KR20060013949A - Certification system of using the picture file and method thereof - Google Patents

Abstract

The present invention relates to a technology for authenticating users subscribed to various websites online.

In the present invention, the user of the website is configured to go through a second authentication process with a picture file that can be selected only by clicking after inputting the ID and password, the server of the website through the user's ID and password 1 After the authentication, randomly combine the background picture with letters, numbers or symbols and print it on the screen, and click the background picture corresponding to the secondary password set by the user continuously from the output information. By using the clicked location information to compare with the second authentication password set by the user, the hacking program with the intention of illegally extracts only the click position value of a meaningless mouse to prevent the extraction of personal authentication information. It provides a system and its authentication method.

Picture File, Authentication, Website, Web Server, Internet Network

Description

Certification system of using picture file and its authentication method

1 is an overall configuration diagram of an authentication system using a picture file of the present invention.

2 is a flow chart of setting an authentication password using a picture file according to an embodiment of the present invention.

3 is a flowchart of an authentication method using a picture file according to an embodiment of the present invention.

4 is a flow chart for setting encryption according to another embodiment of the present invention.

5 is a flow chart of authentication of a cipher in another embodiment of the present invention.

* Description of the symbols for the main parts of the drawings *

10; Analyzer 20; Paint driver

30; A first authentication processing unit 40; 2nd certification processing part

50; Member information DB 60; Paint Information DB

70; Primary authentication information DB 80; 2nd authentication information DB

100; User computer 200; Internet network

300; Web server 400; home page

The present invention relates to an authentication technology of a user subscribed to various websites online, and more specifically, the first authentication of a website is performed by an ID and a password, and a second authentication procedure of a user having the ID and a password. The present invention relates to an authentication system using an image file and an authentication method thereof, which can be made through a picture file to prevent the information of user members subscribed to a website from being exposed to hacking.

Recently, hacking programs have been used to extract authentication information such as ID and password of Internet users, causing frequent infringement of privacy and financial fraud. This is mainly enabled by keylogging programs that intercept keyboard input when the user enters their ID and password through the keyboard.

That is, the keylogging program lurks in the computer while the authentication information of the user's ID and password through the keyboard arrives at the computer, and catches the contents input by the keyboard.

In preparation for the possibility of such key logging, financial institutions, etc., issue a security card to enter the security card number of the number displayed on the screen when making a financial transaction through the Internet, or issue a public certificate to obtain the possession and password of the public certificate. The second certification is through.

However, such a security card must be carried by the user at all times, and a public certificate must always be stored in a computer, and thus, general web sites do not properly provide a service for the user's second authentication.

Accordingly, the present invention has been made to solve the above-mentioned conventional problems, and an object of the present invention is to provide a second authentication procedure with a picture file that can be selected only by clicking after a user of a website enters an ID and password. It is intended to provide an authentication system using an image file and an authentication method thereof that can prevent the user's information from being exposed by hacking by a keylogging program.

That is, according to the present invention, the server of the website outputs a randomly combined background picture drawn with letters, numbers, or symbols after the first authentication of the user through the ID and password, and the second set by the user from the output information. The background image corresponding to the password is continuously clicked with a mouse, and then the location information clicked by the mouse is compared with the second authentication password set by the user. Only the value is extracted to prevent the extraction of personal authentication information.

Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings.

1 is an overall configuration diagram of an authentication system using a picture file of the present invention. As shown in FIG. 1, reference numeral 100 denotes a user computer, reference numeral 200 denotes an internet network, and reference numeral 300 denotes a web server of a website. Reference numeral 400 denotes a homepage managed by the web server 300.

