KR20100038990A - Apparatus and method of secrity authenticate in network authenticate system - Google Patents
Apparatus and method of secrity authenticate in network authenticate system Download PDFInfo
- Publication number
- KR20100038990A KR20100038990A KR1020080098176A KR20080098176A KR20100038990A KR 20100038990 A KR20100038990 A KR 20100038990A KR 1020080098176 A KR1020080098176 A KR 1020080098176A KR 20080098176 A KR20080098176 A KR 20080098176A KR 20100038990 A KR20100038990 A KR 20100038990A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- temporary
- password
- subscriber
- computer terminal
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
The present invention relates to a security authentication method and apparatus thereof for a network authentication system, and more particularly, a unique ID / ID to be commonly used by multiple subscribers in the process of accessing and authenticating a site requiring subscriber authentication. Authentication is performed based on unique ID and one-time temporary ID / password without authentication through password, and also receives temporary ID / password to be applied to the authentication process through different channels (Internet and network). Therefore, the present invention relates to a security authentication method and apparatus for a network authentication system that improves the security of the authentication process and at the same time reduces the amount of data transmitted through the Internet in the authentication process to enable smooth authentication processing.
Recently, with the development of internet (network) technology and electronic technology, the number of internet subscribers is exploding, and accordingly, various services based on internet are provided.
Among the Internet-based services, authentication services for authentication of Internet subscribers in financial institutions (banks) and government offices, and e-commerce services through Internet sites, allow subscribers to make transactions through the Internet without visiting bank counters and stores. It is widely used for its advantages.
In particular, when a financial institution provides an Internet banking service through an Internet site, an authentication service using a security card or a public certificate is used as a security measure to prevent an Internet accident caused by a weakness of an open Internet service. have.
However, not only Internet banking through the authentication service, which has been devised as a security measure, but also keyboard hacking programs for malicious purposes in the use of electronic commerce, it is not possible to completely block the security through the
In addition, while the Internet security policy is strengthened, fraudulent methods of hacking subscribers' personal and authentication information through the Internet for malicious purposes are also evolving, and in particular, the financial information of subscribers is found to be malicious (illegal). Phishing scams that cause financial damage to subscribers are emerging as social issues.
In accordance with the Internet security policy and anti-phishing policy, the keyboard hacking prevention program is installed on the client terminal, that is, the subscriber terminal, or a separate hacking and phishing prevention program is intended to prevent financial accidents. Due to a separate program, a load is generated on the subscriber station or a problem that the Internet access capability is degraded.
In addition, most subscribers who subscribe to various sites through the Internet are more likely to cause an Internet accident in terms of setting / managing the same ID and password of each site. For example, if the ID / password of the internet banking site and the portal ID / password are set the same, hacking the ID / password of the portal site for malicious purposes may cause financial accidents through the internet banking site. It becomes possible.
Therefore, a security processing method that can prevent financial accidents in advance and improve security in financial transactions over the Internet should be developed.
On the other hand, portal sites or other sites that operate on a web server is a social problem is the leakage of personal information of subscribers.
In general, the web server goes through an authentication process (ID and password verification process) to protect the personal information of subscribers accessing the site. The ID and password used in the authentication process are leaked to prevent personal information (eg, social security number, Phone numbers, etc.) are stolen for malicious purposes, and items such as mileage, e-money or items on the Internet game that have monetary value, or cyber money, that could be used for money on the Internet may be lost. have.
Therefore, in the network authentication process, an authentication method that is more stable and can enhance security aspects should be introduced.
The present invention provides a security of a network authentication system that can prevent financial accidents that may occur due to the exposure of a unique ID / password (hacking) by using the unique ID / password in common to a plurality of sites. Its purpose is to provide an authentication method and apparatus therefor.
In addition, the present invention receives the temporary ID / password to be applied to the authentication process in different channels, that is, the Internet-based channel and the channel of the communication network, so that the information input from the computer terminal through a keyboard hacking program for malicious purposes, etc. It is an object of the present invention to provide a security authentication method and apparatus for a network authentication system that can prevent financial accidents and personal information leakage even in case of hacking.
