KR20100070708A - User authentication method using graphic one-time password - Google Patents

User authentication method using graphic one-time password Download PDF

Info

Publication number
KR20100070708A
KR20100070708A KR1020080129383A KR20080129383A KR20100070708A KR 20100070708 A KR20100070708 A KR 20100070708A KR 1020080129383 A KR1020080129383 A KR 1020080129383A KR 20080129383 A KR20080129383 A KR 20080129383A KR 20100070708 A KR20100070708 A KR 20100070708A
Authority
KR
South Korea
Prior art keywords
user
image
authentication
password
graphic
Prior art date
Application number
KR1020080129383A
Other languages
Korean (ko)
Inventor
박영춘
Original Assignee
(주)민인포
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)민인포 filed Critical (주)민인포
Priority to KR1020080129383A priority Critical patent/KR20100070708A/en
Publication of KR20100070708A publication Critical patent/KR20100070708A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

PURPOSE: A user authentication method using a graphic one time password is provided to prevent the embezzlement of a GOTP(Graphic One Time Password) by transferring the image arrangement of a new order which configured in image selected by a user to a user terminal. CONSTITUTION: A synchronization code is generated by receiving a GOTP authentication request signal from a user terminal(S100), and an image group of new image order is generated by changing the order of the images stored by a user based on the synchronization code(S110). The image group is transmitted to the user terminal(S120), and the images included in the image group is moved and is identical to the password values(S130).

Description

User authentication method using graphic one-time password}

The present invention relates to a user authentication method using a graphic OTP, and more specifically, in the case of user authentication through ID and password authentication, after selecting the user's ID key icon selected from the plurality of images provided from the server The present invention relates to a user authentication method using a graphic OTP which can authenticate a user by matching a password with a password.

Graphic One Time Password (GOTP) is one of Graphical One Time Password (OTP), which uses the graphic interface to display the distance between images arranged on the screen. As you type, the password you use is the input value that changes along with the array of images that change each time.

Through the graphical interface, the user can obtain a significant improvement in the ease of memory and the validity of the memory and secure the security. However, in actual use, input values and passwords are managed separately by simply using the arrow keys without recognizing OTP, and are safe from shoulder surfing, phishing and pharming ( Pharming can be prevented.

It is often uncomfortable to be behind someone when using a password key or cash machine attached to the entrance. The reason is that I am concerned about my password being exposed. The person standing behind will also feel uncomfortable. GOTP is a technology that can eliminate this inconvenience, that is, technology developed to securely enter a password no matter who is looking behind.

In general, the GOTP transmits one or more graphic images to the user terminal, and the user inputs coordinate values through the keyboard to virtually move a predetermined matching image by checking the transmitted images.

That is, the user selects one or more images corresponding to his key instead of the password and stores them in the authentication server. Then, when performing GOTP for user authentication, the authentication server arranges the images by transmitting the image set in which the additional images and other additional images stored by the user in a predetermined position to the user terminal. The user checks the image set displayed on the terminal and inputs a coordinate shift value for matching the image selected by the user with the image using the keyboard.

The matching value input is transmitted from the terminal to the authentication server to check whether the coordinate shift value is correct. If the input coordinate shift value is correct, the corresponding user is allowed to access.

The authentication method using GOTP receives a movement route from the user's private key image to the hall image among the image groups displayed on the user's terminal with the direction keys, compares it with the movement route calculated by the authentication server or the terminal, and matches the user. This is how to allow access.

However, all the conventional GOTP authentication methods are used for the second authentication, and it is difficult to apply to the existing password which is substantially the first authentication.

In addition, when hooking, phishing and pharming an image and a keyboard input transmitted to a hacker attempting an illegal hack from a password used for existing primary authentication, user authentication information is likely to be exposed.

To solve this problem, there is a method of inputting the path by using the cursor key or the mouse click without using the coordinate value of the image by using GOPT, but this is applicable only to a simple password, so it is applied to the general password using all key values on the keyboard. It is difficult to do so, because the image on the screen does not move, it is difficult to make a mistake or intuitively determine whether the user inputs the input process, and there is a problem that causes inconvenience to the user.

The present invention devised to solve the problems of the prior art as described above, when the user first inputs the ID when the user authentication, and transmits the image selected by the user from the server to the terminal, a new image array is formed and transmitted and the user formed image If the password is input to the authentication image selected from the above, and the password is input to the server, the server calculates the password input by the user using the shift value and the image array of the server and checks whether the ID matches the password. By implementing the authentication method in a manner, an object of the present invention is to provide a user authentication method using a graphic OTP to prevent the password is exposed from network hooking, phishing and pharming and keylog.

The above object of the present invention is a first step of generating a synchronization code by receiving a graphic OTP authentication request signal from a user terminal; A second step of changing the order of the images stored by the user using the synchronization code to generate a new group of images; Transmitting the image group to the terminal of the user; A fourth step of shifting and matching each value of a password with at least one authentication image included in the image group; Transmitting a movement path of the terminal of the user to a server; A sixth step of receiving a movement route transmitted from the user terminal; And a seventh step of comparing the position of the authentication image with the movement path and the arrangement of the image group generated in the second step to calculate a value input by the user and transmitting the calculated value to the server for determining whether to authenticate. Achieved by a user authentication method using graphical OTP.

In addition, the graphic OTP authentication request signal of the present invention is preferably an ID or personal identification code.

Therefore, in the user authentication method using the graphic OTP of the present invention, by transmitting to the user terminal from the server using a new sequence of images consisting of only the unique image selected by the user, the user can check whether a fake site is safe from phishing Since the image arrangement is variable every moment, the image corresponding to the password is moved to match the icon, so the movement deviation is also variable, so it is not exposed to hooking or peeping, which can prevent illegal theft of GOTP. Since the terminal supports a method of moving and matching the password-expressed image and the authentication image, there is a remarkable and advantageous effect of preventing errors in user input.

The terms or words used in this specification and claims are not to be construed as limiting in their usual or dictionary meanings, and the inventors may appropriately define the concept of terms in order to best describe their invention. It should be interpreted as meaning and concept corresponding to the technical idea of the present invention based on the principle that the present invention.

Therefore, the embodiments described in the specification and the drawings shown in the drawings are only the most preferred embodiment of the present invention and do not represent all of the technical idea of the present invention, various modifications that can be replaced at the time of the present application It should be understood that there may be equivalents and variations.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a flowchart illustrating a user authentication method using a graphic OTP according to the present invention. Referring to FIG. 1, a graphic OTP authentication request signal is received from a user's terminal to generate a synchronization code (S100), and the order of images stored by the user is changed by using the generated synchronization code. An image group is generated (S110).

Thereafter, the generated image group is transmitted to the user's terminal (S120), and a value of each of the passwords is matched to at least one authentication image included in the image group (S130).

Thereafter, the movement path of the user's terminal is transmitted to the server (S140), and the movement path transmitted from the user's terminal is received (S150).

Subsequently, the value calculated by the user is input by comparing with the position of the authentication image in each of the movement paths and the arrangement of the image group generated in S110, and is transmitted to a server for determining whether to authenticate or not (S160).

That is, in the present invention, when the user first receives an ID and transmits the GOTP image selected by the user from the server to the terminal, a new image array is formed and transmitted and the user moves the password to the selected authentication image among the formed images. After inputting to the server and sending it to the server, the server calculates the password entered by the user using the moving value and the image array of the server, and then implements an authentication method by checking whether the ID and password match. Ensure that passwords are not exposed from phishing, pharming, and keylogs.

2 to 7 show an embodiment according to the present invention. 2 to 7, in the user authentication method using the graphic OTP of the present invention, a value for moving the graphic OTP authentication request signal using an ID or a personal identification code may be both an authentication icon or a password.

In addition, the present invention may use various types of personal authentication values such as social security number, i-pin, account number, etc., instead of the password to be used, and the user may proceed to mix the image array for each character in the matching process by moving the authentication icon. .

The shuffler of the present invention can shuffle the values used for the password, and additionally display the numbers so as to confirm the movement deviation in the password.

The authentication icon of the present invention can be used for numbers, letters, and the like, and can be expected to have an advertisement effect by attaching an advertisement window to the authentication page, and can also watch a video advertisement after authentication.

The present invention can encrypt the movement value, and includes a mouse heel, a keyboard number, a direction key, and the like in the movement method, and transmits the security key to the user terminal for enhanced security and transmits the authentication value together to confirm that the user is a registered user. It may be.

