KR20130008692A - Method and system for authenticating user's input data - Google Patents

Method and system for authenticating user's input data Download PDF

Info

Publication number
KR20130008692A
KR20130008692A KR1020110069191A KR20110069191A KR20130008692A KR 20130008692 A KR20130008692 A KR 20130008692A KR 1020110069191 A KR1020110069191 A KR 1020110069191A KR 20110069191 A KR20110069191 A KR 20110069191A KR 20130008692 A KR20130008692 A KR 20130008692A
Authority
KR
South Korea
Prior art keywords
value
authentication
user input
side device
input
Prior art date
Application number
KR1020110069191A
Other languages
Korean (ko)
Inventor
김재형
권봉기
Original Assignee
주식회사 비즈모델라인
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 비즈모델라인 filed Critical 주식회사 비즈모델라인
Priority to KR1020110069191A priority Critical patent/KR20130008692A/en
Publication of KR20130008692A publication Critical patent/KR20130008692A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Input From Keyboards Or The Like (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

PURPOSE: A user input value authentication method and system is provided to block leak of an input value for a user by authenticating a user through the input value of the user input from a user without storing an input value of a user. CONSTITUTION: An input value reception part(155) receives an input value of a user input through an input side device. A verification value generation part(165) generates a verification value corresponding to an input value of a user by encoding an encryption object data agreed with the input side device. A verification value maintenance part(170) maintains a generated verification value in a storage medium. An authentication reception part receives an authentication value generated by encoding an encryption object data agreed with the input side device. A verification value decision part(185) determines the verification value to be compared with the authentication value from the storage medium. An input value verification part(190) authenticates the validity of the input value of the user by comparing the verification value and the authentication value. The result transmission part(195) transmits the authentication result of the validity to the input side device. [Reference numerals] (100) Input side device; (105) Input value registration part; (110,160) Data agreement part; (115) User input part; (120) Encryption key determination part; (125) Authentication value generation part; (130) Authentication value transfer part; (135) Result processing part; (150) Authentication side device; (155) Input value reception part; (165) Verification value generation part; (170) Verification value maintenance part; (175) Input value disposal part; (180) Authentication value reception part; (185) Verification value decision part; (190) Input value verification part; (195) Result transmission part; (AA) Wired terminal; (BB) Wireless terminal; (CC) Communication interface; (DD) Server; (EE) IC card/USIM

Description

Method and System for Authenticating User ’s Input Data}

The present invention authenticates an input side device to which a user input value is input and validity of the user input value, but authenticates the user input value without storing the user input value in any medium. It is.

The simplest method of non-face-to-face authentication is to register and store a user input value memorable in advance, and then compare the user input value input from the user with the pre-registered user input value at the time of authentication.

However, the pre-registered user input value can be leaked at any time, and in practice, such a leak of personal information occurs very frequently. In order to solve this problem, various security tools including a one-time password are additionally used. However, due to the convenience of use, a method of authenticating a user through user input values memorized is still frequently used in various fields. have.

However, since most of the users repeatedly register and use the same user input value in several places, even if the user input value is leaked again, the user input value is registered again to minimize the damage even if the same user input is registered elsewhere. Damage by value cannot be blocked, and the damage caused by this cannot be foreseen.

An object of the present invention for solving the above problems, the input side device for receiving a user input value from the user to generate an authentication value to encrypt the specified encryption target data using the encryption key without additional verification, and the input side After generating and storing a verification value by encrypting the designated encryption target data using a user input value registered from a device as an encryption key, the authentication value transmitted from the input side device is compared with the stored verification value to determine the user input value. It is to provide a user input value authentication method and system composed of an authentication side device for authenticating validity.

