KR20130085566A - Apparatus and method of authentifying password using captcha - Google Patents

Apparatus and method of authentifying password using captcha Download PDF

Info

Publication number
KR20130085566A
KR20130085566A KR1020110139969A KR20110139969A KR20130085566A KR 20130085566 A KR20130085566 A KR 20130085566A KR 1020110139969 A KR1020110139969 A KR 1020110139969A KR 20110139969 A KR20110139969 A KR 20110139969A KR 20130085566 A KR20130085566 A KR 20130085566A
Authority
KR
South Korea
Prior art keywords
client
password
captcha
character
authentication
Prior art date
Application number
KR1020110139969A
Other languages
Korean (ko)
Inventor
강형석
이동찬
Original Assignee
주식회사 엔씨소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 엔씨소프트 filed Critical 주식회사 엔씨소프트
Priority to KR1020110139969A priority Critical patent/KR20130085566A/en
Publication of KR20130085566A publication Critical patent/KR20130085566A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

Disclosed are a password authentication system using a CAPTCHA and a method thereof. At the time of authentication of the client, the server generates a captcha image including a plurality of randomly selected characters and provides them to the client. However, when a character corresponding to the password is input from the client, the server performs authentication by determining whether the password matches. It is done. According to the present invention it is possible to not enter the password in the plain text can greatly improve the security.

Description

Password authentication system using CAPTCHA and its method {APPARATUS AND METHOD OF AUTHENTIFYING PASSWORD USING CAPTCHA}

The present invention relates to a method for authenticating a password in a client-server architecture.

With the development of network technology, it has become commonplace to play games by connecting to an online game server through the Internet, to process banking through internet banking, or to receive various information from a server using a smartphone.

As such, access to a user's account to access various types of services through a network, and an authentication procedure for verifying authority is preceded.

Logging into your account by accessing your home page and entering your username and password is the most basic form of this authentication process.

However, if the user simply enters the ID and password in this way, there is a risk of information leakage through the malware.

It is not possible to predict which of the numerous clients will be infected with malware, and any incidents that can cause catastrophic consequences can have catastrophic consequences, making it more secure if it is directly related to the user's property, such as banking or online games. Authentication process is required.

In order to enhance security, various security programs have been made to detect malware or encrypt communication sessions, but should be prepared for damage caused by malware that the security program does not recognize.

Initially, there is a need to modify the authentication process itself so that the malware can not extract the user's account information by the packet analysis between the server and the client.

In other words, even if the blocking by the security program or the data protection through encryption are all released by the malware, it is necessary to develop a new authentication method such that the user's information such as a password is not leaked even when assistance is not available.

Document 1. Patent Publication No. 10-2007-24100 "Network security system and method through image key input"

The present invention has been devised to solve the problems of the prior art as described above. Instead of entering plain text when entering a password for authentication, other characters corresponding to the password are entered so that the password is leaked. It is an object of the present invention to provide a password authentication system and method using CAPTCHA that can prevent damages.

Another object of the present invention is to input the password using the Captcha image generated in real time every time, the password authentication system using a security enhanced Captcha by creating a Captcha image in Korean difficult text conversion through image recognition and It is in the provision of the method.

In order to achieve the above object, the password authentication system using the CAPTCHA according to the present invention randomly selects a plurality of characters according to an authentication request from a client, sets a corresponding number for each selected character, and selects the selected characters. Captcha image generating means for generating an image file including, but temporarily storing each character and numerical information corresponding to each character;

Communication means for processing data transmission and reception with a client connected through a network, transmitting the generated image to the client, and receiving a character string for authentication from the client;

When receiving a character string from the client, the number corresponding to each character belonging to the received character string is determined, the determined numbers are arranged in the order of input and determined whether or not match the previously stored password of the client. And authentication processing means for processing authentication for the client when the password of the client is matched.

On the other hand, in order to achieve the above object in the password authentication system using the CAPTCHA according to the present invention in a method that is executed in the server to perform password authentication for the client connected via the network,

Step 110, wherein a plurality of characters are randomly selected as the client connected through the network requests authentication, and a number corresponding to each of the selected characters is determined;

Creating an image file including the selected characters and temporarily storing each character and numeric information corresponding to each character;

Step 130, transmitting the generated image to the client;

Step 140, when receiving a string from the client, determining a number corresponding to each character belonging to the received string;

A step 150 for arranging the determined numbers in the order of input and determining whether they match the previously stored password of the client; And

And a step (160) of processing authentication for the client when the previously stored password of the client is matched.