Therefore, in the user authentication method using the graphic OTP according to the present invention, by transmitting to the user terminal from the server using a new sequence of images consisting of only the unique image selected by the user, the user can check whether or not a fake site from phishing It is safe and the image array is variable every moment, so the image corresponding to the password is moved to match the icon, so the movement deviation is also variable, so it is not exposed to hooking or peeping, which can prevent illegal theft of GOTP. Since a user's terminal supports a method of moving and matching an image in which a password is expressed and an authentication image, an error in user input can be prevented in advance.

Although the present invention has been shown and described with reference to the preferred embodiments as described above, it is not limited to the above embodiments and those skilled in the art without departing from the spirit of the present invention. Various changes and modifications will be possible.

1 is a flowchart illustrating a user authentication method using a graphic OTP according to the present invention.

2 to 7 show an embodiment according to the present invention.

Claims (2)

In the user authentication method using a graphic OTP, A first step of receiving a graphic OTP authentication request signal from a user terminal to generate a synchronization code; A second step of changing the order of the images stored by the user using the synchronization code to generate a new group of images; Transmitting the image group to the terminal of the user; A fourth step of shifting and matching each value of a password with at least one authentication image included in the image group; Transmitting a movement path of the terminal of the user to a server; A sixth step of receiving a movement route transmitted from the user terminal; And A seventh step of comparing the position of the authentication image with the position of the movement group and the image group created in the second step to calculate a value input by the user and to transmit it to a server for determining whether to authenticate User authentication method using a graphic OTP including a. The method of claim 1, The graphic OTP authentication request signal of the first step is a user ID authentication method using a graphic OTP.
KR1020080129383A 2008-12-18 2008-12-18 User authentication method using graphic one-time password KR20100070708A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020080129383A KR20100070708A (en) 2008-12-18 2008-12-18 User authentication method using graphic one-time password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020080129383A KR20100070708A (en) 2008-12-18 2008-12-18 User authentication method using graphic one-time password

Publications (1)

Publication Number Publication Date
KR20100070708A true KR20100070708A (en) 2010-06-28

Family

ID=42368411

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020080129383A KR20100070708A (en) 2008-12-18 2008-12-18 User authentication method using graphic one-time password

Country Status (1)

Country Link
KR (1) KR20100070708A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101221728B1 (en) * 2010-08-27 2013-01-11 (주)네오위즈게임즈 The certification process server and the method for graphic OTP certification

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101221728B1 (en) * 2010-08-27 2013-01-11 (주)네오위즈게임즈 The certification process server and the method for graphic OTP certification

Similar Documents

Publication Publication Date Title
US8826406B2 (en) Password security input system using shift value of password key and password security input method thereof
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
US8931060B2 (en) System for two way authentication
US10848304B2 (en) Public-private key pair protected password manager
CN104011729B (en) Input information authenticating apparatus, server unit and input authentification of message system
CN107111698B (en) Authentication server device, storage medium, and authentication method
JP2009104314A (en) Image selection authentication system, authentication server device, image selection authentication method, and image selection authentication program
JP2009169857A (en) Authentication system
Van Oorschot et al. TwoStep: An authentication method combining text and graphical passwords
CN110050271A (en) Image code system and the method for using it to certification user
US20190080061A1 (en) Method for secure key input
Khedr Improved keylogging and shoulder-surfing resistant visual two-factor authentication protocol
US10108790B2 (en) Password authenticating device for preventing leakage of passwords
JP2019505051A (en) Dynamic graphical password-based network registration method and system
WO2008105602A1 (en) User authentication method and system using graphic otp
CN109075972B (en) System and method for password anti-theft authentication and encryption
KR101474924B1 (en) Locking system and method using dial
US9002751B2 (en) Apparatus and method for authorization of online financial transaction
WO2017030210A1 (en) User authentication method using graphic otp
CN105678131B (en) Information processing method, massaging device, mobile terminal and server
Salman et al. A graphical PIN entry system with shoulder surfing resistance
KR20100070741A (en) User authentication method using graphic one-time password
KR20100070708A (en) User authentication method using graphic one-time password
KR100844195B1 (en) A user authentication method of having used graphic OTP
KR20080080064A (en) Method for user authentication using graphic otp

Legal Events

Date Code Title Description
N231 Notification of change of applicant
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
J201 Request for trial against refusal decision
AMND Amendment
B601 Maintenance of original decision after re-examination before a trial
J301 Trial decision

Free format text: TRIAL NUMBER: 2016101000527; TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20160128

Effective date: 20170530

S901 Examination by remand of revocation
GRNO Decision to grant (after opposition)