A user input value authentication system according to the present invention is a user input value authentication system of an authentication side device in communication with an input side device to which a user input value is input, wherein the user input value input through the input side device is received. A verification value generator for generating a verification value for the user input value by encrypting the data to be encrypted agreed with the input side apparatus through a value receiver, an encryption key corresponding to the user input value, and the generated verification value A verification value holding unit configured to maintain a value in a storage medium, an authentication value receiving unit receiving an authentication value generated by encrypting the agreed encryption target data through a user input value input by a user from the input side device, and the storage medium. A verification value determining unit that determines a verification value to be compared with the authentication value from the verification value and the authentication value. And an input value authenticator configured to compare the validity of the user input value and a result transfer unit configured to transmit the authentication result of the validity to the input side device.

According to the present invention, the user input value authentication system may further include a data agreement unit for agreeing data to be encrypted with the input-side device.

According to the present invention, the user input value authentication system may further include an input value discarding unit for discarding the user input value used to generate the verification value.

According to the present invention, the verification value generating unit may use the user input value as an encryption key without additional verification of the user input value, or generate the designated key without the separate verification of the user input value. The verification value may be generated by assigning an encryption key to the rule. When the encryption key is generated through the key generation rule, at least one value agreed with the input device is added to the key generation rule. The encryption key can be generated by assignment.

According to the present invention, when the agreed encryption target data is two or more, the verification value generating unit generates each verification value for each encryption target data, and the verification value holding unit assigns an index to each verification value to store the storage medium. The authentication value receiver may receive an authentication value to which the index value is assigned.

On the other hand, the user input value authentication system according to the present invention, in the user input value authentication system of the input side device in communication with the authentication side device for authenticating the user input value, the user input unit for receiving a user input value from the user, and An encryption key determination unit that corresponds to an encryption key without additional verification of the input user input value, an authentication value generation unit that generates an authentication value by encrypting data to be encrypted agreed with the authentication side device through the encryption key; An authentication value transfer unit for transmitting the generated authentication value to the authentication side device, and a result processing unit for receiving and outputting an authentication result of the user input value authenticated based on the authentication value from the authentication side device.

According to the present invention, the user input value authentication system may further include an input value register that registers a user input value input from a user to the authentication side device.

According to the present invention, the user input value authentication system may further include a data agreement unit for agreeing encryption data with the authentication side device.

According to the present invention, the encryption key determining unit may use the user input value as an encryption key without additional verification of the user input value, or generate the designated key without the user input value. The encryption key may be generated by substituting a rule, and when the encryption key is generated through the key generation rule, the encryption key may be assigned by substituting the key generation rule with at least one value agreed with the authentication-side device. Can be generated.

According to the present invention, when the agreed encryption target data is two or more, the authentication value transfer unit may assign an index corresponding to the encryption target data encrypted through the encryption key to the authentication value and transmit the index to the authentication side device. .

In the user input value authentication method according to the present invention, in the user input value authentication method of the authentication side device in communication with the input side device, the user input value is input, the step of receiving a user input value input through the input side device And generating a verification value for the user input value by encrypting the data to be encrypted agreed with the input side apparatus using an encryption key corresponding to the user input value, and maintaining the generated verification value in a storage medium. Receiving an authentication value generated by encrypting the agreed encryption target data through a user input value input by a user from the input side device, and verifying a verification value to be compared with the authentication value from the storage medium. And determining the validity of the user input value by comparing the verification value with the authentication value. And, a step for transmitting an authentication result of said validation to the input-side device.

On the other hand, the user input value authentication method according to the present invention, in the user input value authentication method of the input side device in communication with the authentication side device for authenticating the user input value, the step of receiving a user input value from the user, the input Generating an authentication value by encrypting the data to be encrypted agreed to with the authentication-side device through the encryption key without further verifying the user input value, and generating the authentication value; And transmitting to an authentication side device, and receiving and outputting an authentication result of the user input value authenticated based on the authentication value from the authentication side device.

According to the present invention, by authenticating a user through a user input value input from the user without storing the user input value, there is an advantage of preventing the user input value stored by the user from being leaked.

1 is a view showing a user input value authentication system configuration of the present invention.
2 is a diagram illustrating a verification value registration process for authenticating user input values according to an embodiment of the present invention.
3 is a diagram illustrating an authentication process of a user input value according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a diagram showing the configuration of a user input value authentication system according to the present invention.

In more detail, in FIG. 1, an authentication side device 150 for authenticating a user input value authenticates the validity of the user input value with an input side device 100 to which a user input value is input, FIG. 1 illustrates a system configuration for authenticating the user input value without storing the same, and a person having ordinary knowledge in the technical field to which the present invention pertains may refer to FIG. 1 and / or modify the user input value authentication system. Various implementation methods (e.g., implementation methods in which some components are omitted, subdivided, or combined) may be inferred, but the present invention includes all implementation methods inferred from the above, and is shown in FIG. The technical features are not limited only by the implementation method.

The user input value authentication system according to the present invention includes an input side apparatus 100 that receives a user input value from a user and generates an authentication value by encrypting specified encryption target data using an encryption key without further verification, and the input side apparatus. By using the user input value registered from the (100) as an encryption key to generate and store the verification value of the encrypted data to be encrypted, and then compare the authentication value transmitted from the input side device 100 and the stored verification value And an authentication side device 150 for authenticating the validity of the user input value, wherein the user input value is not stored in any medium.

The input side device 100 is a generic term for a device capable of receiving a user input value stored by the user from the user, and the authentication side device 150 and a predetermined communication interface (for example, a wired communication network, a wireless communication network, and a local area). Communication, data bus communication, etc.), and generates an authentication value by encrypting a specified encryption target data using the user input value as an encryption key without further verification, and then, through the communication interface, the authentication side device 150 It has a program function to deliver. The input side device 100 may include a terminal device detachable from a wired terminal connected to a wired communication network, a wireless terminal connected to a wireless communication network, an IC card, or a USIM.

The authentication-side device 150 generates a verification value through an encryption key corresponding to a user input value registered from the input-side device 100, maintains the verification value in a storage medium, and then transfers the verification value from the input-side device 100. A generic term for a device for authenticating the validity of the user input value by comparing an authentication value with the stored verification value, and includes at least one server, an IC card, or a USIM, etc., capable of communicating with the input side device 100 through the communication interface. can do.

Referring to FIG. 1, the input side apparatus 100 includes an input value register 105 that receives a user input value from a user and registers it with the authentication side apparatus 150, and the authentication side apparatus 150. The electronic device includes an input value receiving unit 155 in which a user input value input through the input side apparatus 100 is registered.

The input value register 105 of the input side device 100 outputs an interface for registering a user input value in the output unit provided in the corresponding device, and receives a user input value to be used for authentication from the user through the input unit. Here, the user input value is any key data that can be keyed through the input unit, or a combination of key data, and readability is not particularly required.

The input value register 105 of the input side device 100 transmits the user input value through a communication interface connected with the authentication side device 150, and the input value receiver 155 of the authentication side device 150 Receive the user input value through the communication interface.

Referring to FIG. 1, the authentication side device 150 includes a data agreement unit 160 for agreeing data to be encrypted with the input side device 100, and the input side device 100 includes the authentication side. And a data agreement unit 110 for agreeing the data to be encrypted with the device 150.

The data agreeing unit 160 of the authentication side device 150 agrees the data to be encrypted with the input side device 100, and the data agreeing unit 110 of the input side device 100 also has the authentication side device 150. Agree with the data to be encrypted. Here, the data to be encrypted is data that the input side apparatus 100 and the authentication side apparatus 150 have previously recognized or exchanged data with, before registration of the user input value, with the authentication side apparatus 150. The input side device 100 is selected from among data shared in advance, or is selected from the data stored in the authentication side device 150 and then notified to the input side device 100, or to the input side device 100 The stored or keyed data may be exchanged for the authentication side device 150 to be agreed. Alternatively, the data to be encrypted may include a combination of two or more pieces of data that are previously recognized or exchanged, or a combination of two or more pieces of data.

According to the exemplary embodiment of the present invention, two or more pieces of data to be encrypted may be agreed between the input device 100 and the authentication device 150. If the agreed encryption target data is two or more, the data agreeing unit 160 of the authentication-side device 150 and the data agreeing unit 110 of the input-side device 100 each correspond to the two or more agreed encryption target data. It is possible to further agree on an index value that identifies the encrypted data of the.

Referring to FIG. 1, the authentication-side device 150 encrypts the data to be encrypted agreed with the input-side device 100 by using an encryption key corresponding to the user input value, and then a verification value for the user input value. A verification value generator 165 for generating a verification value and a verification value holding part 170 for maintaining the generated verification value in a storage medium, and discarding a user input value used to generate the verification value. A value discarding unit 175 is further provided.

The verification value generator 165 of the authentication-side device 150 determines an encryption key corresponding to the user input value without additional verification of the received user input value.

According to an exemplary embodiment of the present invention, the verification value generator 165 may determine the user input value as an encryption key without additional verification of the user input value.

According to another exemplary embodiment of the present invention, the verification value generator 165 substitutes the user input value into a key generation rule agreed with the input device 100 without further verifying the user input value. An encryption key can be generated. On the other hand, when the encryption key is generated through the key generation rule, the verification value generation unit 165 substitutes the at least one value agreed with the input side device 100 into the key generation rule to perform the encryption. You can generate a key.

The verification value generator 165 generates a verification value by encrypting the encrypted data agreed with the input side apparatus 100 through an encryption key corresponding to the user input value. The encryption algorithm for generating the verification value uses the same encryption algorithm as the encryption algorithm for generating the authentication value by the authentication value generator 125 of the input-side device 100.

According to the exemplary embodiment of the present invention, the data to be encrypted agreed with the input side apparatus 100 may be two or more. If the agreed encryption target data is two or more, the verification value generator 165 may generate a verification value for each encryption target data by using an encryption key corresponding to the user input value.

The verification value holding unit 170 stores the generated verification value in a storage medium, and the stored verification value includes a device identification value for identifying the input-side device 100 and a user identification value for identifying the user ( For example, it is stored in association with a user account (ID).

According to the exemplary embodiment of the present invention, the data to be encrypted agreed with the input side apparatus 100 may be two or more. If the agreed encryption target data is two or more, the verification value holding unit 170 confirms an index value corresponding to each verification value generated for each encryption target data by the verification value generating unit 165. Each verification value and index value may be mapped and stored in a storage medium.

The input value discarding unit 175 permanently discards the user input value received through the input value receiving unit 155 and used in generating the verification value, and does not store it in any storage medium. In other words, even after the verification value is generated, the authentication side device 150 may not determine what the user input value is.

Referring to FIG. 1, the input-side device 100 includes a user input unit 115 that receives a user input value from a user, and an encryption key determination unit that corresponds to an encryption key without additional verification of the input user input value. An authentication value generator 125 for encrypting the data to be encrypted agreed with the authentication side device 150 through the encryption key to generate an authentication value, and the generated authentication value as the authentication side device. It is provided with an authentication value transfer unit 130 to pass to 150.

After the verification value for the user input value is registered in the authentication side device 150, the user input unit 115 of the input side device 100 receives a user input value to be used for user authentication from the user, and the encryption The key determiner 120 determines an encryption key corresponding to the user input value without further verifying the input user input value.

According to an exemplary embodiment of the present invention, the authentication value generating unit 125 may determine the user input value as an encryption key without additional verification of the user input value.

According to another exemplary embodiment of the present invention, the authentication value generator 125 substitutes the user input value into a key generation rule agreed with the authentication side device 150 without further verifying the user input value. An encryption key can be generated. On the other hand, when the encryption key is generated through the key generation rule, the authentication value generation unit 125 substitutes the at least one value agreed with the authentication side device 150 into the key generation rule to perform the encryption. You can generate a key.

The authentication value generator 125 generates an authentication value by encrypting the encrypted data agreed with the authentication side device 150 through an encryption key corresponding to the user input value. Here, the encryption algorithm for generating the authentication value uses the same encryption algorithm as the encryption algorithm for the verification value generation unit 165 of the authentication-side device 150 generates the verification value.

According to an embodiment of the present invention, the data to be encrypted agreed with the authentication device 150 may be two or more. If the agreed encryption target data is two or more, the authentication value generation unit 125 determines one of the encryption target data to be encrypted using the determined encryption key and its index value among the two or more encryption target data, The determined encryption target data may be encrypted through the encryption key.

The authentication value transfer unit 130 transmits the generated authentication value to the authentication side device 150 through the communication interface.

According to an embodiment of the present invention, the data to be encrypted agreed with the authentication device 150 may be two or more. If the agreed encryption target data is two or more, the authentication value transfer unit 130 may transmit the index value corresponding to the authentication value to the authentication side device 150 together with the generated authentication value.

Referring to FIG. 1, the authentication side device 150 receives an authentication value generated by encrypting the agreed encryption target data through a user input value input by a user from the input side device 100. Receiving unit 180, a verification value determination unit 185 for determining a verification value to be compared with the authentication value from the storage medium, an input value for comparing the verification value and the authentication value to authenticate the validity of the user input value An authentication unit 190 and a result transfer unit 195 for transmitting the authentication result of the validity to the input side apparatus 100, wherein the input side apparatus 100 is provided from the authentication side apparatus 150; And a result processor 135 for receiving and outputting an authentication result of the user input value authenticated based on the authentication value.

If the input side device 100 transmits an authentication value generated by encrypting the agreed encryption data by matching the user input value with an encryption key without further verifying the user input value input from the user, the authentication side The authentication value receiving unit 180 of the device 150 receives the authentication value through the communication interface.

According to the exemplary embodiment of the present invention, the data to be encrypted agreed with the input side apparatus 100 may be two or more. If the agreed encryption target data is two or more, the authentication value receiver 180 may receive an index value corresponding to the authentication value together with the authentication value.

The verification value determiner 185 checks the device identification value for the input device 100 or the user identification value in the process of receiving the authentication value, and checks the device identification value or Determine the verification value associated with the user identification value.

According to the exemplary embodiment of the present invention, the data to be encrypted agreed with the input side apparatus 100 may be two or more. If the agreed encryption target data is two or more, and the index value corresponding to the authentication value is received by the authentication value receiving unit 180, the verification value determining unit 185 is provided with the index value from the storage medium. The verification value can be determined.

The input value authenticator 190 compares the received authentication value with the verification value extracted from the storage medium to confirm whether the input value authenticator 190 matches, or performs a verification operation specified in the authentication value and the verification value to derive a predicted result. Verify that the user input value used to generate the authentication value is valid.

The result transfer unit 195 of the authentication side device 150 transmits the authentication result of the validity of the user input value to the input side device 100 through the communication interface, The result processor 135 receives and outputs the authentication result through the communication interface.

2 is a diagram illustrating a verification value registration process for authenticating user input values according to an embodiment of the present invention.

In more detail, in FIG. 2, when the input side device 100 requests registration of a user input value, the authentication side device 150 generates and stores a verification value based on the user input value, and then stores the user input value. As a process of permanent disposal, a person of ordinary skill in the art to which the present invention pertains, various methods of implementing the registration process (e.g., some steps may be omitted) Or an implementation method in which the order is changed), but the present invention includes all the implementation methods inferred above, and the technical features are not limited to the implementation method shown in FIG.

Referring to FIG. 2, the input-side device 100 outputs an interface for registering a user input value (200), receives a user input value through the interface, and transmits the user input value to the authentication-side device 150 (205). . In this case, the interface may request to input the same user input value twice in order to prevent an incorrect input of the registered user input value, but does not perform separate verification of the input user input value.

The authentication side device 150 receives a user input value from the input side device 100 (210), and determines an encryption key corresponding to the user input value (215). The authentication-side device 150 uses the user input value as an encryption key without further verification of the user input value, or uses the user input value in a designated key generation rule without further verification of the user input value. By assigning it, you can generate an encryption key.

The authentication side device 150 and the input side device 100 agree one or more encrypted data (220). Herein, the data to be agreed may include at least one data, a combination of two or more data, and a combination of two or more pieces of data that are previously recognized or exchanged by the input side device 100 and the authentication side device 150. have.

According to an embodiment of the present invention, when the agreed encryption target data is two or more, the authentication-side device 150 and the input-side device 100 identify the respective encrypted data in the agreed two or more encryption target data. The values can be further agreed.

The authentication-side device 150 generates a verification value by encrypting the agreed encryption target data using an encryption key corresponding to the user input value (225), and a storage medium to enable validation of the user input value. The verification value is stored at 230.

According to an embodiment of the present invention, when the agreed encryption target data is two or more, the authentication side device 150 generates a verification value for each encryption target data, and assigns and stores the verification value to each verification value. Can save to media.

After the verification value is stored, the authentication side device 150 permanently discards the user input value used to generate the verification value (235).

3 is a diagram illustrating an authentication process of a user input value according to an embodiment of the present invention.

In detail, FIG. 3 illustrates encryption target data agreed with the authentication-side device 150 by mapping the user input value with an encryption key without additional verification of the user input value input from the user in the input-side device 100. When the encrypted authentication value is transmitted to the authentication-side device 150, the authentication-side device 150 illustrates a process of verifying the authentication value and authenticating the validity of the user input value. Those skilled in the art may refer to and / or modify this drawing 3 to infer various implementation methods (e.g., some steps may be omitted or the order may be changed) for the authentication process. However, the present invention includes all the implementation methods inferred above, the technical features are not limited only to the implementation method shown in FIG. The.

Referring to FIG. 3, the input-side device 100 outputs an interface for authenticating a user input value (300), and if a user input value is input through the interface (305), the input user input value is An encryption key for encrypting the data to be encrypted agreed with the authentication-side device 150 is determined by mapping the user input value to an encryption key without additional verification (310). The input-side device 100 uses the user input value as an encryption key as it is without further verification of the user input value, or uses the user input value in a designated key generation rule without further verification of the user input value. By assigning it, you can generate an encryption key.

The input side device 100 confirms the encryption target data agreed with the authentication side device 150 (315).

According to an embodiment of the present invention, when there is more than one data to be encrypted agreed between the input device 100 and the authentication device 150, the input device 100 further adds an index value for the data to be encrypted. You can check it.

The input side device 100 generates the authentication value by encrypting the identified encryption target data through an encryption key corresponding to the user input value (320), and the generated authentication value to the authentication side device 150 To 325.

According to an embodiment of the present invention, when there is more than one data to be encrypted agreed between the input side apparatus 100 and the authentication side apparatus 150, the input side apparatus 100 may read the index value together with the authentication value. The authentication side device 150 may further pass.

The authentication side device 150 receives the authentication value from the input side device 100 (330).

When there is more than one data to be encrypted agreed between the input side device 100 and the authentication side device 150 according to an embodiment of the present invention, the authentication side device 150 further adds an index value corresponding to the authentication value. Can be received.

The authentication side device 150 determines a verification value to be compared with the received authentication value (335).

When there is more than one data to be encrypted agreed between the input side device 100 and the authentication side device 150 according to an embodiment of the present invention, the authentication side device 150 further adds an index value corresponding to the authentication value. Can be used to determine the verification value.

If the verification value to be compared with the authentication value is not determined, the authentication-side device 150 transmits an authentication result including a validity authentication error for the user input value to the input-side device 100 (345). In operation 350, the input side apparatus 100 receives and outputs the authentication result.

On the other hand, if the verification value to be compared with the authentication value is not determined, the authentication-side device 150 compares the authentication value and the verification value to authenticate the validity of the user input value input through the input-side device 100. In operation 340, the device transmits an authentication result of validity of the user input value to the input side device 100 (345), and the input side device 100 receives and outputs the authentication result (350). ).

100: input side device 105: input value register
110: data agreement unit 115: user input unit
120: encryption key determination unit 125: authentication value generation unit
130: authentication value transfer unit 135: result processing unit
150: authentication side device 155: input value receiving unit
160: data agreement unit 165: verification value generation unit
170: verification value holding unit 175: input value discarding unit
180: authentication value receiving unit 185: verification value determining unit
190: input value authentication unit 195: result delivery unit

Claims (15)

In the user input value authentication system of the authentication side device in communication with the input side device to which the user input value is input,
An input value receiver configured to receive a user input value input through the input side device;
A verification value generation unit for generating a verification value for the user input value by encrypting data to be encrypted agreed with the input side apparatus through an encryption key corresponding to the user input value;
A verification value holding unit which maintains the generated verification value in a storage medium;
An authentication value receiving unit which receives an authentication value generated by encrypting the agreed encryption target data through a user input value input by a user from the input side device;
A verification value determining unit which determines a verification value to be compared with the authentication value from the storage medium;
An input value authenticator configured to compare the verification value and the authentication value to authenticate validity of the user input value; And
And a result transfer unit for transferring the validity authentication result to the input side device.
The method of claim 1,
And a data agreement unit for agreeing the data to be encrypted with the input side device.
The method of claim 1,
And an input value discarding unit for discarding the user input value used to generate the verification value.
The method of claim 1, wherein the verification value generator,
Use the user input value as an encryption key without additional verification of the user input value, or
And a verification key by generating an encryption key by substituting the user input value into a designated key generation rule without additional verification of the user input value.
The method of claim 4, wherein the verification value generation unit,
And when the encryption key is generated through the key generation rule, the encryption key is generated by substituting the key generation rule with at least one value agreed with the input side device.
The method of claim 1,
If there is more than one agreed data subject to encryption,
The verification value generator,
Generate a verification value for each data to be encrypted,
The verification value holding unit,
An index is assigned to each verification value and stored in a storage medium.
The authentication value receiving unit,
And receiving an authentication value to which the index value is assigned.
The method of claim 1, wherein the data to be encrypted,
And at least one combination of data previously recognized or exchanged by the input side apparatus and the authentication side apparatus, at least one combination of two or more data, and at least two portions of the data.
A user input value authentication system of an input side device in communication with an authentication side device for authenticating a user input value,
A user input unit configured to receive a user input value from a user;
An encryption key determining unit for mapping the input user input value with an encryption key without additional verification;
An authentication value generation unit for generating an authentication value by encrypting data to be encrypted agreed upon with the authentication side device through the encryption key;
An authentication value transfer unit for transferring the generated authentication value to the authentication side device; And
And a result processing unit for receiving and outputting an authentication result of the user input value authenticated based on the authentication value from the authentication side device.
The method of claim 8,
And an input value register configured to register a user input value input from a user to the authentication side device.
The method of claim 8,
And a data agreement unit for agreeing data to be encrypted with the authentication side device.
The method of claim 8, wherein the encryption key determining unit,
Use the user input value as an encryption key without additional verification of the user input value, or
And an encryption key is generated by substituting the user input value into a designated key generation rule without additional verification of the user input value.
The method of claim 11, wherein the encryption key determining unit,
And when the encryption key is generated through the key generation rule, the encryption key is generated by substituting the key generation rule with at least one value agreed with the authentication-side device.
The method of claim 8, wherein the authentication value transfer unit,
And when the agreed encryption target data is two or more, an index corresponding to the encryption target data encrypted through the encryption key is assigned to the authentication value and transmitted to the authentication-side device.
In the user input value authentication method of the authentication side device in communication with the input side device to which the user input value is input,
Receiving a user input value input through the input side device;
Generating a verification value for the user input value by encrypting data to be encrypted agreed to with the input side device using an encryption key corresponding to the user input value;
Maintaining the generated verification value in a storage medium;
Receiving an authentication value generated by encrypting the agreed encryption target data through a user input value input by a user from the input side device;
Determining a verification value to be compared with the authentication value from the storage medium;
Comparing the verification value with an authentication value to authenticate validity of the user input value; And
And transmitting the authentication result of the validity to the input side device.
In the user input value authentication method of the input side device in communication with the authentication side device for authenticating the user input value,
Receiving a user input value from a user;
Mapping the input user input value with an encryption key without additional verification;
Generating an authentication value by encrypting the data to be encrypted agreed to with the authentication side device using the encryption key;
Transferring the generated authentication value to the authentication side device; And
And receiving and outputting an authentication result of the user input value authenticated based on the authentication value from the authentication side device.
KR1020110069191A 2011-07-13 2011-07-13 Method and system for authenticating user's input data KR20130008692A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110069191A KR20130008692A (en) 2011-07-13 2011-07-13 Method and system for authenticating user's input data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110069191A KR20130008692A (en) 2011-07-13 2011-07-13 Method and system for authenticating user's input data

Publications (1)

Publication Number Publication Date
KR20130008692A true KR20130008692A (en) 2013-01-23

Family

ID=47838601

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110069191A KR20130008692A (en) 2011-07-13 2011-07-13 Method and system for authenticating user's input data

Country Status (1)

Country Link
KR (1) KR20130008692A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160087089A (en) 2015-01-13 2016-07-21 동우 화인켐 주식회사 Composition for removing silicone polymer and manufacturing method of thin film substrate using the same
KR20200111149A (en) 2015-01-13 2020-09-28 동우 화인켐 주식회사 Composition for removing silicone polymer and manufacturing method of thin film substrate using the same

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160087089A (en) 2015-01-13 2016-07-21 동우 화인켐 주식회사 Composition for removing silicone polymer and manufacturing method of thin film substrate using the same
KR20200111149A (en) 2015-01-13 2020-09-28 동우 화인켐 주식회사 Composition for removing silicone polymer and manufacturing method of thin film substrate using the same

Similar Documents

Publication Publication Date Title
AU2021202620B2 (en) Method of using one device to unlock another device
US10929524B2 (en) Method and system for verifying an access request
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
KR101666374B1 (en) Method, apparatus and computer program for issuing user certificate and verifying user
CN106161350B (en) Method and device for managing application identifier
US10147092B2 (en) System and method for signing and authenticating secure transactions through a communications network
CN113221128B (en) Account and password storage method and registration management system
KR101450291B1 (en) Server for authenticating smart chips and method thereof
JP5380583B1 (en) Device authentication method and system
KR101856682B1 (en) Entity authentication method and device
EP2937806A1 (en) Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device
CN106209730B (en) Method and device for managing application identifier
KR101078839B1 (en) Method for Restricting Use in Mobile Station and Mobile Station for the Same
KR102199138B1 (en) Method, apparatus and program for user authentication
US11178137B2 (en) System for IoT devices communicating with server using a tentative common key
KR20130008692A (en) Method and system for authenticating user's input data
RU2698424C1 (en) Authorization control method
JP2014134881A (en) Authority delegation management system and method thereof
KR102053993B1 (en) Method for Authenticating by using Certificate
KR101933090B1 (en) System and method for providing electronic signature service
US20170070882A1 (en) Method and system for securing bank account access
KR20100074698A (en) System for authenticating user web site and method therefor
KR101298216B1 (en) Authentication system and method using multiple category
WO2015037886A1 (en) Device and method for authenticating smart chip
KR101737925B1 (en) Method and system for authenticating user based on challenge-response

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
WITB Written withdrawal of application