KR20100038990A - Apparatus and method of secrity authenticate in network authenticate system - Google Patents

Apparatus and method of secrity authenticate in network authenticate system Download PDF

Info

Publication number
KR20100038990A
KR20100038990A KR1020080098176A KR20080098176A KR20100038990A KR 20100038990 A KR20100038990 A KR 20100038990A KR 1020080098176 A KR1020080098176 A KR 1020080098176A KR 20080098176 A KR20080098176 A KR 20080098176A KR 20100038990 A KR20100038990 A KR 20100038990A
Authority
KR
South Korea
Prior art keywords
authentication
temporary
password
subscriber
computer terminal
Prior art date
Application number
KR1020080098176A
Other languages
Korean (ko)
Inventor
조영미
Original Assignee
조영미
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 조영미 filed Critical 조영미
Priority to KR1020080098176A priority Critical patent/KR20100038990A/en
Publication of KR20100038990A publication Critical patent/KR20100038990A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)

Abstract

PURPOSE: A security authentication method for a network authentication system and a device thereof are provided to prevent financial accidents which is can be generated through the exposure of intrinsic IDs and passwords, thereby improving security. CONSTITUTION: If an authentication process is requested through an authentication process site, a host server(300) receive an intrinsic ID from a computer terminal. The host server processes a first authentication procedure. If the first authentication procedure is completed normally, the host server generates a temporary ID and a temporary password. The host server transmits the temporary ID and the temporary password to the computer terminal. The host server processes the second authentication procedure based on the temporary ID inputted from the computer terminal and the temporary password inputted from a telephone terminal.

Description

Apparatus and method of secrity authenticate in network authenticate system}

The present invention relates to a security authentication method and apparatus thereof for a network authentication system, and more particularly, a unique ID / ID to be commonly used by multiple subscribers in the process of accessing and authenticating a site requiring subscriber authentication. Authentication is performed based on unique ID and one-time temporary ID / password without authentication through password, and also receives temporary ID / password to be applied to the authentication process through different channels (Internet and network). Therefore, the present invention relates to a security authentication method and apparatus for a network authentication system that improves the security of the authentication process and at the same time reduces the amount of data transmitted through the Internet in the authentication process to enable smooth authentication processing.

Recently, with the development of internet (network) technology and electronic technology, the number of internet subscribers is exploding, and accordingly, various services based on internet are provided.

Among the Internet-based services, authentication services for authentication of Internet subscribers in financial institutions (banks) and government offices, and e-commerce services through Internet sites, allow subscribers to make transactions through the Internet without visiting bank counters and stores. It is widely used for its advantages.

In particular, when a financial institution provides an Internet banking service through an Internet site, an authentication service using a security card or a public certificate is used as a security measure to prevent an Internet accident caused by a weakness of an open Internet service. have.

However, not only Internet banking through the authentication service, which has been devised as a security measure, but also keyboard hacking programs for malicious purposes in the use of electronic commerce, it is not possible to completely block the security through the Internet 100%. You are at risk.

In addition, while the Internet security policy is strengthened, fraudulent methods of hacking subscribers' personal and authentication information through the Internet for malicious purposes are also evolving, and in particular, the financial information of subscribers is found to be malicious (illegal). Phishing scams that cause financial damage to subscribers are emerging as social issues.

In accordance with the Internet security policy and anti-phishing policy, the keyboard hacking prevention program is installed on the client terminal, that is, the subscriber terminal, or a separate hacking and phishing prevention program is intended to prevent financial accidents. Due to a separate program, a load is generated on the subscriber station or a problem that the Internet access capability is degraded.

In addition, most subscribers who subscribe to various sites through the Internet are more likely to cause an Internet accident in terms of setting / managing the same ID and password of each site. For example, if the ID / password of the internet banking site and the portal ID / password are set the same, hacking the ID / password of the portal site for malicious purposes may cause financial accidents through the internet banking site. It becomes possible.

Therefore, a security processing method that can prevent financial accidents in advance and improve security in financial transactions over the Internet should be developed.

On the other hand, portal sites or other sites that operate on a web server is a social problem is the leakage of personal information of subscribers.

In general, the web server goes through an authentication process (ID and password verification process) to protect the personal information of subscribers accessing the site. The ID and password used in the authentication process are leaked to prevent personal information (eg, social security number, Phone numbers, etc.) are stolen for malicious purposes, and items such as mileage, e-money or items on the Internet game that have monetary value, or cyber money, that could be used for money on the Internet may be lost. have.

Therefore, in the network authentication process, an authentication method that is more stable and can enhance security aspects should be introduced.