According to the present invention, it is possible to exclude the input of the password in the form of plain text by generating a real-time captcha image containing a plurality of randomly selected characters provided to the client and receiving a character corresponding to the password There is improved security.

In addition, since a new captcha image is generated every time, the value input each time is different even if the password is not changed, thereby greatly reducing the possibility of password leakage by malware.

In particular, by generating a CAPTCHA image using Hangul, which is not easy to recognize the image, the possibility of image recognition by the malware can be greatly reduced, thereby improving security.

1 is a network diagram illustrating a client server structure in which password authentication is performed;
2 is a functional block diagram illustrating a configuration of a password authentication system using a CAPTCHA according to the present invention.
3 is a reference diagram illustrating a captcha image including Korean characters and numbers,
4 is a flowchart illustrating a time series of a password authentication system using a CAPTCHA according to the present invention.

Hereinafter, with reference to the preferred embodiments of the present invention and the accompanying drawings will be described in detail the present invention. In order to clarify the present invention, contents which are not related to the configuration of the present invention will be omitted, and the same reference numerals are used for the same components.

On the other hand, when an element is referred to as being "comprising" another element in the description of the invention or in the claims, it is not interpreted as being limited to only that element, Elements may be further included.

Also, in the description of the invention or the claims, the components named as "means", "parts", "modules", "blocks" refer to units that process at least one function or operation, Each of which may be implemented by software or hardware, or a combination thereof.

1 is a network configuration diagram illustrating a client server structure in which password authentication is performed, and FIG. 2 is a functional block diagram illustrating a configuration of a password authentication system using a CAPTCHA according to the present invention.

As shown in FIG. 1, the password authentication system 100 using the CAPTCHA according to the present invention is connected to a plurality of clients 10 through a network, and performs authentication for each client 10.

Authentication through such a network is usually made for granting access to an account prior to providing a service from a server. In addition, the authentication is performed as a procedure for verifying or authorizing various rights of the client 10.

That is, it is often made as a premise for the service from the server, and in this case, the structure of FIG. 1 may be a typical client-server structure.

Accordingly, the password authentication system 100 using the CAPTCHA according to the present invention may be implemented in a server connected to a plurality of clients 10 through a network as shown in FIG. 1.

In this case, the client 10 corresponds to a target to be authenticated by accessing the password authentication system 100 using the CAPTCHA according to the present invention through a network, and may be various forms such as a personal computer, a laptop, a tablet, a smartphone, and the like. have.

Meanwhile, as shown in FIG. 2, the password authentication system 100 using the CAPTCHA according to the present invention includes a CAPTCHA image generating unit 110, a communication unit 120, and an authentication processing unit 130.

The captcha image generating unit 110 generates the captcha image as illustrated in FIG. 3 when the client 10 connected through the network requests authentication for confirmation of, for example, a right to receive a service.

The communication unit 120 communicates with the client 10, and when the client 10 requests authentication by a method such as attempting to access an authentication page through a network, the communication unit 120 generates the captcha image means 110. The image is generated and then provided to the client 10.

The captcha image as illustrated in FIG. 3 includes a plurality of characters randomly selected by the captcha image generating unit 110.

In this case, each character corresponds to a specific number and 1 to 1, respectively.

In the example of FIG. 3, randomly selected letters correspond to the numbers of 1 to 9, and corresponding pairs of letters and numbers are displayed on the capcha images. Captcha images may be generated from ten characters corresponding to ten digits from 0 to 9.

In this case, preferably, the character may be one syllable Korean.

Such a captcha image may or may not be displayed with a number corresponding to a letter as in the example of FIG. 3, and numbers and letters ranging from 1 to 9 may be sequentially displayed from top to bottom and left to right as shown in the example of FIG. 3. However, the order may be displayed randomly.

Meanwhile, the captcha image generating unit 110 generates a captcha image file including the randomly selected characters and a pair of numbers corresponding to each character, and then randomly selects each character and the number corresponding to each character. Temporarily store information about the fields.

When the authentication process is completed, bar information, which is unnecessary information, may be allocated and temporarily stored.