In addition, the web server 300, the analyzer 10 for analyzing the input information of the user connected to the home page (400); A paint plate driver 20 for displaying a paint plate including N background pictures based on the information analyzed by the analyzer 10; A primary authentication processor (30) for processing an authentication result for ID and password information required for primary authentication of a user based on the information analyzed by the analyzer (10); A secondary authentication processor 40 for processing an authentication result for click position information of a background image file required for secondary authentication according to the primary authentication result processed by the primary authentication processor 30; Member information DB (50) storing personal information of registered users using the homepage 400; Paint information DB (60) for storing paint information for secondary authentication of the registered user; Primary authentication information DB (70) for storing the ID and password information necessary for the first authentication of the registered user; And a second authentication information DB 80 for storing click position information of the background picture required for the second authentication of the registered user. It is characterized by the configuration.

According to another aspect of the present invention, the paint board includes N background pictures on which letters, numbers, and symbols are selectively drawn.

On the other hand, Figure 2 and Figure 3 is a flow chart showing an authentication method implemented by the authentication system using a picture file described in the embodiment of the present invention described above, the progress step, when the user requests to join the user connected to the web server Giving authentication information corresponding to the first and second to the user; Performing first authentication through an ID and a password when a user who has received the first and second authentication information from the step accesses a web server; When the first authentication is completed, the web server generating a plurality of individual member paint boards meeting the second authentication paint condition selected by the user at the time of membership registration; Displaying any one of a plurality of individual member paint plates generated from a web server on a computer of a first authenticated user; Clicking the second authentication picture selected by the user at the time of membership registration on the displayed paint board; Using the position value of the click signal, judging whether it matches the second authentication picture selected by the user when registering; If the result of the determination does not match, proceeds with the second authentication process a predetermined number of times to determine whether the match is found; and if the result matches, approving the use permission for the website after completing the second authentication result; Characterized in proceeding to.

The first and second authentication information granting steps may include: specifying an ID and password required for first authentication when a user requests to register; Displaying a paint plate including N different background pictures that are clickable to be required for the second authentication based on the ID and password specified in the above step; When selecting the displayed picture from the step, sequentially clicking n background pictures for the second authentication from the paint; Recognizing n background pictures clicked from the selection of the step and setting them as condition values of the second authentication paint; Storing the set paint condition; Proceeds.

Referring to Figures 1 to 3 attached to the operation of the embodiment of the present invention configured as described above are as follows.

First, when a user connects to the homepage 400 of the web server 300 through the computer 100 and the Internet network 200 and requests membership, the user has his or her information necessary for membership registration with the web server 300. Provide the ID and password required for the first authentication.

Then, the analyzer 10 in the web server 300 analyzes the personal information input by the user for membership registration and stores it in the member information DB 50, while analyzing the ID and password information and using the same. If this is possible, it is stored in the primary authentication information DB (70).

Subsequently, the web server 300 searches for Y paint boards including N different background pictures that can be clicked for the second authentication based on a specified ID and password by the user from the paint board information DB 60. It is displayed on the user's computer 100 screen.

At this time, the user selects one of the displayed Y pictures, and then sequentially clicks n background pictures for the second authentication from the picture.

Then, the analyzer 10 in the web server 300 recognizes the position of n background pictures from the input click signal, and then uses the recognized background picture as the secondary authentication information DB for the second authentication information. By storing at 80, the user registration procedure can be completed.

Meanwhile, referring to FIG. 3, the authentication procedure of the user after setting of the authentication information for the first and second steps is completed as described above.

First, a user registered as a web server 300 accesses the homepage 400 and inputs an ID and password.

Then, the input ID and password information is transmitted to the primary authentication processing unit 30 after the analysis through the analyzer 10, the primary authentication processing unit 30 is the primary ID and password information input Compare with the user ID and password stored in the authentication information DB (70).

At this time, when the first authentication is made from the comparison result, the paint plate driver 20 in the web server 300 retrieves the paint plate for the second authentication from the paint plate information DB 60 on the screen of the user's computer 100. And then display the retrieved paint.

The second authentication paintbrush displayed on the user's computer 100 may be generated by a plurality of individual members through the paint driver 20 of the web server 300 so as to meet the second authentication paintbrush's condition selected by the user. As any one of the drawing boards, each of these drawing boards has different position values according to the position of the second authentication picture selected by the user at the time of membership registration.

Subsequently, when the user clicks on the second authentication picture selected by the user at the time of membership registration, the click signal is transmitted to the second authentication processing unit 40 after the analysis is performed by the analyzer 10. The authentication processing unit 40 searches the stored information of the second authentication information DB 80 and checks whether the location information of the background picture sequentially clicked by the user matches the background picture location information stored in the second authentication information DB 80. Will be compared.

At this time, if the location information of the background picture stored as a result of the comparison and the location information of the background picture input by the user do not coincide with each other, the web server 300 further proceeds the second authentication procedure a predetermined number of times. After determining the match, the user's permission to use the website is restricted.

On the contrary, if the location information of the stored background picture and the location information of the background picture input by the user match with each other, the web server 300 completes the second authentication result for the user and then uses the website. The approval will be granted.

In this way, the present invention after the first authentication process through the ID and the padword input through the keyboard, the position information of the n background pictures that the user clicks through the mouse among the N background pictures represented on one board By analyzing the, it is possible to prevent the user's authentication number hacking by the keylogging program or the like in advance.

On the other hand, Figures 4 and 5 as another embodiment of the present invention will be described in more detail as follows.

4 is a flow chart illustrating an encryption setting of the present invention. An example of the source code for implementing the user's password designation is expressed as follows.

Dim n as variants

Dim x as Variants

Dim m1 as String, m2 as String

Dim q as Boolean

Dim c as Integer

Dim v as Variants

Dim key as Variants

n = Func.GetDatabase ()

Input. x

Input. m1, m2

Input. q

Func. c

v = x + c + q

Call Func.SetDabatase (v)

Call Func.SetDatabase (m1, m2)

The user's password designated as shown in FIG. 4 inputs x characters out of the total n characters depicted after the user plots n numbers or images predefined in the database as characters referred to as specific characters. .

Thereafter, when the user logs in with the x characters after selecting the x characters, q is selected as to whether input is required in the selection order at the time of selecting the x characters.

Here, if the user inputs two character strings (m1 and m2) to prove himself, the encryption specification is completed by storing in the database whether the sum of the input x characters and q and the order of input are stored in the database.

5 is a flow chart of a password authentication of the present invention. An example of the source code for implementing the user's password authentication is expressed as follows.

Dim n as Variants, p as Variants, x as Variants, y as Variants, y () as Variants

Dim t as integer

Dim z as long

Dim m1 as String, m2 as String, m3 as String

Start ::

p = Input.

n = Func.GetDatabase ()

x = Func.GetDatabase ()

y = Func.MakeVariants (n, x)

Call Func.SetDatabase (y)

t = Set Fix Count

z = t ^ (t-1)

If (y ^ (y-1) / z)> z Then

For 1 To t

Print y (t '), y (t)

Loop

Else

For 1 To t

Print y (t), y (t ')

End if

If ((p = y (t, t ') or p = y (t', t)) = x or x ') = True Then

End of AL.

Else

i = + 1

m1 = Func.GetDatabase ()

m2 = Func.GetDatabase ()

HELO ::

Print m1

Input m3

If m2 = m3 Then

Goto jump start

Else

j = + 1

If j> 10 Then

Goto jump out

Else

Goto Jump HELO

End if

End if

End if

OUT ::

Save Block User

Send SMS

END ::

Start User Page

As described above, the embodiment of the present invention generates y arbitrary characters including the user's own number of cipher number x among N characters.

Check the database to see if the generated y characters are similar to the y characters generated previously, and if so, generate y characters again.

If the generated y characters are different from the previously generated y characters, they are plotted in a state without being coordinated and stored in the database.

In addition, when the generated y characters are output in the form of t boxes, and the value of t ^ (t-1) exceeds the value of y ^ (y-1) / z to prevent the printable form. , Character is printed from the top to the bottom left column, otherwise it is printed from the top to the bottom left column.

In other words, if necessary for the output, (y ^ t) * 2 has a case, and thus the direction according to the output of x characters has a form of w.

At this time, the t characters output in the form of a box do not have a value of the output character number, including its own x characters, and have a coordinate number (t, t).

The number of p pressed by the user is extracted by coordinating the coordinates of (t, t) having w-direction and the y characters of the stored database in the form of (t, t).

Thereafter, the number of y characters extracted from the database is compared with the number of p characters pressed by the user, and in the same case, the number of x characters, q, and c are decrypted and compared with the p characters.

If the compared value is different, m1 is queried and m2 is input and identity verification is requested. When the identity is confirmed, the process is repeated from the beginning, and the number of the proceedings is counted again.

And, if the number of times again more than a certain number of times, by sending an SMS text message to the mobile phone requesting identity verification and identity verification.

In this case, when the comparison result is the same, the authentication process for the user can be completed by granting authentication to the user and performing normal login processing.

Here, as the symbol definition of FIG. 5, n is the total number (number) of a given symbol, x is the number (number) of the selected symbol, m1, m2 is a question and answer for accessing authentication, q is a combination of selected symbols The determination value, c indicates whether or not the authentication computer, v represents the final authentication value generated.

As described above, in the present invention, the user of the website enters an ID and password, and then configures the image file to be selected only by clicking through a second authentication process. After the user's first authentication, the user can always combine the background pictures with letters, numbers or symbols on the screen and click on the background pictures corresponding to the user's secondary password. After that, it compares the second authentication password set by the user with the location information clicked by the mouse, and through this, the hacking program with the wrong intention extracts only the click value of the mouse which is meaningless to prevent the extraction of personal authentication information. Provide effect.

Claims (4)

In an online system in which a user computer, a web server, and a homepage managed by the web server are connected through an internet network, The web server, An analyzer for analyzing input information of a user connected to the homepage; A paint plate driver configured to display a paint plate including N background pictures based on the information analyzed by the analyzer; A first authentication processor configured to process an authentication result for ID and password information required for first authentication of the user based on the information analyzed by the analyzer; A second authentication processor configured to process an authentication result of click position information of a background image file required for second authentication according to the first authentication result processed by the first authentication processor; A member information DB storing personal information of registered users using the homepage; Paint information DB for storing the paint information for the second authentication of the registered user; Primary authentication information DB for storing the ID and password information necessary for the first authentication of the registered user; And, A secondary authentication information DB for storing click position information of a background image required for secondary authentication of a registered user; Authentication system using a picture file characterized in that configured as. The method of claim 1, In the paint, An authentication system using a picture file, characterized by including N background pictures with letters, numbers, and symbols drawn selectively. Granting authentication information corresponding to the first and second steps to the user when a user requests to join a web server; Performing first authentication through an ID and a password when a user who has received the first and second authentication information from the step accesses a web server; When the first authentication is completed, the web server generating a plurality of individual member paint boards meeting the second authentication paint condition selected by the user at the time of membership registration; Displaying any one of a plurality of individual member paint plates generated from a web server on a computer of a first authenticated user; Clicking the second authentication picture selected by the user at the time of membership registration on the displayed paint board; Using the position value of the click signal, judging whether it matches the second authentication picture selected by the user when registering; If the result of the determination does not match, proceeds with the second authentication process a predetermined number of times to determine whether the match is found; and if the result matches, approving the use permission for the website after completing the second authentication result; Authentication method using a picture file characterized in that proceeds to. The method of claim 3, wherein The first and second authentication information granting step, Designating an ID and password required for first authentication when a user requests membership; Displaying a paint plate including N different background pictures that are clickable to be required for the second authentication based on the ID and password specified in the above step; When selecting the displayed picture from the step, sequentially clicking n background pictures for the second authentication from the paint; Recognizing n background pictures clicked from the selection of the step and setting them as condition values of the second authentication paint; And Storing the set paint condition; Authentication method using a picture file characterized in that proceeds to.

Images