The present invention provides a security of a network authentication system that can prevent financial accidents that may occur due to the exposure of a unique ID / password (hacking) by using the unique ID / password in common to a plurality of sites. Its purpose is to provide an authentication method and apparatus therefor.

In addition, the present invention receives the temporary ID / password to be applied to the authentication process in different channels, that is, the Internet-based channel and the channel of the communication network, so that the information input from the computer terminal through a keyboard hacking program for malicious purposes, etc. It is an object of the present invention to provide a security authentication method and apparatus for a network authentication system that can prevent financial accidents and personal information leakage even in case of hacking.

In addition, the present invention transmits only the unique and temporary ID through the Internet in the authentication process by connecting to the host server, and transmits the temporary password to the communication network (telephone network), thereby reducing the amount of data transmission (load) of the Internet financial transactions An object of the present invention is to provide a security authentication method and apparatus for a network authentication system that can smoothly process financial transactions even when the number of requesting subscribers increases explosively.

In accordance with an aspect of the present invention, a network authentication system includes a computer terminal for accessing an authentication processing site over the Internet to request authentication processing according to a subscriber's selection, and transmitting a unique ID and a temporary ID through the Internet, At least one or more types of telephone terminals for transmitting a temporary password through a communication network, a call server for making a telephone call to the telephone terminal through the communication network, and providing the temporary password input from the telephone terminal, and the authentication process. When an authentication process is requested through a site, a unique ID is received from the computer terminal to process a first authentication process. When the first authentication process is normally completed, the temporary ID and password are generated and transmitted to the computer terminal. Temporary ID inputted from the computer terminal and the transfer It includes a host server for processing the second authentication process based on the temporary password input from the terminal.

The network authentication system further includes a web server that enables the computer terminal to access the authentication processing site based on the Internet.

If the first authentication process or the second authentication process is not normally completed, the host server outputs an authentication failure message through the computer terminal or the telephone terminal, and transmits the temporary ID and password to the computer terminal. End the session connected via the Internet.

The host server may include a subscriber management unit that manages personal information including at least one of a plurality of subscriber-specific unique IDs / passwords, a date of birth, a social security number, or an authentication phone number to join the authentication processing site, and the first authentication process may be performed. Upon completion of normality, an authentication information generation unit for generating the temporary ID and password in a random or one time password (OTP) manner, calling the authentication telephone number through the call server, and entering a temporary password from the telephone terminal. When the financial transaction is requested, the call processor receives a request for inputting a unique ID through the computer terminal, checks whether the unique ID is stored in the database, and processes the first authentication process. Send the temporary ID and password to the computer terminal, Request type the temporary identity from the computer terminal, and by requesting input the temporary password via the telephone terminal includes a verification processing unit for processing the second authentication process.

When the first authentication process is normally completed, the authentication processing unit outputs some of the personal information of the subscriber to the computer terminal.

The subscriber management unit receives and registers some information of the subscriber-specific personal information through the communication network.

The authentication processor receives some information of the subscriber-specific personal information through the communication network and processes the second authentication process.

Security authentication method of the network authentication system according to another aspect of the present invention, the host server registers the personal information including one or more of a unique ID / password, birth date, social security number or authentication phone number for each subscriber to access the authentication processing site Managing a request for inputting a unique ID to a computer terminal; receiving the unique ID; processing a first authentication process based on the unique ID; When the authentication process is normally completed, generating a temporary ID and password of the subscriber, transmitting the temporary ID and password to a computer terminal, calling the authentication telephone number to request the temporary password, Receiving the temporary password through a communication network; Requesting input of a temporary ID into a word to receive the temporary ID based on the Internet, processing a second authentication process based on the temporary ID and password, and when the second authentication process is normally completed, the financial Processing the transaction.

The security authentication method of the network authentication system may further include outputting an authentication failure message through the computer terminal or the telephone terminal when the first authentication process or the second authentication process is not normally completed.

Generating the temporary ID and password, it is preferable to generate a random or OTP method.

The processing of the first authentication process may include checking whether there is personal information of the subscriber including the unique ID input from the computer terminal.

The processing of the first authentication process may include outputting some of the personal information through the computer terminal when there is personal information of the subscriber including the unique ID.

The security authentication method of the network authentication system further includes the step of terminating a session connected with the computer terminal through the Internet after the host server transmits the temporary ID and password to the computer terminal.

In the step of registering and managing the personal information, part of the subscriber-specific personal information is received through the communication network and registered.

The processing of the second authentication process may include receiving some information of the subscriber-specific personal information through the communication network to process the second authentication process.

According to the present invention as described above, the subscriber does not authenticate through a unique ID / password to be used in common for a plurality of sites, the first authentication process with only a unique ID without a unique password, based on a one-time temporary ID / password In this case, even if a unique ID is hacked or exposed through the Internet, it cannot be stealed for malicious purposes, thereby enhancing security.

In addition, according to the present invention, the temporary ID / password to be applied to the authentication process, that is, the temporary ID is input to the Internet-based channel through the computer terminal, the temporary password is input to the channel of the communication network through the telephone terminal Therefore, even when hacking information input from the computer terminal through a keyboard hacking program or the like for malicious purposes, the temporary password cannot be used, thereby further enhancing the security of the network authentication process.

In addition, according to the present invention, by accessing the authentication processing site and transmitting only the unique and temporary ID through the Internet (financial network) in the first authentication process and the second authentication process, and ends the session connected to the Internet, and the temporary password Since the data is transmitted through a communication network (telephone network), the data transmission amount (load) of the Internet can be reduced, so that even if the number of subscribers requesting a financial transaction explodes, the financial transaction can be processed smoothly.

That is, the host server transmits the temporary ID / password for the second authentication process to the computer terminal, then terminates the session connected to the Internet (financial network), and establishes a new session when the computer terminal inputs the temporary ID. You can maintain the maximum available sessions on the Internet, as well as minimize the load on the host server.

According to the present invention, the leakage of personal information can be suppressed as much as possible by receiving and registering some of the subscriber's personal information through a communication network rather than the Internet.

DETAILED DESCRIPTION Hereinafter, a security authentication method and apparatus thereof for a network authentication system according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings, and the detailed description will be omitted or will not be described. .

In the detailed description of the present invention, when a financial transaction is requested, the network authentication system is described as an example of a financial transaction system that processes a financial transaction through an authentication process, but the same is applied to a network system requiring other authentication process (login process). It can be seen that it is applied.

1 is a network block diagram illustrating a network authentication system according to the present invention.

Referring to FIG. 1, a network authentication system according to the present invention includes a computer terminal 100 owned by a subscriber, a wired terminal 510, a mobile terminal 520, a web server 200, and a host server 300. And a call server 400.

The computer terminal 100 allows a subscriber who requests a financial transaction on the Internet to access an authentication processing site, for example, an initial login site, such as an Internet banking site, through a web server 200. The information input, i.e., the unique ID and the temporary ID is transmitted to the host server 300 through the web server 200, and outputs the temporary ID / password received from the host server 300 to the screen.

The web server 200 enables the subscriber to access the authentication processing site through the computer terminal 100, transmits the screen of the authentication processing site to the computer terminal 100, and transmits information input through the computer terminal 100. The host server 300 transmits the data.

The host server 300 processes an authentication process for a subscriber to access. For example, when the host server 300 is a financial transaction server that processes a financial transaction, the host server 300 processes authentication of the financial transaction requested by the subscriber. When the authentication process is completed, the host server 300 processes the financial transaction.

In the following detailed description of the present invention, a case in which the host server 300 processes a financial transaction is described. However, when the host server 300 is a portal server that operates a game providing server or a portal site or a server requiring other authentication processing, The same applies to.

The host server 300 registers and manages personal information of each subscriber, that is, a unique ID / password, an authentication telephone number (a wired telephone number or a mobile telephone number), a name, a date of birth, a social security number, and the like.

Call server 400 may be applied to an automatic voice response system (IVR), and the call server 400 sends to the subscriber's authentication phone number, and transmits the information entered by the subscriber, that is, a temporary password to the host server 300.

When the wired terminal 510 and the mobile terminal 520 make a call from the call server 400, the ringing terminal 510 generates an incoming ring (or vibration), and transmits a temporary password input by the subscriber through the call server 400 to the host server 300. To send).

The subscriber-owned telephone terminal 500 is connected to a trunk line telephone terminal 500 connected through a public switched telephone network (PSTN), an IP telephone terminal 500 connected to a voice of IP (VoIP) network, or a mobile communication network. The mobile telephone terminal 500 may correspond.

Meanwhile, the network authentication system according to the present invention may further include a plurality of gateways (not shown) for exchanging data between the web server 200, the host server 300, and the call server 400 connected to the Internet. The gateway or gateway server for exchanging data between servers on the Internet is well known, and thus detailed description thereof will be omitted.

