KR20100070708A - User authentication method using graphic one-time password - Google Patents
User authentication method using graphic one-time password Download PDFInfo
- Publication number
- KR20100070708A KR20100070708A KR1020080129383A KR20080129383A KR20100070708A KR 20100070708 A KR20100070708 A KR 20100070708A KR 1020080129383 A KR1020080129383 A KR 1020080129383A KR 20080129383 A KR20080129383 A KR 20080129383A KR 20100070708 A KR20100070708 A KR 20100070708A
- Authority
- KR
- South Korea
- Prior art keywords
- user
- image
- authentication
- password
- graphic
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
Description
The present invention relates to a user authentication method using a graphic OTP, and more specifically, in the case of user authentication through ID and password authentication, after selecting the user's ID key icon selected from the plurality of images provided from the server The present invention relates to a user authentication method using a graphic OTP which can authenticate a user by matching a password with a password.
Graphic One Time Password (GOTP) is one of Graphical One Time Password (OTP), which uses the graphic interface to display the distance between images arranged on the screen. As you type, the password you use is the input value that changes along with the array of images that change each time.
Through the graphical interface, the user can obtain a significant improvement in the ease of memory and the validity of the memory and secure the security. However, in actual use, input values and passwords are managed separately by simply using the arrow keys without recognizing OTP, and are safe from shoulder surfing, phishing and pharming ( Pharming can be prevented.
It is often uncomfortable to be behind someone when using a password key or cash machine attached to the entrance. The reason is that I am concerned about my password being exposed. The person standing behind will also feel uncomfortable. GOTP is a technology that can eliminate this inconvenience, that is, technology developed to securely enter a password no matter who is looking behind.
In general, the GOTP transmits one or more graphic images to the user terminal, and the user inputs coordinate values through the keyboard to virtually move a predetermined matching image by checking the transmitted images.
That is, the user selects one or more images corresponding to his key instead of the password and stores them in the authentication server. Then, when performing GOTP for user authentication, the authentication server arranges the images by transmitting the image set in which the additional images and other additional images stored by the user in a predetermined position to the user terminal. The user checks the image set displayed on the terminal and inputs a coordinate shift value for matching the image selected by the user with the image using the keyboard.
The matching value input is transmitted from the terminal to the authentication server to check whether the coordinate shift value is correct. If the input coordinate shift value is correct, the corresponding user is allowed to access.
The authentication method using GOTP receives a movement route from the user's private key image to the hall image among the image groups displayed on the user's terminal with the direction keys, compares it with the movement route calculated by the authentication server or the terminal, and matches the user. This is how to allow access.
However, all the conventional GOTP authentication methods are used for the second authentication, and it is difficult to apply to the existing password which is substantially the first authentication.
In addition, when hooking, phishing and pharming an image and a keyboard input transmitted to a hacker attempting an illegal hack from a password used for existing primary authentication, user authentication information is likely to be exposed.
To solve this problem, there is a method of inputting the path by using the cursor key or the mouse click without using the coordinate value of the image by using GOPT, but this is applicable only to a simple password, so it is applied to the general password using all key values on the keyboard. It is difficult to do so, because the image on the screen does not move, it is difficult to make a mistake or intuitively determine whether the user inputs the input process, and there is a problem that causes inconvenience to the user.
The present invention devised to solve the problems of the prior art as described above, when the user first inputs the ID when the user authentication, and transmits the image selected by the user from the server to the terminal, a new image array is formed and transmitted and the user formed image If the password is input to the authentication image selected from the above, and the password is input to the server, the server calculates the password input by the user using the shift value and the image array of the server and checks whether the ID matches the password. By implementing the authentication method in a manner, an object of the present invention is to provide a user authentication method using a graphic OTP to prevent the password is exposed from network hooking, phishing and pharming and keylog.