Generating a Captcha image file and providing the client 10 without providing it in the form of plain text indicates that a packet communication with the client 10 is intercepted by malware, such that the password of the user of the client 10 is leaked. To prevent it.

The communication session for authentication with the client 10 will of course be encrypted, but this method is used in order to protect it from the malware that removes the keyboard input information of the client 10.

On the other hand, if the captcha image is made up of only 26 letters or numbers, Malware can not exclude the probability of recognition in text form using OCR (Optical Character Reader) technology. By using the Korean Hangul having a complex pattern to generate the Captcha image.

When the client 10 receives the captcha image in this manner, the client 10 displays the captured image on the screen as shown in FIG. 3.

Accordingly, the user of the client 10 inputs a string corresponding to his / her password while looking at the captcha image displayed on the screen.

In the example of FIG. 3, when the user's password is "2583", the user enters "afterwards."

The client 10 transmits the input character string to the communication means 120. When the character processing means 130 receives the character string from the client 10 as described above, the client 10 determines the number corresponding to each character belonging to the received character string. However, each determined number is arranged in the order of input and it is determined whether or not it matches the previously stored password of the client.

In other words, in the above example, the clients 2, 5, 8, and 3, which are numbers corresponding to "," "in," "in," and "after," are respectively determined, and then "2583", which is sequentially arranged, is stored in the client. If it matches the password in (10), authentication is processed.

On the other hand, the authentication processing unit 130 may receive input again if the input password is inconsistent with the previously stored password of the client (10).

However, if a predetermined number of times a password is incorrectly input, the client 10 may allow a number input through a mouse click or a number input through a keyboard.

Usability may be deteriorated because characters should be entered instead of passwords to secure security, but usability may be improved by such security measures.

In this case, since password is input in the form of plain text, there is a possibility of leakage by malware. However, considering the low frequency of attempting to input the number through keyboard or mouse click after a certain number of incorrect passwords, the security is large. It doesn't matter.

Hereinafter, a password authentication system using a CAPTCHA according to the present invention will be described with reference to FIG. 4.

4 is a flowchart illustrating a time series of a password authentication system using a CAPTCHA according to the present invention.

The present invention shown in FIG. 4 may be implemented in the password authentication system 100 using the CAPTCHA that performs password authentication for the client 10 connected through a network.

As shown in FIG. 4, when the password authentication system 100 using the CAPTCHA requests authentication by a method such as accessing an authentication page by a client 10 connected through a network, the following method may be used. To create a Captcha image file.

In other words, by making data that can be provided in the form of plain text in the form of an image file to block security issues caused by malware.

In this case, the file format of the captcha image file may be a known format such as jpg or tif.

First, a plurality of characters are randomly selected, and a number corresponding to each selected character is determined (S110).

For example, as illustrated in FIG. 3, letters may be randomly selected and correspond to each number corresponding to 1 to 9 or 0 to 9. In this case, preferably, each selected character may be one syllable Korean to reduce the ease of input and the recognition ability by the malware.

On the other hand, if the characters corresponding to each number is randomly selected as described above generates an image file including the selected characters and temporarily stores each character and the numeric information corresponding to each character (S120).

When generating such a CAPTCHA image file, the CAPTCHA image file may be generated by displaying a pair of randomly selected letters and a corresponding number as shown in FIG. 3.

At this time, as shown in Figure 3 may be displayed in the order of numbers from top to bottom, left to right, but may be randomly displayed as necessary.

Thereafter, the generated image is transmitted to the client 10 (S130), and when a string is received from the client 10, a number corresponding to each character belonging to the received string is determined (S140).

In the example of FIG. 3, the client 10 receives the character string "afterwards," and the password authentication system 100 using the CAPTCHA corresponds to each of the input characters "2", "5", "8", " 3 "will be judged separately.

Thereafter, the determined numbers are arranged in the order of input and it is determined whether or not the numbers match the previously stored password of the client 10 (S150).

That is, in the above example, it is determined whether "2583" matches the password of the client 10.

If the previously matched password of the client 10, the password authentication system 100 using the CAPTCHA processes the authentication for the client 10 (S160).

On the other hand, if the password does not match, it is input again. Nevertheless, if the password is incorrectly entered a certain number of times, the password authentication system 100 using the CAPTCHA allows the input of the password through mouse click or keyboard input.

After all, there is a possibility that the password can be entered by plain text and exposed to malicious code, but security is secured because the frequency of entering the password in the form of plain text is low after several failed password inputs. There is no big problem.

Meanwhile, the password authentication system using the CAPTCHA according to the present invention may be embodied as computer readable codes and stored in a computer readable recording medium.

The computer-readable recording medium may include any type of medium in which data readable by a computer system is stored. Examples of the medium include a DVD-ROM, a CD-ROM, a hard disk, a USB memory, a flash memory And the like.

On the other hand, the expression contained in the recording medium encompasses both the case of being recorded on the recording medium in large quantities and distributed in a package form as well as being provided through the network in the form of data packets and stored in the recording medium.

In the above description, the expression "server" is used. However, in a distributed computing environment, it is common to divide a function or a load into a plurality of servers for processing. Therefore, a "server" does not necessarily refer to a single hardware component, And < / RTI >

In the above description, the network is referred to as a local area network (WAN), a wide area network (WAN), or an intranet, a virtual private network (VPN) Therefore, it should be construed as a broad concept covering wired and wireless communication methods known as WiBro, WiFi, and the like.

While the present invention has been described with reference to the accompanying drawings and embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. . Accordingly, the scope of the present invention should be determined only by the technical idea of the appended claims, and is not limited to the above embodiments.

The invention is applicable to the field of network security and authentication.

10: Client
100: Password authentication system using CAPTCHA
110: captcha image generating means
120: communication means
130: authentication processing means

Claims (11)

In a method executed in a server performing password authentication for a client connected through a network,
Step 110, wherein a plurality of characters are randomly selected as the client connected through the network requests authentication, and a number corresponding to each of the selected characters is determined;
Creating an image file including the selected characters and temporarily storing each character and numeric information corresponding to each character;
Step 130, transmitting the generated image to the client;
Step 140, when receiving a string from the client, determining a number corresponding to each character belonging to the received string;
A step 150 for arranging the determined numbers in the order of input and determining whether they match the previously stored password of the client; And
And a 160 step of processing authentication for the client when it matches the previously stored password of the client. The method of claim 1,
The CAPTCHA image file generated in step 120 is a password authentication system using CAPTCHA, characterized in that the pair of the selected letters and the numbers corresponding to the letters are displayed. 3. The method of claim 2,
In step 110, a password authentication system using a CAPTCHA, characterized in that a random ten of the Hangul of one syllable are selected and corresponded to each number corresponding to 0 to 9. The method of claim 3, wherein
In the step 120, when the pair of selected letters and the numbers corresponding to the letters are displayed in the captcha image file, the letters and the number pairs are displayed in order of the size of the numbers or in any order. Password authentication system using CAPTCHA. The method of claim 1,
When the discrepancy with the previously stored password of the client in step 160 receives an input from the client again, if a certain number of times the discrepancy is received from the client by a mouse click or a numeric input through the keyboard Password Authentication System. A computer-readable recording medium containing a program for executing a password authentication system using the CAPTCHA according to any one of claims 1 to 5 on a computer. According to the authentication request from the client, a plurality of characters are randomly selected, a corresponding number is selected for each selected character, and an image file including the selected characters is generated, but each character and the numeric information corresponding to each character are temporary. Capcha image generating means for storing;
Communication means for processing data transmission and reception with a client connected through a network, transmitting the generated image to the client, and receiving a character string for authentication from the client;
When receiving a character string from the client, the number corresponding to each character belonging to the received character string is determined, the determined numbers are arranged in the order of input and determined whether or not match the previously stored password of the client. And authentication processing means for processing authentication for the client when the password of the client is matched. The method of claim 7, wherein
The captcha image file generated by the captcha image generating means is a password authentication system using a captcha, characterized in that the pair of the selected each character and the number corresponding to the character is displayed. The method of claim 8,
The captcha image generating means selects and corresponds to an arbitrary ten of one syllable Hangul for each number corresponding to 0 to 9, and generates an image in which each character and a pair of numbers are displayed. Authentication system. The method of claim 9,
The captcha image generating means displays each selected letter and number pair corresponding to the letter in the form of a captcha image file, and displays each letter and number pair in order of the size of the number or in any order. Password authentication system using Captcha characterized in that. The method of claim 7, wherein
The authentication processing means receives the input from the client again when the discrepancy with the previously stored password of the client, if a certain number of times mismatch from the client by using a mouse click or a numeric input using a keyboard, characterized in that Password Authentication System.
KR1020110139969A 2011-12-22 2011-12-22 Apparatus and method of authentifying password using captcha KR20130085566A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110139969A KR20130085566A (en) 2011-12-22 2011-12-22 Apparatus and method of authentifying password using captcha

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110139969A KR20130085566A (en) 2011-12-22 2011-12-22 Apparatus and method of authentifying password using captcha

Publications (1)

Publication Number Publication Date
KR20130085566A true KR20130085566A (en) 2013-07-30

Family

ID=48995707

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110139969A KR20130085566A (en) 2011-12-22 2011-12-22 Apparatus and method of authentifying password using captcha

Country Status (1)

Country Link
KR (1) KR20130085566A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015039473A1 (en) * 2013-09-18 2015-03-26 Tencent Technology (Shenzhen) Company Limited Verification data processing method and device and storage medium
KR20160100672A (en) * 2015-02-16 2016-08-24 라인 가부시키가이샤 Apparatus for providing user authentication service for determining text associated with image and method thereof
KR20180056116A (en) * 2016-11-18 2018-05-28 조선대학교산학협력단 Method and apparatus for authentication using circulation secure keypad and overlapping image
WO2018106041A1 (en) * 2016-12-07 2018-06-14 이수현 Image password system and user authentication method using same
KR20190033377A (en) * 2017-09-21 2019-03-29 주식회사 프로젝트사공구 Method and computer program for user authentication using image touch password

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015039473A1 (en) * 2013-09-18 2015-03-26 Tencent Technology (Shenzhen) Company Limited Verification data processing method and device and storage medium
US9864855B2 (en) 2013-09-18 2018-01-09 Tencent Technology (Shenzhen) Company Limited Verification data processing method and device and storage medium
KR20160100672A (en) * 2015-02-16 2016-08-24 라인 가부시키가이샤 Apparatus for providing user authentication service for determining text associated with image and method thereof
KR20180056116A (en) * 2016-11-18 2018-05-28 조선대학교산학협력단 Method and apparatus for authentication using circulation secure keypad and overlapping image
WO2018106041A1 (en) * 2016-12-07 2018-06-14 이수현 Image password system and user authentication method using same
KR20180065401A (en) * 2016-12-07 2018-06-18 이수현 Method of Providing User Certification and Additional Service Using Image Password System
CN110050271A (en) * 2016-12-07 2019-07-23 李明皓 Image code system and the method for using it to certification user
KR20190033377A (en) * 2017-09-21 2019-03-29 주식회사 프로젝트사공구 Method and computer program for user authentication using image touch password

Similar Documents

Publication Publication Date Title
US10411907B2 (en) Secure remote user authentication leveraging public key cryptography and key splitting
US9077710B1 (en) Distributed storage of password data
Bojinov et al. Kamouflage: Loss-resistant password management
US10848304B2 (en) Public-private key pair protected password manager
US10924289B2 (en) Public-private key pair account login and key manager
US20160127134A1 (en) User authentication system and method
WO2015188426A1 (en) Method, device, system, and related device for identity authentication
US20180254904A1 (en) Integrated authentication system for authentication using single-use random numbers
JP2013528857A (en) Password safe input system using password key movement value and password safe input method
US9264417B2 (en) Method and apparatus for generating a security token carrier
Manzoor et al. Secure login using multi-tier authentication schemes in fog computing
Abdellaoui et al. A novel strong password generator for improving cloud authentication
WO2020086846A1 (en) Network and device security system, method, and apparatus
KR20130085566A (en) Apparatus and method of authentifying password using captcha
CN111143812B (en) Login authentication method based on graphics
KR20120087095A (en) Apparatus and method for generating a realtime password and storage medium
KR102577973B1 (en) Anti-interception authentication and encryption system and method
Adhatrao et al. A secure method for signing in using quick response codes with mobile authentication
US20180124034A1 (en) Image based method, system and computer program product to authenticate user identity
KR20090013616A (en) Server certification system and method using server certification code
JP2007065789A (en) Authentication system and method
EP2763346A1 (en) Mutual anti-piracy authentication system in smartphone-type software tokens and in the sms thereof
WO2016050891A1 (en) User authentication information
JP6398308B2 (en) Information processing system, information processing method, and program
JP6084258B2 (en) Authentication system and display program

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination