KR20130008115A - Otp formation method of encipherment algorithm using of n-box - Google Patents

Abstract

PURPOSE: A one-time password(OTP) production generation method is provided to generate an N-BOX different from each other using a private telephone number of a user and a PIN number of a terminal for the user. CONSTITUTION: An ID and/or password input by an individual are generated as a key series using a stream encryption algorithm(S100). A feedback function is generated using an ID number of an individual or a device(S110). A feedback value is generated using the feedback function(S120). An N-BOX consisting of numbers is generated using the feedback value(S140). An OTP is generated by substitution of a number of the N-BOX by the key series(S150). [Reference numerals] (AA) Start; (BB) End; (S100) Generating an ID and/or password as a key series using a stream encryption algorithm; (S110) Generating a feedback function using an ID number of an individual or a device; (S120) Generating a feedback value using the feedback function; (S130) Cutting a key series bit into four to six bits; (S140) Generating an N-BOX in the size corresponding to the cut bit number using the feedback value; (S150) Generating an OTP by substitution of the number of the N-BOX by the cut key series

Description

A method for generating a one-time password (OTP) of a cryptographic algorithm using N―ＢＯＸ. {OTP formation method of encipherment algorithm using of N-BOX}

The present invention relates to a one-time password (OTP) generation method, and more particularly, one-time password of the encryption algorithm using the N-BOX that can easily generate a one-time password through the encryption algorithm using a numeric substitution table ( OTP) generation method.

Recently, communication technology such as the Internet has been rapidly developed, and much of the work is being done through the Internet. Since the Internet is an open network, any user can access it. When a malicious user is approached for the purpose of attack, it can be subject to eavesdropping, intrusion, theft, and the like. In order to prevent such damage, interest in internet security has recently increased.

In particular, due to the rapid development of electronic banking transactions, the use of Internet banking services is increasing, resulting in electronic banking hacking and security incidents.

The user authentication method is most commonly used to reduce the occurrence of such a security incident. Authentication is a function of guaranteeing the identity of a user when a specific user requests access. Currently, an authentication method based on Identity / Password is most commonly used. In addition to a simple password authentication method, a strong authentication method using a user's own media or user's own biometric information is also used. These authentication methods are used according to the importance of security.

Currently, the authentication method used in electronic financial transactions authenticates users using a security card and a public certificate. Recently, however, a new one-time password (OTP) technique has been introduced and used. One-time password (OTP) is a method that generates and uses a password when a user requests authentication. The generated password has different values so that the password once used is not reused.

This ensures security even if an attacker taps the password over the network or if the user forgets the password. In addition, the one-time password has the characteristics of anonymity, portability, and scalability, and prevents the leakage of personal information because it does not store and use the user's personal information.

In addition, due to the continuous development of mobile communication technology, users can not only make a phone call with a desired user anytime, anywhere, but also receive various services using a mobile terminal. However, the openness of mobile communication reveals serious security problems such as wireless hacking that is increasing rapidly. The solution to this wireless security problem is to encrypt the data.

Encryption algorithm is divided into secret key algorithm and public key algorithm. Public key algorithms are ciphers that do not require key transmission using different secret and public keys, such as RSA (Rivest Shamir Adlman) and ECC (Elliptic Curve Cryptosystem). The secret key encryption method is divided into a block cipher and a stream cipher.

Stream encryption is a technique for encrypting data input in a bit string in bit units, and block encryption is a technique for encrypting data input in a bit string by cutting it into a bit string of a predetermined length.

The stream cipher algorithm is an algorithm in which a generated sequence of keys is randomly and evenly generated and is widely used in Europe and the like. In order to use the stream cipher algorithm as the one-time password (OTP) described above, it must be converted into a 4-8 digit numeric form.

However, the stream cipher algorithm generates a key sequence, and 0 or 1 output is generated in bit units. There is a problem that it is difficult to directly apply the output 0 or 1 bit to OTP. That is, when a combination of outputs of O or 1 is generated, numbers, English letters, special characters, etc. are randomly generated, and thus there is a problem in that the user needs to convert them into a one-time password (OTP) that can be used conveniently.

An object of the present invention to solve the above problem is to solve the problem of using OTP by replacing the unit of the conventional S-BOX, and to generate a table formed of replaceable numbers for each individual user, stream encryption algorithm or block The present invention also provides a method of easily generating a one-time password (OTP) corresponding to a key sequence outputted in an encryption algorithm.

A first aspect of the present invention for solving the above problem is a method for generating a one-time password (OTP), comprising: (a) generating a sequence of keys using a stream encryption algorithm for an ID and / or password input by an individual; (b) generating a feedback function using an identification number (PIN) of an individual or device device; (c) generating a feedback value using the feedback function; (d) generating an N-BOX consisting of numbers using the identification number (PIN) and a feedback value; And (e) generating an OTP by substituting the number of N-BOX by the key sequence.

