KR20140135495A - Recording Medium, Method and Server for Web Site Verification Use of Two Channel - Google Patents

Recording Medium, Method and Server for Web Site Verification Use of Two Channel Download PDF

Info

Publication number
KR20140135495A
KR20140135495A KR1020130055848A KR20130055848A KR20140135495A KR 20140135495 A KR20140135495 A KR 20140135495A KR 1020130055848 A KR1020130055848 A KR 1020130055848A KR 20130055848 A KR20130055848 A KR 20130055848A KR 20140135495 A KR20140135495 A KR 20140135495A
Authority
KR
South Korea
Prior art keywords
user
information
interface
selecting
login
Prior art date
Application number
KR1020130055848A
Other languages
Korean (ko)
Inventor
김건표
백국실
Original Assignee
주식회사 넥스다임
김건표
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 넥스다임, 김건표 filed Critical 주식회사 넥스다임
Priority to KR1020130055848A priority Critical patent/KR20140135495A/en
Publication of KR20140135495A publication Critical patent/KR20140135495A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to a method, a server apparatus, and a recording medium for verifying a website. According to an embodiment of the present invention, a server apparatus comprises: a storage medium which connects a user′s login information with a plurality of user information and stores the connected information; an interface unit which outputs a login interface for inputting or selecting the user′s login information in the connection of a first terminal of the user, and an interface for inputting or selecting user information query values for website verification; a confirmation unit which confirms or extracts user information corresponding to the user information query values among the user information connected to the user login information through the storage medium when the user login information and the user information query values are received through the interface unit; and a processing unit which processes the user information, which is confirmed or extracted by the confirmation unit, to be transmitted to a second terminal of the user.

Description

Technical Field [0001] The present invention relates to a dual channel web site verification method, a server apparatus, and a recording medium,

The present invention is intended to validate a Web site visited by a user to prevent phishing damage.

In recent years, as the phishing method has become more sophisticated and advanced, the phishing damage caused by the wireless communication as well as the cable has increased rapidly.

Particularly, the case of transferring a message by impersonating a bank or a government office, causing a user to access a wrong bank or a government office homepage through a callback URL included in the message to leak important personal information, As well.

In order to reduce such phishing damage, prior arts have been proposed in which an image set by a user is outputted on a web site or a web site is verified through a quail code. However, after capturing a user screen through hacking or the like, If you check the images you have set up, the above techniques are also a hell of a way.

The recognition of the problems and problems of the prior art is not obvious to a person having ordinary skill in the art, so that the inventive step of the present invention should not be judged based on the recognition based on such recognition I will reveal.

In order to solve the above problems, an object of the present invention is to provide a method and system for providing a user information query service, Information is transmitted to the second terminal of the user so that verification can not be performed unless it is a web site that knows user information such as personal information or account information of the user in advance so that phishing sites that try to extract user information can not be verified at all And a server device and a recording medium.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, as claimed, but are not to be construed as limiting the invention. There will be.

A server device for web site verification according to the present invention includes a storage medium for storing user login information and a plurality of user information in connection with each other, and a web site verification module, such as a login interface for inputting or selecting user login information, A user interface unit for outputting a user information inquiry value input or a selection interface for the user information inquiry value and a user information inquiry value for the user, A confirmation unit for confirming or extracting user information corresponding to the information query value, and a processing unit for processing the user information confirmed or extracted by the confirmation unit to be transmitted to the second terminal of the user.

According to one aspect of the present invention, the interface unit may output the user information query value input or selection interface in a pop-up form, or may output the login information in a certain area of the login interface screen, or may output the login screen in a separate screen after outputting the login interface screen.

According to another aspect of the present invention, the processing unit processes the confirmation or the extracted user information so that the entire user information is transmitted when the confirming unit confirms or extracts user information to be transmitted to the second terminal of the user, A part of the user information can be processed to be transmitted.

The web site verification method according to the present invention includes the steps of: outputting a user interface query value input or selection interface for a login interface and a web site verification for inputting or selecting user login information, When the user login information and the user information inquiry value are received through the storage medium storing the user login information and the plurality of user information, the user information corresponding to the user information query value among the plurality of pieces of user information connected with the user login information Confirming or extracting the user information, and processing the confirmed or extracted user information to be transmitted to the second terminal of the user.

According to one aspect of the present invention, the step of processing the checked or extracted user information to be transmitted to the second terminal of the user may include processing such that the entire confirmed or extracted user information is transmitted, To be transmitted.