In addition, the present invention transmits only the unique and temporary ID through the Internet in the authentication process by connecting to the host server, and transmits the temporary password to the communication network (telephone network), thereby reducing the amount of data transmission (load) of the Internet financial transactions An object of the present invention is to provide a security authentication method and apparatus for a network authentication system that can smoothly process financial transactions even when the number of requesting subscribers increases explosively.
In accordance with an aspect of the present invention, a network authentication system includes a computer terminal for accessing an authentication processing site over the Internet to request authentication processing according to a subscriber's selection, and transmitting a unique ID and a temporary ID through the Internet, At least one or more types of telephone terminals for transmitting a temporary password through a communication network, a call server for making a telephone call to the telephone terminal through the communication network, and providing the temporary password input from the telephone terminal, and the authentication process. When an authentication process is requested through a site, a unique ID is received from the computer terminal to process a first authentication process. When the first authentication process is normally completed, the temporary ID and password are generated and transmitted to the computer terminal. Temporary ID inputted from the computer terminal and the transfer It includes a host server for processing the second authentication process based on the temporary password input from the terminal.
The network authentication system further includes a web server that enables the computer terminal to access the authentication processing site based on the Internet.
If the first authentication process or the second authentication process is not normally completed, the host server outputs an authentication failure message through the computer terminal or the telephone terminal, and transmits the temporary ID and password to the computer terminal. End the session connected via the Internet.
The host server may include a subscriber management unit that manages personal information including at least one of a plurality of subscriber-specific unique IDs / passwords, a date of birth, a social security number, or an authentication phone number to join the authentication processing site, and the first authentication process may be performed. Upon completion of normality, an authentication information generation unit for generating the temporary ID and password in a random or one time password (OTP) manner, calling the authentication telephone number through the call server, and entering a temporary password from the telephone terminal. When the financial transaction is requested, the call processor receives a request for inputting a unique ID through the computer terminal, checks whether the unique ID is stored in the database, and processes the first authentication process. Send the temporary ID and password to the computer terminal, Request type the temporary identity from the computer terminal, and by requesting input the temporary password via the telephone terminal includes a verification processing unit for processing the second authentication process.
When the first authentication process is normally completed, the authentication processing unit outputs some of the personal information of the subscriber to the computer terminal.
The subscriber management unit receives and registers some information of the subscriber-specific personal information through the communication network.
The authentication processor receives some information of the subscriber-specific personal information through the communication network and processes the second authentication process.
Security authentication method of the network authentication system according to another aspect of the present invention, the host server registers the personal information including one or more of a unique ID / password, birth date, social security number or authentication phone number for each subscriber to access the authentication processing site Managing a request for inputting a unique ID to a computer terminal; receiving the unique ID; processing a first authentication process based on the unique ID; When the authentication process is normally completed, generating a temporary ID and password of the subscriber, transmitting the temporary ID and password to a computer terminal, calling the authentication telephone number to request the temporary password, Receiving the temporary password through a communication network; Requesting input of a temporary ID into a word to receive the temporary ID based on the Internet, processing a second authentication process based on the temporary ID and password, and when the second authentication process is normally completed, the financial Processing the transaction.
The security authentication method of the network authentication system may further include outputting an authentication failure message through the computer terminal or the telephone terminal when the first authentication process or the second authentication process is not normally completed.
Generating the temporary ID and password, it is preferable to generate a random or OTP method.
The processing of the first authentication process may include checking whether there is personal information of the subscriber including the unique ID input from the computer terminal.
The processing of the first authentication process may include outputting some of the personal information through the computer terminal when there is personal information of the subscriber including the unique ID.
The security authentication method of the network authentication system further includes the step of terminating a session connected with the computer terminal through the Internet after the host server transmits the temporary ID and password to the computer terminal.
In the step of registering and managing the personal information, part of the subscriber-specific personal information is received through the communication network and registered.
The processing of the second authentication process may include receiving some information of the subscriber-specific personal information through the communication network to process the second authentication process.
According to the present invention as described above, the subscriber does not authenticate through a unique ID / password to be used in common for a plurality of sites, the first authentication process with only a unique ID without a unique password, based on a one-time temporary ID / password In this case, even if a unique ID is hacked or exposed through the Internet, it cannot be stealed for malicious purposes, thereby enhancing security.
In addition, according to the present invention, the temporary ID / password to be applied to the authentication process, that is, the temporary ID is input to the Internet-based channel through the computer terminal, the temporary password is input to the channel of the communication network through the telephone terminal Therefore, even when hacking information input from the computer terminal through a keyboard hacking program or the like for malicious purposes, the temporary password cannot be used, thereby further enhancing the security of the network authentication process.
In addition, according to the present invention, by accessing the authentication processing site and transmitting only the unique and temporary ID through the Internet (financial network) in the first authentication process and the second authentication process, and ends the session connected to the Internet, and the temporary password Since the data is transmitted through a communication network (telephone network), the data transmission amount (load) of the Internet can be reduced, so that even if the number of subscribers requesting a financial transaction explodes, the financial transaction can be processed smoothly.
That is, the host server transmits the temporary ID / password for the second authentication process to the computer terminal, then terminates the session connected to the Internet (financial network), and establishes a new session when the computer terminal inputs the temporary ID. You can maintain the maximum available sessions on the Internet, as well as minimize the load on the host server.
According to the present invention, the leakage of personal information can be suppressed as much as possible by receiving and registering some of the subscriber's personal information through a communication network rather than the Internet.
DETAILED DESCRIPTION Hereinafter, a security authentication method and apparatus thereof for a network authentication system according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings, and the detailed description will be omitted or will not be described. .
In the detailed description of the present invention, when a financial transaction is requested, the network authentication system is described as an example of a financial transaction system that processes a financial transaction through an authentication process, but the same is applied to a network system requiring other authentication process (login process). It can be seen that it is applied.
1 is a network block diagram illustrating a network authentication system according to the present invention.
Referring to FIG. 1, a network authentication system according to the present invention includes a
The
The
The
In the following detailed description of the present invention, a case in which the
The
Call
When the
The subscriber-owned
Meanwhile, the network authentication system according to the present invention may further include a plurality of gateways (not shown) for exchanging data between the
The
The
When the financial transaction is requested through the
When the first authentication process is completed, that is, when the unique ID is confirmed, the
That is, the
In addition, when the first authentication process is completed, the
The
The
When the second authentication process is normally completed, the
When the authentication process for the financial transaction is completed or the financial transaction is completed, the
When the call is established after the
On the other hand, the
2 is a block diagram illustrating a host server according to an exemplary embodiment of the present invention.
2, the
The
In this case, the
The
In this case, when the first authentication process is normally completed, the
The
On the other hand, the
The
The
When the
At this time, the
3A to 3D illustrate screens displayed by a computer terminal according to the present invention. As shown in FIG. 3A, the
When the subscriber enters a unique ID into the input field (a) and selects the first login, the
When the first authentication process is completed, the
The
In addition, the
The
4 is a flowchart illustrating a security authentication method of a network authentication system according to an exemplary embodiment of the present invention.
Referring to FIG. 4, the subscriber accesses the authentication processing site through the Internet using the computer terminal 100 (S 101) and requests authentication processing through the authentication processing site (S 102). Asks for a financial transaction.
The
In this case, the
When a financial transaction is requested through the financial transaction site, the
When the first authentication process is completed, the
When the first authentication process is normally completed, the
In this case, the
Therefore, the
In addition, the
The
The
When the temporary password is input from the
When the second authentication process is normally completed, the
5 is a flowchart illustrating a security authentication method of a network authentication system according to an exemplary embodiment of the present invention.
5, the
In this case, the
When there is an authentication processing request, for example, a financial transaction request from the subscriber, the
When the unique ID is input from the subscriber, the
The
In this case, when the first authentication process is normally completed, the
The
The
The
The
If the second authentication process is not normally completed, the
Accordingly, the subscriber requests a financial transaction through the
According to the present invention, the subscribers do not authenticate through unique IDs / passwords that are commonly used for multiple sites, and the temporary IDs / passwords are hacked or exposed through the Internet by performing authentication processing based on one-time temporary IDs / passwords. Even if it does, it can not be used for malicious purposes, which can enhance security.
In addition, according to the present invention, the temporary ID / password to be applied in the authentication process, that is, the temporary ID is input to the Internet-based channel through the
In addition, according to the present invention, by accessing the authentication processing site and transmitting only the unique and temporary ID through the Internet (financial network) in the first authentication process and the second authentication process, the session is terminated, and the temporary password to the communication network (telephone network) Since the data transmission (load) of the Internet can be reduced, the financial transaction can be processed smoothly even when the number of subscribers requesting financial transactions increases explosively.
Although the present invention has been described in detail only with respect to the described embodiments, it will be apparent to those skilled in the art that various modifications and changes are possible within the technical spirit of the present invention, and such modifications and modifications belong to the appended claims.
1 is a network block diagram for explaining a network authentication system according to the present invention.
2 is a block diagram illustrating a host server according to a preferred embodiment of the present invention.
3A to 3B are views illustrating a screen output by a computer terminal according to the present invention.
4 is a flowchart illustrating a security authentication method of a network authentication system according to a preferred embodiment of the present invention.
5 is a flowchart illustrating a security authentication method of a network authentication system according to a preferred embodiment of the present invention.
<Description of the symbols for the main parts of the drawings>
100: computer terminal 200: Web server
300: host server 310: subscriber management unit
320: authentication processing unit 330: authentication information generation unit
340: call processing unit 350: database
400: call server 500: telephone terminal
Claims (16)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080098176A KR20100038990A (en) | 2008-10-07 | 2008-10-07 | Apparatus and method of secrity authenticate in network authenticate system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080098176A KR20100038990A (en) | 2008-10-07 | 2008-10-07 | Apparatus and method of secrity authenticate in network authenticate system |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20100038990A true KR20100038990A (en) | 2010-04-15 |
Family
ID=42215629
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020080098176A KR20100038990A (en) | 2008-10-07 | 2008-10-07 | Apparatus and method of secrity authenticate in network authenticate system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20100038990A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101019617B1 (en) * | 2010-08-12 | 2011-03-07 | 표세진 | Personal information delivering method using two communication terminals |
KR101019616B1 (en) * | 2010-08-06 | 2011-03-07 | 표세진 | Authentication method using two communication terminals |
KR101025807B1 (en) * | 2010-10-01 | 2011-04-04 | 박상구 | Authentication method and authentication server |
KR20120007585A (en) * | 2010-07-15 | 2012-01-25 | 에스케이 텔레콤주식회사 | System and method for opening to traffic in fixed mobile convergence |
WO2012018158A1 (en) * | 2010-08-06 | 2012-02-09 | Se Jin Pyo | An authentication method using two communication terminals |
KR101237386B1 (en) * | 2012-06-07 | 2013-02-26 | 표세진 | Authentication method using two communication terminals |
KR101237385B1 (en) * | 2012-06-07 | 2013-02-28 | 표세진 | Authentication method using two communication terminals |
KR101308081B1 (en) * | 2010-11-26 | 2013-09-12 | 표세진 | Authentication method using two communication terminals |
KR101475422B1 (en) * | 2013-11-25 | 2014-12-22 | 김기범 | Internet Security Method and System using One Time IDentification |
KR101505137B1 (en) * | 2014-11-07 | 2015-03-23 | 김기범 | Internet Security System using One Time IDentification |
KR101591080B1 (en) * | 2014-10-27 | 2016-02-03 | 주식회사 디오티스 | Method for Certificating by using 3-Channel |
KR20180135222A (en) * | 2017-06-12 | 2018-12-20 | 주식회사 엔터소프트 | Method for authentication using multi-channel, Authentication Server and AuthenticationAPPARATUS |
-
2008
- 2008-10-07 KR KR1020080098176A patent/KR20100038990A/en active Search and Examination
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20120007585A (en) * | 2010-07-15 | 2012-01-25 | 에스케이 텔레콤주식회사 | System and method for opening to traffic in fixed mobile convergence |
KR101019616B1 (en) * | 2010-08-06 | 2011-03-07 | 표세진 | Authentication method using two communication terminals |
WO2012018158A1 (en) * | 2010-08-06 | 2012-02-09 | Se Jin Pyo | An authentication method using two communication terminals |
WO2012020885A1 (en) * | 2010-08-12 | 2012-02-16 | Se Jin Pyo | An authentication method using two communication terminals |
KR101019617B1 (en) * | 2010-08-12 | 2011-03-07 | 표세진 | Personal information delivering method using two communication terminals |
WO2012043963A1 (en) * | 2010-10-01 | 2012-04-05 | Bong-Jun Shin | Authentication method and server |
KR101025807B1 (en) * | 2010-10-01 | 2011-04-04 | 박상구 | Authentication method and authentication server |
KR101308081B1 (en) * | 2010-11-26 | 2013-09-12 | 표세진 | Authentication method using two communication terminals |
KR101237386B1 (en) * | 2012-06-07 | 2013-02-26 | 표세진 | Authentication method using two communication terminals |
KR101237385B1 (en) * | 2012-06-07 | 2013-02-28 | 표세진 | Authentication method using two communication terminals |
KR101475422B1 (en) * | 2013-11-25 | 2014-12-22 | 김기범 | Internet Security Method and System using One Time IDentification |
WO2015076522A1 (en) * | 2013-11-25 | 2015-05-28 | 김기범 | Internet security method and system using otid |
KR101591080B1 (en) * | 2014-10-27 | 2016-02-03 | 주식회사 디오티스 | Method for Certificating by using 3-Channel |
KR101505137B1 (en) * | 2014-11-07 | 2015-03-23 | 김기범 | Internet Security System using One Time IDentification |
KR20180135222A (en) * | 2017-06-12 | 2018-12-20 | 주식회사 엔터소프트 | Method for authentication using multi-channel, Authentication Server and AuthenticationAPPARATUS |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5719871B2 (en) | Method and apparatus for preventing phishing attacks | |
KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
US11856132B2 (en) | Validating automatic number identification data | |
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
RU2570838C2 (en) | Strong authentication by providing number | |
US20010034718A1 (en) | Applications of automatic internet identification method | |
US20080181380A1 (en) | Proxy for authenticated caller name | |
US11403633B2 (en) | Method for sending digital information | |
KR100824743B1 (en) | Method for user authentication using mobile phone and system therefor | |
US20180130056A1 (en) | Method and system for transaction security | |
US20240144230A1 (en) | Systems and methods for tone to token telecommunications platform | |
US20140330689A1 (en) | System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate | |
RU2625949C2 (en) | Method and system using cyber identifier for ensuring protected transactions | |
CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
KR20090123313A (en) | Method and system for money transaction pre-verification having prevention phishing | |
KR20090078975A (en) | Method and system for user authentication using divided authentication information | |
US20230300132A1 (en) | Authentication method and system | |
KR20070076575A (en) | Method for processing user authentication | |
RU2256216C2 (en) | System for paying for services in telecommunication network | |
KR20070077481A (en) | Process server for relaying user authentication | |
KR20090006815A (en) | Method for processing user authentication | |
KR20090090436A (en) | Method and system for authenticating using telecommunication terminal for providing financial transaction service | |
KR20070077480A (en) | Server for processing user authentication | |
KR20070077484A (en) | Method for processing information | |
KR20070077482A (en) | Server for relaying information of user authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application | ||
J201 | Request for trial against refusal decision | ||
AMND | Amendment | ||
B601 | Maintenance of original decision after re-examination before a trial | ||
J301 | Trial decision |
Free format text: TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20100927 Effective date: 20120911 |