The computer terminal 100 refers to a subscriber-owned terminal that can be connected to the Internet. The computer terminal 100 may be used to select a subscriber, such as a personal computer (PC), a notebook computer, a personal digital [data] assistant (IPP), and an Internet Protocol Television (IPTV). Accordingly, the user accesses the web server 200 through the Internet, and accesses an authentication processing site, such as a credit transaction site, a site for providing various authentication documents such as a government office, or a site requiring access through other authentication.

The web server 200 processes an interfacing function so that the computer terminal 100 can access a site requested by interworking with a server providing a corresponding authentication processing site in response to a request of the computer terminal 100 connected to the Internet.

When the financial transaction is requested through the computer terminal 100, the host server 300 receives a unique ID of the subscriber from the computer terminal 100 and processes the first authentication process.

When the first authentication process is completed, that is, when the unique ID is confirmed, the host server 300 generates a one-time temporary ID / password of the subscriber. In this case, the host server 300 may randomly generate a temporary ID / password or may generate one-time password (OTP) method.

That is, the host server 300 according to the present invention does not process authentication for financial transactions based on the fixed ID / password of the subscriber, processes the first authentication process using only a unique ID without a unique password, and transfers the temporary ID to the Internet. By inputting and receiving a temporary password through a communication network, a financial ID can be prevented even if a fixed ID or a fixed password of the subscriber is hacked or exposed, and a financial transaction can be processed even if the subscriber forgets the password. Can be.

In addition, when the first authentication process is completed, the financial distance server 300 may be able to confirm that the subscriber has completed the first authentication process, such as some information of the subscriber's personal information, for example, "Hong * dong". Some information of the subscriber's personal information is transmitted to the computer terminal 100 and output.

The host server 300 transmits the generated temporary ID / password to the computer terminal 100 and makes a call through the call server 400 to the set authentication phone number of the subscriber.

The host server 300 processes the second authentication process based on the temporary ID input from the computer terminal 100 and the temporary password input from the wired terminal 510 or the mobile terminal 520.

When the second authentication process is normally completed, the host server 300 processes the financial transaction requested by the corresponding subscriber.

When the authentication process for the financial transaction is completed or the financial transaction is completed, the host server 300 may transmit a processing completion message to the mobile terminal 520 of the subscriber, and the processing completion message may be a short message service or Can be sent by e-mail.

When the call is established after the call server 400 dials the authentication telephone number, the authentication server prompts the subscriber to enter a temporary password, for example, an authentication prompt message, for example, "Please enter a temporary password that has been granted." And transmits the temporary password entered by the subscriber to the host server 300.

On the other hand, the host server 300 receives the temporary password generated during the second authentication process to the phone terminal 500, or in addition to the temporary password, personal information, for example, registered social security number, date of birth or You can enter an authentication phone number.

2 is a block diagram illustrating a host server according to an exemplary embodiment of the present invention.

2, the host server 300 according to the present invention includes a subscriber manager 310, an authentication processor 320, an authentication information generator 330, a call processor 340, and a database 350. ).

The subscriber management unit 310 registers a plurality of subscriber-specific personal information, that is, unique ID / password, authentication phone number (wired phone number or mobile phone number), name, date of birth, social security number, etc. Receive and store in the database 350.

In this case, the subscriber management unit 310 may register some information of the subscriber's personal information, for example, a date of birth, a social security number, etc. from the phone terminal 500. That is, the subscriber management unit 310 may receive and register personal information through a communication network rather than the Internet in order to prevent the leakage of personal information.

The authentication processor 320 processes the first and second authentication processes for the subscriber requesting the financial transaction. That is, the authentication processing unit 320 processes the first authentication process based on the unique ID input from the subscriber requesting the financial transaction, and when the first authentication process is normally completed, the temporary authentication information generated by the authentication information generation unit 330 is generated. The ID / password is transmitted to the subscriber through the computer terminal 100.

In this case, when the first authentication process is normally completed, the authentication processing unit 320 outputs some information of the subscriber's personal information to the subscriber through the computer terminal 100 so that the subscriber can check whether the first authentication process is normally completed. do.

The authentication processor 320 processes the second authentication process based on the temporary ID received from the computer terminal 100 and the authentication phone number, that is, the temporary password received from the wired terminal 510 or the mobile terminal 520. do.

On the other hand, the authentication processing unit 320 receives the temporary password generated in the second authentication process to the telephone terminal 500, or to enhance the security more personal information, for example, registered resident registration number, date of birth or You can enter an authentication phone number.

The authentication information generator 330 generates a temporary ID / password to be assigned to the subscriber whose first authentication process is normally completed by the authentication processor 320 in a random or OTP manner and stores the temporary ID / password in the database 350.

The authentication processor 320 transmits the temporary ID / password generated by the authentication information generator 330 and stored in the database 350 to the computer terminal 100.

When the authentication processing unit 320 transmits the temporary ID / password to the computer terminal 100, the call processing unit 340 calls the subscriber's authentication telephone number stored in the database 350.

At this time, the call processing unit 340 may call the subscriber's authentication phone number through the call server 400.

3A to 3D illustrate screens displayed by a computer terminal according to the present invention. As shown in FIG. 3A, the host server 300 connects a subscriber to an authentication processing site through the computer terminal 100. When the financial transaction is requested, a unique ID is inputted to process the first authentication process.

When the subscriber enters a unique ID into the input field (a) and selects the first login, the host server 300 processes the first authentication process for the corresponding subscriber, and as shown in FIG. 3B, Some of the personal information of the subscriber is transmitted to the computer terminal 100.

When the first authentication process is completed, the host server 300 transmits the generated temporary ID / password to the computer terminal 100 as shown in FIG. 3C.

The host server 300 transmits the temporary ID / password to the computer terminal 100 as shown in FIG. 3C, and then inputs the temporary ID in the input field b to process the second authentication process as shown in FIG. 3D.

In addition, the host server 300 makes a request for inputting a temporary password by calling the authentication phone number while requesting a temporary ID through the computer terminal 100.

The host server 300 processes the second authentication process based on the temporary ID input through the computer terminal 100, the temporary password input from the landline phone (or the mobile terminal 520), and the generated temporary ID / password. do.

4 is a flowchart illustrating a security authentication method of a network authentication system according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the subscriber accesses the authentication processing site through the Internet using the computer terminal 100 (S 101) and requests authentication processing through the authentication processing site (S 102). Asks for a financial transaction.

The host server 300 registers a plurality of subscriber-specific personal information that subscribes to the authentication processing site, that is, a unique ID / password for each subscriber, an authentication phone number (wired or mobile phone number), name, date of birth, social security number, etc. Manage.

In this case, the host server 300 may register some information of the subscriber's personal information, for example, a date of birth, a social security number, etc. from the telephone terminal 500.

When a financial transaction is requested through the financial transaction site, the host server 300 requests input of a unique ID (S 103), and if a unique ID is input from the computer terminal 100 (S 104), the host server 300 processes the first authentication process. (S 105).

When the first authentication process is completed, the host server 300 outputs some information of the subscriber's personal information through the computer terminal 100 as shown in FIG. 3B, so that the subscriber completes the first authentication process normally. To confirm that (S 106).

When the first authentication process is normally completed, the host server 300 generates a temporary ID / password in a random or OTP manner (S 107), and stores the generated temporary ID / password in the database 350 while the computer terminal ( 100) (S 108).

In this case, the host server 300 transmits the temporary ID / password to the computer terminal 100 and ends the session connected to the computer terminal 100 through the Internet (financial network).

Therefore, the host server 300 transmits the temporary ID / password to the computer terminal 100 and terminates the session, thereby maintaining the maximum available session of the Internet (financial network) even in a time when there are many subscribers accessing the authentication processing site. Thus, the probability of financial transaction failure due to overload can be minimized.

In addition, the host server 300 calls the authentication telephone number through the call server 400 (S 108), when the call is connected to the subscriber's telephone terminal 500 corresponding to the authentication telephone number, input of a temporary password Request (S 109).

The host server 300 receives a temporary password from the subscriber's telephone terminal 500 (S110).

The host server 300 connects the session with the computer terminal 100, requests input of a temporary ID (S 111), and receives a temporary ID from the computer terminal 100 (S 112).

When the temporary password is input from the phone terminal 500 through the call server 400 (S 113), the host server 300 is input from the computer ID 100 and the temporary ID / password stored in the database 350. The second authentication process is processed based on the temporary ID and the temporary password input from the telephone terminal 500 (S 114).

When the second authentication process is normally completed, the host server 300 processes the financial transaction requested by the subscriber. That is, when the second authentication process is normally completed, the host server 300 provides a service to the subscriber.

5 is a flowchart illustrating a security authentication method of a network authentication system according to an exemplary embodiment of the present invention.

5, the host server 300 is a plurality of subscriber-specific personal information, namely unique ID / password, authentication phone number (wired phone number or mobile phone number), name, date of birth that subscribes to the authentication processing site over the Internet Register and manage the social security number (S 200).

In this case, the host server 300 may register some information of the subscriber's personal information, for example, a date of birth, a social security number, etc. from the telephone terminal 500.

When there is an authentication processing request, for example, a financial transaction request from the subscriber, the host server 300 requests to input a unique ID for the first authentication process (S210).

When the unique ID is input from the subscriber, the host server 300 processes the first authentication process of checking whether the corresponding unique ID is stored in the database 350 (S220).

The host server 300 outputs an authentication failure message through the computer terminal 100 or the telephone terminal 500 when the first authentication process is not normally completed, that is, when the unique ID is not stored in the database 350. And (S 230), if the normal completion, generates a temporary ID / password (S 240).

In this case, when the first authentication process is normally completed, the host server 300 outputs some information of the subscriber's personal information to the subscriber through the computer terminal 100 so that the subscriber can check whether the first authentication process is normally completed. do

The host server 300 transmits the generated temporary ID / password to the subscriber through the computer terminal 100 (S250). In this case, the host server 300 transmits the temporary ID / password to the computer terminal 100 and then terminates the session connected to the computer terminal 1000 through the Internet (financial network), so that the number of available sessions can be maximized. .

The host server 300 calls the subscriber's authentication telephone number through the call server 400 (S260), and requests a temporary password input based on the communication network (S270).

The host server 300 connects the session with the computer terminal 100 to request a temporary ID for the second authentication process (S 280), and receives a temporary ID from the subscriber through an internet-based channel (S 270). ).

The host server 300 processes the second authentication process based on the temporary ID input through the computer terminal, the temporary password input from the landline phone (or mobile terminal 520), and the generated temporary ID / password. (S 300).

If the second authentication process is not normally completed, the host server 300 outputs an authentication failure message to the subscriber (S 310). If the host server 300 is normally completed, the host server 300 processes the financial transaction requested by the subscriber.

Accordingly, the subscriber requests a financial transaction through the computer terminal 100, inputs a temporary ID assigned after the first authentication process through the unique ID through the computer terminal 100, and inputs a temporary password to the phone terminal 500. Since the login process for the financial transaction is processed through the second authentication process inputted through), since the host server 300 receives a temporary password through a communication network and then receives a temporary ID through the Internet, the host server 300 The load can be minimized.

According to the present invention, the subscribers do not authenticate through unique IDs / passwords that are commonly used for multiple sites, and the temporary IDs / passwords are hacked or exposed through the Internet by performing authentication processing based on one-time temporary IDs / passwords. Even if it does, it can not be used for malicious purposes, which can enhance security.

In addition, according to the present invention, the temporary ID / password to be applied in the authentication process, that is, the temporary ID is input to the Internet-based channel through the computer terminal 100, the temporary password through the phone terminal 500 Since it is input through a channel of the communication network, even if the information input from the computer terminal 100 through the keyboard hacking program for hacking purposes for malicious purposes, it is not possible to grasp the temporary password, it is possible to further enhance the security.

In addition, according to the present invention, by accessing the authentication processing site and transmitting only the unique and temporary ID through the Internet (financial network) in the first authentication process and the second authentication process, the session is terminated, and the temporary password to the communication network (telephone network) Since the data transmission (load) of the Internet can be reduced, the financial transaction can be processed smoothly even when the number of subscribers requesting financial transactions increases explosively.

Although the present invention has been described in detail only with respect to the described embodiments, it will be apparent to those skilled in the art that various modifications and changes are possible within the technical spirit of the present invention, and such modifications and modifications belong to the appended claims.

1 is a network block diagram for explaining a network authentication system according to the present invention.

2 is a block diagram illustrating a host server according to a preferred embodiment of the present invention.

3A to 3B are views illustrating a screen output by a computer terminal according to the present invention.

4 is a flowchart illustrating a security authentication method of a network authentication system according to a preferred embodiment of the present invention.

5 is a flowchart illustrating a security authentication method of a network authentication system according to a preferred embodiment of the present invention.

<Description of the symbols for the main parts of the drawings>

100: computer terminal 200: Web server

300: host server 310: subscriber management unit

320: authentication processing unit 330: authentication information generation unit

340: call processing unit 350: database

400: call server 500: telephone terminal

Claims (16)

In the network authentication system, A computer terminal which accesses an authentication processing site through the Internet and requests authentication processing according to a subscriber's selection, and transmits a unique ID and a temporary ID through the Internet; At least one or more types of telephone terminals for transmitting a temporary password through a communication network at the subscriber's choice; A call server for making a telephone call to the telephone terminal through the communication network and providing the temporary password inputted from the telephone terminal; When an authentication process is requested through the authentication processing site, a unique ID is input from the computer terminal to process a first authentication process. When the first authentication process is normally completed, the temporary ID and password are generated to the computer terminal. And a host server configured to transmit and process a second authentication process based on the temporary ID input from the computer terminal and the temporary password input from the telephone terminal. According to claim 1, And a web server for enabling the computer terminal to access the authentication processing site based on the internet. The method of claim 1, wherein the host server, And if the first authentication process or the second authentication process is not completed normally, an authentication failure message is output through the computer terminal or the telephone terminal. The method of claim 1, wherein the host server, And ending the session connected via the Internet after transmitting the temporary ID and password to the computer terminal. The method of claim 1, wherein the host server, A subscriber management unit that manages personal information including at least one of a plurality of unique IDs / passwords, a date of birth, a social security number, or an authentication phone number for each subscriber subscribing to the authentication processing site; When the first authentication process is normally completed, the authentication information generation unit for generating the temporary ID and password in a random or one time password (OTP) method, A call processing unit which makes a call to the authentication telephone number through the call server and receives a temporary password from the telephone terminal; When the financial transaction is requested, a request is made to input a unique ID through the computer terminal, and whether the unique ID is stored in the database is processed and the first authentication process is completed. Transmitting an ID to the computer terminal, requesting an input of a temporary ID through the computer terminal, and requesting an input of the temporary password through the telephone terminal, and including an authentication processing unit configured to process the second authentication process. The method of claim 5, wherein the authentication processing unit, And when the first authentication process is completed normally, some information of the subscriber's personal information is output to the computer terminal. The method of claim 5, wherein the subscriber management unit, And registering some information of the subscriber-specific personal information through the communication network. The method of claim 5, wherein the authentication processing unit, And receiving some information of the subscriber-specific personal information through the communication network to process the second authentication process. In the security authentication method of the network authentication system, Registering and managing personal information including at least one of a unique ID / password, a date of birth, a social security number, or a verification phone number for each subscriber accessing the authentication processing site; When the authentication process is requested from the subscriber, requesting to input a unique ID to the computer terminal to receive the unique ID; Processing a first authentication process based on the unique ID; Generating a temporary ID and password of the subscriber when the first authentication process is normally completed; Transmitting the temporary ID and password to a computer terminal; Calling the authentication telephone number and requesting to input the temporary password to receive the temporary password through a communication network; Requesting input of a temporary ID to the computer terminal to receive the temporary ID based on the Internet; Processing a second authentication process based on the temporary ID and password; And if the second authentication process is completed normally, processing the financial transaction. The method of claim 9, And outputting an authentication failure message through the computer terminal or the telephone terminal, if the first authentication process or the second authentication process is not normally completed. The method of claim 9, wherein the generating of the temporary ID and password comprises: A security authentication method of a network authentication system, characterized in that generated in a random or OTP method. The method of claim 9, wherein the processing of the first authentication process comprises: And confirming whether there is personal information of the subscriber including the unique ID inputted from the computer terminal. The method of claim 12, wherein the processing of the first authentication process comprises: And if there is personal information of the subscriber including the unique ID, outputting some information of the personal information through the computer terminal. The method of claim 9, And terminating a session connected with the computer terminal through the internet after the host server transmits the temporary ID and password to the computer terminal. The method of claim 5, wherein registering and managing the personal information comprises: And receiving and registering some information of the subscriber-specific personal information through the communication network. The method of claim 5, wherein the processing of the second authentication process comprises: And receiving the partial information of the subscriber-specific personal information through the communication network to process the second authentication process.
KR1020080098176A 2008-10-07 2008-10-07 Apparatus and method of secrity authenticate in network authenticate system KR20100038990A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020080098176A KR20100038990A (en) 2008-10-07 2008-10-07 Apparatus and method of secrity authenticate in network authenticate system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020080098176A KR20100038990A (en) 2008-10-07 2008-10-07 Apparatus and method of secrity authenticate in network authenticate system

Publications (1)

Publication Number Publication Date
KR20100038990A true KR20100038990A (en) 2010-04-15

Family

ID=42215629

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020080098176A KR20100038990A (en) 2008-10-07 2008-10-07 Apparatus and method of secrity authenticate in network authenticate system

Country Status (1)

Country Link
KR (1) KR20100038990A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101019617B1 (en) * 2010-08-12 2011-03-07 표세진 Personal information delivering method using two communication terminals
KR101019616B1 (en) * 2010-08-06 2011-03-07 표세진 Authentication method using two communication terminals
KR101025807B1 (en) * 2010-10-01 2011-04-04 박상구 Authentication method and authentication server
KR20120007585A (en) * 2010-07-15 2012-01-25 에스케이 텔레콤주식회사 System and method for opening to traffic in fixed mobile convergence
WO2012018158A1 (en) * 2010-08-06 2012-02-09 Se Jin Pyo An authentication method using two communication terminals
KR101237386B1 (en) * 2012-06-07 2013-02-26 표세진 Authentication method using two communication terminals
KR101237385B1 (en) * 2012-06-07 2013-02-28 표세진 Authentication method using two communication terminals
KR101308081B1 (en) * 2010-11-26 2013-09-12 표세진 Authentication method using two communication terminals
KR101475422B1 (en) * 2013-11-25 2014-12-22 김기범 Internet Security Method and System using One Time IDentification
KR101505137B1 (en) * 2014-11-07 2015-03-23 김기범 Internet Security System using One Time IDentification
KR101591080B1 (en) * 2014-10-27 2016-02-03 주식회사 디오티스 Method for Certificating by using 3-Channel
KR20180135222A (en) * 2017-06-12 2018-12-20 주식회사 엔터소프트 Method for authentication using multi-channel, Authentication Server and AuthenticationAPPARATUS

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120007585A (en) * 2010-07-15 2012-01-25 에스케이 텔레콤주식회사 System and method for opening to traffic in fixed mobile convergence
KR101019616B1 (en) * 2010-08-06 2011-03-07 표세진 Authentication method using two communication terminals
WO2012018158A1 (en) * 2010-08-06 2012-02-09 Se Jin Pyo An authentication method using two communication terminals
WO2012020885A1 (en) * 2010-08-12 2012-02-16 Se Jin Pyo An authentication method using two communication terminals
KR101019617B1 (en) * 2010-08-12 2011-03-07 표세진 Personal information delivering method using two communication terminals
WO2012043963A1 (en) * 2010-10-01 2012-04-05 Bong-Jun Shin Authentication method and server
KR101025807B1 (en) * 2010-10-01 2011-04-04 박상구 Authentication method and authentication server
KR101308081B1 (en) * 2010-11-26 2013-09-12 표세진 Authentication method using two communication terminals
KR101237386B1 (en) * 2012-06-07 2013-02-26 표세진 Authentication method using two communication terminals
KR101237385B1 (en) * 2012-06-07 2013-02-28 표세진 Authentication method using two communication terminals
KR101475422B1 (en) * 2013-11-25 2014-12-22 김기범 Internet Security Method and System using One Time IDentification
WO2015076522A1 (en) * 2013-11-25 2015-05-28 김기범 Internet security method and system using otid
KR101591080B1 (en) * 2014-10-27 2016-02-03 주식회사 디오티스 Method for Certificating by using 3-Channel
KR101505137B1 (en) * 2014-11-07 2015-03-23 김기범 Internet Security System using One Time IDentification
KR20180135222A (en) * 2017-06-12 2018-12-20 주식회사 엔터소프트 Method for authentication using multi-channel, Authentication Server and AuthenticationAPPARATUS

Similar Documents

Publication Publication Date Title
JP5719871B2 (en) Method and apparatus for preventing phishing attacks
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
US11856132B2 (en) Validating automatic number identification data
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
RU2570838C2 (en) Strong authentication by providing number
US20010034718A1 (en) Applications of automatic internet identification method
US20080181380A1 (en) Proxy for authenticated caller name
US11403633B2 (en) Method for sending digital information
KR100824743B1 (en) Method for user authentication using mobile phone and system therefor
US20180130056A1 (en) Method and system for transaction security
US20240144230A1 (en) Systems and methods for tone to token telecommunications platform
US20140330689A1 (en) System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate
RU2625949C2 (en) Method and system using cyber identifier for ensuring protected transactions
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
KR20090123313A (en) Method and system for money transaction pre-verification having prevention phishing
KR20090078975A (en) Method and system for user authentication using divided authentication information
US20230300132A1 (en) Authentication method and system
KR20070076575A (en) Method for processing user authentication
RU2256216C2 (en) System for paying for services in telecommunication network
KR20070077481A (en) Process server for relaying user authentication
KR20090006815A (en) Method for processing user authentication
KR20090090436A (en) Method and system for authenticating using telecommunication terminal for providing financial transaction service
KR20070077480A (en) Server for processing user authentication
KR20070077484A (en) Method for processing information
KR20070077482A (en) Server for relaying information of user authentication

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application
J201 Request for trial against refusal decision
AMND Amendment
B601 Maintenance of original decision after re-examination before a trial
J301 Trial decision

Free format text: TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20100927

Effective date: 20120911