Further, the present invention provides a recording medium characterized by recording a program for executing the website verification method.

According to an aspect of the present invention, verification can not be performed unless the user's personal information or financial information is known to the user in advance, so that the user's personal information through the phishing site connection, financial information The leakage can be prevented.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and form a part of the specification, illustrate preferred embodiments of the invention and, together with the description of the invention given above, serve to further the understanding of the technical idea of the invention. And should not be construed as interpretation.
1 is a diagram illustrating a network configuration according to an embodiment of the present invention.
2 is a view showing a detailed configuration of a server apparatus according to an embodiment of the present invention.
3 is an embodiment of a storage medium according to an embodiment of the present invention.
4 is an embodiment of an interface according to the present invention.
5 is an embodiment of another interface according to the present invention.
6 is an embodiment of a verification value output interface according to the present invention.
7 is a diagram illustrating a website verification process according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram illustrating a network configuration according to an embodiment of the present invention.

1, the server device 100 is connected to a user first terminal 200 and a user second terminal 300 through a communication network. When the user first terminal 200 is connected, A user interface inquiry value input / selection interface for verifying the web site other than the login interface for selection is output, and when the user login information and the user information question value are received through the interface, the user login information is linked to a plurality of user information The user information corresponding to the user information query value is extracted or extracted from a plurality of pieces of user information associated with the user login information through the storage medium 110, To be transmitted to the base station.

The configuration of the communication network according to the embodiment of the present invention can be variously configured according to the implementation method and the communication network connection method.

First, the server device 100 and the storage medium 110 may be indirectly connected to each other through a communication network or a communication network. Although not shown in the drawing, the server device 100 may be connected to the server device 100, And the storage medium 110, the user first terminal 200, and the user second terminal 300 may be variously configured.

The server device 100, which is a core configuration according to an embodiment of the present invention, is configured to input or inquire a user information query value for web site verification other than a login interface for inputting or selecting user login information when the user first terminal 200 is connected Interface, and when the user login information and the user information inquiry value are received through the interface, a plurality of pieces of user information associated with the user login information through the storage medium (110) connecting and storing the user login information and a plurality of user information And processes the confirmed or extracted user information to be transmitted to the second terminal 300 of the user after confirming or extracting user information corresponding to the user information query value.

Here, the plurality of pieces of user information may include user personal information, user phone number information, user address information, user account number information, user card number information, user email address information, user picture information, user resident registration number information, It may contain one or more card information.

The server device 100 according to the embodiment of the present invention may output the user information query value input or selection interface in a pop-up form or output it on a predetermined area of the login interface screen, As shown in FIG.

According to an embodiment of the present invention, the login interface may include at least one user ID, a password input interface, and an interface for authenticating a user's authorized certificate, An interface for entering or selecting a personal information query, an interface for entering or selecting a user phone number information query, an interface for entering or selecting a user address information query, An interface for inputting or selecting a user card number information query, an interface for inputting or selecting a user email address information query, an interface for inputting or selecting a user photograph information query, And the interface for input or select the door, and the interface for input or select a user password information, questions, and users can include one or more interfaces for inputting or selecting a specific number of questions have security card.

In addition, according to the method of the present invention, when the server device 100 processes the user information that is confirmed or extracted to be transmitted to the second terminal 300 of the user, the entire confirmed or extracted user information is transmitted , Or may process such that some of the confirmed or extracted user information is transmitted.

The user first terminal 200 according to an embodiment of the present invention refers to a terminal connected to the server apparatus 100 and includes a wired terminal including at least one of a PC, a notebook computer, a wired telephone, a TV, And the user second terminal 300 refers to a wireless terminal including at least one of a smart phone, a navigation system, a telematics system, and a mobile phone system.

According to an embodiment of the present invention, the user first terminal 200 accesses the server 100 and inputs or selects a user information query value after login.

In addition, the user second terminal receives user information corresponding to the user information query value from the server apparatus 100 and outputs the user information.

The storage medium 110 according to an exemplary embodiment of the present invention stores user login information and a plurality of user information in connection with each other. The storage medium 110 may include the server device 100, Or may be connected to the server device 100 through a communication network.

2 is a diagram showing a detailed configuration of the server apparatus 100 according to an embodiment of the present invention.

2 shows a detailed configuration of the server device 100 shown in FIG. 1, and each configuration is only a configuration for explaining an embodiment of the present invention, and the present invention is shown in FIG. 2 And the technical features thereof are not limited only by the illustrated method.

Referring to FIG. 2, a server apparatus 100 according to an embodiment of the present invention includes an interface unit 11, a confirmation unit 12, a processing unit 13, and a control unit 10, and may further include a storage medium 110 according to an embodiment of the present invention.

Here, although the server apparatus 100 is shown as a single server in the drawing for the sake of explanation of the embodiment, each of the means and constituent units may be configured separately from one or more servers.

The interface unit 11 according to the embodiment of the present invention may include a login interface for inputting or selecting user login information and a user information query value input or selection interface for website verification when the user first terminal 200 is connected, And outputs it on the screen of the user first terminal 200.

According to the present invention, the interface unit 11 outputs the user information query value input or selection interface in a pop-up form, or outputs it on a predetermined area of the login interface screen, or a separate screen after the login interface screen output Can be output.

The login interface may include at least one of a user ID, a password input interface, and an interface for authenticating a user's authorized certificate. The user information query value input or selection interface may input or inquire a user's personal information query, An interface for inputting or selecting a user telephone number information query, an interface for inputting or selecting a user address information query, an interface for inputting or selecting a user account number information query, An interface for inputting or selecting an information question, an interface for inputting or selecting a user email address information question, an interface for inputting or selecting a user picture information question, May include interface and user passwords and interfaces for information to enter or select the questions, the user has more than one interface for inputting or selecting a specific number of questions have security card for groups.

4 and 5 illustrate a flow of a user interface inquiry input or selection interface for a login interface and web site verification for inputting or selecting user login information in the interface unit 11 on the screen of the user first terminal 200 An example of outputting is shown.

4, the user inputs a question value of " three-digit number after the account number ", and FIG. 5 shows an example in which the user inputs a three-digit number after the account number, An address for selecting one or more of a plurality of pieces of user information such as a home address number, a mobile phone number, and a three-digit number after a resident number.

According to the present invention, since the user requests at least one of the user information to the web site accessed by the user first terminal 200, if the web site is a normal web site, the user can know the user information, And the user can not answer the question value if it is an abnormal web site, such as a phishing site for obtaining user information. Therefore, if the user intuitively determines whether the web site accessed by the user first terminal 200 is a normal web site, .

For example, if a user connected to a bank web site sends a two-digit number in front of the security card 13 through the interface as a question value, a normal bank web site may already have user login information and user information The first two digits of the security card 13 will be identified and presented to the user first terminal 200. In the case of an abnormal web site, the answer will not be possible.

The confirmation unit 12 according to the embodiment of the present invention is a storage medium 110 for storing user login information and a plurality of user information when the user login information and the user information query value are received through the interface unit 11 ) Of the user information corresponding to the user information query value among a plurality of pieces of user information connected with the user login information.

That is, when the log-in corresponding to the user's login information is approved, the confirmation unit 12 acquires a plurality of pieces of user information (user personal information, user's phone number information, The user information corresponding to the user information query value among the user information, the address information, the user account number information, the user card number information, the user email address information, the user picture information, the user's resident registration number information, the user password information, Identify or extract.

For example, if a two-digit number in front of the security card 13 is a question value received through the interface unit 11, the security card information is firstly checked through the storage medium 110, Identify or extract the first two digits of the information.

The processing unit 13 according to the embodiment of the present invention performs processing to process the user information confirmed or extracted by the confirmation unit 12 to be transmitted to the second terminal 300 of the user.

The processing unit 13 according to the method of the present invention processes the entire confirmed or extracted user information to be transmitted when the confirmed or extracted user information is transmitted to the second terminal 300 of the user, And process such that a part of the user information that has been confirmed or extracted is transmitted.

For example, if the identified or extracted user information is seven digits after the resident registration number, the user can transmit the seven digits after the resident registration number to "104 *** 9" in processing to be transmitted to the second terminal 300 .

FIG. 6 shows an embodiment for outputting a website verification value corresponding to a user query value through the processing unit 13. FIG.

For example, if the user question value is three after the account number, the three digits after the account number as the website verification value are processed to be transmitted to the second terminal 300.

According to the present invention, one or more components of each component included in the server device 100 can be configured as a single program or a program set.

3 is an embodiment of a storage medium 110 according to an embodiment of the present invention.

Referring to FIG. 3, the storage medium 110 stores user ID information, user ID information, user account information, user card number information, user email address, Address information, user picture information, user resident number information, user password information, and security card information.

Here, the user login information may be replaced with not only an ID and a password but also an authorized certificate information instead of an ID and a password, user information corresponding to a user login approval result, etc., and any one of the user information may be used as user login information .

According to the present invention, the storage medium 110 may be included in the server apparatus 100, directly connected to the server apparatus 100, or indirectly connected through a communication network or a communication network.

Hereinafter, when the first terminal 200 is connected to the server device 100, the server device 100 outputs a user information query value input or selection interface for web site verification other than a login interface for inputting or selecting user login information, When the user login information and the user information inquiry value are received through the interface, the user information inquiry value of the plurality of pieces of user information connected with the user login information through the storage medium 110 storing and storing the user login information and the plurality of user information A process of confirming or extracting the corresponding user information and then transmitting the confirmed or extracted user information to the user's second terminal 300 will be described in more detail.

7 is a diagram illustrating a website verification process according to an embodiment of the present invention.

First, the server device 100 receives one or more message management object information or message management object selection information from the message receiving terminal 400 of the user through the communication unit 11 (S410).

Thereafter, the server device 100 connects the user login information and a plurality of user information and stores the user login information on the storage medium 110 (S710).

Here, the user login information can be replaced with not only an ID and a password but also an authorized certificate information, user information corresponding to a user login approval result, etc. instead of an ID and a password, and any one of the user information can be used as user login information , The user information includes at least one of user personal information, user telephone number information, user address information, user account number information, user card number information, user email address information, user photo information, user resident registration number information, It may contain more than one information.

According to one aspect of the present invention, in step S710, the subject storing the user login information and the plurality of user information on the storage medium 110 is performed by the third server or the terminal as well as the server apparatus 100 It is possible.

When the first terminal 200 is connected to the user terminal 100 through the interface unit 11, the server apparatus 100 transmits a user information query value input or selection interface for web site verification and a login interface for inputting or selecting user login information, To the user terminal 200 (S720).

The login interface may include at least one of a user ID, a password input interface, and an interface for authenticating a user's authorized certificate, and the user information query value input or selection interface may be configured to input or select a user personal information query An interface for entering or selecting a user phone number information query, an interface for entering or selecting a user address information query, an interface for entering or selecting a user account number information query, a user card number information query An interface for entering or selecting a user's email address information query, an interface for entering or selecting a user's email address information query, an interface for entering or selecting a user's photograph information query, An interface, an interface for inputting or selecting a user password information question, and an interface for inputting or selecting a specific number question of the security card held by the user.

Thereafter, when the user login information and the user information inquiry value are received from the server device 100 (S730), the user is authenticated based on the user login information, and the user is authenticated from the storage medium 110 In operation S740, user information corresponding to the user login information or user login information is checked and user information corresponding to the received user information query value is confirmed or extracted from the user information.

In operation S740, if the user information corresponding to the received user information query value is not confirmed or extracted in operation S750, the server device 100 outputs an error message in operation S760.

If it is determined in step S740 that the user information corresponding to the received user information query value is verified or extracted in step S770, the server device 100 transmits the verification information 12 to the second terminal of the user (S780).

Here, the process (S780) may process the entire confirmed or extracted user information to be transmitted, or may process some of the confirmed or extracted user information to be transmitted.

100: server device 110: storage medium
200: user first terminal 300: user second terminal
10: control unit 11: interface unit
12: confirmation unit 13:

Claims (11)

A storage medium for storing and storing user login information and a plurality of user information;
An interface unit for outputting a user information query value input or selection interface for web site verification other than a login interface for inputting or selecting user login information when the user first terminal is connected;
A confirmation unit for verifying or extracting user information corresponding to the user information query value among a plurality of pieces of user information associated with the user login information through the storage medium when the user login information and the user information query value are received through the interface;
And a processing unit for processing the user information confirmed or extracted by the confirmation unit to be transmitted to the second terminal of the user. The apparatus according to claim 1,
A server device for verifying the web site for outputting the user information query value input or selection interface in a pop-up form or outputting it on a predetermined area of the login interface screen, or outputting it on a separate screen after outputting the login interface screen. The system according to claim 1,
A server apparatus for web site verification comprising one or more interfaces for user ID and password input interface and user authenticated certificate authentication. The method of claim 1, wherein the user information query value input or selection interface comprises:
An interface for entering or selecting a user personal information query, an interface for entering or selecting a user phone number information query, an interface for entering or selecting a user address information query, and an input or selection of a user account number information query An interface for inputting or selecting a user card number information question, an interface for inputting or selecting a user email address information question, an interface for inputting or selecting a user picture information question, An interface for inputting or selecting a user password information question, an interface for inputting or selecting a user password information question, and an interface for inputting or selecting a specific number question of the security card held by the user. One server device. The apparatus according to claim 1,
When the confirmation unit confirms or extracts user information to be transmitted to the second terminal of the user,
Processing the entire confirmed or extracted user information so as to be transmitted, or processing a part of the confirmed or extracted user information to be transmitted. The information processing apparatus according to claim 1,
A web page including at least one of user personal information, user telephone number information, user address information, user account number information, user card number information, user email address information, user photo information, user resident registration number information, user password information, Server device for site verification. Outputting a user information query value input or selection interface for a login interface and a website verification for inputting or selecting user login information when the user first terminal is connected;
And a user information inquiry unit for receiving the user login information and the user information inquiry value through the interface, the user information inquiry information corresponding to the user information inquiry value among the plurality of pieces of user information connected with the user login information through a storage medium storing the user login information and the plurality of user information, Confirming or extracting user information;
And processing the confirmed or extracted user information to be transmitted to the second terminal of the user. The method as claimed in claim 7, wherein the step of processing the checked or extracted user information to be transmitted to the second terminal of the user comprises:
Processing the entire confirmed or extracted user information so as to be transmitted or processing such that a part of the confirmed or extracted user information is transmitted. 8. The terminal of claim 7,
Wherein the web site is a wireless communication terminal. 8. The method of claim 7, wherein the user information query value input or selection interface comprises:
An interface for entering or selecting a user personal information query, an interface for entering or selecting a user phone number information query, an interface for entering or selecting a user address information query, and an input or selection of a user account number information query An interface for inputting or selecting a user card number information question, an interface for inputting or selecting a user email address information question, an interface for inputting or selecting a user picture information question, An interface for inputting or selecting a user password information question, an interface for inputting or selecting a user password information question, and an interface for inputting or selecting a specific number question of the security card held by the user. A computer-readable recording medium having recorded thereon a program for executing the method of claim 7.
KR1020130055848A 2013-05-16 2013-05-16 Recording Medium, Method and Server for Web Site Verification Use of Two Channel KR20140135495A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130055848A KR20140135495A (en) 2013-05-16 2013-05-16 Recording Medium, Method and Server for Web Site Verification Use of Two Channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130055848A KR20140135495A (en) 2013-05-16 2013-05-16 Recording Medium, Method and Server for Web Site Verification Use of Two Channel

Publications (1)

Publication Number Publication Date
KR20140135495A true KR20140135495A (en) 2014-11-26

Family

ID=52456253

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130055848A KR20140135495A (en) 2013-05-16 2013-05-16 Recording Medium, Method and Server for Web Site Verification Use of Two Channel

Country Status (1)

Country Link
KR (1) KR20140135495A (en)

Similar Documents

Publication Publication Date Title
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US10050952B2 (en) Smart phone login using QR code
KR101214839B1 (en) Authentication method and authentication system
TWI728261B (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
US8464324B2 (en) System and method for identity verification on a computer
US10339366B2 (en) System and method for facial recognition
US20140250518A1 (en) Computer implemented multi-factor authentication
US11265311B1 (en) User authentication systems and methods
JP2013524314A (en) Authentication method and system using portable terminal
CN105591744A (en) Network real-name authentication method and system
US20180211258A1 (en) System and method for secure personal information retrieval
CN109284599A (en) It the use of portable electronic device is the method and system that user creates strong authentication
CN103973652A (en) Login method and login system
KR101027228B1 (en) User-authentication apparatus for internet security, user-authentication method for internet security, and recorded medium recording the same
CN206962826U (en) Identity authorization system based on FIDO U2F double factor fingerprint recognitions
KR20150050280A (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
KR101747234B1 (en) Authentication method using two channels and the system for it
KR101654797B1 (en) Interactive CAPTCHA System Resilient to Phishing Attacks
US20130144620A1 (en) Method, system and program for verifying the authenticity of a website using a reliable telecommunication channel and pre-login message
KR20130078842A (en) Recording medium, server for 2-factor authentication use of image code and one time password
KR20140135494A (en) Recording Medium, Method and Server for Web Site Verification
KR20130093794A (en) Recording medium, method and system for registration and operating of 2-factor authentication information
KR20140135495A (en) Recording Medium, Method and Server for Web Site Verification Use of Two Channel
KR20140132115A (en) Recording Medium, Method and Server for Web Site Verification Use of Two Channel
KR101235608B1 (en) Method and System on Multi Factor Certification Using Device Identification Information and Multimedia Identification Information

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination