KR20130093793A - Recording medium, method and system for log-in confirmation use of image code - Google Patents

Recording medium, method and system for log-in confirmation use of image code Download PDF

Info

Publication number
KR20130093793A
KR20130093793A KR1020110147982A KR20110147982A KR20130093793A KR 20130093793 A KR20130093793 A KR 20130093793A KR 1020110147982 A KR1020110147982 A KR 1020110147982A KR 20110147982 A KR20110147982 A KR 20110147982A KR 20130093793 A KR20130093793 A KR 20130093793A
Authority
KR
South Korea
Prior art keywords
information
communication medium
authentication
user
image code
Prior art date
Application number
KR1020110147982A
Other languages
Korean (ko)
Inventor
손누리
윤효상
Original Assignee
주식회사 넥스다임
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 넥스다임 filed Critical 주식회사 넥스다임
Priority to KR1020110147982A priority Critical patent/KR20130093793A/en
Publication of KR20130093793A publication Critical patent/KR20130093793A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

PURPOSE: A login authentication method using an image code, the system thereof, and a recording medium are provided to prevent illegal use of user authentication information by using a disposal password and encoded image code. CONSTITUTION: A storage part (210) stores user login information and the inherent information of a second communication medium. A communication part (220) receives disposal password information through a user first communication medium. A code generating part (230) generates an image code that combined information is encoded. A code processing part (240) processes the encoded image code to output through a program installed in the first communication medium. A code authentication part (250) authorizes the effectiveness of the inherent information of the second communication medium and the user login information. [Reference numerals] (100) Authentication server; (200) Control part; (210) Storage part; (220) Communication part; (230) Code generation part; (240) Code processing part; (250) Code authentication part; (260) Password generation part; (270) Password processing part; (280) Password authentication part

Description

Recording Medium, Method and System for Log-in Confirmation Use of Image Code}

The present invention deals with two-factor security authentication using an encrypted image code and a one-time password.

Recently, there have been cases of leakage of user information of service providers (financial institutions, shopping malls, game companies, etc.) that store and manage user login information.

This leakage of user information has resulted in the mass production of illegal use of user login information, and various security measures have been established.

On the other hand, as the spread of smartphones is actively progressing, various services are provided through applications provided in smartphones, and in the case of mobile OTP (One Time Password) applications, it is useful for establishing security measures. Although the usability has been expanded to applications, the user has inconvenience in using OTP to directly create, and when the user's smartphone is hacked, the mobile OTP also has a problem that there is no security authentication effect.

An object of the present invention for solving the above problems is to solve the disadvantages of hacking login information through a wired PC as a first communication medium and a mobile OTP (one-time password) of a smartphone as a second communication means. Using the encrypted image code and the one-time password transmitted from the authentication server to the smartphone, even if one of the wired PC and the smartphone is hacked, a method and system for blocking the illegal use of user authentication information and a program for executing authentication A computer readable recording medium having been recorded thereon is provided.

A login authentication system using an image code according to the present invention includes a first storage medium storing a program installed on a user first communication medium and outputting an encrypted image code, and an encrypted image installed on the user second communication medium. A second storage medium for storing the application for decrypting and reading the image code, transmitting the read information to the authentication server, receiving a one-time password from the authentication server, and outputting the user's login information and the user's second communication medium. When the user login information is received through the third storage medium for connecting and storing the unique information, and the user first communication medium, the user login information and the one or more authentication information and the authentication server access information are combined, and then the combined information is combined. Produces an encrypted image code, and the generated encrypted image code is installed on the first communication medium Outputs through a gram, and receives the user login information and the authentication information and the unique information of the second communication medium, which are decrypted by the encrypted image code through an application installed on the user's second communication medium. And an authentication server for authenticating the validity of the information and the unique information of the second communication medium and transmitting a one-time password to the second communication medium in response to the authentication result.

According to one side, the first storage medium to the third storage medium, may be composed of a single storage medium, or may be separated into two or more storage media.