Here, in the step (a), the feedback function is preferably a higher-order function arranged in descending order by using each identification number (PIN) number of the individual or device apparatus, and the step (b) may include (b1) the feedback. Adding the order of the higher order function and filling the N-BOX with the remaining value obtained by dividing the added value by 10; (b2) Except for the order of the highest order term in the order, it is preferable to repeat the step (b1) by replacing the order of the lowest order term with the remaining value.

Preferably, the step (d) may be a step of cutting the key sequence bits into 8 to 12 bits and generating the N-BOX having a size corresponding to the number of the cut bits.

The second aspect of the present invention provides a method for generating a one-time password (OTP), comprising: (a) generating a sequence of keys using a block encryption algorithm for an ID and / or password input by an individual; (b) generating a feedback function using an identification number (PIN) of an individual or device device; (c) generating a feedback value using the feedback function; (d) generating an N-BOX consisting of numbers using the identification number (PIN) and a feedback value; And (e) generating an OTP by substituting the number of N-BOX by the key sequence.

Here, in the step (a), the feedback function is preferably a higher-order function arranged in descending order by each identification number (PIN) number of the individual or device apparatus, and the step (b) is (b1) the feedback. Adding the order of the higher order function and filling the N-BOX with the remaining value obtained by dividing the added value by 10; (b2) Except for the order of the highest order term in the order, it is preferable to repeat the step (b1) by replacing the order of the lowest order term with the remaining value.

According to the present invention, it solves the problem of using OTP by replacing bit units of the conventional S-BOX, and using different N-BOX for each individual by using the user's personal telephone number and PIN number of the user terminal. In addition, it is possible to easily generate a one-time password corresponding to a sequence of output keys even in a stream cipher algorithm or a block cipher algorithm.

1 is a flowchart illustrating a method for generating a one time password (OTP) of a stream cipher algorithm using an N-BOX according to the present invention;
2 is a flowchart illustrating a method for generating a one time password (OTP) of a block cipher algorithm using an N-BOX according to another embodiment according to the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention, and how to accomplish it, will be described with reference to the embodiments described in detail below with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. The embodiments are provided so that those skilled in the art can easily carry out the technical idea of the present invention to those skilled in the art.

In the drawings, embodiments of the present invention are not limited to the specific forms shown and are exaggerated for clarity. In addition, parts denoted by the same reference numerals throughout the specification represent the same components.

The expression "and / or" is used herein to mean including at least one of the components listed before and after. In addition, the singular also includes the plural unless specifically stated otherwise in the text. Also, components, steps, operations and elements referred to in the specification as " comprises "or" comprising " refer to the presence or addition of one or more other components, steps, operations, elements, and / or devices.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the drawings.

1 is a flowchart illustrating a method for generating a one time password (OTP) of a stream cipher algorithm using an N-BOX according to the present invention. As shown in FIG. 1, the method for generating a one-time password according to the present invention includes: (a) generating a sequence of keys using a stream encryption algorithm for an ID and / or password input by an individual (S100); (b) generating a feedback function using an identification number (PIN) of an individual or a device (S110); (c) generating a feedback value using the feedback function (S120); (d) generating an N-BOX consisting of numbers using the feedback value (S140); And (e) generating an OTP by substituting the number of N-BOX by the key sequence (S150).

Here, N-BOX is a new term applied to the present invention and refers to a table that can be converted or replaced with a natural number of 0 to 9 so that a user can conveniently use a binary key sequence generated in a general encryption algorithm.

In general, when a financial transaction or secure communication is required in wired or wireless communication, a stream password or a block password is used to generate a one-time password (OTP) by applying a method of encrypting an ID or password of a user or individual with a secret key. In this case, a binary key sequence is generated and needs to be converted into a numeric password that can be used by the user.

Accordingly, the present invention proposes a method of easily generating an identification number of an individual user or a device using a numeric conversion table (N-BOX) in an encryption algorithm, and using this to generate a one-time password.

As shown in Fig. 1, step (a) first generates a sequence of keys using a stream cipher algorithm for an ID and / or password input by an individual (S100). It is a binary string generator using LSFR (Linear Feedback Shift Resister). The stream cipher system is a cipher system based on a nonlinear binary string generator that combines LSFR nonlinearly to guarantee the maximum period, and generates a cipher text in binary string by encoding plain text into binary string.

Stream ciphers are divided into self-synchronization stream ciphers and synchronous stream ciphers according to a synchronous method. The self-synchronized cipher can feed back the ciphertext to the input so that the receiver can recover the synchronization on its own when the stream is out of sync.However, even if only one bit error occurs in the channel, the bit error of the single size of the moving register is spread. Applied to this prepared communication network.

The synchronous stream cipher system cannot recover itself when the stream is out of sync. Therefore, it is necessary to stop communication and establish resynchronization. There are a key sequence generator, a vernam cipher, and a counter of a block cipher. This method should compensate for the problem that synchronization occurs when a clock slip occurs between transmission and reception such as bit insertion or loss, but it is generally used because there is no spread of bit error. In the present invention, either self synchronous or synchronous is possible.

By stream encryption, an individual ID or password generates an encrypted key sequence, and the key sequence generates the N-BOX formed of numbers. (Step (d)) Therefore, a key sequence of binary numbers is 0 to 9. In order to generate an N-BOX for converting to a number of, the present invention uses an identification number (PIN) of an individual or device.

That is, the individual's social security number or the identification number (PIN) of the device consists of a sequence of 0 to 9 numbers, which generates a feedback function (S120) and generates a new encrypted number using the number N. Generate a -BOX (S140) Here, the feedback function is preferably a higher-order function, it is preferable that the function arranged in descending order by the resident number of the individual or the identification number (PIN) of the device device.

More specifically, in the present invention, the output key sequence bits of the stream cipher algorithm are cut in a specific unit (8-12 bits) (S130), and the number of bits is calculated and then replaced with the corresponding table number. By applying this method, it is easier and more random to create a table that can be replaced by using a phone number or a unique PIN number of a user's terminal instead of the existing S-BOX. You can do it.

That is, after filling the user's telephone number or the unique PIN of the user terminal from the first column of the table first, after sorting the user's number in descending order, a feedback function is generated (S120), and the remaining table is automatically filled using the feedback function. The N-BOX is generated (S140). The size of the table is adjusted by the output unit of the stream cipher algorithm.

When the N-BOX is generated as described above (S140), the key sequence generated using the stream cipher algorithm is cut into 8 to 12 bits and replaced with the number of the N-BOX corresponding to each cut key sequence to replace the one-time password (OTP). It is generated (S150).

2 is a flowchart illustrating a method for generating a one time password (OTP) of a block cipher algorithm using an N-BOX according to another embodiment according to the present invention. As shown in FIG. 2, the method for generating an OTP according to the present invention comprises the steps of: a) generating an ID and / or password inputted by an individual using a block encryption algorithm (S200); (b) generating a feedback function using an identification number (PIN) of an individual or a device; (c) generating a feedback value using the feedback function (S220); (d) generating an N-BOX consisting of numbers using the identification number (PIN) and a feedback value (S230); And (e) generating an OTP by substituting the number of N-BOX by the key sequence (S240).

The present embodiment proposes a method of generating a one-time password by generating a N-BOX by replacing a key sequence generated by a block encryption algorithm with a number of the N-BOX corresponding to the key sequence.

Block cipher is an encryption method in which a cipher key and algorithm are applied in units of data blocks to make a ciphertext. The ciphertext of the previous cipher block is applied to the next block in order so that the same blocks of plaintext are not the same ciphertext in one message. It is. By combining the initialization vector by the random number generator into the first block of plaintext so that identical messages encrypted at the same time do not produce the same ciphertext, the next blocks become different ciphertext from the previous cipher block. Since the present embodiment generates the key sequence in units of blocks, there is an advantage that it does not need to be truncated in units of specific bits as in the embodiment of FIG. 1. And, in the embodiment shown in Figure 2, the method of generating the N-BOX is the same, and the size of the N-BOX is determined by the bits of the blocked key sequence.

Table 1 below is a table showing an example of an 8-bit N-BOX applied to the one-time password (OTP) generation method of the encryption algorithm using the N-BOX according to the present invention.

One 0 41 7 81 9 121 3 161 6 201 0 241 6 2 One 42 6 82 9 122 2 162 3 202 8 242 6 3 0 43 9 83 0 123 One 163 9 203 8 243 7 4 One 44 8 84 One 124 8 164 0 204 7 244 5 5 2 45 6 85 2 125 2 165 5 205 6 245 0 6 3 46 3 86 4 126 8 166 6 206 3 246 One 7 4 47 9 87 3 127 4 167 7 207 6 247 6 8 7 48 5 88 4 128 5 168 5 208 5 248 2 9 8 49 6 89 2 129 6 169 6 209 2 249 8 10 9 50 2 90 9 130 8 170 7 210 7 250 6 11 0 51 7 91 0 131 7 171 9 211 9 251 2 12 0 52 2 92 8 132 One 172 6 212 2 252 2 13 7 53 5 93 6 133 8 173 7 213 6 253 2 14 0 54 9 94 2 134 8 174 6 214 2 254 6 15 5 55 3 95 4 135 6 175 3 215 One 255 5 16 6 56 3 96 One 136 7 176 9 216 4 256 6 17 7 57 2 97 0 137 5 177 9 217 8 18 9 58 5 98 8 138 3 178 2 218 5 19 4 59 7 99 6 139 0 179 One 219 8 20 0 60 One 100 6 140 7 180 6 220 4 21 3 61 2 101 5 141 8 181 9 221 6 22 0 62 3 102 One 142 0 182 6 222 One 23 8 63 5 103 8 143 0 183 0 223 3 24 6 64 3 104 3 144 6 184 0 224 9 25 5 65 2 105 8 145 9 185 2 225 6 26 4 66 5 106 4 146 8 186 7 226 2 27 3 67 2 107 8 147 One 187 7 227 2 28 9 68 0 108 One 148 4 188 5 228 9 29 4 69 2 109 One 149 3 189 7 229 6 30 8 70 7 110 4 150 0 190 9 230 6 31 9 71 6 111 2 151 4 191 0 231 5 32 7 72 8 112 8 152 8 192 4 232 One 33 6 73 3 113 5 153 4 193 7 233 5 34 9 74 6 114 5 154 2 194 6 234 0 35 One 75 9 115 4 155 6 195 2 235 7 36 8 76 9 116 7 156 7 196 8 236 One 37 7 77 9 117 9 157 5 197 6 237 One 38 2 78 5 118 6 158 One 198 0 238 5 39 8 79 3 119 8 159 8 199 8 239 One 40 0 80 6 120 8 160 9 200 7 240 7

Referring to [Table 1], for example, when the telephone number of an individual user is 010-1234-7890, the number is recorded and the input telephone number is filled from No. 1 of the table. Then, the phone numbers are sorted in descending order from 0 to 9 (sorted number: 98743210), and according to the sorted number, a formula is formulated as [Equation 1].

In this case, the order of the feedback function of Equation 1 is shown by sorting the telephone numbers in descending order.

In Equation 1, when each order of the function is added, a value is obtained. The added value is divided by 10 again and the remaining value is used as f (x) fed back. After generating the feedback value, after shifting each digit to the left, the feedback value is put in the last x ⁰ value of the gel, and after the telephone number filled in the table, the feedback value is filled to complete the N-BOX.

When the N-BOX is completed, the key sequence generated from the stream cipher using the completed table (N-BOX) is substituted for the value contained in the N-BOX, and the OTP is finalized with the substituted value. Will be created.

As described above, the present invention solves the problem of using the OTP by replacing the conventional S-BOX in units of bits, and can generate different N-BOX for each individual by using the user's personal telephone number and PIN number of the user terminal. In addition, a one-time password (OTP) can be easily generated by using a sequence of keys output from a stream cipher algorithm or a block cipher algorithm.

While the invention has been shown and described with respect to the specific embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. Anyone with it will know easily.

Claims (7)

In the one-time password (OTP) generation method,
(a) generating a sequence of keys from the ID and / or password input by the individual using a stream encryption algorithm;
(b) generating a feedback function using an identification number (PIN) of an individual or device device;
(c) generating a feedback value using the feedback function;
(d) generating an N-BOX consisting of numbers using the identification number (PIN) and a feedback value; And
(e) generating an OTP by replacing the number of the N-BOX by the key sequence to generate an OTP.
The method of claim 1,
In the step (a), the feedback function generates a one-time password (OTP) of the encryption algorithm using the N-BOX, characterized in that the higher-order function arranged in descending order of each identification number (PIN) of the individual or device device as an order. Way.
The method of claim 2,
The step (b)
(b1) filling the N-BOX by adding the order of the higher order function to the feedback value and dividing the added value by 10;
(b2) Excluding the order of the highest order term from the order, replacing the order of the lowest order term with the remaining value, repeating step (b1), the one-time password of the encryption algorithm using the N-BOX (OTP) ) How to create.
The method of claim 1,
The step (d)
Cut out the key sequence bits into 8-12 bits,
And generating the N-BOX having a size corresponding to the number of bits cut out.
In the one-time password (OTP) generation method,
(a) generating a sequence of keys using a block encryption algorithm for an ID and / or password input by an individual;
(b) generating a feedback function using an identification number (PIN) of an individual or device device;
(c) generating a feedback value using the feedback function;
(d) generating an N-BOX consisting of numbers using the identification number (PIN) and a feedback value; And
(e) generating an OTP by replacing the number of the N-BOX by the key sequence to generate an OTP.
The method of claim 5,
In the step (a), the feedback function generates a one-time password (OTP) of the encryption algorithm using the N-BOX, characterized in that the higher-order function arranged in descending order of each identification number (PIN) of the individual or device device as an order. Way.
The method according to claim 6,
The step (b)
(b1) filling the N-BOX by adding the order of the higher order function to the feedback value and dividing the added value by 10;
(b2) Excluding the order of the highest order term from the order, replacing the order of the lowest order term with the remaining value, repeating step (b1), the one-time password of the encryption algorithm using the N-BOX (OTP) ) How to create.

Images