41 joins the certification company and registers a password. This cipher serves as an encryption means when the document is created by itself, and as a decryption means for decrypting the encrypted document when receiving and reading another person's document. Upon receipt of the registration, the certification company 43 encrypts and sends a program necessary for document encryption and document decryption to the e-mail address of 41. 41 uses his password to decrypt the program.

After this, create a document. The information required for the above cipher components for the document author is recorded either in the document itself or in the email to which it is sent. That is, the author's full name, business name, email address, and so on. In addition, the e-mail address of the document recipient is recorded. Since the document is transmitted through an e-mail, the subject of the encryption may be the subject of the e-mail and a part of the content.

When a document is sent via e-mail, it is encrypted using the minimum components of the cipher described above in the author's variable encryption scheme. Therefore, you cannot decrypt the document unless you are the author. The document is sent via email and the document recipient of 42 decrypts the document by entering his password. Since the content of the document is encrypted using the document creator's password, you cannot see the document except the correct recipient unless you enter the correct password. The password is a variable system that is secure even when exposed to third parties, and because the document is encrypted, even if a third party hacks and acquires the document on the Internet and attempts to view the contents of the document arbitrarily, the correct information about the document creator and the document recipient recorded on the document If you do not enter the correct password for the document author or document recipient, you will not be able to create, modify, or view the document. Even if a third party hacks a document and attempts to decrypt and decrypt it arbitrarily, the e-mail address is registered in the program received from the certification authority, and the e-mail address for the recipient is also registered in the document. Therefore, even if you try to decrypt by changing the e-mail address arbitrarily.

The document creator can only view the document using his password, but cannot modify the document. This is because the password for the document creator is not known. In addition, the encryption is performed according to the information on the creation time, and the document cannot be modified outside of the corresponding time.

5 is a practical example of setting a password using a variable password. Examples of ciphers of A (51 in Fig. 5), B (52) and C (53) are shown. The registered name of the e-mail address is numbered in order of 0, 1, 2, 3, .. from the first digit. The domain part of the e-mail address is numbered in the order a, b, c, (54). 55 is the basic password of the document author, in the case of A, the two parts of the e-mail address in the order of 3, 6, 2, 1, and the first and last names of the names are simply combined (oeohyu). '.' In the figure indicates that the character is connected as a character connector. The time variable 56 of A is 'date + time' connected to the basic password by a letter connector. In the case of A, as in 57, the 1, 4, and 2 letters of the recipient's registered name of the recipient's e-mail part are listed in that order, and the letters d, c, and e of the domain of the mail server are in that order. It is set to use by enumerating with (ohncno when B is the receiver). 58 represents an alternative password used when there are no letters in the corresponding password setting part, and 59 is set to fill the letters of 'seoulkorea' in order.

If A prepares a document and sends it to B, writing it at time 2000/02/03 13:31:45 in accordance with 53, 54 and 55 results in 'oeohyu16ohncno' (16 = 03 + 13). When A receives the document from B and decodes it at time 2000/02/16 08:45:36, it becomes 'oeohyu18ohncno'.

If A writes to B. When C hacks the acquired document and wants to view the document content, the document content is recorded as shown in FIG. 6 and the document content is encrypted. The document encryption / decryption program C received from the registrar is set as shown in 53 of FIG. 5 and does not match the document contents of FIG. 6, so that the document contents cannot be decrypted and read as B.

The process of registering for this document certification is quite tricky for beginners. Therefore, the user may set it arbitrarily, or the authentication company may set it arbitrarily so that the user does not need to set it manually.

Since the password or data is configured to change continuously, there is little risk of exposure to third parties, and even if exposed to hackers due to the characteristics of TCP / IP, primary encryption is performed with variable passwords, which are again encrypted by encryption technology. It allows you to send and receive data securely over the Internet for commerce. The advantage of the Internet is that it can make banking and commerce convenient, and it can greatly activate internet commerce because it is not activated due to the problem of customer information protection.

Adopt an information security system on the Internet. It acts as an intermediary security firm for Internet commerce customers on behalf of unused banks or businesses, increasing safety and greatly promoting Internet commerce.

The characteristic of the computer is that the contents of the data input through the keyboard or other input devices can be logged. Even if the password or the data is the same, the expression is configured to change continuously. It cannot be used for the purpose.

The standard cryptosystem was established by confirming various variable elements of the variable cryptosystem. In addition, various variables can be added and used according to the needs of users.

It can be used as input data by receiving data from homepage or other documents, or it can be conveniently used by combining an external input device with a card reader.

Various variable elements of variable passwords can be used in a prefabricated manner, so it is convenient to select and use only necessary passwords in some cases.

It is easy to use by performing complex variable password calculation using a software program and automatically inputting it on the Internet.

The current document authentication method is complicated, and users often receive and use keys from various companies, and one person uses a plurality of e-mail accounts and addresses, which is inconvenient in this case. However, the present invention is simple because the encryption / decryption program is encrypted and decrypted by the encryption / decryption program that the user sets / registers with the password / document authentication company without the inconvenience when the password / document authentication company uses the same algorithm.

Existing document authentication systems are time stamped on documents and encrypted by a static algorithm (which is a relative concept of variable, which does not change the encrypted data). It is more difficult to decipher.

The registration process for password / document authentication can be set by the user, or it can be easily used by the authentication company so that only the password / decryption program can be sent to the user for use.

Claims (5)

1. An Internet e-commerce method that enables secure commerce on the Internet by using computer data protection means that protects the contents even if the customer's information is entered on the Internet. 2. The Internet e-commerce method according to claim 1, wherein the data protection means mentioned is a variable encryption system configured to change a password. 1. A cryptographic system characterized by comprising a means for representing a writer (sender) and a means for a receiver for a password used for electronic commerce on the Internet. 2. The cryptographic system of clause 1, wherein the means for representing the author mentioned is taken from an element of an email or document. 3. The cryptographic system of paragraph 1, wherein the means for representing the referred recipient in paragraph 1 is taken from an element of an email or document. 4. The cryptographic system of clause 1, further comprising an imaginary variable that makes decryption difficult. 5. The cryptographic system of paragraph 1, further comprising content relating to electronic commerce as a cryptogram. 6. The cryptographic system of clause 1, further comprising configuring the cipher component in steps to configure the ciphers of the means representing the author or the means representing the recipients to be partially used or added as necessary. . 7. The cryptographic system of paragraph 2 or 3, further comprising alternative cryptographic means for constructing a cryptographic alternative if there is no component to use as a cryptographic in the document. 8. The cryptographic system of clauses 2 or 3, further comprising obtaining the mentioned author or means representing the recipient from a particular document or a specific homepage on the Internet. 9. The cryptographic system of paragraph 2 or 3, further comprising the means for indicating the author or the means for indicating the recipient configured to receive data using an external input means. 1. When a password is entered using a password system means that passwords are constantly changing, a means for receiving data from a specific document and automatically inputting the password, and a software program for calculating the password to receive and enter such data. Automatic password input method characterized in that consisting of. 2. The automatic password input method according to item 1, wherein the means for automatically inputting the aforementioned password is obtained from a specific document or an Internet homepage. 1. A prefabricated cryptographic system, characterized by dividing the password into components and combining or omitting them as necessary. 2. The prefabricated cryptographic system according to item 1, wherein the cipher cipher is configured to change continuously. 1. A document encryption / decryption system using variable variables, characterized in that the document is encrypted or decrypted using time, place or other continuously changing means. 2. The method of clause 1, wherein the variable means mentioned 1) variable variables that represent you (basic passwords, etc.), 2) Variables representing the other party (e.g. shopping company's email, business name, host ip address, web domain, etc.) Document encryption / decryption system using a variable variable, characterized in that consisting of. 3. The document encryption / decryption scheme according to claim 1, further comprising an imaginary variable that makes decryption difficult. 4. The system of claim 2, further comprising replacement encryption means for replacing a variable variable which is not applicable among the mentioned variable variables.