According to another aspect, the authentication server may compare the one-time password input and transmitted to the first communication medium and the one-time password transmitted to the second communication medium to authenticate the user, the user first A communication unit for receiving user login information through a communication medium, a code generator for combining the user login information with one or more authentication information and authentication server access information, and generating the combined information into an encrypted image code; A code processing unit for processing the encrypted image code to be output through a program installed on the first communication medium, and the user login information read by decrypting the encrypted image code through an application installed on the user second communication medium through the communication unit. And when the authentication information and the second communication medium specific information are received, the received user login information. And a code authentication unit for authenticating the validity of the authentication information and the unique information of the second communication medium, a password generation unit for generating a one-time password if the validity is authenticated by the code authentication unit. A password processing unit for processing a one-time password to be transmitted to the second communication medium; and receiving a one-time password inputted and transmitted to the first communication medium through the communication unit, and receiving the one-time password and the second communication. It may be provided with a password authentication unit for comparing the one-time password sent to the medium to authenticate the user.

In the login authentication method using the image code according to the present invention, the step of receiving the user login information through the user first communication medium in the server, the server combining the user login information and one or more authentication information and authentication server access information Afterwards, generating the combined information into an encrypted image code, processing the generated encrypted image code to be output through a program installed in the first communication medium in a server, and a user second communication medium in the server. Receiving the user login information and authentication information and the second communication medium specific information read by decrypting the encrypted image code through an application installed in the server; and receiving the user login information and authentication information and the second communication medium unique to the server. The step of authenticating the validity of the information, the authentication result, if the validity is authenticated, the server 1 After generating a one-time password, processing the generated one-time password to be transmitted to the second communication medium, receiving a one-time password through the first communication medium at a server, and receiving the received password at the server. And comparing the one-time password with the one-time password transmitted to the second communication medium to authenticate the user.

According to one side, the login authentication method using the image code, may further comprise the step of connecting the user login information and the user's second communication medium unique information on the storage medium, the user received by the server The authenticating of the login information, the authentication information, and the uniqueness of the second communication medium may include verifying user login information previously stored on the storage medium in response to the received user login information, and then checking on the storage medium. The validity of the second communication medium may be authenticated by comparing the unique information of the second communication medium connected with the user login information with the unique information of the second communication medium received from the server.

According to the present invention, there is also provided a computer-readable recording medium having recorded thereon a program for executing the respective steps.

According to the present invention, the image code may include a one-dimensional barcode, a two-dimensional barcode, a three-dimensional barcode, a QR (Quick Response) code, and one or more color codes. , A computer, a home appliance, a telematics, a tablet PC, and an ATM, and the second communication medium includes a mobile phone, a smartphone, a tablet PC, and a communication device equipped with a camera. The second communication medium specific information may include at least one of a telephone number, a hardware serial number, a MAC address, and USIM information. The at least one authentication information may include network ID information, Time setting information, authentication server unique information, and random number information may include one or more.

According to the present invention, when transmitting the one-time password for user authentication to the user second communication medium, using an encrypted image code including the user login information and the separate authentication information transmitted through the first communication medium, the user By simultaneously processing the authentication of the unique information of the second communication medium, even if one of the user first communication medium and the second communication medium is hacked, there is an effect that can prevent the illegal use of the user authentication information.

1 is a diagram showing the overall configuration including a system according to an embodiment of the present invention.
2 is a diagram illustrating a detailed configuration of an authentication server according to an embodiment of the present invention.
3 is an embodiment diagram according to an embodiment of the present invention.
4 is a diagram illustrating a process of outputting an encrypted image code to a first communication medium according to an embodiment of the present invention.
5 is a diagram illustrating a process of transmitting and outputting a one-time password to a user second communication medium according to an embodiment of the present invention.
6 is a diagram illustrating a process of processing user authentication according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention.

1 is a view showing the overall configuration including a system according to an embodiment of the present invention.

In more detail, in FIG. 1, a login authentication system including an authentication server 100 is connected to a website operating server 110, a storage medium 120, and a user second communication medium 140 through a communication network. The operation server 110 is connected to the user's first communication medium 130 through a communication network, ① when the user first communication medium 130 accesses the website to log in, ② the authentication server 100 is a website Receives the user login information from the operation server 110, ③ the authentication server 100 generates an encrypted image code using the user login information and transmits to the user first communication medium 130 to process the output, ④ After the authentication server 100 receives the user login information and authentication information corresponding to the encrypted image code through the user second communication medium 130 and the unique information of the second communication medium 130, the validity of the received information is authenticated. Disposable in response to the result It generates a Seward by transmitting to the user the second communication medium 130, and shows a configuration for handling the authentication of the user on the web site that the user first communication medium 130 is attached.

Login authentication system according to an embodiment of the present invention, various configurations can be made according to the implementation method and the communication network connection method.

First, although the website operating server 110 and the authentication server 100 are shown as separate servers on the drawing, the authentication server 100 may include the website operating server 110 or a connection through a communication network. Direct connection configuration is possible.

In addition, the user first communication medium 130 and the authentication server 100 is shown as the website operating server 110 is located in the middle, between the user first communication medium 130 and the authentication server 100 Configurations capable of direct information or data communication may also be included.

In addition, the storage medium 120 may be included in a login authentication system or may be located in a separate server on a communication network other than the login authentication system, and the authentication server 100 and the storage medium 120 are connected through a communication network, or The storage medium 120 may also be included in the authentication server 100.

In addition, the storage medium 120 includes a first storage medium 120 for storing a program installed on the user first communication medium 130 and outputting an encrypted image code, and the user second communication medium 130. A second storage for storing the application for decrypting and reading the encrypted image code installed and photographed in the storage device, transmitting the read information to the authentication server 100, and receiving and outputting a one-time password from the authentication server 100. Although shown as being divided into the medium 120, the third storage medium 120 for storing the user login information and the unique information of the second communication medium 130 of the user, the first storage medium 120 to The third storage medium 120 may be composed of a single storage medium 120 or two storage media 120, the first storage medium 120 and the second storage medium 120 and the third storage medium ( 120 may be provided in separate servers, or may be omitted.

That is, although not shown separately on the drawing, between the authentication server 100, the website operating server 110, the storage medium 120, the user first communication medium 130 and the second communication medium 130 according to the intention of the skilled person The network connection and configuration may be variously configured.

The authentication server 100, which is a core component of the login authentication system according to the present invention, receives the user login information directly through the user first communication medium 130 or via the website operation server 110, and the user. After combining login information with at least one authentication information and authentication server 100 access information, the combined information is generated as an encrypted image code, and the generated encrypted image code is installed in the first communication medium 130. If the output is processed through a program, and the encrypted image code is decrypted through an application installed in the user's second communication medium 130 and the read user login information and authentication information and the unique information of the second communication medium 130 are received, The validity of the received user login information and authentication information and the unique information of the second communication medium 130 is authenticated. After generating the processing, the generated one-time password is processed to be transmitted to the second communication medium 130, and if the one-time password is received through the first communication medium 130, the received one-time password and By comparing the one-time password transmitted to the second communication medium 130 serves to authenticate the user.

The authentication server 100 according to the present invention further connects the user login information and the unique information of the second communication medium 130 of the user and stores them on the storage medium 120, thereby receiving the received user login information. And verifying the user login information previously stored on the storage medium 120 in response to the received user login information when authenticating the validity of the authentication information and the unique information of the second communication medium 130, the storage medium 120. ) Validates the validity of the second communication medium 130 by comparing the unique information of the second communication medium 130 connected to the checked user login information with the received unique information of the second communication medium 130.

Here, the image code may include a one-dimensional barcode, a two-dimensional barcode, a three-dimensional barcode, a QR (Quick Response) code, and one or more color codes. The unique information of the second communication medium 130 may be , One or more telephone numbers, hardware serial numbers, software serial numbers, MAC addresses, and USIM information, wherein the one or more authentication information includes network ID information, time setting information, and authentication server 100. ) May include unique information and one or more random information.

According to the present invention, the time setting information of the authentication information may include encrypted image code generation time information, and when validating the authentication information, the authentication information through the second communication medium 130 from the image code generation time By comparing the total time information required up to the time received with the time information that is previously set to the policy validity, it is possible to authenticate the validity of the authentication information.

The website operation server 110 according to the present invention performs a role of operating a website to which the user first communication medium 130 is connected, and information between the first communication medium 130 and the authentication server 100. To provide a transmission / reception interface for data.

Website operation server 110 according to the present invention may be provided in whole or in part of the function and role of the authentication server 100 in the form of software or module.

Here, the website may include all websites requiring user authentication, such as a shopping mall website, a game website, and a financial transaction website.

The user first communication medium 130 according to the present invention accesses a website, requests a login, and receives an encrypted image code directly from the authentication server 100 or via the website operation server 110. After that, the output on the browser, output the one-time password input window, when the one-time password is input, it is processed to be sent directly to the authentication server 100 or via the website operating server 110 To perform.

According to the present invention, the first communication medium 130 may include a computer, a home appliance, a telematics, a tablet PC, and at least one ATM.

The user second communication medium 130 according to the present invention, after photographing the encrypted image code output on the first communication medium 130, decrypts the encrypted image code to extract the user login information and authentication information After accessing the authentication server 100 by using the authentication server 100 access information included in an encrypted image code, the extracted user login information and authentication information and the unique information of the second communication medium 130 may be stored. It transmits to the authentication server 100, and receives a one-time password from the authentication server 100 and outputs it on the screen.

Here, the second communication medium 130 may include at least one communication device equipped with a mobile phone, a smartphone, a tablet PC, and a camera, and the unique information of the second communication medium 130 may include: The number, hardware serial number, software serial number, MAC address, and USIM information may include one or more.

2 is a diagram showing a detailed configuration of the authentication server 100 according to the embodiment of the present invention.

In more detail, Figure 2 shows a detailed configuration of the authentication server 100 on the login authentication system shown in Figure 1, each configuration is only for explaining an embodiment of the present invention, the present invention The technical features are not limited only to the implementation method illustrated in FIG. 2.

Referring to FIG. 2, the authentication server 100 according to an embodiment of the present invention includes a storage unit 210, a communication unit 220, a code generation unit 230, a code processing unit 240, and code authentication. A unit 250, a password generation unit 260, a password processing unit 270, a password authentication unit 280, and a control unit 200 for controlling the above-described components.

Here, although the authentication server 100 is shown as a single server in the drawings for the purpose of explanation, the respective means or components may be configured to be separated into one or more servers, respectively.

The storage unit 210 according to an embodiment of the present invention connects the user login information and the unique information of the second communication medium 130 to store the information on the storage medium 120.

In addition, according to the present invention, the storage unit 210 is installed on the user's first communication medium 130 to output an encrypted image code, and the user's second communication medium 130 is installed and photographed encryption Decrypts the read image code, transmits the read information to the authentication server 100, and stores the application for receiving and outputting a one-time password from the authentication server 100 on the storage medium 120. In addition, one or more authentication information for generating the encrypted image code and an authentication result for the user may be further stored on the storage medium 120.

The communication unit 220 according to the embodiment of the present invention receives the user's login information directly through the user's first communication medium 130 or via the website operation server 110, and receives the user's first communication medium ( 130 to transmit the encrypted image code to the browser connected to the first communication medium 130 directly or via the website operation server 110, and through an application installed on the user second communication medium 130 The transmitted encrypted image code is decrypted to receive the read user login information and authentication information and the unique information of the second communication medium 130, transmit a one-time password to the user second communication medium 130, and the user first It receives the one-time password information directly through the communication medium 130 or via the website operation server 110.

According to the present invention, the communication unit 220, the role of the website operation server 110, the storage medium 120, the first communication medium 130, and various information between the second communication medium 130 To further transmit and receive data.

According to the exemplary embodiment of the present invention, the code generator 230 may include user login information received through the communication unit 220 and one or more authentication information (network ID information and time) previously set by the authentication server 100. After combining the setting information, the authentication server 100 unique information, the authentication information including at least one random number information) and the information for accessing the authentication server 100, the combined information is encrypted is included in the image code It serves to create.

Here, as the image code includes user login information and one or more authentication information previously set in the authentication server 100, it may be preferable that the image code is generated as a two-dimensional barcode or a QR code. If two-dimensional barcode or QR code other than the encrypted image code technology is developed, it will be obvious that the newly developed image code generation technology can be applied to the encrypted image code generation according to the present invention.

Since the two-dimensional barcode to QR code generation process itself uses the prior art, its detailed description is omitted.

The code processor 240 according to the embodiment of the present invention outputs the encrypted image code generated by the code generator 230 through a program installed in the first communication medium 130 through the communication unit 220. It acts as much as possible.

According to the present invention, the code processor 240 processes the encrypted image code to be output directly through an interface program installed on a browser connected to the first communication medium 130, or the website operating server. Through the 110, the encrypted image code may be processed to be output on a browser connected to the first communication medium 130.

Code authentication unit 250 according to an embodiment of the present invention, after the second communication medium 130 photographed the encrypted image code output through the first communication medium 130, the encrypted image code Decoded and extracted user login information and authentication information and the unique information of the second communication medium 130, and when the communication unit 220 receives it, the received user login information and authentication information and the second communication medium ( 130) It is responsible for authenticating the validity of unique information.

According to the present invention, the code authenticator 250 compares the user login information received through the communication unit 220 with the user login information previously stored on the storage medium 120 by the storage unit 210. By checking the matching user login information, the unique information of the second communication medium 130 connected to the confirmed user login information on the storage medium 120 and the second communication medium received by the communication unit 220 ( 130) the validity of the second communication medium 130 may be verified in comparison with the unique information.

In addition, the code authenticator 250 compares the user login information and the authentication information received by the communication unit 220 with the user login information and authentication information combined when the code generator 230 generates an encrypted image code. Thus, the validity of the received user login information and authentication information may be authenticated.

Password generation unit 260 according to an embodiment of the present invention, if the authentication result of the code authentication unit 250, the validity of the user login information and the unique information of the second communication medium 130 is authenticated, a one-time password It creates a role.

Here, the one-time password generation technique may include all of the various random number generation techniques other than the general one time password (OTP) generation technique.

The password processing unit 270 according to the embodiment of the present invention performs a role of processing the one-time password generated by the password generation unit 260 to be transmitted to the second communication medium 130.

According to the present invention, the password processing unit 270 processes the one-time password to be transmitted to the second communication medium 130 according to a communication security standard such as SSL (Secure Sockets Layer), thereby illegalizing the one-time password. Prevent spills.

In addition, the password processing unit 270 temporarily stores the one-time password information transmitted to the second communication medium 130 in a database in connection with the login information of the user or the first communication medium 130 and the like. Prepare a one-time password validation process.

Password authentication unit 280 according to an embodiment of the present invention, the one-time password output on the second communication medium 130 is input on the first communication medium 130, the communication unit 220 When a one-time password input and transmitted to the first communication medium 130 is received, the user compares the received one-time password with the one-time password transmitted to the second communication medium 130 to authenticate the user. Play a role.

According to the present invention, the password authentication unit 280, the authentication result according to the comparison result of the one-time password is processed to be output on the first communication medium 130 through the communication unit 220.

Of course, the password authentication unit 280 may process the authentication result according to the comparison result of the one-time password to be further transmitted to the second communication medium 130 or the website operation server 110.

According to the present invention, all or part of the functions of the respective components provided in the authentication server 100 may be implemented in the form of a program or a program set.

3 is an embodiment diagram according to an embodiment of the present invention.

3 is an image capture image of the resultant video derived through the actual development of the program provided in the authentication server 100 and the first communication medium 130 and the application provided in the second communication medium 130 to implement the present invention will be.

According to Figure 3, ① when a user logs in through a PC that is the first communication medium 130, ② the authentication server 100 directly through the user first communication medium 130 or the website operating server 110 Receives the login information of the user via the user, combines the user login information, one or more authentication information and the authentication server 100 access information, and generates the combined information as an encrypted image code, the generated encryption The processed image code to be output through a program installed in the first communication medium 130, and ③ after recording the encrypted image code through an application installed on the smartphone that is the user second communication medium 130, When the image code is decoded and transmitted, the user login information and authentication information and the unique information of the second communication medium 130 are transmitted to the authentication server 100, and the authentication server 100 transmits the user login information and Authenticating the authentication information and the unique information of the second communication medium 130, and if the authentication result, the validity is authenticated, generates a one-time password, and then processes the generated one-time password to be transmitted to the smartphone, ④ by receiving and outputting the one-time password from the smartphone, and ⑤ by inputting the one-time password output to the smartphone on the PC, the first communication medium 130, through the PC in the authentication server 100 One embodiment also shows that the user is authenticated by comparing the one-time password inputted and the one-time password transmitted to the smartphone which is the second communication medium 130.

Hereinafter, the login authentication process using the image code according to the present invention will be described in more detail.

4 is a diagram illustrating a process of outputting an encrypted image code to the first communication medium 130 according to an embodiment of the present invention.

First, the authentication server 100 connects the user login information with the unique information of the second communication medium 130 of the user through the storage unit 210 and stores it on the storage medium 120 (S410).

Here, the unique information of the second communication medium 130 of the user may include at least one of a telephone number, a hardware serial number, a software serial number, a MAC address, and USIM information.

Although not shown separately on the drawing, the process (S410) does not process through the storage unit 210 in the authentication server 100, the user login information in the website operating server 110 in the second communication medium of the user 130 may be stored on the storage medium 120 in connection with the unique information.

Thereafter, when the user inputs login information on a website browser accessed from the first communication medium 130 (S420), the communication unit 220 of the authentication server 100 directly via the first communication medium 130. Alternatively, the user login information is received via the website operation server 110 (S430).

Thereafter, the authentication server 100 receives the user login information and one or more authentication information (network ID information, time setting information, and unique information of the authentication server 100) received by the communication unit 220 through the code generation unit 230. And, the authentication information including one or more random number information) and the application of the user's second communication medium 130 combines the access information for accessing the authentication server 100, and then generates it as an encrypted image code ( S440).

Although not separately illustrated in the drawing, when the time information is included in the authentication information, the code generator 230 of the authentication server 100 checks the current time information on the image code in which the time setting information is encrypted. Process to be included.

When the time setting information is later validated by the authentication server 100, the total time information required from the image code generation time to the time when the authentication information is received through the second communication medium 130 is authenticated by policy. By comparing with the time information set as described above, it is possible to authenticate the validity of the authentication information.

Thereafter, the authentication server 100 processes the encrypted image code to be directly output through the interface program installed on the browser connected to the first communication medium 130 through the code processor 240, or the website. The encrypted image code is processed through the operation server 110 to be output on a browser connected to the first communication medium 130 (S450).

Thereafter, the first communication medium 130 receives the encrypted image code and outputs the encrypted image code on the website browser (S460).

5 is a diagram illustrating a process of transmitting and outputting a one-time password to the user second communication medium 130 according to an embodiment of the present invention.

First, an application installed in the second communication medium 130 photographs an encrypted image code output on a website browser accessed by the first communication medium 130 (S510).

Thereafter, the application of the second communication medium 130 decrypts the photographed encrypted image code and extracts user login information and authentication information included in the encrypted image code (S515).

Thereafter, the application of the second communication medium 130 includes the user login information and authentication information extracted in step S515 and the unique information of the second communication medium 130 (telephone number, hardware serial number, MAC address, Unique information including one or more USIM information) is transmitted to the authentication server 100 (S520).

Thereafter, the authentication server 100 receives the user login information and authentication information transmitted by the application of the second communication medium 130 and the unique information of the second communication medium 130 through the communication unit 220 ( In operation S525, the validity of the received user login information and authentication information and the unique information of the second communication medium 130 may be verified through the code authentication unit 250 (S530).

Here, the authentication server 100 is the user login information received by the communication unit 220 through the code authentication unit 250 and the user login information previously stored on the storage medium 120 by the storage unit 210. Compare the user login information, and compare the unique information of the second communication medium 130 connected with the checked user login information on the storage medium 120 and the second communication received by the communication unit 220. The validity of the second communication medium 130 is verified by comparing with the unique information of the medium 130.

In addition, the authentication server 100 is a user login by combining the user login information and authentication information received by the communication unit 220 through the code authentication unit 250 when the code generation unit 230 generates an encrypted image code Compared with the information and the authentication information, it is possible to authenticate the validity of the received user login information and authentication information.

If the validity of the user login information and the authentication information and the unique information of the second communication medium 130 are not authenticated at step S530 (S535), the authentication server 100 generates an error message to generate the second communication. The medium 130 may be transmitted (S540).

If the validity of the user login information and the authentication information and the unique information of the second communication medium 130 is authenticated in step S530 (S545), the authentication server 100 uses a password generation unit 260 for a one-time password. To generate (S550).

Thereafter, the authentication server 100 processes the one-time password generated by the password generator 260 to be transmitted to the second communication medium 130 through the password processor 270 (S555).

Thereafter, the application of the second communication medium 130 receives the one-time password transmitted by the authentication server 100 and outputs it on the screen (S560).

6 is a diagram illustrating a process of processing user authentication according to an embodiment of the present invention.

First, the first communication medium 130 receives the one-time password output on the second communication medium 130 through FIG. 5 in the one-time password input area output on the website browser, and then inputs the one. The password is sent directly to the authentication server 100 or via the website operation server 110 (S610).

Thereafter, the authentication server 100 receives a one-time password transmitted by the first communication medium 130 through the communication unit 220 (S620).

Thereafter, the authentication server 100 compares the one-time password received by the communication unit 220 and the one-time password transmitted by the password processing unit 270 to the second communication medium 130 through the password authentication unit. Authenticate (S630).

If the one-time password received by the communication unit 220 and the one-time password transmitted by the password processing unit 270 to the second communication medium 130 match (S640), the authentication server 100 (S640). Process the authentication result to be output directly on the website browser connected to the first communication medium 130, or to be output through the website operating server 110 (S650).

If the one-time password received by the communication unit 220 and the one-time password transmitted by the password processing unit 270 to the second communication medium 130 do not match (S660), the authentication server After generating an error message (100), the first communication medium 130 is processed to be output on the website browser connected (S670).

Subsequently, the first communication medium 130 outputs the inzel result through the authentication server 100 on the website browser (S680).

The foregoing description is for a preferred embodiment among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description above. In addition, in the above description of the present invention, if it is determined that the detailed description of the related known functions or configurations may unnecessarily obscure the gist of the present invention, the detailed description thereof is omitted. The terms described above are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or custom. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical spirit of the present invention is determined by the claims, and the above-described embodiment is a means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It's just

100: authentication server 110: website operation server
120: storage medium 130: the first communication medium
140: second communication medium 200: control unit
210: storage unit 220: communication unit
230: code generation unit 240: code processing unit
250: code authentication unit 260: password generation unit
270: password processing unit 260: password authentication unit

Claims (12)

A first storage medium installed in a user first communication medium and storing a program for outputting an encrypted image code;
A second storage medium for storing the application for decrypting and reading the encrypted image code installed on the user's second communication medium, transmitting the read information to the authentication server, and receiving and outputting the one-time password from the authentication server. ;
A third storage medium connecting and storing the user login information and the unique information of the second communication medium of the user;
When the user login information is received through the user first communication medium, the user login information is combined with at least one authentication information and authentication server access information, and then the combined information is generated as an encrypted image code, and the generated encrypted The image code is output through a program installed in the first communication medium, and the encrypted image code is decrypted through an application installed in the user second communication medium to receive read user login information, authentication information, and unique information of the second communication medium. And an authentication server for authenticating the validity of the received user login information and authentication information and the unique information of the second communication medium, and transmitting a one-time password to the second communication medium in response to the authentication result.
Login authentication system using image code.
The method of claim 1, wherein the first to third storage media,
Consists of a single storage medium, or
Consists of two or more storage media,
Login authentication system using image code.
The authentication server according to claim 1,
Authenticating the user by comparing the one-time password inputted and transmitted to the first communication medium and the one-time password transmitted to the second communication medium,
Login authentication system using image code.
The authentication server according to claim 1,
A communication unit configured to receive user login information through a first user communication medium;
A code generator for combining the user login information with at least one authentication information and an authentication server access information, and generating the combined information as an encrypted image code;
A code processor configured to process the generated encrypted image code to be output through a program installed in the first communication medium;
If the encrypted image code is decoded through an application installed in the user's second communication medium through the communication unit and the read user login information and authentication information and the unique information of the second communication medium are received, the received user login information and authentication information and Code authentication unit for authenticating the validity of the second communication medium specific information;
Password generation unit for generating a one-time password, if the validity is authenticated through the code authentication unit;
A password processing unit for processing the one-time password generated by the password generation unit to be transmitted to the second communication medium;
A password authentication unit for authenticating the user by comparing the received one-time password with the one-time password transmitted to the second communication medium when the one-time password input and transmitted to the first communication medium is received through the communication unit. With;
Login authentication system using image code.
The method of claim 1, wherein the image code,
One or more barcodes, two-dimensional barcodes, three-dimensional barcodes and QR (Quick Response) code, including one or more color codes,
Login authentication system using image code.
The method of claim 1, wherein the first communication medium,
One or more computers, home appliances, telematics, tablet PCs, ATMs,
Login authentication system using image code.
The method of claim 1, wherein the second communication medium,
At least one communication device equipped with a mobile phone, a smartphone, a tablet PC, and a camera,
Login authentication system using image code.
The method of claim 1, wherein the second communication medium specific information,
One or more phone numbers, hardware serial numbers, software serial numbers, MAC addresses, and USIM information,
Login authentication system using image code.
The method of claim 1, wherein the one or more authentication information,
One or more network ID information, time setting information, authentication server unique information, and random number information,
Login authentication system using image code.
Receiving user login information through a user first communication medium at a server;
Combining the user login information with at least one authentication information and authentication server access information at a server, and generating the combined information as an encrypted image code;
Processing the generated encrypted image code to be output through a program installed in the first communication medium at a server;
Receiving, by the server, the encrypted image code through an application installed on the user's second communication medium to decrypt the read user login information, authentication information, and unique information of the second communication medium;
Authenticating validity of the received user login information and authentication information and unique information of a second communication medium by a server;
If the validity is verified, generating a one-time password in the server, and then processing the generated one-time password to be transmitted to the second communication medium;
Receiving a one-time password through the first communication medium at a server;
And comparing the one-time password received by the server with the one-time password transmitted to the second communication medium to authenticate the user.
Login authentication method using image code.
The method of claim 10,
And storing the user login information and the user's second communication medium specific information on a storage medium.
The step of authenticating the validity of the received user login information and authentication information and the second communication medium specific information in the server,
After checking the user login information previously stored on the storage medium in response to the received user login information, the second communication medium specific information connected to the confirmed user login information on the storage medium is received by the server; Authenticating the validity of the second communication medium in comparison with the communication medium specific information,
Login authentication method using image code.
A computer-readable recording medium having recorded thereon a program for executing the method of claim 10.
KR1020110147982A 2011-12-31 2011-12-31 Recording medium, method and system for log-in confirmation use of image code KR20130093793A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110147982A KR20130093793A (en) 2011-12-31 2011-12-31 Recording medium, method and system for log-in confirmation use of image code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110147982A KR20130093793A (en) 2011-12-31 2011-12-31 Recording medium, method and system for log-in confirmation use of image code

Publications (1)

Publication Number Publication Date
KR20130093793A true KR20130093793A (en) 2013-08-23

Family

ID=49217831

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110147982A KR20130093793A (en) 2011-12-31 2011-12-31 Recording medium, method and system for log-in confirmation use of image code

Country Status (1)

Country Link
KR (1) KR20130093793A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101595099B1 (en) * 2015-04-20 2016-02-17 주식회사 기가코리아 Method for providing security code service
KR102645846B1 (en) * 2023-05-17 2024-03-08 서림정보통신 주식회사 Management apparatus and reader for managing cables based on image code, and method therefor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101595099B1 (en) * 2015-04-20 2016-02-17 주식회사 기가코리아 Method for providing security code service
KR102645846B1 (en) * 2023-05-17 2024-03-08 서림정보통신 주식회사 Management apparatus and reader for managing cables based on image code, and method therefor

Similar Documents

Publication Publication Date Title
US8661254B1 (en) Authentication of a client using a mobile device and an optical link
EP2954451B1 (en) Barcode authentication for resource requests
US8763097B2 (en) System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication
US9185096B2 (en) Identity verification
US9412283B2 (en) System, design and process for easy to use credentials management for online accounts using out-of-band authentication
JP6017650B2 (en) How to use one device to unlock another
US9741265B2 (en) System, design and process for secure documents credentials management using out-of-band authentication
US11764966B2 (en) Systems and methods for single-step out-of-band authentication
CN106575326B (en) System and method for implementing one-time passwords using asymmetric encryption
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
EP2166697B1 (en) Method and system for authenticating a user by means of a mobile device
US9338164B1 (en) Two-way authentication using two-dimensional codes
US20160307194A1 (en) System and method for point of sale payment data credentials management using out-of-band authentication
US20130185210A1 (en) Method and System for Making Digital Payments
US9979725B1 (en) Two-way authentication using two-dimensional codes
WO2013176491A1 (en) Method for authenticating web service user
EP3662430B1 (en) System and method for authenticating a transaction
US9742766B2 (en) System, design and process for easy to use credentials management for accessing online portals using out-of-band authentication
KR101690989B1 (en) Method of electric signature using fido authentication module
KR20170011469A (en) Method for Providing On-Line Integrated Login Service with security key
CN102694782A (en) Internet-based device and method for security information interaction
CA3034665A1 (en) Methods and systems for controlling access to a protected resource
JP2011176435A (en) Secret key sharing system, method, data processor, management server, and program
KR101659847B1 (en) Method for two channel authentication using smart phone
US11030299B1 (en) Systems and methods for password managers

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination