KR20120046508A - Confirmation method using variable secret puzzle - Google Patents

Abstract

PURPOSE: An authentication method using confidential puzzles is provided to perform account transfer only through a secret puzzle with an account transfer password, thereby safely protecting transaction authentication from a malicious code and a hacker. CONSTITUTION: A first confidential puzzle script and a user authentication number are received from the authentication server(S60). A number or a character corresponding to an account transfer password is inputted to the confidential puzzle script as a code number or a code character indicated in the confidential puzzle script(S70). The account transfer password of a user is inputted as the code number indicated in the first confidential puzzle script(S80). The authorization of account transfer is determined by confirming the account transfer password and the authentication number(S90).

Description

Confirmation method using variable secret puzzle

The present invention relates to an encryption method and a system using the same. More particularly, the present invention relates to an authentication method using a variety of secret puzzles by generating secret puzzles based on receiving and based on a result of encryption or a hash function from an authentication server.

Internet banking has become a very important means of electronic financial transactions in our lives. Domestic internet banking has been on a steady increase in the second quarter of 2010, with an average daily average of 3.291 million cases and 29.95 trillion won. It has a high proportion.

Mobile banking, in particular, is expected to grow further, with an average of 2.26mn daily and KRW400.8bn, growing by 13.2% and 14.0% QoQ, respectively.

Since internet banking is a non-face-to-face transaction, it is very important to protect the user authentication and transaction approval process. To this end, various secrets are used in Internet banking, but the method of use is the same as inputting plain text through an input device.

The secret code entered in plain text is protected from mathematically proven authentication protocols and cryptographic techniques, so it is safe from the majority of attacks that can occur at the network level, but decrypting without the secret code is costly and time consuming. An attacker who knows that this is required and how to use a secret is naturally aimed at the process of entering a secret code which is relatively easy to attack.

Representative examples of such attacks include keyboard hooking, which captures secrets at the user's input stage, and phishing that tricks the user's eyes into entering secrets on attacker-generated sites. It is an attack. A more intelligent attack is document tampering.

Document tampering is an attack that tricks the user's eyes from the start of the transaction to the completion of the transaction and completes the transaction as the attacker intended. Unlike keyboard hooking or phishing, whose purpose is to simply obtain a secret code, it is a more intelligent attack because it exploits the input secret code without the user's doubt.

The attacker would only overlap the content of the document source on his document and present the altered document to the user. The user confirms that the contents of the document are intact and signs the document.

An attacker who receives a signed document breaks the overlap and has a forged document signed by the user. Since the user checks what he / she wants to trade and inputs a secret code, if he can cheat the user's eyes, he can obtain the secret code without any doubt of the user.

This attack simply shows that the method of proving secret code is meaningless in the face of document tampering attacks.

Internet banking uses various forms of secret codes. Most of the secret codes currently used are fixed secret codes, which are mainly used for authenticating users. Secret codes used to authenticate a user can be divided into memorized, possessed, and part of the body. Internet banking mainly uses a combination of memorized and possessed secret codes (multi-factor authentication).

Secret codes currently in use are listed in Table 1 below.

Main Category Small classification Type of secret Remarks










Fixed
Secret code



Memorizing form
Secret code
Login password
Alphanumeric 6 to 10 digits
May be stored encrypted on the server

Accredited Certificate Password
Password to use encrypted public certificate, server does not have this password
Account (Transaction) Password
Password for account transfer
May be stored encrypted on the server


Secret code in file form
Authorized Certificate

Can be stored on hard disks, removable storage devices, mobile phones, etc.
Memorization is used with secrets in form.
ISP (Internet Secure Payment)

Owned
Form secret code
Security card
Limited number of secrets (e.g. 35 four digits)
Used in question-response form
Server can see the response in plain text


Fluid
Secret code
Owned
Form secret code
OTP (One Time Password)
Generate another 6 digits each time. Copy not possible
Server can see OTP's response in plain text

Various types of secret codes (e.g., fixed secret codes or floating secret codes) can be divided into fixed and flexible forms for user authentication and transaction approval, depending on the purpose. .

Only a fixed type of secret code is used in the user authentication process. However, once a fixed type of secret code is exposed, an attacker can exploit it until the user changes the secret code. For this reason, only user authentication can be used for the inquiry service, and other important information inquiry, information change, transaction approval, etc. are used to prove a different response (hereinafter referred to as an approval response) each time by using a secret in the form of possession. The answer that changes every time is obviously a burden to the attacker.

However, all secret codes, including their own secret code, are required to enter plain text. Thus it is still simple to use. The disadvantage of using a simple secret code is that plain text may be exposed during the input of the secret code, and the secret code entered may be used differently from the user's intention because it is not related to the transaction history.

This is not an exception, even if the acknowledgment is intended to change every time. The problem is that even if the response is flexible, it cannot be used for what purpose the response is used.

 Automated Malware (hereinafter referred to as Malicious Code): It is assumed that malicious code installed in the user's computer (or mobile phone, hereinafter referred to as computer) has full control of the device. Malware includes keyboard hooking that steals user input to obtain the user's secret code, phishing to trick users into entering secrets on sites created by attackers, and document alteration attacks that alter documents to complete transactions as the attacker intended. This is possible.

A security program to counter malware is not a fundamental solution to malware that has the same rights.

However, the Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA), which uses cognitive abilities to distinguish between humans and robots, cannot be solved.

Attacker's real-time participation (hereinafter, remote attacker): In addition to the ability of malware, if the malicious code can communicate with a remotely located attacker in real time and can see the user's screen, CAPTCHA is simply meaningless to distinguish between human and robot. Do. In addition, the attacker assumes that by installing a camera where the user is located, he can steal not only the secret that the user enters on the keyboard, but also the secret code that the user owns (Shoulder-Surfing Attack).

In general, the difference between a malicious code and a remote attacker is whether the attacker (person) directly participates in the attack process in real time. If an attacker can control a large number of computers infected with malware, they can mobilize them at the same time to conduct a massive attack.

This attack may mean a Distributed Denial-Of-Service attack (DDoS), but it may also mean a simultaneous document alteration attack that directly inflicts financial damage on the user. A remote attacker can respond to a system where CAPTCHA is applied to prevent automated attacks.

However, since humans must participate in the attack process, large-scale attacks such as automated malware have limitations and can only be attacked by communicating in real time, which can be a clue to the attacker's location. You can limit it.

Document tampering is an intelligent attack that tricks a user's eyes when a transaction occurs on a user's computer and completes the transaction as the attacker intended. This attack is possible through MITB (Man In The Browser), where malicious code resides in a web browser, and the following steps are required for an attacker to automate a document alteration attack.

First, source code analysis is required.

Scripts, an essential component of building dynamic Web documents, are interpreted directly by the interpreter. In the case of domestic electronic banking transactions, important contents (including scripts) are encrypted through ActiveX, but since decryption is done through scripts, source code is obtained by directly calling decryption functions from encrypted documents using a program such as DebugBar. I could analyze the code.

Second, the target document needs to be detected.

In general, considering that the method of classifying documents on a server is a URL (Uniform Resource Locator), malware can identify a target by simply reading the URL. For example, you could use the onDocumentComplete event to get the URL of a downloaded document.

Third, the insertion of the script is necessary.

The path where malicious code can be inserted can be inserted in the section after the transport layer in case of TLS / SSL applied document, and in case Internet Explorer requires partial decryption through Internet plug-in, Script insertion is possible in all sections up to the user interface.

Fourth, it is necessary to input data intended by an attacker.

Using keybd_event (defined in Winuser.h), which is called by the keyboard driver's interrupt handler, allowed the attacker to enter the desired data into the keyboard security program.

When a script can be inserted, there are two ways to alter the document.

It is a method of creating a fake document and using the z-index property of CSS to overwrite the document source in a hierarchical form and modulating only the data that communicates with the server through function overriding of the script.

Keyboard security program is a secret protection method that can be easily found in Korea. The program does two things: to prevent keyboard hooking to prevent disclosure of user secrets, and to encrypt the user's keystrokes at the keyboard driver level to the application layer to prevent abnormal keystroke data.

However, experiments have shown that neither of these security techniques is fundamentally incompatible with malware. Malware can use fake input forms to obtain secret codes entered by users. If a secret input form is changed to something that is not encrypted and a secret is entered, the form is accessed using the Document Object Model (DOM) to steal the secret.

An attacker could also exploit a keyboard security program [9,10] with minimal security (or a Class ID but no operation) to steal secret code. This program is provided if the user agrees. If this program is installed, it will not be secure for keyboard hooking. An attacker can forcibly install a keyboard security program with minimal security on the user's computer and attempt to hook the keyboard to gain secrets.

With respect to malicious keystrokes, an attacker can tell that the keyboard security program doesn't work at least at the interrupt handling level, as Internet banking can also be done with the on-screen keyboard or remote desktop provided by Windows. Such a keyboard security program could not prevent interrupt hooking-level keyloggers, and it was possible to input the account password and account number to be encrypted using keybd_event at the Windows API level even while the keyboard security program is operating normally. Expect the same results with other keyboard security programs that you have not tested.

The virtual keyboard is a method of inputting secret input through a mouse on a virtual keyboard rather than a physical keyboard to protect a user's secret from keyboard hooking. Unlike the physical keyboard's key input data that passes through several sections, the virtual keyboard is designed to operate independently in the application layer, so the threat to secret exposure is limited to the application layer.

This may seem relatively safe, but secrets can still be exposed to malware residing at the application layer. For example, the virtual keyboard recently introduced to K-bank in Korea is to change the position of the key every time, and when the user wants to use it, the virtual keyboard image is downloaded and displayed on the screen. At this time, download the XML (Extensible Markup Language) file containing the location information of the key and apply it to the virtual keyboard image.

When the user clicks the secret on the virtual image with the mouse, the script encrypts the coordinates of the event and sends it to the server. As a result of the experiment, the malicious code could access or download the virtual keyboard image with the DOM and override the transkey1.pressKey function to obtain the x and y coordinates input by the mouse. If only the virtual keyboard image and the coordinates entered by the user are found, the malicious code can obtain the secret through simple image processing and text recognition, or the remote attacker can obtain the secret by directly inserting the coordinates on the image.

Another way to get a secret from the virtual keyboard is to print out the virtual keyboard image you prepared instead of sending the virtual keyboard image from the server.

In this case, since the malicious code knows the key coordinate information of the prepared virtual keyboard in advance, it is not necessary to use an image processing technique to interpret the secret corresponding to the coordinates input by the user. All other virtual keyboards are expected to be vulnerable to the same attack.

Considering that the secret code of the user is easy to be exposed to the fact that the entropy of the secret code is low, studies are being actively conducted to use an image having a relatively high entropy as a secret instead of a secret code composed of characters. When the authentication screen appears, it starts from the top left, moves along the image that the user knows, and when it reaches the edge, it authenticates using the number of the corresponding position.

This technique has the burden of memorizing multiple images, the time required for authentication (15-20 seconds per round), and the safety is also pointed out, making it practical.

Such techniques using images have a common disadvantage that they do not utilize high entropy or are vulnerable to peek over shoulders. In the case of a character secret code, the secret code can be input to the computer through the keyboard, but it is not easy to enter an image into the computer using the keyboard and the mouse.

For this reason, the images transmitted from the server, that is, the secret code candidates are selected from among the limited size resolutions, and the number of candidate groups of the secret codes to be output is also limited.

Many candidates for a secret code or repeating multiple rounds may be unusable because the recognition time of the user is long or burdensome. Although it is less usable, an attacker can gain secrets by looking at the user's successful authentication attempts by peeking over the shoulder. In order to overcome this weakness, the secret is not selected directly, but the predicate of the secret is memorized and an additional operation is performed in response to the authentication.

However, since this method requires the user to add computational power to the head in addition to cognitive ability, the study that the usability is limited and the predicate that the user can define is limited supports the security of such an approach.

Therefore, research on secrets with higher entropy is being conducted to satisfy both usability and security with respect to the input method.

Considering the compatibility of the secret code consisting of the alphanumeric (currently used), a method of secure authentication by changing only the secret code verification method has also been studied. In the case of S3PAS, character passcode is used instead of pass-icon.

The pass-icon is designed to select from among the icons shown on the screen, a triangle with three vertices as its vertices, and an icon within the triangle. Unlike pass-icons, in which icons appear in random order, S3PAS uses three digits of the password that the user memorized.

The use of two-digit passwords simultaneously in the front and back rounds increases the likelihood of guessing password candidates that reconstruct the triangle around the user-selected character. If an attacker collects multiple password candidates, the attacker can find out the password through a cross attack (intersection of password candidates). Also, remembering three passwords in your head can be a burden on your users.

In another study, a 6x6 matrix (26 alphanumeric characters, 10 numbers) is used as a query sent by the server. We introduced how to authenticate.

Authentication is a total of n (password length) steps, and the user randomly selects a temporary secret on the matrix in the odd-numbered authentication step and uses the temporary secret selected in the previous (odd) authentication step in the even-numbered authentication step. In the second authentication step, the user finds the intersection point where the row where the second password is located and the column where the second password is located in the matrix, and moves the intersection point (upper layer) to the temporary secret (lower layer) by using a direction key.

This technique properly guards against brute force, replay attacks, and cross attacks, but it can be a burden on the user to remember the password in two places and also to remember the temporary secret code.

In another study, when a query is available to a user through a secure channel, when a pass-object located in the same column as the first password character is used as a temporary secret code, the pass-object is delivered through a secure channel. The authentication technique was shown. In case of the first and third methods, a safe channel for querying is required. The voice method mentioned in this paper is also difficult to understand as a safe channel because malicious code can interpret it.

If one assumes that an additional device is used to safely transmit a query, it is not efficient because other convenient techniques using the additional device can be used in the same home.

Phishing vulnerabilities do not exist on the server you want to access, but because they occur in malicious code that is infected with your computer, your URL input mistake, or in a vulnerable network environment where attackers coexist. Uneasy.

For example, an anti-phishing program that runs only when accessing a homepage may not work if the user accidentally enters a URL or if the malware modifies the HTTP request and directs it to a phishing site. Can't be. The URL monitoring method that the user accesses by staying in the memory of the user's computer mainly uses whitelist and blacklist, and the method using the list is still defenseless against unknown attacks.

In addition, these lists primarily check the URL and do not verify that the screen the user sees is the screen of the home page the user is trying to access. Even if an anti-phishing program compares the actual screen with screen capture, the attacker can easily bypass it.

The attacker can download the contents of the homepage from a normal server and deliver it to the user without adding a screen identical to the real screen, but can only add code to steal the secret. Such phishing sites do not have any suspicion for users because they normally provide services to users.

Even if the user accesses a phishing site with a completely different screen, the user may not have any doubt if the site shows that the site has been reorganized.

The use of CAPTCHA to prevent fraudulent use of extended CAPTCHA, which includes transaction details, can respond to automated malware, but it may be vulnerable to malicious code depending on the implementation method. For ArcotVPS, you can use Kmeans ++ to separate strings based on the fact that the background and the color of the strings are different and the percentage of characters in the image is low.

Even if the malicious program cannot read Captcha, it can extract one of the four extracted strings and then generate an authorization image for the altered transaction. As a result, even if a malicious program cannot read the CAPTCHA, it has a 1/4 chance of successful attack.

MS watermark is CAPTCHA expressed on the background of transaction history in general font.

In this technique, because CAPTCHA's font is thicker and larger, edge detection can be separated by extracting it after leaving only strong outlines through edge detection's Canny filter (removing sneak through Gaussian mask and applying Sobel filter).

You can get a clearer string by thinning the area for a certain thickness to get a string and then thickening it again with a Blur filter. The separated Captcha image can be exploited in the modulated transaction.

In addition, the above two techniques require that the CAPTCHA be recognized and the user manually enters a response.

Context-based CAPTCHA allows you to select only those relevant to your transaction from the CAPTCHA images dedicated to you. In this technique, if the contents consist of six contents (receiving bank, receiving account, recipient's name, transfer amount, sender, sending bank) and 44 dummy caps, the security against indiscriminate selection is. The minimum content change that can be attacked (using the receiving bank and the transfer amount entered by the user) is to change both the receiving account and the recipient name, which can be highly secure.

This technique is not very convenient because the user must recognize several CAPTCHAs. However, the user can use more complicated CAPTCHA because it is used for selecting not to read and input CAPTCHA. For example, there is no problem in selecting CAPTCHA even if it is severely distorted and some areas become hard to recognize.

The approval method using the supplementary device is to output the transaction details from the supplementary device and to make the approval through the device. The only method of approval using the additional device currently in use is the telephone approval service of Internet banking account transfer. The telephone approval service does not provide convenience to the user by calling the user using the ARS system in the account transfer approval step to confirm the transaction history and to approve or cancel the transaction.

The transaction signature technique is a method in which a user manually inputs the MAC displayed in the token into a computer by inputting a part of the transaction into an additional issued device called a user token. The transaction signature scheme further provides non-repudiation by storing a certificate in a user token or by signing a MAC input by a user through a public certificate on a computer. Although transaction signing is a part of the user's point of view, it is not convenient because the transaction details must be entered once more.

IBM's ZTIC prints the transaction history via the USB device's display and allows two buttons to determine approval or cancellation [30]. ZTIC sets up a proxy that connects to a predefined site (bank) when it is recognized as a USB storage device when connected to a computer, and all web browsers communicate with the site through ZTIC and encrypt this session. TLS / SSL keys are not accessible to malicious programs. It is convenient because you can check the contents and decide whether to approve it with the button. However, it is disadvantageous to issue additional devices.

The approval method through the supplementary device is highly secure, but the mobility is inferior because the approval is possible only if the user possesses the additional device at the time of the transaction.

The problem to be solved by the present invention is to prevent the exposure of the user's secret from keyboard hooking or phishing attack in advance by using a variety of secret puzzle, and to prevent the transaction information that requires the user's approval is tampered by the attacker It is to provide approval methods using various secret puzzles.

In order to solve the above problems, there is provided an approval method using various secret puzzles of the present invention. In the second step of receiving the authorization number to the user terminal, the number or letter corresponding to the user's transfer password to the secret puzzle script is entered as the code number or code letter presented in the secret puzzle script, and the user's account transfer password A third step of inputting the code number presented in the first secret puzzle script, receiving a second secret puzzle script composed of a j × k matrix from the authentication server, and arranged in the second secret puzzle script corresponding to the authorization number; Step 4 of inputting a code number or code character, whether or not the transfer password is confirmed According to whether or not confirmation of authorization number and a fifth step of determining whether to approve money transfer.

The third step is a) clicking a code number or a code letter arranged in the first line of the secret puzzle script corresponding to the first letter of the user transfer secret through a peripheral device, the first number of the transfer password of the user B) moving the number arranged in the second line of the corresponding secret puzzle script so that the transfer secret is located in the same column as the clicked code number or code letter by using a peripheral device or the like; C) clicking a code number or code letter arranged in the third line of the corresponding secret puzzle script through a peripheral device, etc., arranged in the fourth line of the secret puzzle script corresponding to the second number of the user's transfer password; The transferred number in the same column as the code number or code letter where the transfer secret is clicked using a peripheral device, etc. And d) repeating steps a) and d) by the same number of digits of the transfer secret and the transfer password.

The fourth step is to move or input the number arranged in the first line of the secret puzzle script corresponding to the first number of the user transfer password, the first number or the first letter of the authorization number sent from the authentication server G) moving the number or letter arranged in the second line of the corresponding secret puzzle script so that the input number or letter is located in the same column as the first number of the transfer password, the second number of the user transfer password. H) shifting or entering the number arranged in the third line of the corresponding secret puzzle script, arranged in the fourth line of the secret puzzle script corresponding to the first digit or first character of the authorization number sent from the authentication server; I) moving a number or letter so that the entered number or letter is in the same column as the first number of the transfer password; and And j) repeating steps a) and d) in the same way as the digit of the transfer password.

In step g), the numbers arranged on the second line of the first secret puzzle script are selected and moved in the direction indicated at both ends of the second line so that the transfer secret of the first line moves in the same column as the code character position clicked on. It characterized in that the step to be.

In step i), the numbers arranged in the fourth row of the secret puzzle script are selected and moved in the directions indicated at both ends of the fourth row so that the transfer secret of the third row moves in the same column as the clicked code character position. Characterized in that the step.

In step g), the numbers or letters arranged in the second line of the second secret puzzle script are selected and moved in the directions indicated at both ends of the second line so that the transfer password of the first line is the same as the position of the input number. Characterized in that the step of moving to heat.

In step i), the number or letter arranged in the fourth row of the second secret puzzle script is selected and moved in the direction indicated at both ends of the fourth row so that the transfer password of the third row is the same as the position of the entered number. Characterized in that the step of moving to heat.

Steps g) and i) select a number corresponding to the transfer password character arranged on the first secret puzzle script to move the number of the approval number in the direction indicated by the server. .

The transfer secret may be represented as the recipient's name, phone number, mobile phone number, address, company, age, recipient image of the user.

The first secret puzzle script and the second secret puzzle script is characterized in that it comprises an additional dummy script according to the security level.

When the approval is performed using the secret puzzle according to the present invention, the secret is not exposed even if the user approaches the phishing site.

Also, because users know that they are required to enter secrets through secret puzzles, they can't use the form to enter secrets directly, and even if they apply secret puzzles from phishing sites, attackers can't find out the transfer password and approval response. There is no effect.

In addition, the present invention can be securely authorized from the attacker to control the user's computer and the real-time malicious code to modify the received account information because the account transfer is made through the secret puzzle containing the transfer secret.

In addition, the approval method using the secret puzzle of the present invention can be applied to mobile banking because it is easy to use without requiring a high resolution.

1 is a flow chart showing an approval method using a secret puzzle according to an embodiment of the present invention.
FIG. 2 is a flowchart illustrating the third step of FIG. 1 in more detail.
3 is an exemplary view showing a secret puzzle applied to the approval method of FIG.
4 is a flowchart illustrating an approval method using various secret puzzles showing another embodiment of the present invention.
FIG. 5 is a flowchart illustrating the third step in FIG. 4 in more detail.
FIG. 6 is a flowchart illustrating the fourth step described in FIG. 4 in more detail.
Figure 7a is an exemplary view showing an example of various secret puzzle applied to the approval method of the present invention.
7B is an exemplary view showing another example of various secret puzzles applied to the approval method of the present invention.
7C is an exemplary view showing another example of various secret puzzles applied to the approval method of the present invention.
7d is an exemplary view showing another example of various secret puzzles applied to the approval method of the present invention.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, without excluding other components unless specifically stated otherwise. In addition, the terms "~", "~" described in the specification means a unit for processing at least one function or operation, which may be implemented in hardware or software or a combination of hardware and software.

DETAILED DESCRIPTION In order to fully understand the present invention, the operational advantages of the present invention, and the objects achieved by the practice of the present invention, reference should be made to the accompanying drawings that illustrate preferred embodiments of the present invention.

Before describing the present invention, the commonality of the current authorization response (security card or one time password) is that it consists of a number, and that each time a different response is used, and that the server has plain text of the response. I can see. In the case of the security card, the number of secrets is limited, but twice, two digits are used in the form of query-response, so the server stores all the secrets of the security card or an argument that can restore the secrets.

In case of OTP, there are query-response method, time synchronization method, event (counter) synchronization method, and combination (time and counter) method, and all of them are shared or synchronized with the authentication server. The server can see the response in plain text. The attribute of this acknowledgment is suitable for use as a query (query-response protocol).

In contrast, a transfer password (or account password) is a fixed type of secret, and the server may not know the plain text because the result of the encryption one-way hash function may be stored in the authentication server.

Therefore, the present invention described below is configured based on the attributes of these two secrets.

FIG. 1 is a flowchart illustrating an approval method using a secret puzzle according to an embodiment of the present invention, and FIG. 2 is a flowchart illustrating the third step of FIG. 1 in more detail.

As shown in Figure 1, the approval method using the secret puzzle of the present invention includes a first step (S10) to the fourth step (S40).

The first step (S10) may be a step of requesting the authentication server for user authentication according to the account transfer.

The second step (S20) may be a limit for receiving the secret puzzle script and the user authorization number generated from the authentication server to the user terminal.

The third step S30 may be a step of inputting a number or letter corresponding to a user's transfer password and authorization number as a code number or code letter displayed on the secret puzzle script, respectively.

The fourth step S40 may be a step of determining whether to approve after confirming the approval number according to whether the transfer password is confirmed.

More specifically, the first step S10 may be a step in which a user performs a request for approval of account transfer to the authentication server through a user computer or a mobile terminal for account transfer.

The computer or mobile terminal is a portable terminal capable of wired and wireless connection with the authentication server, a mobile Internet device (Mobile Internet Device), MP3, MP4, PMP (Portable Multimedia Player), notebook computer, UMPC (Ultra Mobile PC), Or various electronic devices such as personal computers (PCs), cellular phones, smart phones, or personal digital assistants (PDAs).

In addition, in the case of a mobile terminal, not only an existing code division multiple access (CDMA) terminal incorporating a subscriber identity module (SIM) but also a GSM (Global system for mobile communication) that can attach and detach a card equipped with the SIM. It may include a terminal.

In addition, an application program accessible to the authentication server is installed inside the computer or the mobile terminal.

The second step (S20) is a step of receiving a response corresponding to the user authentication request transmitted from the computer or the mobile terminal from the authentication server, the authentication server is connected to the authentication server the result value of the encryption one-way hash function Extract from the database and send the secret puzzle script converted data. In addition, the step of transmitting the user authorization number to the user terminal.

Referring to FIG. 2, the third step S30 may include a) steps S31 to e) step S35.

Step a) step S31 may be a step of moving or inputting the numbers arranged in the first line of the secret puzzle script corresponding to the first number of the user transfer password.

B) step (S32) is a number or letters arranged in the second line of the secret puzzle script corresponding to the first number or the first letter of the authorization number sent from the authentication server, the input number or letter of the transfer password The movement may be performed to be located in the same column as the first number.

Step c) (S33) may be a step of moving or inputting the numbers arranged in the third line of the secret puzzle script corresponding to the second number of the user transfer password.

The d) step (S34) is a number or letters arranged in the fourth line of the secret puzzle script corresponding to the first number or the first letter of the authorization number sent from the authentication server, the input number or letter is the transfer password The movement may be performed to be located in the same column as the first number.

The step e) (S35) may be a step of repeating the steps a) and d) equal to the number of digits of the transfer password.

Wherein b) step (S32) selects the numbers or letters arranged in the second line of the secret puzzle script in the direction indicated at both ends to move the transfer password of the first line in the same column as the position of the number entered It may be a step to be.

In step d34, the number or letter arranged in the fourth line of the secret puzzle script is selected and moved in the direction indicated at both ends of the fourth line so that the transfer password of claim 3 is the same as the position of the input number. It may be performed to move to the heat.

Steps b) S32 and d) S34 select a number corresponding to the number of the approval number arranged on the secret puzzle script to move the number of the approval number in the direction indicated by the server. It may be a step.

3 is an exemplary view showing a secret puzzle applied to the approval method of FIG.

For example, referring to FIG. 3, the number represented in the gray background is the transfer password (fixed) and the number listed below is the acknowledgment (flowable: can be moved via the keyboard or mouse).

Find the i-digit transfer password on the i-th gray background row and move the acknowledgment of the i-digit below it in the direction indicated by the i-arrow.

As a specific example, if the user's transfer password is '3869' and the approval response is '6989', the movement information at this time is left 7 spaces, left 1 space, right 8 spaces and right 0 spaces.

The transfer password and the acknowledgment are sequentially expressed, but they can be expressed arbitrarily or in the form of a CAPTCHA.

Since the authentication server can simultaneously confirm the transfer password and the approval response through the secret puzzle of the present invention, it is not necessary to separately enter the transfer password in the account transfer information input step (for example, step b)).

It can also be used to reverse the role of transfer password and acknowledgment. However, a fixed place should be located so that users do not have to find a new place to place an acknowledgment each time, so that the user can easily become familiar with the inventor's secret puzzle.

The CAPTCHA is a type of test used to determine if the computer user is a human. This is a test that takes place when registering an account to prevent automatic registration of the spam software.

For example, a user who wants to register a mail account by creating a complex pattern of visually transformed words on the background screen can create an account by typing the word on the keyboard. People can easily recognize it, but not spam computers. As a result, spammers will not be able to create accounts automatically, and it will be difficult to send spam.

4 is a flow chart illustrating an approval method using various secret puzzles according to another embodiment of the present invention, FIG. 5 is a flow chart more specifically illustrating the third step described in FIG. 4, and FIG. 6 is described in FIG. 4. This is a flow chart showing the fourth step in more detail.

As shown in Figure 4, the approval method using a secret puzzle includes a first step (S50) to the fifth step (S90).

The first step (S50) may be a step of requesting the authentication server for user authentication according to the account transfer.

The second step S60 may be a step of receiving, from the authentication server, a first secret puzzle script composed of a j × k matrix and a user approval number to the user terminal.

The third step (S70) is to enter the number or letter corresponding to the user's transfer password to the secret puzzle script as the code number or code letter presented in the secret puzzle script, the user's account transfer password to the first secret puzzle It may be a step of inputting the code number presented in the script.

The fourth step (S80) receives a second secret puzzle script consisting of a j × k matrix from the authentication server, inputting the code number or code characters arranged in the second secret puzzle script corresponding to the authorization number It may be a step.

The fifth step (S90) may be a step of determining whether the transfer transfer approval according to whether the transfer password is confirmed and the approval number.

More specifically, referring to FIG. 5, the third step may include a) steps S71 to e) S75.

The a) step S71 may be a step of clicking a code number or a code letter arranged in the first line of the secret puzzle script corresponding to the first letter of the user transfer secret through a peripheral device.

B) step S72 is identical to the code number or code letter clicked on the transfer secret using a peripheral device or the like arranged in the second line of the secret puzzle script corresponding to the first number of the transfer password of the user. May be moved to be located in a column.

In step c73, the code number or code letter arranged in the third line of the secret puzzle script corresponding to the second letter of the user transfer secret may be clicked through a peripheral device.

The d) step (S74) is the same as the code number or code letter in which the transfer secret is clicked using a peripheral or the like arranged in the fourth line of the secret puzzle script corresponding to the second number of the transfer password of the user. May be moved to be located in a column.

The step e) (S75) may be a step of repeating the steps a) and d) by the same number of digits of the transfer secret and the transfer password.

In step b), step 72 selects the numbers arranged in the second line of the first secret puzzle script and moves them in the direction indicated at both ends of the second line so that the transfer secret of the first line is clicked. May be moved to the same row.

In step d), step 74 selects the numbers arranged in the fourth row of the secret puzzle script and moves them in the direction indicated at both ends of the fourth row so that the transfer secret of the third row is in the same column as the code character position clicked on. May be performed to move.

Next, referring to FIG. 6, the fourth step S80 may include a) steps S81 to e) S85 in more detail.

Step f) (S81) may be a step of moving or inputting the numbers arranged in the first line of the second secret puzzle script corresponding to the first number of the user transfer password.

The g) step (S82) is a number or letter inputted to the number or letter arranged in the second line of the second secret puzzle script corresponding to the first number or first letter of the authorization number sent from the authentication server is the transfer It may be a step of moving to the same column as the first number of the password.

The h) step S83 may be a step of moving or inputting the numbers arranged in the third row of the second secret puzzle script corresponding to the second number of the user transfer password.

The i) step (S84) is a number or letters arranged in the fourth line of the second secret puzzle script corresponding to the first number or the first letter of the authorization number sent from the authentication server, the number or letters inputted is the transfer It may be a step of moving to the same column as the first number of the password.

Step j) (S85) may be a step of repeating the steps a) and d) equal to the number of digits of the transfer password.

In step g), in operation S82, the numbers or letters arranged in the second line of the second secret puzzle script are selected and moved in the directions indicated at both ends of the second line so that the transfer password of the first line is entered. May be moved in the same column as the position.

In step i), in step S84, the numbers or letters arranged in the fourth row of the second secret puzzle script are selected and moved in the directions indicated at both ends of the fourth row so that the transfer password of the third row is entered. And moving to the same column as the position.

Steps g) S82 and i) S84 select a number corresponding to the transfer password character arranged on the second secret puzzle script to move the number of the authorization number in the direction indicated by the server. It may be a step to perform.

Here, the transfer secret may be represented by the recipient's name, telephone number, mobile phone number, address, company, age, and recipient image of the user. However, it is not limited thereto.

The first secret puzzle script and the second secret puzzle script may include additional dummy secret puzzle scripts (eg, the secret puzzle script 30 shown in FIG. 7B) according to security level.

For example, any one of the first secret puzzle or the second secret puzzle may be represented using the secret puzzles 20 to 50 shown in FIGS. 7A to 7D described below.

7A to 7B are exemplary views illustrating examples of various secret puzzles.

7A to 7D, among information related to bank transfer, if there is information that the authentication server and the user know but do not enter (hereinafter referred to as “secret of transfer”), various secret puzzles for the transfer approval are created using the same. Can be.

As illustrated in FIG. 7A, the secret puzzle 20 may display a transfer secret in odd or even rows, and enter a transfer password in the next row.

For example, assuming that the transfer password is the recipient's name, for example, "the most recent material" and the transfer password is "251", as described in the third step of another embodiment of the present invention, the first row, the third row, In the fifth line, the character codes "Maximum", "U", "Re" are selected, and the code number 2 of the second line is shifted two spaces to the right, and the code number 5 of the fourth line is two spaces to the left. By moving the code number 1 of the sixth line to the right, the authentication confirmation can be achieved.

As an example of the transfer secret, the recipient name is shown, but in another example, it may be a phone number, a mobile phone number, an address, a company, an age, a recipient, an image, and the like.

7B may be a secret puzzle script 30 illustrating an example in which a dummy script is added to increase the security level when only the recipient name of the user is described as a transfer secret.

FIG. 7C illustrates an example of a secret puzzle for convenience of the user, for example, a secret puzzle script 40 that is adapted to the number of digit secrets as necessary.

FIG. 7D illustrates an example of a secret puzzle script 50 that may be received when transferring multiple bank transfer information, for example, when processing six bank transfers.

For example, six recipients can appear in the first, third, fifth, seventh, ninth, and eleventh rows, and each even row has a code that corresponds to an authorization number or wire transfer password. The authentication method can be achieved by moving the number to an even row in the same column as the six recipient names through a peripheral device or the like.

Hereinafter, a method of securely transferring a user by using an embodiment of the present invention will be described briefly.

First, the user inputs or selects a transmission account number, a transfer amount, a recipient bank, and a recipient account number, and requests an account transfer from the authentication server (S100).

Next, the authentication server checks whether the account transfer is possible, and if there is no problem with the transfer, transmits the secret puzzle and the partial approval response query using the transfer password to the client. The user inquires the acknowledgment response and moves the number arranged in the secret puzzle to a desired position using a peripheral password (eg, a keyboard or a mouse) for the partial approval response (S110).

If there are two or more transfers, S100 and S110 may be repeated.

If you go to the next step, the certificate window will appear.You can check the transfer information at the top of the certificate window, enter a secret puzzle (as many as the number of sending accounts) in the middle and enter the certificate password at the bottom. In this case, the contents related to the transfer secret are not displayed in the transfer information, but instead, the secret puzzle shown to the user is shown in S110 (S120).

When the user places the approval response in the transfer password and enters the authentication certificate password and transmits it to the server (S130). The transfer secret should still be displayed, but only the recipient's name should be CAPTCHA.

Here, the transfer secret is still displayed, but only the recipient name is CAPTCHA.

Theoretically, a numeric secret provides as much security as the number of digits. The combination of a four-digit transfer password and a four-digit acknowledgment in theory provides as much security as possible. Theoretical security of the secret puzzle using a combination of numbers and secrets is that if the number of digits (or the number of puzzles) of the acknowledgment response is, it stays at, but it is also safe for remote attackers. If the time-synchronized OTP is used as an acknowledgment, the time difference when the user inputs should be taken into consideration, so that the error can be allowed as much as a predefined tolerance. The theoretical security at this time is.

Existing secret authentication uses a method of directly inputting a secret. Therefore, regardless of the theoretical security of the secret, the attacker could obtain the secret entered by the user through key loggers, phishing and pharming attacks and use it as the attacker intended. Fluid secrecy, such as OTP, reduces the time it can be used as the attacker intended, and is not a fundamental solution because it is vulnerable to document tampering attacks.

Therefore, when the secret puzzle proposed in the present invention is applied, the secret is not exposed even if the user accesses the phishing site. Since the user knows that they are required to enter the secret through a secret puzzle, they will not use the form to enter the secret directly. Even if the secret puzzle is applied at the phishing site, the attacker cannot find out the transfer password and the approval response.

Document tampering attacks occur because there is no mechanism for identifying the secrets for which the transactions are not reflected. Since Secret Puzzle 2 is designed to place an acknowledgment on information that the attacker does not know, the attacker cannot manipulate the secret puzzle sent by the server in such a way that he can complete his transaction.

If implemented at the script level of the Web, browser compatibility and installation costs are low. If additional software is required, the installation may not be possible, depending on the particular browser or operating system you are using. In the case of the method using the additional device, the security is high, but there is a cost burden due to the issuance of the hardware device and the mobility is low because the transaction is possible only when the device is owned. In the case of compatibility, we evaluated both browser compatibility and current secret compatibility.

It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the appended claims and their equivalents. And such changes are, of course, within the scope of the claims.

10,20,30,40: Secret puzzle script

Claims (10)

A first step of requesting an authentication server for user authentication according to the account transfer;
A second step of receiving, from the authentication server, a first secret puzzle script composed of a j × k matrix and a user approval number to a user terminal;
Entering the number or letter corresponding to the user's transfer password in the secret puzzle script as the code number or code letter presented in the secret puzzle script, and inputting the user's account transfer password as the code number presented in the first secret puzzle script The third step;
Receiving a second secret puzzle script composed of a j × k matrix from the authentication server and inputting the second secret puzzle script in a code number or code character arranged in the second secret puzzle script corresponding to the authorization number; And
And a fifth step of determining whether or not to approve the transfer according to whether the transfer password is confirmed and the approval number is verified.
In the third step,
A) clicking a code number or code letter arranged in the first line of the secret puzzle script corresponding to the first letter of the user transfer secret through a peripheral device;
B) moving the number arranged in the second line of the secret puzzle script corresponding to the first number of the user's transfer password so that the transfer secret is located in the same column as the clicked code number or code letter using a peripheral device; ;
C) clicking a code number or code character arranged in the third line of the secret puzzle script corresponding to the second character of the user transfer secret through a peripheral device;
D) shifting the number arranged in the fourth line of the secret puzzle script corresponding to the second number of the user's transfer password so that the transfer secret is located in the same column as the clicked code number or code letter using a peripheral device; step; And
And e) repeating steps a) and d) as many times as the number of digits of the transfer secret and the transfer password.
The method of claim 1,
In the fourth step,
F) moving or inputting the numbers arranged in the first line of the secret puzzle script corresponding to the first number of the user transfer password;
The input number or letter is arranged in the same column as the first number of the transfer password, the number or letter arranged in the second line of the secret puzzle script corresponding to the first number or first letter of the authorization number sent from the authentication server. G) to make;
H) moving or entering the numbers arranged in the third line of the secret puzzle script corresponding to the second number of the user transfer password;
The input numbers or letters are arranged in the same column as the first digit of the transfer password by moving the number or letter arranged in the fourth line of the secret puzzle script corresponding to the first number or first letter of the authorization number sent from the authentication server. I) to make; And
Authorization method using a secret puzzle comprising the step j) repeating the steps f) and i) equal to the number of digits of the transfer password.
The method of claim 2,
Step g),
Selecting a number arranged in the second row of the first secret puzzle script and moving the number in the direction indicated at both ends of the second row so that the transfer secret of the first row moves in the same column as the clicked code character position. Authorization method using a secret puzzle characterized in that.
The method of claim 2,
Step i),
Selecting the numbers arranged in the fourth row of the secret puzzle script and moving them in the directions indicated at both ends of the fourth row so that the transfer secrets of the third row move in the same column as the clicked code character position. Approval method using secret puzzle.
The method of claim 3,
Step g),
Selecting the numbers or letters arranged in the second line of the second secret puzzle script in the direction indicated at both ends of the second line so that the transfer password of the first line moves in the same column as the position of the input number; Approval method using a secret puzzle, characterized in that the.
The method of claim 3,
Step i),
Selecting the numbers or letters arranged in the fourth row of the second secret puzzle script in the direction indicated at both ends of the fourth row to move the transfer password of the third row to the same column as the position of the entered number; Approval method using a secret puzzle, characterized in that step.
The method of claim 3,
Step g) and step i),
And selecting a number corresponding to the transfer password character arranged on the first secret puzzle script to move the number of the approval number in the direction indicated by the server.
The method of claim 1,
The transfer secret,
Authorization method using a variety of secret puzzle, characterized in that the user's name, phone number, mobile phone number, address, company, age, can be represented by the recipient image.
The method of claim 1,
The first secret puzzle script and the second secret puzzle script,
Authorization method using a variety of secret puzzle, characterized in that it includes an additional dummy script according to the security level.

Images