The above object of the present invention is a first step of generating a synchronization code by receiving a graphic OTP authentication request signal from a user terminal; A second step of changing the order of the images stored by the user using the synchronization code to generate a new group of images; Transmitting the image group to the terminal of the user; A fourth step of shifting and matching each value of a password with at least one authentication image included in the image group; Transmitting a movement path of the terminal of the user to a server; A sixth step of receiving a movement route transmitted from the user terminal; And a seventh step of comparing the position of the authentication image with the movement path and the arrangement of the image group generated in the second step to calculate a value input by the user and transmitting the calculated value to the server for determining whether to authenticate. Achieved by a user authentication method using graphical OTP.
In addition, the graphic OTP authentication request signal of the present invention is preferably an ID or personal identification code.
Therefore, in the user authentication method using the graphic OTP of the present invention, by transmitting to the user terminal from the server using a new sequence of images consisting of only the unique image selected by the user, the user can check whether a fake site is safe from phishing Since the image arrangement is variable every moment, the image corresponding to the password is moved to match the icon, so the movement deviation is also variable, so it is not exposed to hooking or peeping, which can prevent illegal theft of GOTP. Since the terminal supports a method of moving and matching the password-expressed image and the authentication image, there is a remarkable and advantageous effect of preventing errors in user input.
The terms or words used in this specification and claims are not to be construed as limiting in their usual or dictionary meanings, and the inventors may appropriately define the concept of terms in order to best describe their invention. It should be interpreted as meaning and concept corresponding to the technical idea of the present invention based on the principle that the present invention.
Therefore, the embodiments described in the specification and the drawings shown in the drawings are only the most preferred embodiment of the present invention and do not represent all of the technical idea of the present invention, various modifications that can be replaced at the time of the present application It should be understood that there may be equivalents and variations.
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a flowchart illustrating a user authentication method using a graphic OTP according to the present invention. Referring to FIG. 1, a graphic OTP authentication request signal is received from a user's terminal to generate a synchronization code (S100), and the order of images stored by the user is changed by using the generated synchronization code. An image group is generated (S110).
Thereafter, the generated image group is transmitted to the user's terminal (S120), and a value of each of the passwords is matched to at least one authentication image included in the image group (S130).
Thereafter, the movement path of the user's terminal is transmitted to the server (S140), and the movement path transmitted from the user's terminal is received (S150).
Subsequently, the value calculated by the user is input by comparing with the position of the authentication image in each of the movement paths and the arrangement of the image group generated in S110, and is transmitted to a server for determining whether to authenticate or not (S160).
That is, in the present invention, when the user first receives an ID and transmits the GOTP image selected by the user from the server to the terminal, a new image array is formed and transmitted and the user moves the password to the selected authentication image among the formed images. After inputting to the server and sending it to the server, the server calculates the password entered by the user using the moving value and the image array of the server, and then implements an authentication method by checking whether the ID and password match. Ensure that passwords are not exposed from phishing, pharming, and keylogs.
2 to 7 show an embodiment according to the present invention. 2 to 7, in the user authentication method using the graphic OTP of the present invention, a value for moving the graphic OTP authentication request signal using an ID or a personal identification code may be both an authentication icon or a password.
In addition, the present invention may use various types of personal authentication values such as social security number, i-pin, account number, etc., instead of the password to be used, and the user may proceed to mix the image array for each character in the matching process by moving the authentication icon. .
The shuffler of the present invention can shuffle the values used for the password, and additionally display the numbers so as to confirm the movement deviation in the password.
The authentication icon of the present invention can be used for numbers, letters, and the like, and can be expected to have an advertisement effect by attaching an advertisement window to the authentication page, and can also watch a video advertisement after authentication.
The present invention can encrypt the movement value, and includes a mouse heel, a keyboard number, a direction key, and the like in the movement method, and transmits the security key to the user terminal for enhanced security and transmits the authentication value together to confirm that the user is a registered user. It may be.
Therefore, in the user authentication method using the graphic OTP according to the present invention, by transmitting to the user terminal from the server using a new sequence of images consisting of only the unique image selected by the user, the user can check whether or not a fake site from phishing It is safe and the image array is variable every moment, so the image corresponding to the password is moved to match the icon, so the movement deviation is also variable, so it is not exposed to hooking or peeping, which can prevent illegal theft of GOTP. Since a user's terminal supports a method of moving and matching an image in which a password is expressed and an authentication image, an error in user input can be prevented in advance.
Although the present invention has been shown and described with reference to the preferred embodiments as described above, it is not limited to the above embodiments and those skilled in the art without departing from the spirit of the present invention. Various changes and modifications will be possible.
1 is a flowchart illustrating a user authentication method using a graphic OTP according to the present invention.
2 to 7 show an embodiment according to the present invention.
Claims (2)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080129383A KR20100070708A (en) | 2008-12-18 | 2008-12-18 | User authentication method using graphic one-time password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080129383A KR20100070708A (en) | 2008-12-18 | 2008-12-18 | User authentication method using graphic one-time password |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20100070708A true KR20100070708A (en) | 2010-06-28 |
Family
ID=42368411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020080129383A KR20100070708A (en) | 2008-12-18 | 2008-12-18 | User authentication method using graphic one-time password |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20100070708A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101221728B1 (en) * | 2010-08-27 | 2013-01-11 | (주)네오위즈게임즈 | The certification process server and the method for graphic OTP certification |
-
2008
- 2008-12-18 KR KR1020080129383A patent/KR20100070708A/en active IP Right Grant
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101221728B1 (en) * | 2010-08-27 | 2013-01-11 | (주)네오위즈게임즈 | The certification process server and the method for graphic OTP certification |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8826406B2 (en) | Password security input system using shift value of password key and password security input method thereof | |
KR101883156B1 (en) | System and method for authentication, user terminal, authentication server and service server for executing the same | |
US8931060B2 (en) | System for two way authentication | |
US10848304B2 (en) | Public-private key pair protected password manager | |
CN104011729B (en) | Input information authenticating apparatus, server unit and input authentification of message system | |
CN107111698B (en) | Authentication server device, storage medium, and authentication method | |
JP2009104314A (en) | Image selection authentication system, authentication server device, image selection authentication method, and image selection authentication program | |
JP2009169857A (en) | Authentication system | |
Van Oorschot et al. | TwoStep: An authentication method combining text and graphical passwords | |
CN110050271A (en) | Image code system and the method for using it to certification user | |
US20190080061A1 (en) | Method for secure key input | |
Khedr | Improved keylogging and shoulder-surfing resistant visual two-factor authentication protocol | |
US10108790B2 (en) | Password authenticating device for preventing leakage of passwords | |
JP2019505051A (en) | Dynamic graphical password-based network registration method and system | |
WO2008105602A1 (en) | User authentication method and system using graphic otp | |
CN109075972B (en) | System and method for password anti-theft authentication and encryption | |
KR101474924B1 (en) | Locking system and method using dial | |
US9002751B2 (en) | Apparatus and method for authorization of online financial transaction | |
WO2017030210A1 (en) | User authentication method using graphic otp | |
CN105678131B (en) | Information processing method, massaging device, mobile terminal and server | |
Salman et al. | A graphical PIN entry system with shoulder surfing resistance | |
KR20100070741A (en) | User authentication method using graphic one-time password | |
KR20100070708A (en) | User authentication method using graphic one-time password | |
KR100844195B1 (en) | A user authentication method of having used graphic OTP | |
KR20080080064A (en) | Method for user authentication using graphic otp |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
N231 | Notification of change of applicant | ||
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
AMND | Amendment | ||
J201 | Request for trial against refusal decision | ||
AMND | Amendment | ||
B601 | Maintenance of original decision after re-examination before a trial | ||
J301 | Trial decision |
Free format text: TRIAL NUMBER: 2016101000527; TRIAL DECISION FOR APPEAL AGAINST DECISION TO DECLINE REFUSAL REQUESTED 20160128 Effective date: 20170530 |
|
S901 | Examination by remand of revocation | ||
GRNO | Decision to grant (after opposition) |